LWN.net Weekly Edition for January 15, 2004
Open Source in Politics
Two of the Democratic candidates for president have announced open source efforts to help their campaigns. Howard Dean's campaign has launched DeanSpace, a software package for running websites for Dean supporters. Wesley Clark's campaign recently announced the creation of Clark's TechCorps, which is supposed to provide "a framework for involving open source software developers in the Clark campaign."Since both campaigns are boasting their use of open source, we decided we should get in touch with the Clark and Dean campaigns to see where they stand on open source and related issues. The high-profile usage of open source by the Dean and Clark campaigns may have given the open source community the impression that 2004 might be "the year" that open source and tech issues will become a high profile issue in election-year debates. It might also cause people to get the impression that both candidates are staunch supporters of open source usage.
Unfortunately, that doesn't seem to be the case. We managed to get in touch with representatives from both campaigns, to find out if their use of open source would translate into advocating open source in government, and saner polices regarding tech policy We also wanted to get a lead on their positions on other issues, such as software patents and the Digital Millennium Copyright Act (DMCA). Due to the rigors of the campaign trail, neither candidate was personally available for questions.
We first spoke with Josh Lerner, who is the director of technology for the Clark campaign. Lerner said that they have "no bias in favor of, for or against any particular model, we can't afford to be religious about it." Lerner said that the Clark campaign had decided to use open source out of "expedience."
According to Lerner, Clark is "putting together a bunch of heavy-weight technology people" to form a policy on technology use in government. At this time, however, Clark has not yet put forth an official policy on tech issues and it may be some time before any policies are forthcoming. We also asked Lerner if he thought that these issues would play a big part in the upcoming election. He said that he thought it might be an issue, and that "people in the campaign are talking about it. Not everything makes it out the door."
Unfortunately, we were unable to schedule a phone interview with anyone from the Dean campaign. However, we did manage to track down Zephyr Teachout, the director of Internet Organizing & Outreach for the Dean campaign via e-mail. We asked why the campaign had chosen open source software for DeanSpace, whether cost was a factor or if proprietary software wasn't up to the task.
Not everyone is a fan of the use of open source by the campaigns. Dave Winer had some harsh words for both campaigns, which elicited a response from Jim Moore -- the Director of Internet and Information Services for the Dean campaign:
...Like most enterprises we prefer to buy software and services, but
sometimes must make our own. The make/buy decision can be tough. In many
cases, vendors do not provide solutions that integrate the features that
campaigns need, and companies may not see campaigns as a particularly
attractive market. In such cases we sometimes need to make internal changes
to existing software and services or develop our own. This is particularly
the case in a campaign like ours that is innovating in grassroots
philosophy and the use of information and communication technology.
We asked the Dean campaign about Moore's response, and asked if they had a position on the use of open source in government.
Within our campaign, we use a mix of open-source and commercial software. Often, we work with commercial vendors when deploying open-source tools. We recently put our main website into the open-source Bricolage content management system, but did so with the assistance of Kineticode a vendor that supports this open-source product. Our primary goal is to focus our human and financial resources on winning the Democratic nomination and the election next November. Sometimes this goal is best accomplished by buying a commercial product, often it means deploying open-source, and other times it means developing tools in-house.
We also asked if the Dean campaign had a position on the DMCA or digital rights, and got this response:
Finally, since open source development is based on collaboration, we asked
both campaigns if there was any cross-pollination between DeanSpace and
TechCorps. At the moment, it would appear not. Neither campaign was aware
of any collaboration between the two efforts. Lerner did say that his group
is "hoping we can get some of these other independent efforts to join
up, and we'll announce it as it happens.
" He also said that he wants
to see TechCorps continue, even past Clark's campaign. "Our stuff is
out there and it's going to stay out there... as a separate issue, we want
the TechCorps site to live on and be self-sustaining.
"
G'Day from Linux.Conf.AU
Linux.Conf.AU (LCA) is the down-under implementation of the classic Linux developers' conference pattern. This conference takes an interesting approach in that it is organized by a different group of people, in a different city, every year. Linux Australia helps to ensure the continuity of the operation, and Rusty Russell, organizer of the first Linux.Conf.AU, maintains an influential presence. But the real work falls to a new set of volunteers each year. That organization ensures a steady supply of organizers with fresh energy, and gives each event a distinct feel.
The 2004 Linux.Conf.AU landed in Adelaide (2005 will be in Canberra; the rumor mill says that New Zealand is being considered for 2006). The
conference facility, provided by the University of Adelaide, is beautiful,
even if they won't let the attendees play with the gorgeous pipe organ in
Elder Hall.
Attendance, at just over 500 people, is the highest yet for this event.
Just as significantly from the organizers' point of view, it seems, a dozen
journalists have signed up to attend this year. Much of the media interest
![[Michael Davies]](https://static.lwn.net/images/ns/lca/md-small.jpg)
was due to the "open source in government" mini-conference held before LCA
proper. But the simple fact is that Australia is a country with a large
and increasing interest in Linux and free software.
As conference organizer Michael Davies stated in his opening remarks, the real purpose of LCA is to have fun. Sure, there is a whole series of technical talks, hacking sessions, etc. But the events that attendees are really looking forward to include the "dunk the speakers" tank (with non-speaker Linus as the guest of honor), the water gun wars, and the IBM-sponsored "penguin dinner." What other conference would hand out a ticket for four free ice creams? LCA does, indeed, look like fun.
LWN editor Jonathan Corbet is privileged to be here at LCA, thanks some generous support from HP. The conference is just getting started as the LWN Weekly Edition deadline hits, so there is not (yet) much opportunity for substantial reporting. That will come later, stay tuned.
Novell News
Novell has been fairly busy on the Linux front the last few days. The company wrapped up its acquisition of SUSE Linux and announced an indemnification program for its enterprise Linux customers on Tuesday. The company has also released its correspondence with the SCO group from May 12, 2003 to January 7, 2004 concerning SCO's suit against IBM and other issues related to the suit.For the most part, it would seem to be business as usual for SUSE. Novell spokesperson Bruce Lowry said that there are no changes afoot, at this time, for SUSE's product line as a result of the acquisition. Though some have expressed concern about SUSE's commitment to KDE now that Novell owns both SUSE and Ximian, Lowry said that there are no plans to cease the inclusion of KDE in SUSE's Linux distribution or SUSE's work on KDE.
Apparently, Novell has decided it needs to go ahead with an indemnification plan to assure its customers. The plan does not apply to all SUSE Linux customers. Instead, the plan covers customers who are using SUSE Enterprise Linux Server 8 and obtain "upgrade protection" from Novell and a technical support contract from Novell or SUSE channel partner. According to this article the indemnification is capped at 1.25 times the purchase price, or $1.5 million. It is interesting to note that Novell's indemnification plan announced this week covers claims of copyright infringement only, not patent suits. Since many have speculated that patent suits will be the next legal hurdle for Linux, Novell customers may not receive quite as much joy from the indemnification program as they might have hoped.
Naturally, SCO CEO Darl McBride couldn't resist commenting on Novell's indemnification plan:
Lowry said that Novell's indemnification is not "to protect people from SCO, it's to give software buyers the same level of comfort" that they receive when purchasing proprietary software. Lowry said that Novell has no plans to contribute to the Open Source Development Labs' (OSDL) legal fund, though they are a member of OSDL, since they are offering their own indemnification plan.
Novell also released 31 pieces of correspondence between Novell and the SCO Group concerning Novell's contractual and ownership rights over UNIX. The filings are, to say the least, interesting reading. (LWN readers can find many of the letters in plain text format in this Groklaw posting.) Much of the correspondence is one-way, with no response from SCO on several issues raised by Novell.
After it was made public that Novell was planning to acquire SUSE, McBride said in a conference call that they would "take measures to enforce the noncompete agreement with Novell. I don't know that it will turn into a lawsuit. That depends upon how they respond, and if they put a competitive product in the marketplace."
One of the pieces of correspondence to SCO from Novell is a letter dated November 19, 2003, taking issue with McBride's claims that the acquisition would violate any non-compete provisions, and noting that SCO has not raised the issue directly with Novell. There is no response from SCO regarding that letter in the correspondence released by Novell. Despite a number of public threats of legal action made by SCO, and threats contained in SCO's correspondence with Novell, Lowry said that no legal filings had taken place in either direction at this time.
One concern that Linux users and companies might have is that, if Novell does have claim to the UNIX copyrights and other intellectual property, Novell could someday cause the same kinds of legal troubles that SCO has. Lowry said that he acknowledges that is a theoretical possibility, but notes that Novell has done nothing to indicate that it would want to harm Linux. "Novell has shown with its words and actions that it is 100 percent committed to promote Linux, not impede it."
At the moment, Novell's acquisition of SUSE appears to be a good thing for SUSE and the Linux community as a whole. Novell appears to have taken a mostly "hands-off" approach with Ximian, and may be prepared to do the same with SUSE. Novell's position in the industry is also likely to open doors for Linux that might not have been open otherwise.
