LWN.net Weekly Edition for August 28, 2003
Legislative fun in Europe
While the legal situation in the United States has been dominated by the SCO case, many community members in Europe are more concerned by what is happening on the legislative front. A couple of initiatives underway in the European Parliament's Committee on Legal Affairs and the Internal Market are worthy of attention - and activism.The first of these, of course, is software patents. The Committee now looks set to adopt the directive on software patents on September 1. Opponents of software patents in Europe have been working hard to raise awareness on the issue; protests on the net and in Brussels happened on August 27. There is still time to be heard on this issue and, perhaps, influence the outcome. It is worth the effort; software patents are one American export that Europe can do without.
Patents are just the beginning, however. Starting, seemingly, on September 11, the Committee will begin discussing a directive "on measures and procedures to ensure the enforcement of intellectual property rights." The full (54-page) text of the directive can be downloaded from this EU page. Two parts of this directive are cause for concern:
- Article 9 requires identification of anybody who, in the view of a
copyright holder, is "thought to infringe upon an intellectual
property right". This article, it is expected, will lead to the same
sort of "subpoena storm" currently being engaged in by the recording
industry in the U.S.
- Article 21 includes a (criminal) prohibition of "illegal technical devices." This is, of course, a DMCA-style anti-circumvention law, which will lead to DMCA-style problems.
For a much more detailed look at the draft directive, see this analysis by the Foundation for Information Policy Research. This analysis also notes that there is, apparently, still time to bring about major changes to this draft. With luck - and suitable pressure on members of the European Parliament - the worst features of this directive can be eliminated before it ever comes to a serious vote.
Who won the latest DeCSS skirmish?
[This article was contributed by Joe 'Zonker' Brockmeier]
The decision handed down by the California Supreme Court on Monday in the DVD Copy Control Association v. Bunner case is being hailed by many as a victory for the entertainment industry. In fact, the ruling is far from a major victory for the DVD Copy Control Association. The California Supreme Court has remanded the case back to the Court of Appeal to "determine whether the evidence in the record supports the factual findings necessary to establish that the preliminary injunction was warranted under California's trade secret law."
For those not familiar with the case, the DVDCCA sued Andrew Bunner for posting the DeCSS code posted by Jon Johansen. Johansen and others reverse-engineered software created by Xing Technology corporation to create the DeCSS package, which can decrypt DVDs for viewing. (Despite the DVDCCA's repeated assertions that DeCSS is used for copying DVDs, the software is not necessary to copy a DVD -- only to view it.) The trial court sided with the DVDCCA and issued a preliminary injunction against Bunner, which was later overturned by the Court of Appeals. Interestingly, Bunner's case is still winding through the American court system while Johansen has already been acquitted in Norway of charges of using DeCSS for illegal purposes.
The California high court's ruling had very little to do with the specifics of the DeCSS code or whether CSS is a legitimate trade secret. The court simply accepted the trial court's findings that CSS is a trade secret, and ruled on the question of whether it is a violation of the First Amendment to issue a preliminary injunction in the interests of protecting a trade secret. The Court of Appeals had ruled that trade secrets were not as important as First Amendment protections and lifted the injunction against Andrew Bunner posting the DeCSS source code. The California Supreme Court, however, disagreed that First Amendment considerations trump the protection of trade secrets:
So, the fight over DeCSS is far from over, which is good news. The bad news is that the California Supreme Court doesn't see any value in the DeCSS code in the continuing debate over the entertainment industry's use of encryption. From page 22 of the decision:
Many in the open source community would disagree that the disclosure of the code "adds nothing to the public debate." Ed Felten writes that access to the code is important factor in the debate over CSS:
Certainly the fact that CSS was so easily defeated is of public interest when debating whether CSS qualifies as a "trade secret" or simply a veiled attempt to rob users of their fair use rights over copyrighted materials they've legally purchased. The code should also be of some interest to those who wish to disprove the DVDCCA's continual claims that DeCSS exists primarily for copying DVDs, rather than watching them.
Whether Bunner is legally permitted to post DeCSS or not, the cat is out of the bag. For all practical purposes, anyone who wants to get access to the DeCSS code is able to do so. However, the case will set precedents that no doubt be revisited as the entertainment industry rolls out new media formats, and new encryption schemes.
This week's SCO fun
It may have seemed like a relatively quiet week on the SCO front - to the relief of many - but a number of things have been happening. It's time to get caught up in the latest developments in this case.People have continued to look at the code samples presented by SCO in Las Vegas. Eric Raymond posted his own analysis which included a comparison of the Linux atealloc() code with the SYSV malloc() implementation - something that Eric evidently has sitting around somewhere. Eric's conclusion was that the Linux code derives from the ancient malloc() implementation found in 32V Unix. LWN, looking at Eric's diff, came to a different conclusion; the Linux code appears to have been taken from (proprietary) SYSV Unix. See this article for a full description of our reasoning. Since then, FreeBSD kernel hacker Greg Lehey has posted his analysis, which also points to a SYSV derivation.
The sad fact is that this particular piece of code is problematic no matter how you look at it. The alternatives are:
- The code was lifted from SYSV Unix, which makes it a direct
infringement of SCO's copyrights.
- The code actually derives from the ancient 32V Unix release. SCO,
back when it was called Caldera, released 32V under an older,
four-term BSD license; this license is incompatible with the GPL, due
to its advertising requirement. The code in Linux also lacked the
requisite copyright headers. In this scenario, the inclusion of this
code infringes SCO's copyrights (due to the missing copyright headers)
and also those of the other Linux kernel contributors (due to the GPL
incompatibility).
- There are other opinions on how 32V is really licensed. SCO has
started making noises to the effect that 32V was really only released
for 16-bit, non-commercial use, though the license letter that went
around (and, indeed, was sent to us anew by SCO PR person Blake
Stowell) says otherwise. Any attempt by SCO to "call back" this
release is likely to fail at this point.
Then, there is the assertion that 32V is actually public domain. This conclusion comes from the March 3, 1993 ruling in the USL case, which reads: "
...I find that Plaintiff has failed to demonstrate a likelihood that it can successfully defend its copyright in 32V. Plaintiff's claims of copyright violations are not a basis for injunctive relief.
" But saying that USL lacks evidence strong enough to justify a preliminary injunction is different from a true finding that the 32V code has gone into the public domain. Given the rather friendly stance the courts have taken toward copyright holders in modern times, relying on this preliminary ruling to hold in a new court case seems risky at best.
It is thus hard to conclude that this code belongs in Linux. And, in fact, it has already been removed from the 2.4 and 2.6-test branches. In any case, it is a tiny piece of ancient code performing a trivial task; it is not the basis of a $3 billion lawsuit. If this is the best that SCO has, its case will not go that far.
SCO's other code sample, of course, was the Linux implementation of the Berkeley Packet Filter (BPF) library. There appears to be no way that SCO can claim ownership of this code; indeed, Greg Lehey's analysis suggests that, perhaps, SCO has stripped the copyright headers from its copy of that code, in violation of its (BSD) license. SCO would seem to have figured out that it is on especially thin ice here; a recent InfoWorld article quotes SCOSource VP Chris Sontag as follows:
Given that the slide in question reads "Obfuscated System V code has been copied into Linux kernel releases 2.4x and 2.5x," one might well agree that it should have been "written differently." One might well ask what other parts of the company's recent output should be written differently.
Meanwhile, SCO lawyer Mark Heise is still taking potshots at the GPL; his latest assertion (from this ZDNet interview) is that Section 301 of the U.S. Copyright Act preempts the GPL. Now, one of the advantages of having an Internet around is that one can go and check these things directly; the first part of Chapter 3 of the Copyright Act reads:
(a) On and after January 1, 1978, all legal or equitable rights that are equivalent to any of the exclusive rights within the general scope of copyright as specified by section 106 in works of authorship that are fixed in a tangible medium of expression and come within the subject matter of copyright as specified by sections 102 and 103, whether created before or after that date and whether published or unpublished, are governed exclusively by this title. Thereafter, no person is entitled to any such right or equivalent right in any such work under the common law or statutes of any State.
Those of us who are unused to reading legalese will probably have to go over this paragraph two or three times, but, in the end, the title sums it up pretty well: this part of the copyright law states that it preempts other laws at the state level. Since very few states have enacted the GPL into law, the §301 preemption really is not relevant. The GPL is a license in which the copyright holder waives certain rights under certain conditions, as is allowed by the rest of the copyright law. If §301 preempts the GPL, it preempts every other software license as well. So Mr. Heise's reasoning remains unconvincing, to say the least. However, he appears to be in charge of this case at this point; David Boies would seem to have found more pressing engagements elsewhere.