The Secret Novell-SCO Correspondence
[Editor's note: This article may seem similar to the previous article, however we believe it adds further clarification to the SCO/Novell dispute.]There is a new front in the SCO wars, or more accurately a newly revealed front. The new player, stage front and center, is Novell. Some of SCO's otherwise puzzling decisions in the last nine months have become more comprehensible, now that Novell's behind-the-scenes role has come to light.
It turns out that Novell strongly challenged SCO each step of the way, based on contractual rights Novell says it retained in its 1995 deal with the Santa Cruz Organization (now Tarantella), which subsequently sold certain Unix assets to Caldera, which is now the SCO Group. SCO denies Novell retained those rights. Nevertheless, its decision not to go forward with mailing invoices in the fall and not to sue SGI, or file copyright infringement claims against IBM may be at least in part influenced by Novell's claims.
Some now expect legal action between the two companies, if only because Novell's asserted rights could pull the rug out from under SCO's law suit against IBM and prevent any copyright infringement action against Linux end users, if Novell's rights prove solid.
Everything came to light this week when Novell announced it had completed its SuSE acquisition and said that it will offer enterprise SuSE customers indemnification, covering legal fees and damage awards up to $1.5 million or 125% of a customer's contract with Novell. It also put up on its web site its increasingly cold correspondence with SCO, going back to May of 2003, when SCO sent it a Letter to Linux Customers. There is a connection between the correspondence and the indemnification. The foundation of Novell's confidence in offering indemnification is found in the legal analysis it sets forth in the correspondence.
Jack Messman, CEO of Novell, says the company is in a unique position and is able to indemnify customers because it retained the copyright to Unix in that 1995 deal and also has a contractual right to license Unix to its customers. In October, when SCO said it was about to send invoices to Linux users, Novell reminded them of the "Technology License Agreement", which it says gives Novell the license to not only use the "licensed technology" but also to "authorize its customers to use, reproduce and modify" it and to sublicense and distribute same "in source and binary form". Further, Novell points to a section II.B., where restrictions on Novell cease to exist in the event of a change of control of SCO, which Novell says the agreements define as such an event as Santa Cruz selling the assets it got from Novell to Caldera.
If you were wondering why SCO didn't sue SGI, an October 7 letter and another letter, dated October 10, shed some light. Novell first directed SCO "to waive any purported right SCO may claim to terminate SGI's SVRX license" and to "waive any purported right SCO may claim to require SGI to treat SGI Code itself as subject to the confidentiality obligations or use restrictions of SGI's SVRX license", saying that Section 2.01 of the license specifically states that 'ATT-IS claims no ownership interest in any portion of such a modification or derivative work that is not part of a SOFTWARE PRODUCT.'" SCO failed to waive as directed, so on October 10, Novell waived all SCO's purported rights to terminate SGI's license.
Novell flexed its muscles, based on its interpretation of the 1995 Asset Purchase Agreement, the Technology License Agreement, and Amendment 2, to the APA. On that basis, Novell in its June 9, 2003 letter says SCO has no right to unilaterally terminate IBM's SVRX Licenses and that it is inappropriate for SCO to make such threats. Amendment No. X granted IBM the "irrevocable, fully paid-up, perpetual rights". It eventually waived SCO's "termination" of IBM's license.
Additionally, as the annoyance level rose on both sides, each claiming the other was harming its business, hints of legal action began to appear. Aspects to their contract that Novell had apparently let slide for years, such as their right to audit SCO's collection of royalties for Novell, are now scrupulously being required by Novell. They began an audit of SCO in August, something that had not happened since 1998, for example. Novell also demanded SCO supply copies of the source and binary code for all versions of UNIX and UnixWare under SCO's control.
More significantly, Novell demanded copies of the Microsoft and Sun licenses with SCO and asked SCO to explain why SCO thinks the Asset Purchase Agreement allows them to do this. Novell demanded it cease "all such negotiations and other communications with licensees concerning any such transaction without Novell's prior written consent and continued participation". After they address any "violation of the Asset Purchase Agreement", there will be the matter of "royalties and other amounts owed to Novell based on the above-mentioned license agreements" to discuss. Insofar as the demand is to licensees of SVRX, SCO has, it believes, no right to proceed without Novell's approval, reminding SCO of Novell's 95% interest in revenues from preexisting SVRX licenses.
In turn, SCO has put up some documents on its web site. In the letter of June 11, SCO writes that it "acquired all of Novell's right, title and interest: (a) to the AT&T Software and Sublicensing Agreements, including the AT&T/IBM Software Agreement, and (b) to all claims against any parties. SCO therefore acquired all right, title and interest to enforce the Software and Sublicensing Agreements against IBM, without answering to Novell."
Not so, Novell replies. Novell retained certain rights "critical to protecting the interests that Novell retained as part of the Asset Purchase Agreement (including its interests in royalty payments and the contractual commitments Novell made in return for royalty payments)." SCO acquired certain assets from Novell but acquired those assets subject to certain rights of Novell. "You can't have one without the other," Novell asserts. "We don't agree with your interpretation of our contracts," SCO writes back. It appears to them, it says, that Novell "is acting in concert with IBM to destroy the value of SCO UNIX and UnixWare intellectual property acquired from Novell in the Asset Purchase Agreement."
SCO's copyrights in Unix are now in dispute. Novell lists all of its registered copyrights on its web site. What we now learn is that they have been in dispute consistently from day one. In a letter dated August 4, Novell writes to Darl McBride, SCO CEO, that according to their agreements, copyrights were not to be transferred to Santa Cruz Operation unless SCO could demonstrate that such a right was required. They never did that and they don't need copyrights, Novell says, "in order to exercise the limited rights granted SCO" and so unless or until SCO demonstrates such a need, all copyrights remain with Novell. Of course, SCO disagrees with Novell on this utterly.
Finally, Novell on SCO's behalf "waives any purported right SCO may claim to require IBM to treat IBM Code, that is code developed by IBM, or licensed by IBM from a third party, which IBM incorporated in AIX but which itself does not contain proprietary UNIX code supplied by AT&T under the license agreements between AT&T and IBM, itself as subject to the confidentiality obligations or use restrictions of the Agreements."
SCO's position regarding Novell's waivers on behalf of SGI and IBM? In an October 13 letter: "Novell is without authority to make such a waiver and thus it is of no force and effect."
So now you know the rest of the Novell-SCO story.
Security
Brief items
Vulnerabilities and updates in 2003
Sometimes it is worthwhile to step back and look at a condensed picture of the Linux and free software security situation. To that end, we have thrashed up our security database and produced a big table listing the vulnerabilities exposed in 2003 and the alerts issued by several major distributors in response. We turned up over 300 vulnerabilities which resulted in over 1200 security alerts. In other words, 2003 was a busy year.Glancing through the table, one sees that certain packages are responsible for relatively large numbers of vulnerabilities; these include apache (6 vulnerabilities), ethereal (6), glibc (5), KDE (6), the kernel (6), and sendmail (5). The kernel wins the prize for the most security alerts, having been responsible for 47 of them - almost 4% of the total. The full picture, however, shows a vast number of security problems afflicting a wide range of packages. The security of our free operating system has some ground to cover yet before it will be something we can be truly proud of.
Here's the first part of the table:
| Vulnerability | Conectiva | Debian | Fedora | Gentoo | Mandrake | Red Hat | SuSE |
|---|---|---|---|---|---|---|---|
| apache |  |
|
|
|
|||
| apache | |
|
|
|
|||
| apache | |
|
|
||||
| apache | |
||||||
| apache | |
||||||
| apache | |
|
|
|
|||
| apcupsd | |
|
|
|
|||
| at | |
|
|
|
|||
| atari800 | |
|
|||||
| atftp | |
|
|||||
| autorespond | |
Those are all of the packages beginning with "A". The full table, in all its browser-straining glory, can be found on this page.