Then, there is SCO CEO Darl McBride's amusing and paranoiac assertion (as reported in InfoWorld) that IBM is behind the attacks on his company. No further comment seems necessary there.
SCO's web site was evidently the target of a denial of service attack over the weekend of August 23. The Linux community should have nothing to do with such attacks. They do not help us in any way, and they go strongly against the principles of openness and freedom upon which the community is based. This sort of attack also gives SCO a great opportunity to portray the community as a bunch of criminals. Taking down SCO's site is wrong; it is a big mistake. Let us hope that it does not happen again.
Finally, Rob Landley and Eric Raymond have put together a response to SCO's amended complaint in the IBM case. Think of it as the "Mystery Science Theater 3000" version of the complaint; SCO's text is presented with Rob and Eric ruthlessly heckling each paragraph as it comes. It is a good resource for those wanting to put SCO's actual allegations in the IBM case into perspective.
The Great Expiration
The September 26, 2002 LWN Weekly Edition was the beginning of a major change for this publication. Therein, we said:
At the time, we concluded that we needed about 4000 subscribers to begin to see LWN as a stable enterprise. We're still a bit short of that - there's just under 3000 individual subscribers, currently - but we're still here. Things seem to be headed in the right direction.
Much depends on what happens in the next month or so, however. Many of you went for one-year subscriptions when they first became available. That money has sustained us over the last year, and we are more than grateful for that. But those subscriptions are now about to expire. Over the next month or so, almost one third of our subscriptions will come to an end. If the renewal rate is high enough, we should get a cash infusion that will prove most helpful in taking LWN to the next level, and we can continue our march toward 4000 subscribers (and beyond). If it's not, well...
We're optimistic. We came out of the "mini expiration" last spring (when the first set of six-month subscriptions ran out) with as many subscribers as we had going in. With luck, the same will hold true this time.
Please note that, if you signed up for an automatic monthly subscription, you, too, will have to renew it. Some businesses, once they get your credit card, feel entitled to keep charging to it until you show up on the premises with a baseball bat and make them stop. We've never felt we had that right, so automatic subscriptions include a maximum number of authorized charges. That maximum was capped at twelve months (we've since raised it to 24), and will be running out for those of you who subscribed a year ago. Many of you will have already received the "last charge" message we send when the authorized payments run out. Renewing is just a matter of going to the My Account page and enabling more charges.
The rest of you will not get mail from us until your subscription actually ends and the grace period begins.
Many of you, however, will not get mail from us at all. We have never made any attempt to force people to give us a real email address when they set up an account; if you really don't want us to have it, we can live with that. But, if we do not have your email address, we cannot communicate with you regarding subscription expiration. Some of you may also lose our email because your mailboxes are full of SoBig output; we also simply do not have the time to be feeding cookies to challenge/response systems. If any of the above situations apply to you, please keep an eye out for the "renew your subscription" link that will show up in the left column. Or just head over the the "My Account" page and top up your subscription ahead of time.
Finally, please note that we will soon stop offering automatic monthly subscriptions at the "starving hacker" level. When we make credit card charges that small, the processing fees eat up a substantial amount of the money we get. Honestly, we'd rather that subscriber money (your money!) went to us, rather than credit card processing companies. The "starving hacker" level will continue to exist, but subscriptions will need to be prepaid at least three months at a time. Existing monthly subscriptions at that level will not be affected as long as they are maintained.
Once again, please accept our thanks for supporting LWN so strongly over the last year. We will continue to try to show our appreciation by making LWN the best resource that it can be.
Security
Brief items
The police tap JAP
The Java Anonymous Proxy project is developing a proxy system which enables users to access web sites in an anonymous manner. The JAP code is distributed under a BSD-like license. The JAP project also runs a set of servers which provide the actual anonymous web access.It turns out, however, that access is not always anonymous; the JAP system went down for a few days in mid-August for the addition of new "security features." Those features, it seems, include a means by which the German police can determine the real originating IP address for accesses to a destination site of their choice. This access requires the usual formalities - court orders and such - but it does, regardless, violate the spirit of an anonymous proxy system. This is the sort of thing that users of an anonymous proxy are trying to get away from.
Since JAP is free software, people who were paying attention were able to see the new "security features" as they were checked in to the CVS repository. This transparency is, of course, one of the reasons why we like free software in the first place. We should remember, however, that there was nothing forcing the JAP developers to commit their changes to a public repository, and there is still no assurance that the JAP servers are running the same software as that found in the repository or on the download site. Entrusting your privacy to a remote system over which you have no control remains a risky thing to do.
See the JAP project's press release for more information on this incident.
The most over- and under-rated vulnerabilities
ITSecurity.com has published a look at the most over- and under-rated vulnerabilities, as determined by Harris Corporation. The list is worth a look; it is an attempt to clarify where the real risks lie. Besides, a couple of the entries are rather amusing.So what are the overrated vulnerabilities? A few selections from the list include:
- PGP vulnerabilities. As the authors assert, there is no known
case of somebody having actually broken PGP's encryption.
- SNMP; "
As long as the default community strings have been changed, SNMP should be fairly safe. Actual exploitation using SNMP has been rare.
" - Cross-site scripting. Actual cross-site scripting exploits
are rare; there is usually a more direct route to what the crackers
want.
- Gopher vulnerabilities. Evidently some people are still concerned about Gopher holes.
So, rather than running out to patch that Gopher server, what should you really be worried about? The list includes:
- Remote procedure call vulnerabilities. RPC remains dangerous,
and certainly should not be exposed to the internet.
- Wireless networks which are easy to find and penetrate, and
which often live inside firewalls.
- Keystroke loggers and spyware.
- WebDAV servers. This one makes the list mostly due to the potential of compromising the web server, and (on Windows, at least) thus the whole machine.
Interestingly, virus-susceptible email systems do not make the list, despite the fact that this type of vulnerability has probably created more in the way of security costs - especially recently - than any other. Clearly this vulnerability is underrated, given that it remains unclosed after all these years. Risk, evidently, is still in the eye of the beholder.
New vulnerabilities
GDM allows local user to read any file
| Package(s): | GDM, XDMCP | CVE #(s): | CAN-2003-0547 CAN-2003-0548 CAN-2003-0549 | ||||||||||||||||
| Created: | August 21, 2003 | Updated: | August 29, 2003 | ||||||||||||||||
| Description: | GDM is the GNOME Display Manager for X.
Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root when examining the ~/.xsession-errors file when using the "examine session errors" feature, allowing local users the ability to read any text file on the system by creating a symlink. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0547 to this issue. Additional problems may be found in the X Display Manager Control Protocol (XDMCP) which allow a denial of service attack (DoS) by crashing the gdm daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0548 and CAN-2003-0549 to these issues. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
libpam-smb: exploitable buffer overflow
| Package(s): | libpam-smb, pam-smb | CVE #(s): | CAN-2003-0686 | ||||||||||||||||||||
| Created: | August 26, 2003 | Updated: | October 1, 2003 | ||||||||||||||||||||
| Description: | libpam-smb is a PAM authentication module which makes it possible to authenticate users against a password database managed by Samba or a Microsoft Windows server. If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the process which invokes PAM services. See this advisory for more information. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
sendmail: bad DNS reply causes crash
| Package(s): | sendmail | CVE #(s): | CAN-2003-0688 | ||||||||||||||||||||
| Created: | August 26, 2003 | Updated: | October 1, 2003 | ||||||||||||||||||||
| Description: | There is a potential problem in sendmail 8.12.8 and earlier sendmail 8.12.x versions with respect to DNS maps. The bug did not exist in versions before 8.12 as the DNS map type is new to 8.12. The bug was fixed in 8.12.9, released March 29, 2003. See this advisory for more information. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
vmware-workstation: vulnerability allows full host access
| Package(s): | vmware-workstation | CVE #(s): | CAN-2003-0480 CAN-2003-0631 | ||||||||
| Created: | August 25, 2003 | Updated: | September 2, 2003 | ||||||||
| Description: | According to this
advisory vulnerabilities exist in VMware GSX Server 2.5.1 and earlier,
and in VMware Workstation 4.0 and earlier releases. "By manipulating the VMware GSX Server and VMware Workstation environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched. The user would then have full access to the host." See also CAN-2003-0480 and CAN-2003-0631 | ||||||||||
| Alerts: |
| ||||||||||
Resources
Developing secure programs (developerWorks)
David A. Wheeler begins a new security column series on developerWorks. "This first installment of the Secure programmer column introduces the basic ideas of how to write secure applications and discusses how to identify the security requirements for your specific application. Future installments will focus on different common vulnerabilities and how to prevent them."