New vulnerabilities
inn: vulnerability in INN 2.4.0
| Package(s): | inn | CVE #(s): | |||||||||
| Created: | January 8, 2004 | Updated: | January 15, 2004 | ||||||||
| Description: | A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is fairly likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN 2.3.x and earlier are not affected. The INN CURRENT tree is affected. See this advisory for more details. | ||||||||||
| Alerts: |
| ||||||||||
mod-auth-shadow: password expiration
| Package(s): | mod-auth-shadow | CVE #(s): | CAN-2004-0041 | ||||
| Created: | January 12, 2004 | Updated: | January 14, 2004 | ||||
| Description: | David B Harris discovered a problem with mod-auth-shadow, an Apache module which authenticates users against the system shadow password database, where the expiration status of the user's account and password were not enforced. This vulnerability would allow an otherwise authorized user to successfully authenticate, when the attempt should be rejected due to the expiration parameters. | ||||||
| Alerts: |
| ||||||
phpgroupware: missing filename sanitizing, SQL injection
| Package(s): | phpgroupware | CVE #(s): | CAN-2004-0016 CAN-2004-0017 | ||||
| Created: | January 9, 2004 | Updated: | January 14, 2004 | ||||
| Description: | The authors of phpgroupware, a web based groupware system written in PHP,
discovered several vulnerabilities. The Common Vulnerabilities and
Exposures project identifies the following problems:
CAN-2004-0016: In the "calendar" module, "save extension" was not enforced for holiday files. As a result, server-side php scripts may be placed in directories that then could be accessed remotely and cause the webserver to execute those. This was resolved by enforcing the extension ".txt" for holiday files. CAN-2004-0017: Some SQL injection problems (non-escaping of values used in SQL strings) the "calendar" and "infolog" modules. | ||||||
| Alerts: |
| ||||||
vbox3: privilege leak
| Package(s): | vbox3 | CVE #(s): | CAN-2004-0015 | ||||
| Created: | January 8, 2004 | Updated: | January 14, 2004 | ||||
| Description: | A bug was discovered in vbox3, a voice response system for isdn4linux, whereby root privileges were not properly relinquished before executing a user-supplied tcl script. By exploiting this vulnerability, a local user could gain root privileges. | ||||||
| Alerts: |
| ||||||
Updated vulnerabilities
jitterbug: improperly sanitized input
| Package(s): | jitterbug | CVE #(s): | CAN-2004-0028 | ||||
| Created: | January 12, 2004 | Updated: | January 14, 2004 | ||||
| Description: | Steve Kemp discovered a security related problem in jitterbug, a simple CGI based bug tracking and reporting tool. Program executions may use improperly sanitized input which allows an attacker to execute arbitrary commands on the server hosting the bug database. As mitigating factors these attacks are only available to non-guest users, and accounts for these people must be setup by the administrator making them "trusted". | ||||||
| Alerts: |
| ||||||
Resources
Linux Advisory Watch
The LinuxSecurity.com Linux Advisory Watch for January 9, 2004 is out, with a look at some recent security vulnerabilities.Linux Security Week
The LinuxSecurity.com Linux Security Week for January 12, 2004 is out. "This week, perhaps the most interesting articles include "Syscheck: a new OS file integrity checker," "Book Review: The Effective Incident Response Team," and "Managing the Network Security Challenge.""
Page editor: Rebecca Sobol
Kernel development
Brief items
Kernel release status
The current 2.6 kernel is 2.6.1, which was released on January 8. The contents of this kernel are pretty much as described last week: a whole lot of fixes along with a few new features (MSI support, EFI support, a couple of internal API changes, etc.). See the long-format changelog for the details.
The latest patch from Andrew Morton, as of this writing, is 2.6.1-mm3. Recent additions to the -mm tree
include some anticipatory I/O scheduler work ("This is the 114th
patch against the anticipatory scheduler and we're nearly finished,
honest
"), improved CPU scheduler support for hyperthreaded
processors, working modular IDE drivers, a number of big architecture
updates, some SELinux updates, several NFS fixes, an ALSA update, the
kthread abstraction (discussed here last
week), and many other fixes and updates.
The current 2.4 kernel is 2.4.24; Marcelo has released no 2.4.25 prepatches since 2.4.25-pre4 on January 6.
Kernel development news
Kernel page editor Down Under
This week's Kernel Page is a little thin as a result of its normal editor being in Australia to attend Linux.Conf.AU. There are limits to the sort of kernel content that can be written over a conference wireless link while simultaneously making a show of listening to whoever is speaking. This page will be back to its normal form next week.Read-copy-update and interrupt latency
The read-copy-update (RCU) algorithm has found many applications since it was added to the 2.5 kernel. By eliminating lock contention in many situations, RCU can greatly improve performance and scalability on multiprocessor systems. For more information on how RCU works, see this description or this Driver Porting Series article. Or talk to the SCO Group, which claims to own any code which ever even dreamed of using RCU.It turns out, however, that there is one little problem with RCU - its effect on interrupt response times. RCU works by setting aside cleanup work until a later time, when it is known that the data structures of interest have no further references in the kernel. That cleanup work is done with a software interrupt, meaning it can happen after a hardware interrupt or at rescheduling time. But the list of RCU-protected data to be cleaned up can get quite long; it is used, for example, in high-turnover data structures like the dentry cache. So that software interrupt can, potentially, take a long time to run. The RCU cleanup code, in other words, can monopolize a processor for a relatively long period at just the times when a high-priority process might be trying to run.
Dipankar Sarma has taken a look at the situation and found that processing RCU callbacks can, in some situations, take as much as 400 microseconds or so. That may not seem like a lot of time, but it can be enough to significantly increase response latencies. So he has sent out a set of patches which address the problem.
In modern-day kernel programming, it sometimes seems like there is a standard answer to every problem: create a new kernel thread. Dipankar's patch does exactly that; it adds a new per-CPU "krcud" thread which handles RCU cleanup whenever the list of callbacks gets to be too long. Short callback lists are still dealt with at software interrupt time, since that is a faster way of doing things. But, if the list is too long (256 entries, by default) and, in particular, if there is a real-time process waiting to run, the tail end of the list is delegated over to krcud and control is returned to the scheduler.
Dipankar reports good results in his tests, with overall system latencies of less than 400 microseconds. He's not pushing this patch for inclusion yet; it needs more testing first. But, if things pan out, a faster-responding 2.6 kernel may result in the near future.
Keeping printk() under control
Log messages from the kernel can often be an indispensable aid in tracking down problems or generally figuring out what is going on inside the system. As most system administrators find out sooner or later, however, kernel logging can also become a problem in its own right. If a situation develops which causes the kernel to continually spew out logging information, disks can fill up and log messages can be lost. What can be worse, however, is when log messages sent to the console cause the kernel to spend all of its time just scrolling the console frame buffer. In this case, the system can become completely unresponsive. The logging code already tries to mitigate this problem by detecting and suppressing streams of identical messages. That simple mechanism breaks down, however, when the messages being logged differ from each other.As a way of improving the situation, Anton Blanchard has put together a new rate limiting scheme which has found its way into the -mm patch tree. This code, which is derived from a rate limiting mechanism used in the networking subsystem, does not automatically solve the problem, since it requires explicit changes to code which could generate message floods. Such code is often easy to identify, however, and easy to fix.
The patch adds a new function:
int printk_ratelimit(void);
Code which could generate lots of messages should call printk_ratelimit() and only call printk() if the return value is nonzero. Thus, printk_ratelimit() returns a failure status if rate limiting is currently in effect and printk() output should be avoided.
By default, the code limits messages to one every five seconds. It will, however, allow ten messages through in a short period before the rate limiting clamps down on the rest. These values are, of course, tuneable via sysctl parameters.
A mechanism like this is only useful if it is used throughout the code. Core kernel code can be fixed up relatively easily; the patch includes a fix for the page allocator, for example. The source of message floods, however, is often a driver which want to be sure that its "my device has joined the Dark Side" messages are heard. Fixing all of those is a daunting task, but even a partial solution leaves the kernel less susceptible to this particular problem than before.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Miscellaneous
Page editor: Forrest Cook
Distributions
News and Editorials
Security-Enhanced Fedora Core 2
According to this development schedule, Fedora Core 2 will enter a period of feature freeze next week, which should be followed by its first beta release on February, 2. The two main new features of the product will be Linux kernel 2.6 and SELinux functionality. The capabilities of the new kernel have been extensively documented and we also mentioned some of the more prominent ones in last week's coverage of the pre-beta release of Mandrake Linux 10.0, but what exactly is "SELinux functionality"? And how will it affect the users of Fedora Core?First, some background on Security-Enhanced Linux, or SELinux for short. Developed by the US National Security Agency, Security-enhanced Linux is a research prototype of the Linux kernel with enhanced security. It contains new architectural components, which provide support for enforcement of mandatory access control policies that confine user programs to the minimum amount of privilege they require to do their jobs. In other words, users running SELinux can define explicit rules about what subjects (users and programs) can access which objects (files and devices). It can be thought of as an internal firewall with the ability to separate programs, thus ensuring a high level of security within the operating system. SELinux is distributed under GPL.
The concepts of mandatory access control have been incorporated into the 2.6 kernel series. This is perhaps one of the less glamorous aspects of the new kernel, interesting only to security experts and system administrators running mission critical servers. Yet, it is one of the most fundamental and far-reaching changes in the 2.6 kernel series and it will have major implications on the way we run Linux servers. Up until now, all default Linux kernels had a concept of a "superuser", with complete access to all files and devices on the system. This concept has now been modularized into several alternative security modules. While the concept of a superuser remains available, administrators will also be able to choose from one of the more restrictive modules at boot time, in which case certain programs and files will not be accessible to the superuser. Even if an attacker is successful in obtaining superuser privileges (as was the case in the recently compromised Debian machines), the attacker will not be able to modify the critical parts of the system - there is no such thing as "chmod 777" on a SELinux system.
Unfortunately, the kernel itself only provides the means for mandatory access control together with an example of how to create one's own access control policies. It is up to Linux distributions to create and implement a system that includes these controls and integrate them with the rest of the product. It is obvious that Red Hat's main goal is to include these controls into a future Red Hat Enterprise Linux release, but not before they are implemented and well-tested on Fedora Core, starting with the upcoming Fedora Core 2. This could be a major selling point of the company's enterprise line of products; of the major distributions, only Debian and Gentoo, both of which are non-commercial projects, have implemented SELinux functionality into their respective distributions.
How does this access control mechanism work in practice? On a standard Linux system not enhanced by SELinux, an attacker might get root privileges in cases where a program or process running as root is compromised (through buffer overflow or misconfiguration). If that happens, the attacker has unlimited access to the entire system. The situation is different on a system running SELinux with properly defined access control policies. If a program or process running as root is compromised, the damage is limited to whatever the process can access. Yes, trying to access files as root on an SELinux system can return "permission denied"!
This is what Red Hat/Fedora's role in the entire process is - write access control policies for applications and provide ways for users to customize these policies. The policies can get fairly complex and thorough understanding of the SELinux Policy Document is essential for effective use of the SELinux features. It will be interesting to see Red Hat's implementation of these policies and we will certainly revisit the subject once we've been through the first few weeks of Fedora Core 2 beta testing. For those who'd like to start looking into the subject straight away, this page provides an excellent collection of SELinux-related links.
Distribution News
Debian GNU/Linux
The Debian Weekly News for January 13, 2004 is out. This week Taran Rampersad talks about GNU/Linux, usability, freedom; packages.debian.org has been restored, even better than before; an argument supporting non-free; and much more.BugWatcher 0.22 is now available. It is a graphical tool for viewing and editing bug reports. The package name is debbuggtk and it should be available on a mirror near you.
DebianPlanet takes a
look at Planet Debian.
"A very cool site which has already made it into my daily reading
bookmark folder, and is tempting me to take up blogging too...
"
Fedora Core
Fedora News Updates #2 is out, with all the latest Fedora news.This glibc update fixes lots of bugs in the regular expression matcher and speeds it up. It fixes a couple of other bugs as well.
Dave Jones has made a patched 2.4.22 kernel available, with EXT2/3 fixes from 2.4.25pre and some 2.4.23pre patches.
This php update includes the latest stable release of PHP 4 with a large number of bug fixes since the previous 4.3.3 release.
Gentoo Weekly Newsletter - Volume 3, Issue 2
The Gentoo Weekly Newsletter for the week of January 12, 2004 is out. This issue announces the winners of the 2003 Gentoo Bug Hunt and much more.Mandrake Linux
The first issue of the Mandrake Linux News Digest, dated January 12, 2004, is out with a look at MandrakeMove, Mandrake Linux for AMD64, Mandrake 10.0 Pre-Beta, and more.A kdebase-servicemenu update is available for Mandrake Linux 9.1. The update corrects problems in zipping files via konqueror.
Embedded Linux distro supports TI DSP-based digital media processors (LinuxDevices)
LinuxDevices takes a look at Monterey Linux, a distribution from Pigeon Point Systems. "According to Pigeon Point, Monterey Linux is a narrowly focused Linux distribution that emphasizes high quality, cost-effective support for selected System-on-Chip (SoC) processors, including the TMS320DM310, TMS320VC547x, and TMS320DA180. These chips provide a general purpose CPU, a C54x DSP, and numerous peripheral interfaces on a single inexpensive, low-power chip."
Getting and installing NetBSD-current (NewsForge)
NewsForge delves into the process of getting and installing NetBSD-current. "The BSD family of Unix-like operating systems evolved from the last release of 4.4BSD, released by the University of California some years ago. As with Linux, they have full releases and a live CVS tree. This article discusses why you might want to run the -current branch of NetBSD, how you would go about it, and a bit of what could go wrong."
New Distributions
Blue Linux and J.A.M.D. Linux merge
The Ares Desktop has been created by merging two existing projects, Blue Linux and J.A.M.D. The merger creates a larger pool of developers with the common goals of building a free operating system for computers aimed at the educational, home and small business markets.Gentoo For Zaurus
Gentoo For Zaurus is a port of the Gentoo Distribution to the Zaurus PDA, based on Cacko X11 Rom and The Emerde Project. It can be mounted over NFS so no changes to a current configuration are needed. It includes a native gcc environment for ARM, the zgcc-3.3.1 cross compiler for the main PC with distcc configured so that the main PC does the actual compiling, and X11 for testing applications. The current version is 0.2, dated January 12, 2004.LinuxDefender
LinuxDefender Live! CD is a Rescue CD based on Knoppix. It features full NTFS write support (using Captive). It also includes instant antivirus and antispam SMTP protection, which is managed via Webmin. Desktop antivirus protection is integrated into the KDE interface, using BitDefender for Linux technology. The first version of the LinuxDefender Live! CD (2003-12-18) was launched at the Romanian LUG event LinuxConf 2003.XoL - Diskless X office Linux
XoL is a diskless Linux "Live CD" distribution from the makers of SoL (Server optimized Linux). Nothing is written to the hard drive unless the user really wants to save it. It offers both KDE and GNOME, OpenOffice.org, and USB storage device support for storing data. XoL joins the list at version 17.00o.BETA, released January 14, 2004.
Minor distribution updates
Buffalo Linux
Buffalo Linux has released v1.1.0 with major feature enhancements. "Changes: This major release includes five kernels, all based on 2.4.24. It also includes the available updates from Slackware "current". Many bugfixes were made, and much better integration with Codeweavers CrossOver Office was added. The 2.4.24 kernels for i486, i586, i686, ipent3, and ipent4 are also available as separate downloads. These can be used to upgrade the earlier "rc3" release to the latest kernel."
Feather Linux
Feather Linux has released v0.3.2 with minor feature enhancements. "Changes: A dpkg-get script has been added. The Opera install script has been tweaked. gpart, socat, prozilla, traceroute, and Midnight Commander have been added. nedit has been replaced with SciTE because of space reasons."
Fli4l
Fli4l (Floppy ISDN/DSL) has released development v2.1.5 with minor feature enhancements. "Changes: This version adds a new kernel (2.4.23 with security fix from 2.4.24), a new version of BusyBox, and a new DNS server (dnsmasq). It now supports the AVM Fritz!Card DSL SL. Support for LCDs with "Winamp" wiring was added. dropbear was added as an SSH2 server; using SSH1 is now deprecated. There are new features for the W-LAN package. There is a VPN package with OpenVPN and CIPE. There are also many bugfixes."
GoboLinux
GoboLinux has released v010 with major feature enhancements. "Changes: Among the new features are a new installer, hardware detection, and new custom themes. As usual, several packages were also upgraded, including KDE 3.1.4, GCC 3.3.2, XFree86 4.3 (with NVidia support), Glibc 2.3.2, and OpenOffice 1.1. The ISO is simultaneously an installation disc and a Live CD."
Local Area Security Linux
Local Area Security Linux has released v0.4.1 with major feature enhancements. "Changes: All packages have been upgraded to current. There is a new theme, background, and many other menu and cosmetic improvements. Many packages have been added to increase the size to 210 MB." Note: a smaller version is still available.
Rock Linux
Rock Linux has released v2.0.0-rc4 with minor feature enhancements. "Changes: This release updates many package (including gcc33, gdb, alsa, subversion, xscreensaver, rdesktop, gimp, epiphany, galeon, and cpufreqd), adds packages (such as xfig, transfig, nxcomp, and nxproxymany), improves the download system, and improves partitioning in the installer."
Desktop
Rock v2.0.0-rc3 has also been released. "Changes: This
release is based on ROCK Linux 2.0.0-rc3 and so features the various
package version updates and additions, as well as the improved download
system, and enhanced partitioning in the installer.
"
SLAX
SLAX has released v3.0.25 with major feature enhancements. "Changes: SLAX is now based on version 3.0.25 of the linux live scripts. This version features KDE 3.2beta2 and KOffice 1.3rc2, and uses overlay filesystem (ovlfs) to make the CD and the whole root filesystem pseudo-writable. More enhancements: Floppy automounting was added. KDE language support was added for Czech (cs), German (de), Brazilian (pt_BR), and French (fr). HorizSync was modified in the X config file in an attempt to get a better display. Mouse detection was enhanced. The monkeyd httpd server was added with its home in /root/public/www. The "nopcmcia" kernel parameter was added."
ThePacketMaster
ThePacketMaster has released v1.2.0 with major security fixes. "Changes: This release updates the kernel to 2.4.24 to address issues found in 2.4.23 and earlier. It adds new packages for forensic analysis and vulnerability testing. /usr is now in a cloop filesystem for a smaller ISO image. XFree86 is now included, as well as the Enlightenment window manager, the Mozilla Web browser, and Java."
Page editor: Rebecca Sobol
Development
MySQL 5.0 Preview
Since the announcement went out on December 24th, many may have missed the release of MySQL 5.0 while they were on holiday. The 5.0 release is the next stage in MySQL evolution, and includes a few "enterprise" features that may be of interest. The release is considered alpha-quality, and is mainly targeted at developers. However the announcement does note that "all old features should be reasonable [sic] stable."The most interesting feature for many will be stored procedures. A stored procedure is a statement that is stored in the database server. This means that a series of SQL statements need only be issued once, and then clients can refer to that stored procedure rather than re-issuing the commands each time they need to be executed. This feature is already included in the MaxDB product from MySQL (formerly SAP DB) and other open source databases like PostgreSQL.