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current development kernel is 2.6.0-test4, which was released by Linus on August 22. This large patch includes several hundred changesets, including numerous networking fixes, a new free_netdev() method for networking drivers (see below), a new cpumask_t type for systems with more processors than bits in a long integer, a CONFIG_BROKEN option to control access to drivers known to be broken, a magic, fast new strncpy() implementation, the addition of wireless statistics to sysfs, Twofish and Serpent support for IPSec, a bunch of power management code, new sysfs attributes to control scanning of SCSI devices, a number of IDE patches, a new sysfs "attribute group" mechanism which enables the addition of attributes in a safer way and with less boilerplate code, an ALSA update, and a mind-numbing array of other fixes and updates. See the long-format changelog for the details.As of this writing, Linus's BitKeeper tree contains only a handful of fixes. Linus is currently on vacation, so patches are not currently being merged.
The current stable kernel is 2.4.22, released by Marcelo on August 25. Marcelo is not resting, however; he has already put out 2.4.23-pre1, which includes a merge of the IP virtual server code, an LVM update, various driver updates, a possible first step toward the eventual inclusion of XFS, and a number of fixes.
Kernel development news
dev_t expansion status
The expansion of the dev_t type to 64 bits has been stalled for a few months now. Most of the work, it seems, has been done, but the patches have yet to find their way into the mainline kernel. Among other things, the dev_t expansion has been held up waiting for another set of patches from the elusive Alexander Viro. Mr. Viro still only surfaces rarely on the mailing lists, but it seems he has been busy; a set of large dev_t patches has turned up in 2.6.0-test4-mm2.Many of the patches are essentially cleanups, such as removals of final uses of the kdev_t type which can be replaced with something else. After all, if a piece of code does not use device numbers at all, it should not run into trouble if the size of those numbers changes. Others begin to address more problematic code; for example, the JFFS filesystem incorporates device numbers directly into its on-media data structures; a change in the device number size would make older filesystems unreadable. In this case, for now, the (16-bit) size of this field has been made explicit.
Some of the patches take care of some (seemingly) unrelated block device layer cleanups. A few things, it seems, didn't work quite as well as expected once Al went back and took another serious look at the code.
Then, there is a simple addition to <linux/fs.h>:
static inline unsigned iminor(struct inode *inode)
{
return minor(inode->i_rdev);
}
This little function is the subject of the largest patch in the series: it replaces references to inode->i_rdev in a vast number of drivers and a few filesystems as well. The purpose, of course, is to allow access to the minor number of the device behind an inode without requiring any knowledge of how that number is actually stored within the inode. Not surprisingly, there is also an imajor() helper function.
Al mentions another series of patches which have not yet made an appearance. They will include a change to the inode structure, turning the i_rdev field into a dev_t type (from kdev_t). At that point, the addition of all those iminor() and imajor() calls will make sense; code using those calls will be unaffected by the inode structure change. There will also be patches to ensure that the conversion of device numbers between the internal representation and that used on-disk by filesystems is done properly.
So the expanded dev_t project is moving forward once again. This is an important feature to have in 2.6, so this is a good thing. There is, however, a large set of fairly invasive patches coming which may bring a surprise or two when it hits the 2.6.0-test mainline. (The actual patches can be seen in the 2.6.0-test4-mm2 patch, or separately on kernel.org; a good place to start is Al's overview of the patch series).
The ongoing interactive scheduling effort
The interactive scheduling response of the 2.6.0-test kernels is a controversial topic. Some (including your editor) find the recent kernels to be noticeably more responsive than the 2.4 series; others complain loudly. It does seem that, despite the fact that some users are happy, the job is not yet entirely finished.Con Kolivas has continued to produce his scheduler patches, which concentrate mostly on tweaking the interactivity estimation code. The basic idea remains that, if the system can get a good handle on which tasks are truly interactive, it can then be made to do the right thing. In many cases, that appears to be the case. Andrew Morton has, however, recently called for Con to take a step back and rethink things after being made aware of some significant performance regressions that appear to have been caused by the scheduler patches:
Con did some quick testing and narrowed the problem down to Ingo Molnar's latest interactivity patch. There does not, as yet, appear to be a real understanding of what is going on, however.
Con has also recently posted a lengthy document on how the scheduler works and what changes his patches have made.
Nick Piggin is, perhaps, best known for scheduling disks - he is the author of the anticipatory I/O scheduler in 2.6.0-test. Nick recently decided to get into the CPU scheduler tuning game, and has started posting patches; his most recent is Nick's scheduler policy v7. These patches take a different approach, starting by hacking out almost all of the code that tries to calculate interactivity. They remove almost as much code as they add.
The key part of Nick's policy seems to be the manipulation of time slices. Processes at different priority levels get very different time slices - much more so than with the current scheduler. Time slices also depend on what else is running; if there aren't any high priority processes waiting to run, lower-priority processes will get larger slices. Process priorities also vary more quickly, allowing processes which sleep a lot to get back into the CPU quickly. Finally, this patch restores the "priority transfer" idea: when one process wakes another, a portion of the waking process's priority (and time slice) is given over to the process being awakened. This feature helps to keep the X server responsive. With Nick's patch, the X server benefits from being given a higher priority; this is not the case with Con's scheduler patches.
Getting scheduling right is hard, as can be seen by the amount of effort being put to the problem. By many accounts, 2.6 will be better than earlier kernels in this regard. But it would not be surprising if developers were still trying to improve it long after 2.6.0 is released.
Freeing network devices safely
Recent development kernels include a great deal of networking information under /sys/class. For the moment, it is mostly physical layer stuff, but one should expect more information to show up there over time, as it migrates out of /proc/sys. The current networking sysfs files draw their information from the interface's associated net_device structure. That scheme works nicely, in that network drivers need not concern themselves with providing the sysfs infrastructure; it just sort of happens. But consider what happens if a suitably privileged user executes something like:
rmmod e100 < /sys/class/net/eth0/statistics/tx_bytes
This command will keep the indicated sysfs file open past the time when the module containing the net_device structure behind that file is removed from the system. Unless special care is taken, the open file will be left pointing to structures which no longer exist, leading to all kinds of potential trouble. Most drivers do not take that care.
Until 2.6.0-test4, that is. After a series of patches by Stephen Hemminger, drivers are expected to use kmalloc() to create net_device structures dynamicly. Most drivers already worked that way; the difference now is that drivers can no longer just return those structures with kfree() when they are no longer needed. Instead, there is a new function which is used to get rid of a net_device structure:
void free_netdev (struct net_device *dev);
This function, of course, helps the networking system maintain reference counts for net_device structures, and avoid freeing them until they are truly unused. This whole structure is relatively simple, but it demonstrates, again, the higher level of care required to avoid creating race conditions in the 2.6 kernel.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Networking
Security-related
Benchmarks and bugs
Page editor: Jonathan Corbet
Distributions
News and Editorials
Red Hat Based Live CDs
[This article was contributed by Ladislav Bodnar]
Bootable live Linux CDs have been around for several years, but it wasn't until the appearance of Debian-based Knoppix with its excellent hardware auto-detection and superior on-the-fly decompression that the concept really took off. The original idea was quickly expanded and many specialist and customized derivatives of Knoppix were born in the months after the first public release of the original Knoppix live CD. Probably the best place to find out about these projects is the knoppix.net community web site and its Knoppix Customizations page, which now lists no fewer than 56 live CDs, all based on Knoppix.But what about those users who are more familiar with Red Hat Linux and its configuration tools? With the enormous diversity of the Linux ecosystem, it would be surprising if there were no Red Hat-based live CDs, and indeed, a search around the Internet reveals several interesting projects. Some of them are excellent, quality products which would stand proud in comparison with Knoppix. Let's take a brief tour of these projects, which include ADIOS Linux Boot CD, Cool Linux CD, RPM Live Linux CD and The SuperRescue CD.