This release also includes server-side cursor support, new functions, and a new binary log format. According to the MySQL documentation, it should be possible to upgrade from a current version of MySQL to 5.0 to take advantage of stored procedures with existing databases. The MySQL website has binaries available for a number of platforms, including tarballs with pre-compiled binaries for Linux on x86, Alpha, S/390, AMD's X86-64, IA-64, and RPMs for x86, IA64 and X86-64. There are also pre-compiled binaries for FreeBSD, OpenBSD, MacOS X and a number of other *nix platforms, and Windows. Source is also available, though MySQL AB recommends using the provided binaries.
If history is any guide, it will be some time before 5.0 is declared production-ready. The 4.0.0 alpha release was made available October 16, 2001, the 4.0.x release declared production-ready was the 4.0.12 release about a year and half later on March 18, 2003.
System Applications
Audio Projects
ALSA 1.0.1 released
Version 1.0.1 of the ALSA sound driver has been released. "This is our first final ALSA release with number 1.0.1. As you all expected, there are only minor fixes against 1.0.0rc2."
JACK 0.94.0 released
Version 0.94.0 of JACK, the JACK Audio Connection Kit, is available with "Mostly minor, internal changes".
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include new versions of Muse, Chaos, Pd Cxc, and Pd Creb.
Backup Software
Bacula: Cross-Platform Client-Server Backups (O'Reilly)
Dan Langille reviews Bacula, a cross-platform backup utility. "When people ask around about open source backup solutions, Amanda usually comes up first. I started there, but before I finished my implementation, I found what I think is a much better solution: Bacula. It may sound campy, but it works well."
Database Software
The Effective Use of Joins in Select Statements (O'ReillyNet)
Satya Komatineni illustrates the database join construct in Java. "A join construct helps you effectively use select statements to mine relational databases. This article examines syntax, surprises, and rules of thumb for the use of joins."
MySQL Crash Course, Part 2 (O'Reilly)
John Coggeshall introduces MySQL in part two of an O'Reilly series. "The previous article explained how to use the SELECT statement to retrieve data from a table within the database. As you may have suspected, the SELECT statement is much more complex. There are several different clauses that can control exactly what data you will retrieve from a table. The first of these is the WHERE clause."
ZODB3 3.3 alpha 2 released
Version 3.3 alpha 2 of ZODB, the Zope Object DataBase, has been released. "This release includes support for new-style persistent classes and multi-version concurrency control. It's an alpha release, so we could use feedback on the new features and helping testing them."
PostgreSQL Weekly News
The January 12, 2004 edition of the PostgreSQL Weekly News is available for your consumption. Take a look for the latest PostgreSQL database news.
Filesystem Utilities
gnome-volume-manager lands in CVS (GnomeDesktop)
GnomeDesktop.org reports on the availability of the GNOME Volume Manager. "GNOME Volume Manager is a simple GNOME daemon that acts as a policy agent on top of the Project Utopia stack, which includes the kernel, hotplug, udev, and HAL. GNOME Volume Manager listens for HAL events and responds with user-configurable reactions. Currently it supports automount of new media and hot-plugged devices, autorun, autoplay of CDs and DVDs, and automatic camera management."
Libraries
GTK+ Apps Get Free Reign on KDE Technology
KDE.News covers recent developments with the QtGTK library. "Integration of GTK+ applications in KDE has taken another leap forward. This has historically been a bit of a problem; the fact that Qt and GTK+ rely on different event loops was making it impossible to, for example, use dialogs from one toolkit while building the GUI in another. QtGTK is a library which integrates the Qt event loop in the Glib event loop. This makes it possible to freely use KDE dialogs, DCOP, KDE IO and other KDE technology in any GTK+ application just like they would be native."
Mail Software
Mobile Email with UUCP (O'Reilly)
Sean Reifschneider explains the use of UUCP for email. "I have found that UUCP (Unix to Unix CoPy) provides a compelling alternative to the more typical email solutions for mobile users. I converted over to a laptop as my primary machine back in January of 2000, and UUCP was an important part of that setup. Without it, I'm sure I wouldn't have been as happy with my untethered lifestyle."
Printing
Jipsi 0.1.2 announced
Version 0.1.2 of Jipsi (in German), an implementation of the Java Print Service API for the CUPS printing system, is available.
Web Site Development
Release of ht://Check version 1.2.2
Version 1.2.2 of ht://Check, which is "more than a link-checker", is out. "New features include document type recognition (DOCTYPE) and storing, as well as META description and keywords of HTML documents. Sources have been strongly modified in order to be more robust and to support latest releases of the autotools (autoconf, automake and libtool)."
Automating Perl Database Applications (Linux Journal)
David Simpson explains the use of Perl and CGIScripter on Linux Journal. "This article describes how Perl is used to generate Perl CGI code using the multi-platform CGIScripter application. The resulting output code automates SQL table creation commands (in this example, for a MySQL database), HTML pages and Perl code. Web security issues, data validation and image handling functionality are incorporated into the resulting Perl code. By automating the development of Perl CGI scripts, even entry-level developers can create CGI scripts that contain most of the commonly requested features in a short period of time--without manually writing any code."
Zope 2.6.3 released with security fixes
Zope Corp. has announced the release of Zope 2.6.3. Included in this release is a set of fixes for security problems found in a detailed audit of the code, so upgrading is probably a good idea.Zope 2.7.0 beta 4 Release and Security Update
Version 2.7.0 beta 4 of Zope is available. "Zope 2.7.0 beta 4 contains a number of security related fixes for issues resolved during a comprehensive security audit conducted n Q4 2003."
Miscellaneous
GNOME System Tools 0.31.1 is out! (GnomeDesktop)
Version 0.31.1 of the GNOME System Tools has been announced. "This release mostly wants to amend some building failures shipped in 0.31.0, but also adds support for mandrake-9.2, improves services-admin support for slackware and provides basic network support for slackware (eth and eth-like wireless devices at the moment)".
RTAI 3.0 released
Version 3.0 of the Real Time Application Interface (RTAI) has been released. There are many changes in 3.0, including new architecture support, emulators for several commercial real-time systems to ease migration, new development tools, and much more.
Desktop Applications
Audio Applications
Glame 1.0.2 released
Version 1.0.2 stable of Glame, an audio file editor, is available. "This is a bugfixing release focussing on fixing the known issues with the New Posix Threading Library (NPTL) shipped with recent libc and 2.6 Linux kernel (and unfortunately also with RedHat 9.0 and Fedora distributions). Apart from this you'll notice some improvements in the importing of Mp3 and Ogg files, namely, you can cancel them now."
WaveSurfer 1.6.0 released
Version 1.6.0 of WaveSurfer, an audio file editing package, is out. One new feature is a Python API for adding plugins. See the change history for more information on what's new.
Desktop Environments
GNOME Platform Bindings 2.5.2 released (GnomeDesktop)
Version 2.5.2 of the GNOME Platform Bindings has been released. "Here is another scheduled release of the GNOME Platform Bindings, which provide a GNOME development platform for programming languages other than C, in the style of those languages. This release set gives some bindings a schedule and rules to work within, so we can endorse those bindings."
GTK-Qt Theme Engine Does Cross-Desktop Styling (KDE.News)
David Sansome explains the GTK-Qt theme engine. "The GTK-Qt theme engine is a nifty hack for GTK+ applications that uses the currently selected KDE/Qt style to do its drawing in a very similar fashion to the recently announced KDE Native Widget Framework for OpenOffice.org. Basically, what this means is that it will make your GTK apps look just like KDE/Qt ones and hence integrate better into your desktop."
This Week's Gnome Summary
The January 4-10, 2004 GNOME Summary is available. Take a look for the week's GNOME desktop news.KDE 3.1.5 Released
Version 3.1.5 of KDE has been announced. "KDE 3.1.5 is a maintenance release which provides corrections of problems reported using the KDE bug tracking system and a vulnerability in the .VCF file information reader."
KDE-CVS-Digest
The January 9, 2004 KDE-CVS-Digest is available. The summary says: "Many changes in KDE-PIM; gpgme now used in KMail. Knode integration in Kontact completed. A KPilot plugin for Kontact. IMAP addressbook resources, used in Kolab, is complete. And an initial version of a PIM configuration wizard. In Kexi, read-write queries are supported and dragging relations together now works. An KJSEmbed envelopemaker example is available. FileLight can be used in Konqueror. And the usual bugfixes."
XFce 4.0.3.1 released
Version 4.0.3.1 of the XFce lightweight desktop environment has been released. "It's a small bug fix release for xfwm4 that ships with xfce 4.0.3. It fixes a focus problem when using multiple screens (not using Xinerama). xfwm4 is the only package impacted by this release."
Educational Software
Gretools released -- GNOME vocabulary builder (GnomeDesktop)
GnomeDesktop.org has an announcement for gretools, a vocabularity building tool for GNOME. "Gretools consists of a synonym quiz and a word guessing game and also allows you to look up words. It automatically remembers the words you got wrong and helps you revise those words."