ADIOS Linux Boot CD dc.qut.edu.au/adios is an impressive project by the Queensland University of Technology in Brisbane, Australia. The boot CD is essentially a modified Red Hat Linux 8.0 with kernel 2.4.19 and GNOME, KDE and IceWM desktop environments, but the CD also includes some interesting applications to compliment the original distribution. Some of the more noteworthy ones are:
- LIDS, a kernel patch and administration tool to enhance the Linux kernel security;
- squashfs, a highly compressed read-only filesystem for Linux using zlib compression to compress files, inodes and directories;
- IPsec (short for IP security), a set of protocols developed by the Internet Engineering Task Force to support secure exchange of packets at the IP layer;
- User Mode Linux, a safe and secure way of running Linux versions and Linux processes inside a virtual machine.
Cool Linux CD emergencycd2.sourceforge.net is a "cool" hobby project by Andrei Velikoredchanin, a system administrator in a small town in central Russia. It all started in June 2002 as an after-hour Linux experiment using the company's computers (since Andrei couldn't afford to buy his own) and developed into a product called "Emergency CD", followed by Cool Linux. An interesting aspect of Cool Linux is that it comes with useful software normally left out from other similar live CDs due to space limitations or other reasons, such as Blender, NVIDIA drivers and VMware (trial edition). Both KDE and GNOME are missing, but the much faster IceWM is more than capable of providing users with a clickable interface. The latest version of Cool Linux comes with a choice of two kernels - either a vanilla 2.4.22 or a patched 2.4.20-wolk (Working Overloaded Linux Kernel), a choice of common screen resolutions before boot, as well as automatic hardware detection and XFree86 configuration. Cool Linux is an expertly designed general purpose live distribution for workstations. The first release candidate of the upcoming version 2.3 was released earlier this week and the 598MB ISO image can be downloaded from its SourceForge project page.
RPM Live Linux CD nwst.de/livelinuxcd is a server oriented, Red Hat-based distribution with support for clustering. Developed by D. Westfall, the live distribution's primary purpose is to provide a quick and dirty Linux system without any graphical environment. The CD includes openMosix kernel 2.4.20-openmosix as well as OpenMosixTools, which together allow for building of "instant clusters". The latest version of RPM Live Linux CD is 1.0 beta (82MB), released two weeks ago, but the author also provides an extensive HOWTO for building custom live CDs for specialist purposes, such as rescue CDs, routers, intrusion detection systems, cluster nodes or dedicated servers.
The SuperRescue CD www.kernel.org/pub/dist/superrescue is one of the oldest live CD distributions and, as its name suggests, it is designed specifically for emergency situations. At two CDs of 560MB each it is also one of the largest. SuperRescue is developed by H. Peter Anvin, a well-known developer of many essential Linux utilities, such as SYSLINUX. The SuperRescue project does not have a proper web site, but some basic information is available on its Freshmeat project page and in this brief LinuxPlanet review, while technical support is provided via mailing lists. The latest version of SuperRescue is 2.1.2, which is based on Red Hat Linux 7.x.
There are other live CDs with RPM package management, although not necessarily based on Red Hat. The best known among them is SuSE Live-Eval which is mainly designed for testing and evaluation purposes of the full commercial edition of SuSE Linux prior to purchase, but it can of course serve as a useful rescue disk. Also worth noting is Virtual Linux, which is a Mandrake-based live CD and although the project is no longer in development, the last release can still be downloaded from its SourceForge project page. Japan's Linux MLD has also developed an RPM-based live Linux CD for the domestic market.
In summary, if familiarity with Red Hat Linux dictates your preference for Linux live CDs, then ADIOS, Cool Linux and RPM Live Linux CD are probably the best choices. Each of them is targeting a different segment of the market, but all of them are worthy of being added to your collection of Linux rescue and demo CDs.
Distribution News
Debian GNU/Linux
The Debian Weekly News for August 26, 2003 is out, with another look at LinEx, software patents in Europe, the next Debian release, Debian Birthday Party Aftermath, and much more.Core PAM packages have been uploaded to unstable. This upload addresses the longstanding issue of central management of PAM authentication/password services in Debian. These packages are in need of further testing so they can be included in the Sarge release.
A new mailing list has been created to help track release critical bugs, and hopefully squash them more quickly.
DebianPlanet has updated instructions for backporting Gnome 2.2 on a Woody system.
Gentoo Weekly Newsletter -- Volume 2, Issue 34
The Gentoo Weekly Newsletter for the week of August 25, 2003 is out. This edition looks at new experimental LiveCDs and stages released for the AMD64 platform; Gentoo Forums reach several new milestones; and more.Mandrake Linux
LinuxQuestions.org has announced a new Mandrake Linux forum.Slackware Linux
This week at Slackware Linux there has been some general cleanup to the slackware-current branch, as seen in the slackware-current changelog.
New Distributions
Onebase Linux
Onebase Linux (OL) is an independent meta source distribution created in July 2003. It is powerful, transparent and free. The installation, packages and configuration are managed by an in-house integrating technique called Onebase Linux Management (OLM). Even though Onebase Linux is a source distribution, it is designed to be easy for novice Linux users and even for fresh Windows converts. The first public release of Onebase Linux, version 1.0 beta, was announced July 24, 2003.Echelon Linux
Echelon Linux is a Knoppix based Linux distribution designed to monitor and to manage your network. It features IDS (intrusion detection system), vulnerability scanning, and services monitoring. Echelon Linux configuration can be defined via a Web interface. Initial version 0.1 was released August 26, 2003.
Minor distribution updates
2-Disk Xwindow embedded Linux
Mungkie Associates has released 2-Disk Xwindow embedded Linux version 1.2.0 (source code) with minor feature enhancements. "Changes: https and SSL have been implemented in less than 110Kb. Some cookie bugs have been fixed. Other things have been updated to recent versions. The stuff algorithms have been updated. The changelogs have been erased."
Rock Linux
Rock Linux has released v2.0.0-camp with major feature enhancements. "Changes: Many setup tool (STONE) improvements, various new and updated packages including JPEG 2000 support, preliminary x86-64 and ARM support, SPARC64 build fixes, and IBM rs6k related adaptations, as well as various build script cleanups and fixes, including cluster build improvements."
dRock v2.0.0-camp is also
available, with major feature enhancements. "Changes: This released
is based on ROCK Linux 2.0.0-camp (the release done during the Chaos
Communication Camp in Berlin/Old Europe). It includes major feature
enhancements and bugfixes, and support for architectures like SPARC and
PowerPC/rs6k.
"
Slackware Live CD
Slackware Live CD has released v2.9.0.21 with major feature enhancements. "Changes: This release now includes the 2.4.21 kernel, KDE 3.1.3, mplayer 0.91, kopete 0.71, and k3b 0.9. initrd now only uses 13 MB for the RAM disk, Apache, PHP, MySQL, mutt, procmail, and APM are started automatically, and dbdiff (configsave) was rewritten for improved speed."
stresslinux
stresslinux has released v0.2.4 with minor feature enhancements. "Changes: smartmontools, lshw, x86info, and hddtemp have been upgraded to new versions, and the mk_bootstic package is now available for creation of bootable memory sticks or usb-floppy (LS120 or ZIP)."
Distribution reviews
Operating the ULB: SLES 8 on the Ultimate Linux Box (Linux Journal)
The Linux Journal "Ultimate Linux Box" series continues with this review of SuSE Linux Enterprise Server 8. "The installation manual goes so far as to describe how to set up a VNC client on Windows so you can install the SuSE system from a remote console in a heterogenous environment. The administration manual is detailed similarly. Both manuals have plenty of screenshots, footnotes and everything else a serious 500-server wrangler could want. Perhaps this might be a bit overwhelming for a newbie, but SLES 8 is no newbie's distribution."
The Penguin in the Apple (Linux Journal)
This Linux Journal article covers the process of installing Gentoo Linux on a PowerBook. "I successfully installed Gentoo Linux on the PowerBook, and the procedure was quite straightforward even if there are some issues to keep in mind. The tested machine is a Titanium PowerBook with a PowerPC G4 800MHz processor, 512MB of memory, 40GB of hard disk space, 15" screen (1280x854 pixels), Radeon Mobility 9000 video card, Gigabit Ethernet and wireless Airport card integrated. You can follow the PPC general instructions on the Gentoo site to install Gentoo Linux. For the rest of this article, I focus only on Titanium-specific configurations."
Red Hat Enterprise Linux 3.0: Beta Test Drive (eWeek)
eWeek takes Red Hat Enterprise Linux 3.0 Beta (Taroon) for a test drive. "Taroon ships with the XFree86 4.3 graphics subsystem, as well as with GNOME (GNU Network Object Model Environment) 2.2 and KDE (K Desktop Environment) 3.1.2. It also the OpenOffice.org 1.0.2 office productivity suite, Ximian Evolution 1.4.3 mail client and Mozilla 1.4 Web browser."
Page editor: Rebecca Sobol
Development
PostgreSQL donates Database Replication software
PostgreSQL, Inc has announced that it has contributed version 1.0+ of its eRServer database replication software to the open-source community.![[PostgreSQL]](https://static.lwn.net/images/ns/postgresql.jpg)
The company has a policy of relicensing its commercial software
two years after its commercial release, eRServer has
been made available one month ahead of that schedule.
"*All* proprietary developments that we are involved in
*will* become open source within two years of implementation,
without exception.
"'
The eRServer software will be released under the BSD license.
The company's president, Marc Fournier warns of the
possible difficulties involved with using the replication software,
and suggests that users consider purchasing their commercial support.
"replication can be an extremely
complex area for programming in enterprise systems - so even the more
advanced database users should expect to invest a good deal of
development time and effort in properly deploying this software.
"
This will be a welcome addition to the arsenal of open-source database tools, the company should be commended for their actions.
System Applications
Audio Projects
Updated AudioSlack Packages
A new set of packages is available for AudioSlack, a project that packages audio applications for Slackware Linux. "It has been a long time, with many bug fixes, however I am glad to say that there are many updates available on the site. Most of the software has been updated, including Ardour, ALSA, Jack, MusE and toolkits like FLTK."
Ogg Traffic
The August 20, 2003 edition of Ogg Traffic is out with the latest Ogg Vorbis audio compression software news. "It's been far too long, but I've finally managed to put together a new issue of Ogg Traffic, and it's an exciting one: The Neuros project is complete, a Vorbis bugfix release is appearing on the horizon, and more."
Planet CCRMA Changes
This week's changes from the Planet CCRMA audio packaging project include a repository cleanup and new versions of several audio applications.
Clusters and Grids
J2EE Clustering with JBoss (O'ReillyNet)
Ivelin Ivanov writes about JBoss 3.2.2 on O'Reilly. "In a recent article, Bill Burke and Sacha Labourey explained the key components of JBoss 3 clustering. We will now present several new clustered services recently introduced in JBoss 3.2.2, which was not yet released at the time of the writing of that article."
Database Software
PostgreSQL Weekly News
The PostgreSQL Weekly News for August 21, 2003 is out. "Slow and steady must have been the motto this week, as folks continued with their beta testing efforts. Nothing earth shattering was discovered, but there were certainly enough items to keep folks busy."
Electronics
Gerber Viewer 0.14 released
Version 0.14 of Gerber Viewer has been announced. Gerber viewer is a utility for previewing Gerber formatted printed circuit board description files. This release features several bug fixes. The project is also in need of some volunteer work.
Mail Software
Email Encryption with Thunderbird and Enigmail (MozTips)
MozTips shows how to use encryption with Mozilla Thunderbird. "I have written up a series of five articles on using email encryption with Mozilla Thunderbird and the Enigmail Plugin."
Peer to Peer
Gtk-Gnutella 0.92.1 is out! (GnomeDesktop)
Version 0.92.1 of Gtk-Gnutella, a peer-to-peer file sharing client, has been announced. This release includes many bug fixes and some new capabilities.
Printing
LinuxPrinting.org news
The LinuxPrinting.org site mentions the availability of a bugfix version of foomatic-rip that fixes an infinite loop problem. "Everyone who has downloaded foomatic-rip or installed/updated the foomatic-filters package from the CVS in the time from August 1 to August 21 should download the current foomatic-rip or update foomatic-filters from CVS to get the problem fixed."
Web Site Development
Aegir CMS 1.0 released
Version 1.0 of Aegir CMS has been released. "Version 1.0 marks an important milestone in the development process. Aegir CMS is derived from the successful Nadmin Studio codebase and is developed by an international group of Open Source developers. The application is available under the GNU General Public License (GPL). Aegir CMS runs on top of the Midgard Content Management Framework built on the Linux, Apache, MySQL and PHP (LAMP) platform."
Analog 5.91 beta1 released
Version 5.91 beta 1 of Analog, a web server logfile analyzer, has been released. This version now supports zipped and bzipped log files, see the whatsnew document for a full list of changes.Chiba 0.9.1 released (SourceForge)
Version 0.9.1 of Chiba has been announced. "This is mainly a maintainance release which fixes some issues with the installation. Namely the xerces + xml-apis have been added again to the war-files. Other modifications are limited to smaller corrections to Schema2XForms builder, import statements and javadoc. Chiba provides an implementation of the W3C XForms standard, thereby delivering generic, xml-based form-processing for the web."
Gallery v1.4 RC 1 Available (SourceForge)
Version 1.4 RC 1 of Gallery, a PHP-based web site photo management system, has been released. "This new version premieres some major new features: Gallery is now multilingual, and can be displayed in 18 different languages, with more on the way! In addition, we've overhauled the documentation and made it more accessible and more informative. Other changes include ownership at the image level, not just the album level, and a whole slew of minor improvements and bugfixes."
phpWebSite 0.9.3-1 Stable Released! (SourceForge)
phpWebSite 0.9.3-1 Stable is available. "The phpWebSite development team has released version 0.9.3-1 of its popular content management system. The main purpose of this release is to address the recently discovered security vulnerability issues that were posted across many security forums. Fixes for the XSS, DOS, and SQL injection problems are all included. Many other updates have been made to the core, providing the ability to run phpWebSite in SSL mode."
Tiki 1.7.1.1 -Eta Carinae- released (SourceForge)
SourceForge has the announcement for TikiWiki 1.7.1.1, a web-wiki platform. "This release offers various bugfixes and improvements. All Tiki sites (1.6, 1.7) are recommended to upgrade to this stable version. Affected features: challenge/response feature, email validator, translations, page description, HAWHAW toolkit, HotWords, category listing, LDAP authentication, forum threads, caching URLs with common binary file, TikiHelp? links & various theme and visual fixes."
Better Search Engine Design: Beyond Algorithms (O'Reilly)
Peter Van Dijck covers search engine design details on O'Reilly. "A useful search engine is more than a search algorithm. This article explains how to create a search query analysis tool, a best bets feature, and a basic controlled vocabulary. We'll use MySQL for the examples."
Host-Hopping Scripts in Python (Linux Journal)
Mark Nielsen explains how he used SSH, Python and Expect to extract and analyze web log files from a variety of machines. "I provide telecommute consulting for a company called Crisp Hughes Evans (CHE) in Asheville, North Carolina. They needed a way to download Web logs from Apache, Zope and Plone Web sites, which were developed internally by employees, and Squid Proxy servers, which were running behind firewalls on client LANs that CHE set up."
Miscellaneous
GNOME System Tools 0.27.0 hits the street! (GnomeDesktop)
Version 0.27.0 of the GNOME System Tools is available. "This new release (amongst other goodies and lots of bugfixing) has exciting features such as remote configuration through SSH and a fresh and more UI-clean s/runlevel/services/ tool."
Desktop Applications
Audio Applications
ecamegapedal 0.4.3 released
Version 0.4.3 of ecamegapedal, a real-time audio processing utility, has been released. "Bugs in build process were fixed. Support for transport functionality in JACK 0.77.0 and newer has been added."
FluidSynth 1.0.3 released
Version 1.0.3 of FluidSynth has been released with a number of bug fixes. "FluidSynth is a real-time software synthesizer based on the SoundFont 2 specifications. It is a "software synthesizer". FluidSynth can read MIDI events from the MIDI input device and render them to the audio device. It can also play MIDI files."
Desktop Environments
KDE-CVS-Digest
The August 22, 2003 edition of the KDE-CVS-Digest is available. "Kstars is using a new free star map, and telescope interface is improved with wizards. KGhostview (pdf viewer) now has a thumbnail preview. A new Khotkeys is in the works. Korganizer is improved with work on drag and drop, alarms and todo lists. The trash icon is cleaned up. Khtml caret navigation is almost completed. The KDE dialogs can now be used by non-KDE applications."
KDE Traffic
The August 23, 2003 edition of KDE Traffic is out with the week's KDE development news.Xfce 4 RC 3 available
Version 4.0 RC3 of the Xfce 4 desktop has been released. "Xfce 4.0-rc3 is the third release candidate for the next generation of the XFce desktop environment. If no show stopper is found in this is release candidate, it is intended to become 4.0."