Electronics
XCircuit 3.1.34 released
Version 3.1.34 of XCircuit, an electronic schematic drawing application, is available. Change information is in the source code.
Games
Graphics
GIMP 2.0 pre1 released (GnomeDesktop)
Version 2.0 pre1 of the GIMP has been announced. "Not everything is in its final state, but we think this is close to a final 2.0 release. Your feedback will help make the 2.0 release even better, and we particularly appreciate testing efforts. New bugs can be reported to us at http://bugzilla.gnome.org/".
Release of Thuban 1.0
Version 1.0 of Thuban, a GIS Data Viewer, has been announced. "Thuban is an interactive viewer for geographic data layers. It can handle Shapefiles, PostgreSQL/PostGIS spatial databases and raster data. The user interface makes data exploration easy. Notable features are the legend editor with some automatic classification, projection support and management of attribute tables."
Instant Messaging
New Gaim release (GnomeDesktop)
GnomeDesktop.org covers the release of Gaim version 0.75. "Gaim 0.75 has just been released for public consumption. Yahoo! works in it (again), and it has a bunch of real important fixes you should grab."
Interoperability
Samba 3.0.2pre1 Available for Download
Version 3.0.2pre1 of Samba has been released. "This is a preview release of the Samba 3.0.2 code base and is provided for testing only. This release is *not* intended for production servers. However, there have been several bug fixes since 3.0.1 that we feel are important to make available to the Samba community for wider testing."
Music Applications
JAMin 0.8.0 released
Version 0.8.0 is the first stable release of JAMin, the JACK Audio Mastering interface. "JAMin is a GPL licenced, state-of-the-art realtime mastering processor designed to bring out the detail in recorded music and provide the final layer of polish. Every effort has been made to ensure a clean, distortion-free signal path. All processing elements use linear-phase filtering, ensuring that no phase distortion is introduced."
Rosegarden 4-0.9.6 released
Version 4-0.9.6 of Rosegarden, an audio and MIDI sequencer and score editor, has been released. "This release is primarily to address a significant problem with 0.9.5 that was seriously affecting sequencer timing performance for some users. For this reason we strongly recommend an upgrade."
Office Applications
Gnome-vim project enables using Vim in Evolution (GnomeDesktop)
The Vim editor can be used under Evolution. "Jason_Hildebrand writes "In the last few months (off and on) I've done a lot of work and it's now possible to use Vim within Evolution. Thanks to the people who sent encouragement."
Office Suites
kde.OpenOffice.org: KDE Native Widget Framework available
An OpenOffice.org Native Widget Framework for KDE has been announced. "A development version of the OOo KDE Native Widget Framework is now available for download. So far, it can draw KDE-styled push buttons, radio buttons, check boxes and list boxes (screenshot1, screenshot2, Plastik)."
Web Browsers
Minutes of the mozdev Admin Meeting (MozillaZine)
The minutes from the January 9, 2004 Mozdev Admin Meeting are online. The MozillaZine summary says: "Issues discussed include the splitting of mozdev services, mirrors, abandoned projects in category listings, site statistics, newsfeeds, the home page redesign and meeting times."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes of the January 5, 2004 Mozilla.org staff meeting are available. "Issues discussed include Mozilla 1.6 final, Mozilla Firebird 0.8, CD status, the new Talkback server, plans for the next few months and public relations."
Securita Project Seeking Developers (MozillaZine)
MozillaZine reports on a plea for developer help for the Securita project. "Robert Accettura writes: "The Securita project is looking for help and leadership, as it attempts to restart." Securita is a project to build a word filter extension for Mozilla, allowing parents and the like to restrict the sites their children go to."
Word Processors
AbiWord Weekly News
Issue #178 of the AbiWord Weekly News is available, here's the summary: "New AbiDevelopers and an AbiTranslator with positive attitudes shine on this week, while the ability to translate the Windows installer has already been taken advantage of, and MacOS X gets an automatic builder. Also included is an exclusive present for AbiLovers from FootNotes' own stro! Additionally AbiWord 2.0.3 is anticipated to be tagged this Wednesday! See! You wouldn't know that if this came out on time!"
Miscellaneous
Linux Brochure Project (LBP) version 1.2.0 released
Version 1.2.0 of the Linux Brochure Project has been released. This version "includes a simplified build process, Western European language build support, and an improved look for the generated brochures."
Small Mono Status Report (GnomeDesktop)
GnomeDesktop.org mentions Miguel De Icaza's latest Mono status report. "Miguel de Icaza has written a little status update on the progress of Mono. Lots of bug fixing and performance optimizations happening. Also much progress on a port of SharpDevelop to GTK#".
Languages and Tools
Caml
Caml Weekly News
The January 6-13, 2004 edition of the Caml Weekly News is out with several new Caml language articles.
Java
Apples and Oranges (and the Java Units Specification) (O'ReillyNet)
Ori Kushner writes about the Java Units Specification on O'Reilly. "This article discusses JSR-108, the Java Units Specification, which allows developers to create systems of units and to define conversion and representation rules in Java. Using an implementation of the Java Units spec, you would be able to attach a unit to a number so that when defining a rectangle in your program, it is clear that its length equals six feet, six meters, six miles, six light years, or some other standard unit of length, rather than just six."
2D animation with image-based paths (IBM developerWorks)
Barry Feigenbaum and Tom Brunet program 2D animations with Java on IBM's developerWorks. "Why code your animated sequences when you can draw what you want and let a program do the rest? In this article, Barry Feigenbaum and Tom Brunet show you how to combine lossless images, Swing technology, and the authors' own Java-based animation engine to generate movement sequences for fixed objects in 2D animation."
Lisp
Planet Lisp
Paolo Amoroso mentioned the creation of the new Planet Lisp site. "Planet Lisp is a new site that aggregates via RSS the weblogs of Lisp users, and is inspired to similar aggregation pages in the Open Source world."
Pascal
Free Pascal 1.9.2 is available
Version 1.9.2 of Free Pascal has been released. "Compared with 1.9.0 there are a lot of bug fixes as well as some new features like register calling for i386 or a powerpc compiler."
Perl
Perl 5.8.3 RC1 is out (use Perl)
Release Candidate #1 of Perl 5.8.3 is available. "This is a regular maintenance release for perl 5.8.x, providing bug fixes and integrating module updates from CPAN."
The State of Perl (O'Reilly)
Adam Turoff covers the state of Perl on O'Reilly. "I repeated the same answer I've used for years when people ask me if Perl has a future: Perl certainly is alive and well. The Perl 6 development team is working very hard to define the next version of the Perl language. Another team of developers is working hard on Parrot, the next- generation runtime engine for Perl 6. Parrot is being designed to support dynamic languages like Perl 6, but also Python, Ruby and others. Perl 6 will also support a transparent migration of existing Perl 5 code."
TPJ Article on Perl Certification Available for Download (use Perl)
Use Perl mentions the availability of an article on Perl certification in The Perl Journal. "YUMPY writes "Did you miss the panel discussion on Perl Certification at TPJ 7.0, which ended with the audience voting strongly in favor of the development of a certification procedure for Perl programmers? Did you miss the October article called "Is it Time for Perl Certification?" in The Perl Journal? If so, thanks to the generosity of the TPJ folks, you can now catch up on these developments by reading the TPJ article for free."
PHP
PHP 4.3.5RC1 released!
Version 4.3.5RC1 of PHP has been released. "This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues."
Python
Python-dev Summary
The Python-dev Summary for December 1-30, 2003 is out with a summary of the python-dev mailing list traffic.Rapid Application development using PyQt and Eric3
Roberto Alsina explains how to develop a PyQt application using Eric3. "Hello, I am Roberto Alsina and I will be your host for this evening's demonstration. I will develop a useful application using PyQt and Eric3, and document the process here. In realtime."
Tcl/Tk
Dr. Dobb's Tcl-URL!
Dr. Dobb's Tcl-URL! is available for January 12, 2004. Take a look for the latest Tcl/Tk news.
Miscellaneous
Q 4.6 released
Version 4.6 of the Q language has been released. "Q is a multi-platform functional programming language based on term rewriting, which comes with a collection of useful addon modules for system, scientific and multimedia programming. Release 4.6 of Q is now available, along with Q-Audio 1.2 and Q-Midi 1.12."
The art of writing Linux utilities (IBM developerWorks)
Peter Seebach explains the process behind the creation of generic Linux tools. "As a developer, you may have found that existing utilities don't always solve your problem. While you can solve many problems easily by stringing together existing utilities, solving other problems requires at least some amount of real programming. These latter tasks are often candidates for creating a new utility that, when combined with existing utilities, will solve the problem with a minimum of effort. This article looks at the qualities that make for a good utility and the design process that goes into it."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Why tech firms are out of tune (BBC)
BBC News is running a column from the Consumer Electronics Show; the author is not entirely impressed with what he saw. "And [Carly Fiorina] claimed that the way entertainment is 'created, distributed, managed and consumed' is changing forever, in ways that highlight 'the power of democracy', and are about 'giving power the people.' Then she went and spoiled it all by committing HP to putting digital rights management software in every one of its consumer devices, encrypting any recorded content stored on HP systems so that it can't be transferred to other computers or players, stopping people copying their old videos to DVD, and even making sure that HP home computers can't record broadcast television programmes."
Altruistic individuals, selfish firms? (First Monday)
First Monday takes a look at the structure of motivation in open source software. "A growing body of economic literature is addressing the issue of incentives for individuals who take part in the Open Source Software (OSS) movement, while empirical analyses focus on individual developers but neglect firms that do business with it. During 2002, we conducted a large-scale survey on 146 Italian firms supplying OSS in Italy and this paper compares our data on firms' motivations with data emerging from surveys made on individual programmers. Our objective is to analyse the role played by different classes of motivations (social, economic and technological) in determining the involvement of different groups of agents in Open Source activities." (Thanks to David A. Wheeler)
Trade Shows and Conferences
Australia conference: value, support, security and standards (OpenSector)
Open Sector reports on the Open Source in Government conference, going on now in Adelaide, Australia, with pointers to stories on ZDNet and Computerworld.The New Economy Hack: Turning Consumers into Producers (Linux Journal)
Doc Searls searches for open source news at Macworld, on Linux Journal. "Sure enough, I couldn't even find mentions of Darwin or open source among any of the breakout sessions. (Maybe they were there and I missed them; still, the point is the same.) That's a far cry from three years ago, when a session on Yellow Dog Linux packed one room while nearby Darwin sessions spilled into the halls."
Second Osnabrueck Meeting Boosts PIM Development (KDE.News)
KDE.News covers progress by the KDE Personal Information Management (PIM) team at a recent German hackfest. "This year the plan was to make a a roadmap for future KDE-PIM Development. The developers took the opportunity to discuss complicated issues in detail and sit together for brainstorming or in order to fight evil bugs."
The SCO Problem
SCO's Missing Risk Factor (Groklaw)
Groklaw points out that SCO's regulatory filings are missing one important "risk factor" for its investors. "If you look through the SCO SEC filings as I have been doing, you may find, as I have been finding so far, that SCO appears not to have listed receiving those letters from Novell or mentioned that Novell was still contesting SCO's copyright claims on UNIX as a risk factor in their recent filings."
SCO's Motion to Compel Discovery (Groklaw)
Groklaw covers some of SCO's moves in its case against IBM. SCO presented a Motion to Compel Discovery and Memorandum in Support of its Motion to Compel. "SCO says it needs all versions back to 1985 "in order to analyze the ways in which AIX has changed and the ways in which its structures, methods and information based on UNIX have evolved. The evidence adduced from this discovery is likely to identify evidence of infringement and/or contract violations by IBM by improper contributions of such items to Linux.""
SCO's "Notice of Compliance" Says They Have Not Yet Fully Complied (Groklaw)
According to Groklaw, SCO has posted a Notice of Compliance that states that they have not fully produced the evidence required by the court order. "The notice claims they have fully complied with the court's order with respect to answering Interrogatories 1-9, 12 and 13, but they reserve the right to supplement after they get more code from IBM. However, they say they have *not* produced all the documents requested by IBM, specifically files of certain directors and officers. Because of the holiday, they didn't have time to fully review them yet. That is another way of saying they have not fully complied."
SCO takes Linux licensing overseas (News.com)
News.com reports on efforts by SCO to broaden the scope of their licensing quest to a worldwide arena. "Companies outside the United States that use Linux could already buy a license from SCOsource under the existing license program running within the United States. But the explicit offer of licenses worldwide brings with it the implicit threat of legal action for those who do not comply. The first lawsuits are now only weeks away, according to Sontag. "I would expect within the next few weeks we will have a number of Linux end users who we will have identified and taken legal action (against)," Sontag told ZDNet UK. "We will probably see that ramping up over time.""
Companies
Software makers team on Asian Linux (News.com)
News.com reports that Red Flag Linux and Miracle Linux are working together to create "Asianux". "The companies confirmed that they will base upcoming product releases such as Red Flag DC 4.1 and Miracle Linux 3.0 on Asianux but did not reveal when these products will be available. The two companies also aim to set up a joint support center at Oracle's Beijing facility to provide technical assistance to Chinese customers using Asianux-based products. U.S.-based Oracle is a majority stakeholder in Miracle Linux and a longtime partner of Red Flag on the mainland."
Court: No Microsoft claims via Lindows site (News.com)
News.com reports that claims submitted through the MSfreePC site will not be recognized. "In November 2003, Microsoft asked the court to reject any claims filed via MSfreePC, saying the Lindows site violated the terms of Microsoft's settlement by using so-called digital signatures to process submissions. (Digital signatures are online validation agreements used to verify individuals' identities.) Lindows argued in response that Microsoft only opposed the site because it hoped to escape paying as much of the settlement as possible by making the claims process "arduous and time-consuming" for Californians."
Novell offers legal protection for Linux (News.com)
Here's a News.com article on Novell's new protection offer. "Under Novell's plan, the company will provide customers with protection from copyright infringement lawsuits to the tune of $1.5 million, or a factor of 1.25 of their software purchase price. To get the protection, customers must buy SuSE Linux and support from Novell and sign a licensing agreement..."
Linux Adoption
Linux Here, Linux There, Linux Everywhere (Groklaw)
Groklaw examines several situations where Linux is gaining strength, including on IBM executives' desktops. "The Inquirer has a leaked internal IBM memo, they say from IBM CIO Bob Greenberg, asking all IBM executives to switch their desktops to Linux by the end of next year. After they do it, don't you suppose that will be the end of FUD along the lines of "Linux isn't ready for the desktop"? Everyone will just know that if IBM runs Linux on the desktop, so can any other business."
This ZDNet article looks at the IBM decision in more depth.
CA and Linux (IT-Director)
IT-Director reports that a company known as CA is switching to Linux. "There are two reasons why it is worth taking note of CA with respect to Linux. The first is that CA believes, as I do, that Linux is going to become the standard OS. I know this because I heard Yogesh Gupta, the CTO of CA, say so at the last CA World. The second is that CA believes that it can generate a respectable revenue stream from Linux."
Migration from Windows to Linux saves thousands (IT Manager's Journal)
Ryan Benner explains the monetary details behind his company's switch to Linux. "Nearly three years ago I rebuilt my company's corporate network, comprising six geographically dispersed offices and approximately 300 users, using a budget smaller than what most system administrators and IT managers make in a year. Our migration to Linux servers and software was a success, and offers a lesson for other administrators."
Legal
Massachusetts Open Source Vs. Proprietary Battle Brews (TechWeb)
TechWeb looks into efforts by Massachusetts Senator Marc Pacheco to derail his state's Open Source/Open Standards Policy. "Pacheco, a Democrat, said the new policy is "perceived to be an exclusionary policy that excludes proprietary software." He is chairman of the Post Audit and Oversight Committee and said he has received "lots of calls" from software companies whose business revolves around proprietary software, many of whom are concerned that they will be locked out of Massachusetts' $80 million IT budget."
Mass. Softens Stance on Proprietary Software (eWeek)
eWeek reports that the Massachusetts IT policy has been weakened in regards to the use of open-source software. "Essentially, rather than focus on open source as a priority, the new policy demands that new IT investments be open standards compliant. The state's new Enterprise Open Standards Policy defines open standards as: "Specifications for systems that are publicly available and are developed by an open community and affirmed by a standards body." The policy gives HTML as an example of such a standard and adds: "Open standards imply that multiple vendors can compete directly based on the features and performance of their products."
Interviews
Linux for poets (Linux.com)
Linux.com interviews fiction writer and Linux user Valerie MacEwan. "Microsoft can't get it right and the people who listen to me (or other Linux voices) are the ones who've been hacked, attacked, wormed, virused, and have had to spend $100s on security software. That's one of the biggest things that drove me back to Linux in 2003. I priced all the Norton, AdAware, and more programs and the combined cost was unbelievable. And there, on the shelf next to it was SuSE 9 Professional for $79 and I knew once I put it on my computer and learned how to drive it (mainly, got it to find my Sony digital camera, my laser printer, and my scanner), my odds for keeping other people out of my computer were more in my favor."
FOSDEM interviews
The FOSDEM Website has two new interviews dedicated to BRASS and to JOnAS. In this interview Roger Butenuth talks about accessibility to Linux for blind users. Then Florent Benoit introduces JOnAS, an open source J2EE application server.
Reviews
GStreamer - Where We Are and Where We Are Going (OS News)
Christian Schaller writes about GStreamer on OS News. "The core concept in GStreamer is that of a pipeline system which your media streams through. This means you have one or more sources which can be anything like a file, an URL or a hardware device. Depending on how you construct your pipeline you can then have lots of things happening to that media stream before it ends up in one or more sinks at the other end of your pipeline. The sinks can be like the sources; a web stream, a file or hardware device; all depending on what plugins and elements you have installed."
The Return of Mini Book Reviews (Linux Journal)
In this Linux Journal article Pat Eyler presents mini reviews of Computer Science & Perl Programming, Games, Diversions & Perl Culture, Essential CVS, and The Linux Development Platform.