Project Mad Hatter Screenshots (GnomeDesktop)
GnomeDesktop.org looks at Sun Microsystems' Project Mad Hatter desktop environment. "Available this fall, Project Mad Hatter will offer a new but familiar desktop operating platform based on Linux. A Solaris OS edition will be ready shortly thereafter."
Financial Applications
BIE 5.5.0 (beta) released (SourceForge)
Version 5.5.0 beta of the Business Integration Engine (BIE) is available. "New features in BIE 5.5 include a new plug-in architecture allowing the addition and removal of features without restarting; support for EDIFACT and HL7 document formats; HTTP Post and Run Command actions; enhancements to the transaction log viewer and message schema generator; and a number of new macros for unit conversions were also added to the Map Builder tool. The Business Integration Engine (BIE) is a full Java-based application to application integration server."
GNUe Traffic
Issue #95 of GNUe Traffic is online. Topics include: Impact of improving unicode support on other parts of GNUe, Licensing implications of writing applications in GNUe, and 0.5.1 packaged as a setup.exe for Microsoft Windows.
Games
New game for GNOME - Monster Masher (GnomeDesktop)
GnomeDesktop.org covers the new game, Monster Masher. "A new action game designed for and programmed with GNOME technology has landed! It is called "Monster Masher" and is about saving the world of the gnomes. The hero is a little gnome with levitational powers (and dirty feet!)."
Graphics
Gmsh 1.46 released
Version 1.46 of Gmsh, a three-dimensional finite element mesh generator, has been released. See the VERSIONS file for change details.PyX 0.4 released
Version 0.4 of PyX, a Python graphics package for creating PostScript images, has been released. See the Change Log file for more information on this release.
GUI Packages
Text console port of GTK+ (GnomeDesktop)
GnomeDesktop.org reports on Cursed GTK. "Cursed GTK is a text console port of GTK+ (The Gimp Toolkit) based on ncurses. Allows to run X applications using gtk-2.0 on a text console (without framebuffer)."
Instant Messaging
Gnome Jabber 0.3 Released (GnomeDesktop)
Version 0.3 of Gnome Jabber has been released. "New features include Group Chat and a few more translations."
News Readers
slrn 0.9.8.0 released (SourceForge)
Version 0.9.8.0 of slrn, the S-Lang read news, is available. "The new version of slrn finally has been released. It has an impressive list of changes, including the long-awaited true offline reading functionality. I also integrated a lot of patches and want to thank everyone who made a contribution."
Office Applications
Gnumeric 1.1.20 released
Gnumeric 1.1.20 aka 'Dryden' is now available. This release of GNOME's spreadsheet is huge, and loaded with bug fixes, new and improved documentation, a better text importer, and more.
Web Browsers
Independent Status Reports (MozillaZine)
The Mozilla project's Independent Status Reports for August 22nd, 2003 are online.Project Orb Documentation Effort Launches (MozillaZine)
A new Mozilla documentation project has been launched. "Project Orb intends to document to end users how to use and configure the Mozilla app suite, Mozilla Firebird, and Camino. The project is located at http://sourceforge.net/projects/projectorb/."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The mozilla.org staff meeting minutes from August 18, 2003 are online. "Issued discussed include the Mozilla Foundation, Mozilla 1.5 Beta, Mozilla Firebird 0.7, Mozilla Thunderbird 0.2, Talkback, the new test matrix and Mozilla 1.4.1."
Minutes of the mozdev Admin Meeting (MozillaZine)
MozillaZine points to the minutes from the latest mozdev Admin Meeting. "David Boswell of mozdev writes: "It seemed like such a good idea when mozilla.org started posting their meeting notes to MozillaZine that we decided to do the same."
Word Processors
AbiWord Weekly News
Issue #158 of the AbiWord Weekly News has been published. Here's the summary: "Enchant releases 0.2.0 (with special request to HSpell fans) during the viral storm of naught-three, while the call for binary builders screams over all the noise. If you like a platform and want AbiWord II: The Wrath of Dom to have a binary release for it, now would be a good time to jump in (whatever happened to our AIX binary ;o). Also, a note about documentation and some help for Gentoo users."
Miscellaneous
gFTP: 2.0.15 has been released.
Version 2.0.15 of gFTP, an ftp client, has been released. This version features bug fixes, performance improvements, and new features.Isabella: a GPL calligraphic font (GnomeDesktop)
GnomeDesktop.org has an announcement for a new caligraphic font for GNOME. "I've just released version 1.0 of my calligraphic font, called Isabella because it's based on the hand used in the Isabella Breviary (written around 1497)."
Workrave 1.4.0 released
If you suffer from repetetive stress injuries (RSI), take a look at Workrave, a cross-platform RSI recovery and prevention program. Version 1.4.0 has been released. "The most interesting changes in this version include: exercises, new translations (Polish, Danish and Spanish), multi-head support, support for disabling breaks, the content of the status window has been made configurable, improved (flickerfree) blocking mechanism on Windows."
Languages and Tools
Caml
Caml Weekly News
The August 19-26, 2003 edition of the Caml Weekly News has been published, take a look to see what's been happening with the Caml language.The Caml Light / OCaml Hump
The Caml Light / OCaml Hump site features a number of new Caml language applications including new versions of GODI: a source-based O'Caml distribution, Taglet: an OCaml tag file generator, OCamlODBC for connecting Caml to databases, and more.
Java
JFreeReport 0.8.3f released (SourceForge)
Version 0.8.3f of JFreeReport has been released. "It contains more bugfixes to JFreeReport while waiting on the next real release. JFreeReport is a Java class library for generating reports. It provides a flexible printing functionality for Java applications and supports output to Printers and PDF, Excel, HTML and XHTML, PlainText, XML and CSV files. To give everybody a reason to upgrade, this version now contains a progress monitor dialog for all gui report-operations. The reporting is also no longer so selfish to block the entire event dispatcher while processing the report..."
Memoization in Java Using Dynamic Proxy Classes (O'Reilly)
Tom White discusses memoization in Java. "Memoization is a technique borrowed from functional programming languages like Lisp, Python, and Perl for giving functions a memory of previously computed values. Memoizing a function adds a transparent caching wrapper to the function, so that function values that have already been calculated are returned from a cache rather than being recomputed each time."
Perl
This Week on perl5-porters (use Perl)
The August 18-24, 2003 edition of This Week on perl5-porters has been published. "The Perl 5 porters are rather focused on perl 5.8.1 tuning and adjustments. Smokes, valgrind checks, modules updates, and regression bug hunting were among the main events of the week."
Cooking with Perl (O'Reilly)
O'Reilly has published some excerpts from the book Perl Cookbook by Tom Christiansen and Nathan Torkington. "The new edition of Perl Cookbook is about to hit store shelves, so to trumpet its release, we offer some recipes--new to the second edition--for your sampling pleasure. This week's excerpts include recipes from Chapter 6 ("Pattern Matching") and Chapter 8 ("File Contents")."
PHP
PHP 4.3.3 Released
Version 4.3.3 of PHP has been released. "After a lengthy QA process, PHP 4.3.3 is finally out! This maintenance release solves a fair number of bugs found in prior PHP versions and addresses several security issues. All users are strongly advised to upgrade to 4.3.3 as soon as possible." For a full list of new features and bug fixes, see the Change Log file.
PHP Weekly Summary for August 25, 2003
The PHP Weekly Summary for August 25, 2003 is out. Topics include: iCal extension, setrawcookie(), OS X 10.3 compile failure, gmmktime() function, 4.3.3 RC 4, informix extension.
Python
Dr. Dobb's Python-URL!
The August 25, 2003 edition of Dr. Dobb's Python-URL is out with a weeks' worth of Python language news and links.Python Library & Extension FAQ
An new Python Library & Extension FAQ has been published. "This is the last of the new FAQ files assembled from the old 240K FAQ. As usual, comments on existing answers and suggestions for new questions are welcome."
Smalltalk
Unix Squeak 3.6-beta6 available
Version 3.6-beta6 of Unix Squeak, a Smalltalk implementation, has been released. The changes are: "Problems with plugin and shared library searching fixed. Improved timing for Delays. Problem with 3-button mice on OSX fixed. Copy/paste compatibility problems fixed (thanks to Ned Konz). Updated OSProcessPlugin from Dave Lewis. Display/sound drivers are now dynamically loaded (and can be selected) at startup. New display driver for running on the Linux console. Rogue Mac OS X dependency on libiconv fixed. Dependencies on glibc2.3 in the 386 GNU/Linux version removed."
Tcl/Tk
Dr. Dobb's Tcl-URL!