Miscellaneous
Suddenly, competition is in (Haaretz)
Haaretz examines what the Israeli government is up to with Microsoft and free software. "The treasury began investing in open code more than a year and a half ago, when its relations with Microsoft were still smooth. Now, entangled in a dispute with the giant, the Finance Ministry is enjoying kicking Microsoft where it hurts, even though it really has no real intention of replacing Windows with Linux, or Office with Open Office." (Thanks to "Dewd").
Relicensing of Majority of Mozilla Codebase to Begin Soon (MozillaZine)
MozillaZine reports on the relicensing of the Mozilla codebase. "Over the coming months, the majority of the Mozilla codebase will be relicensed under an MPL/GPL/LGPL tri-license. The change will mean that developers building products based on Mozilla will be able to choose whether to use the code under the terms of the Mozilla Public License, the General Public License or the Lesser General Public License."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
OSDL, IBM, Intel announce $10 million legal defense fund for Linux users
The Open Source Development Labs (OSDL) has announced the creation of a Linux legal defense fund. The fund will defray legal expenses of Linux users involved in litigation with The SCO Group on issues that affect the Linux community and industry. OSDL aims to raise $10 million for this fund and will accept donations from individuals, organizations and companies.Netfilter project calls for volunteers
The netfilter/iptables project needs volunteers to help with documentation, scripting, web site maintenance, and mailing list management.Free LindowsOS Download for KDE Developers
Lindows.com is offering a free download of LindowsOS to all KDE developers.The Norwegian DVD Case - Decision by Borgarting Appellate Court
For those who are interested in reading the decision by the Borgarting Appellate Court in the "DVD Jon" trial, Lovdata has made available an English version (as a .doc) and the link to the original Norwegian. (Thanks to Erik I. Bolsø)Debian Perl Group founded
A new Debian Perl Group has been founded. "Most developers often realize that modules available on CPAN are not included in the Debian archive. This hinders the packaging of Perl applications and other modules. After discarding the idea of automatically dumping all CPAN modules into the Debian archive, a collective effort to improve the packaging of Perl modules in Debian was proposed. This consists of creating new packages of needed Modules as well as of bugfixing and updating existing packages."
Red Hat to Contribute Copyrights Held in the eCos Code Base to the FSF
Red Hat has announced that it will assign all of its copyrights in the eCos open source operating system to the Free Software Foundation (FSF). "The contribution will enable the Free Software Foundation to act as the sole copyright steward of the project and work directly with the eCos community and its maintainers on future development."
Open Source e-learning project in New Zealand
New Zealand's Tertiary Education Commission has funded the following project: Open Source e-Learning Environment and Community Platform Adopting and developing open source e-learning application software for adoption throughout NZs tertiary education sector.Mark Finlay passes away (GnomeDesktop)
GnomeDesktop.org has announced the passing of Developer Mark Finlay. "Mark was the driving force behind the creation of the GNOME Users Board, where he helped numerous people learn to use GNOME. He was also a contributor to Rhythmbox, Gossip and numerous other GNOME projects."
Commercial announcements
Ineo Concepts has Preinstalled Linux Systems
Ineo Concepts has workstations, servers, and gaming machines built specifically for Linux. As far as we know, they are the first to offer boxes with Gentoo Linux preinstalled.MailStripper 1.1.3 released
Eridani has released version 1.1.3 of MailStripper, a commercial SMTP Spam Filter.McObject releases in-memory database for Linux
McObject has announced the availability of their eXtremeDB in-memory database for x86 Linux.MySQL AB Adds Enterprise Features in MySQL 5.0
MySQL AB has announced the availability of version 5.0 of the MySQL database. "The new release includes the addition of stored procedures as well as other advances designed to enhance the development of large-scale enterprise database applications. The MySQL 5.0 alpha development release is now available for testing and evaluation by the open source community."
Novell Completes Acquisition of SUSE LINUX
Here's the press release from Novell announcing the completion of its acquisition of SUSE LINUX. The closing of the $210 million cash deal also opens the door for completion of the $50 million investment of IBM in Novell announced November 4.Novell Supports Enterprise Linux Customers with New Linux Indemnification Program
With the acquisition of SUSE LINUX now complete, Novell has also announced it will offer its SUSE LINUX Enterprise Server customers a new indemnification program designed to provide an additional measure of protection against certain intellectual property challenges to Linux.Pigeon Point Systems Announces Linux Distributions for TI Digital Media Processors
Pigeon Point Systems has announced the support of Texas Instruments' digital media processors by their Monterey Linux distribution.Red Hat Linux Training Videos Available
Training videos for the Red Hat Certified Engineer certification are available from CBT Nuggets, Inc. "The training contains a variety of on-screen demonstrations and examples of Red Hat Linux as well as tips and hints to assist you in making the most of the product."
IBM Announces New SUSE LINUX-based Retail Solution for Point of Sale
IBM has announced a new Linux-based IBM point-of-sale (POS) solution, based on SUSE LINUX.
New Books
"RELAX NG" Released by O'Reilly
O'Reilly has published the book Relax NG by Eric van der Vlist."Sendmail Cookbook" Released by O'Reilly
O'Reilly has published the book Sendmail Cookbook, by Craig Hunt.
Resources
Austin Group Minutes of the January 8 Teleconference
Andrew Josey from The Open Group has sent us his coverage of the January 8 Austin Group teleconference minutes.ISO Technical Report on conflicts between POSIX and the LSB progresses
An ISO Technical Report that documents conflicts between the Linux Standard Base Specification and POSIX is available.LDP Weekly News
The Linux Documentation Project Weekly News for January 7, 2004 has been published. Take a look for the latest new documentation.LDP Weekly News
The Linux Documentation Project Weekly News for January 14, 2004 is available with the latest new and changed documentation.LPI-News December 2003
The latest news from the Linux Professional Institute covers a verification system; the use of Linux in Brazil; a German article on the LPI Translation Program; looking for community assistance for Exam Development; Linux World - New York; LPI in South Africa; and Linux Australia Conference in Adelaide.Sodipodi SVG flag collection with new release (GnomeDesktop)
GnomeDesktop.org reports on the fourth release of the Sodipodi flag collection. "This collection of SVG flags made available under the Creative Commons Public Domain dedication has now reached over 300 flags. All independent countries, many major regional flags, historical flags and organisational flags are now part of the package."
Translate.org.za Newsletter December 2003
The December newsletter for Translate.org.za is out. This project seeks to bring Opensource software to all South Africans. A project of the Zuza Software Foundation. Zuza - given freely, get as a gift, obtained freely.
Contests and Awards
LinuxQuestions.org Members Choice Winners
The polls for the 2003 LinuxQuestions.org Members Choice awards are closed and the results are in. Winners include Slackware for Distribution of the year, MySQL for Database of the year, KDE for Desktop Environment of the year and OpenOffice.org for Office Suite of the year. The full results are also available.NordU/USENIX 2004 ChessBrain World Record Attempt
A computer versus human chess contest will be held at NordU/USENIX 2004. "The technical conference NordU/USENIX 2004 will host the ChessBrain project's attempt to establish a world record for the "Largest number of distributed computers used to play a single game of chess". ChessBrain is the world's first distributed network of computers which work together to play chess."
Upcoming Events
GUADEC 2004 Call for Papers
The Fifth European Gnome Users and Developers Conference (GUADEC 2004) has issued a Call for Papers. GUADEC is scheduled for June 28 - 30, 2004 in Kristiansand, Norway.In other GNOME news, GNOME.conf.au will debut at Linux.conf.au. See the GNOME Lovers Guide to linux.conf.au for more info.
CFP Samba eXPerience 2004
A Call for Papers has gone out for the Samba eXPerience 2004 conference. The event will take place in Göttingen, Germany on April 5-7, 2004.2004 - OLS Call for Papers
The website for the 2004 Ottawa Linux Symposium is online, along with a call for papers. The 6th annual OLS will be held July 21 - 24, 2004.NSPW 2004 Call For Papers
A Call for Papers has gone out for the New Security Paradigms Workshop 2004. The event will take place on September 20-23, 2004 in Nova Scotia.2004 GCC and GNU Toolchain Developer's Summit
The 2004 GCC and GNU Toolchain Developer's Summit will be held in Ottawa, Ontario, Canada on June 2-4, 2004. A call for papers has gone out for the event.Open Source Business Conference 2004
The Open Source Business Conference will be held in San Francisco, CA on March 16-17, 2004.OSS Chicago Security Presentation
Open Source Software Chicago will be offering a presentation entitled "Effective Security using Open Source Security Tools" by Bob Radvanovsky. The event will take place on January 22, 2004.Linux Installfest, Davis, CA
The Linux Users' Group of Davis and the UC Davis Computer Science Club will be holding a Linux Installfest workshop on January 17, 2004.VistA Community Meeting Houston, Texas (LinuxMedNews)
LinuxMedNews has an announcement for the next VistA open-source health care meeting. The event will take place at Rice University in Houston, TX on March 11-14, 2004.Events: January 15 - March 4, 2004
| Date | Event | Location |
|---|---|---|