The August 25, 2003 edition of Dr. Dobb's Tcl-URL is available with lots of Tcl/Tk resources and articles.
XML
Discover key features of DOM Level 3 Core, Part 2
Arnaud Le Hors and Elena Litani complete their series on DOM with part two. "In this two-part article, the authors present some of the key features brought by the W3C Document Object Model (DOM) Level 3 Core Working Draft and show you how to use them with examples in Java code. In this second part, they cover operations on the document, access to type information, and introduce you to the early implementation of this API in the Apache Xerces2 project."
Embedded Markup Considered Harmful (O'Reilly)
Norman Walsh writes about the hazards of XML escaped markup. "XML is pretty simple. There's plenty of complexity to be found if you go looking for it: if you want, for example, to validate or transform or query it. But elements and attributes in well formed combinations have become the basis for an absolutely astonishing array of projects. Recently I've encountered a design pattern (or antipattern, in my opinion) that threatens the very foundation of our enterprise. It's harmful and it has to stop."
IDEs
DrJava stable release (SourceForge)
SourceForge has the announcement for the latest stable release of DrJava. "DrJava is an integrated Java development environment that supports interactive evaluation of expressions. It is primarily intended for students, but it has features useful even for advanced users. This release includes many large new features, including the ability to test all open JUnit test files, easily run the main method of a program, find and replace across all open documents, and load a history file as a script that can be executed one line at a time."
Miscellaneous
Five Habits for Successful Regular Expressions (O'Reilly)
Tony Stubblebine gives some tips for dealing with regular expressions in Perl, Python, and PHP. "Regular expressions are hard to write, hard to read, and hard to maintain. Plus, they are often wrong, matching unexpected text and missing valid text. The problem stems from the power and expressiveness of regular expressions. Each metacharacter packs power and nuance, making code impossible to decipher without resorting to mental gymnastics."
Developing secure programs (IBM developerWorks)
David A. Wheeler introduces secure programming techniques in the first of a multi-part series on IBM's developerWorks. "This column explains how to write secure applications; it focuses on the Linux operating system, but many of the principles apply to any system. In today's networked world, software developers must know how to write secure programs, yet this information isn't widely known or taught. This first installment of the Secure programmer column introduces the basic ideas of how to write secure applications and discusses how to identify the security requirements for your specific application."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
The Quiet War Over Open-Source (Washington Post)
The Washington Post reports (registration required) on the squelching of a meeting about free software in the World Intellectual Property Organization. "Lois Boland, director of international relations for the U.S. Patent and Trademark Office, said that open-source software runs counter to the mission of WIPO, which is to promote intellectual-property rights. 'To hold a meeting which has as its purpose to disclaim or waive such rights seems to us to be contrary to the goals of WIPO,' she said." (Thanks to Joe "Zonker" Brockmeier).
Ed Felten on the Bunner ruling
Here is Ed Felten's take on the California Supreme Court's ruling that posting the DeCSS code is not protected by the first amendment. "Information about Enron's finances is of public concern, even though only accountants can interpret it in its raw form. Information about the Space Shuttle wing structure is of public concern, even though only a few engineers understand it fully. CSS is a controversial technology, and information about how it works is directly relevant to the debate about it. True, many people who are interested in the debate will have to rely on experts to explain the relevant parts of DeCSS to them; but the same is true of Enron's accounting or the Shuttle's engineering."
Companies
Novell posts loss, announces layoffs (News.com)
News.com covers Novell's third-quarter results. "[In] August, Novell acquired Ximian--a move designed to help its customers adopt Linux on the desktop. Although there was speculation Novell would nix its NetWare operating system in favor of Linux, Messman says that won't happen."
The patent nuclear weapon (ZDNet)
Here's a ZDNet column on IBM's use of software patents against SCO. "IBM is certainly justified in responding to SCOs challenge, given the threat that SCO poses to IBMs Unix business as well as the open source product upon which IBM is building its future. However, the fact that IBM is fully justified in defending itself doesnt change the fact that software developers should feel a bit queasy about the tactics it has chosen to use."
SCO CEO says IBM behind open source attacks (InfoWorld)
According to this InfoWorld article, SCO CEO Darl McBride sees the invisible hand of IBM behind the community's response to SCO's actions. "'We have absolute direct knowledge of this. If you go behind the scenes, the attacks that we get that don't have IBM's name on them, underneath the covers, are sponsored by IBM,' McBride said."
SCO's Evidence Raises Questions About Case (ECommerceTimes)
ECommerce Times has posted a story about the latest developments in the SCO case. "...Chris Sontag, SCO's senior vice president and general manager of SCO Source, told TechNewsWorld that the company has now unveiled the offending code and that it can be remedied. 'The vast majority of the code [in violation] is the derivative work from IBM, so that's a great place to start,' Sontag stated. 'We're talking about more than one million lines of code that can be remedied.'" This is actually an interesting thing for him to have said. It appears we now know the bulk of SCO's complaint. Even if SCO gets a court to agree that it owns everything that IBM allowed into the same room as Unix, and that IBM's release of that code was a breach of its contract with SCO, the fact remains that IBM released that code. It's not at all clear that SCO can call it back, or attack those who are making use of it.
SCO Defends Against Open Source Advocates (InternetWeek)
InternetWeek looks at SCO's difficulties. "But [SCOSource VP Chris] Sontag said the BPF routines were not intended to be an example of stolen code, but rather a demonstration of how SCO was able to detect 'obfuscated' code, or code that had been altered slightly to disguise its origins. The slide displaying the code should have been written differently to reflect that intention, he said." So SCO showed its resellers a demo of how Linux hackers were able to edit BSD-licensed source, and is no longer claiming that BPF was stolen.
Linux Adoption
Should the government adopt open-source technology? (Business Standard)
The (India) Business Standard is running a debate between Javed Tapia (Red Hat India) and Shailendra Kumar (Microsoft India) on whether the Indian government should use free software. "Additionally, security vulnerabilities in open-source software, which often go unnoticed with the limited scenarios that actually deploy open-source software, also often remain unaddressed for long periods of time because there is no central organisation driving development. Evaluating open-source software for security is a complex proposition."
Legal
DVD-copying code loses free speech shield (ZDNet)
ZDNet reports that the California Supreme Court has ruled (in the Bunner DVD case) that the "free speech" defense does not apply. "The ruling did say that software code like DeCSS should be afforded some strong First Amendment protection, even if trade secrets rights trumped free-speech shields in this particular case. However, the court cautioned that its decision was based on a very narrow reading of the earlier decisions, including the assumption that the original trial court had ruled correctly that the release of DeCSS had violated the industry coalition's trade secrets. The court ordered the case to be sent back to the appeals court level, where judges would review the trade secrets issue more closely."
How to muzzle SCO (Inquirer)
The Inquirer calls for an injunction to shut up SCO. "Red Hat's first serious barrier to successfully requesting a Preliminary Injunction against SCO's disparagement and interference in its business is that it has not seen and therefore cannot show a significant decline in its sales since March 2003 -- when SCO initiated its lawsuit against IBM and started its public campaign to trash Linux and Open Source."
Interviews
Torvalds Slams SCO (eWeek)
eWeek interviews Linus Torvalds about the SCO case. "They are smoking crack. Their slides said there are [more than] 800,000 lines of SMP code that are 'infringing,' and they are just off their rocker. The SMP code was written by a number of Linux people I know well (I did a lot of the SMP IRQ scalability myself, personally), so their claims are just ludicrous."
SCO's big legal gun takes aim (ZDNet)
ZDNet interviews SCO lawyer Mark Heise. "Section 301 of the Copyright Act says the Copyright Act pre-empts any claims that are governed regarding use, distribution and copying. We believe that although the GPL is being tossed into the fray, it is pre-empted by federal copyright law." Should you be interested in pursuing this further, Section 301 can be found over here.
Resources
Is a Linux supercomputer in your future? (NewsForge)
NewsForge looks at Linux clusters for small to medium businesses. "Modern clusters allow everything, including OS and application upgrades, to be scripted, so that the administration burdens are within the budget reach of mid-size universities and corporations. Intelligent queuing software is also starting to have an impact, because it allows jobs to be scheduled and dispatched to the right hardware at the right time without intercession by administrators. This also means that researchers and business people don't have to be computer scientists in order to figure out how to make their applications run efficiently."
Reviews
Bayonne bridges open source, telecom (NewsForge)
NewsForge has a detailed look at GNU Bayonne and the project behind it. "GNU Bayonne is a customizable telecommunications application server that can be used for a variety of telecom applications such as interactive voice response systems and telephone system administration tools. It facilitates the creation of telecom applications that can be directly integrated with traditional scripting languages and tools commonly found on free software platforms such as Linux."
The Concept of Security (Linux Journal)
Linux Journal reviews two books, Secrets of Computer Espionage: Tactics and Countermeasures and Linux Security Cookbook. "As I sat one morning working on some loose ends, my e-mail inbox signaled the arrival of some new message. Experience is the best teacher, and my experience told me this was a new worm or virus. The attachment was zipped, so I saved it to my Windows desktop and then FTPed it to one of my Linux boxes. Once there, I was safe to play with it the way a cat plays with a small mouse it caught."
What's new in GnuCash (NewsForge)
Joe Barr reviews GnuCash on NewsForge. "In addition to the nine standard reports and graphs having to do with income and expenses, there is now a separate menu listing six different business reports: customer, employee, and vendor reports, payables aging, receivables aging, and invoice printing. There are also ten reports on Assets and Liabilities, an Account Summary, a tax report, and a transaction listing. If that's not enough, you can write your own."
The need for speed (Tri-city Herald)
The Tri-city Herald (Washington state) covers a new Linux-cluster supercomputer. "The supercomputer from Hewlett-Packard uses nearly 2,000 of Intel's new Itanium-2 processors, code named Madison, which were introduced in June. It's the world's fastest supercomputer to depend on the Linux operating system, a system whose creators share their software blueprints so users can make extensive changes to meet different needs." (Thanks to Karl Agee)
Motorola launches first Linux smartphone (Register)
The Register looks at a Linux-powered smart phone from Motorola. "Announced last February, the A760 uses Linux as a core operating system, on top of which Java provides a multimedia application framework. Software that ships with the device includes a PDA-style personal information management suite, a video player, music player, an instant messaging tool and more." (Thanks to "Fuzzy Gorilla")
Miscellaneous
Germany's 'Der Spiegel' Magazine Records Increase in Use of Mozilla and Netscape (MozillaZine)
MozillaZine reports on the increasing use of the Mozilla browser. "According to Germany's Der Spiegel magazine, Mozilla's usage share may be rising (rough English translation courtesy of AltaVista's Babel Fish). In an article about the latest set of Internet Explorer security flaws, the German newsweekly reports that out of 125 million accesses to their website, 15.1% came from users of Mozilla and Netscape, a notable increase since the releases of Mozilla 1.4 and Netscape 7.1."
Analysis of 'Microsoft Windows or Linux?' pamphlet
Con Zymaris takes a look at a pamphlet prepared by Microsoft and aimed at corporate and government Information Technology executives, as part of the company's anti-Linux campaign.
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Bay Area Software Professionals for Responsibility and Accountability
Don Marti has announced the formation of a group in the San Francisco area which will attempt to put together a useful response to SCO's mailing of "invoices" for Linux use. This response is likely to involve passing said invoices onto an appropriate law enforcement agency. "We're calling the organization 'Bay Area Software Professionals for Responsibility and Accountability' for the obvious reason that we are Bay Area software professionals who are for responsibility and accountability." There is a mailing list, of course, for those who are interested in joining this effort.
Canadian Linux Interests Coalition Formed
The Canadian Linux Interests Coalition has been formed "A coalition of computer professionals using and contributing to the Linux operating system, have united to oppose the recent actions of high-tech company the SCO Group."
KDE-Women Relaunched (KDE.News)
The KDE-Women project has been relaunched. "The KDE-Women project was founded in 2001 as an international forum for women involved with or interested in KDE. It was originally intended to be a place where women could present their current contributions to KDE and where women who wished to contribute could find a starting point. That was the goal of KDE-Women then, and still is now. After a period of dormancy, the project has been relaunched in terms of a revamped website based on the new KDE design as well as fresh and updated content such as the tutorials and howto's and an article on Kontact."
PostgreSQL project looking for editor
The PostgreSQL database project needs a new editor-in-chief. "The PostgreSQL Global Development group has a number of people who have volunteered to write articles about PostgreSQL for the media. So, now we're looking for an "Editor-in-Chief" volunteer to co-ordinate them."
University Of Kentucky Supercomputer Breaks The $100 Per GFLOPS Barrier
Researchers at the University of Kentucky have constructed and demonstrated a parallel supercomputer that achieves application performance of more than 1 billion floating point operations per second (GFLOPS) for every $100 spent on building the machine, using standard PC parts in a Linux "Beowulf" cluster.
Commercial announcements
Turbolinux Joins OSDL
The Open Source Development Labs has announced that Turbolinux is the latest company to join up.SGI and SuSE make a deal
SGI and SuSE have sent out a press release announcing a new partnership between the two companies. SGI will start shipping SuSE Linux Enterprise Server 8 on its Altix 3000 systems, which can run up to 64 processors. SuSE will be providing support, and the two companies will work together on further scalability efforts.BlackAdder V1.0.0 released
Version 1.0.0 of BlackAdder, a commercial IDE for Linux and Windows, has been announced. "BlackAdder is an application development environment that allows professional and hobbyist programmers alike to produce complex applications for the Windows and Linux platforms. BlackAdder brings together the Python programming language, the Qt graphical user interface (GUI) toolkit, ODBC database connectivity and an Integrated Development Environment (IDE) that includes an editor, a GUI designer, a debugger and an interactive Python interpreter. BlackAdder gives the programmer, in a single package, all they need to develop sophisticated applications."
New Books
New Books from Prentice Hall PTR
New books from Prentice Hall PTR:- Moving to Linux: Kiss the Blue Screen of
Death Goodbye! by Marcel Gagne.
- Practical Programming in Tcl and Tk,
4/e, by Brent B. Welch and Ken Jones with Jeffrey Hobbs.
- Core PHP Programming, Third Edition, by Leon Atkinson with Zeev Suraski.
TiVo Hacks Released by O'Reilly
O'Reilly has published the book TiVo Hacks. "Why hack your TiVo? As Raffi Krikorian explains, the TiVo has proven eminently hackable, to the point that there are communities of TiVo hackers springing up all over the Internet. "You can think of the TiVo as a carefully tweaked desktop computer with a television tuner card," Krikorian says. "Everything the TiVo does, save the channel tuning and video encoding, is done in software. Everything you see on the screen, all the interactivity through the remote, and the recording scheduling is all defined in code.""
Contests and Awards
DotGNU Coding Competition
The First International DotGNU Coding Competition has been announced, $4500 worth of prizes will be distributed. "The participants in this competition will collaboratively complete the implementation of the System.Windows.Forms part of the C# class libraries for DotGNU Portable.NET, with the goal of duplicating the functionality of the proprietary library so that programs written against it can be run on Free Software."
Upcoming Events
Emerging Tech Conference CFP
A Call for Participation has gone out for the 2004 O'Reilly Emerging Technology Conference, to be held from February 9-12, 2004 in San Diego, CA.GNU/Linux Summit 2004 Call For Papers
A Call For Papers has gone out for the GNU/Linux Summit 2004. The event will take place in Helsinki, Finland in February, 2004.Events: August 28 - October 23, 2003
October 7 - 8, 2003
Event Reports
Sound and Midi Software For Linux site updated
Dave Philips has updated his Sound and Midi Software For Linux site, take a look at the Musings section for a summary of the summer's conferences and reviews of new Linux audio software.Kastle 2003: Conference Reports
KDE.News has published a report from the KDE Contributors' Conference 2003. Also, a review of Matthias Ettrich's talk, What to expect from Qt 4, and the preliminary Arrival and KDE e.V. Membership Assembly report are online. Lastly, the KOffice Developers' Meeting Report has been published.
Mailing Lists
gnome-network mailing list created (GnomeDesktop)
GnomeDesktop.org has an announcement for the new gnome-network mailing list. "A new mailing list has been created to hold the discussions about gnome-network, a set of user-oriented network tools. We've done so to get more people involved in its development. The main purpose of gnome-network is to offer a nice integration of the GNOME desktop into networked environments, so if that goal is of some interest to you, please subscribe."
Web sites
Common-Lisp.net
Common-Lisp.net is a new site for Lisp language enthusiasts. "Common-Lisp.net is a project hosting service similar to SourceForge.net, but specializing in Common Lisp software."
Monty Kamath's GoodStart Smalltalk site
Monty Kamath has updated his GoodStart Smalltalk language site, many Smalltalk resources are available there.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook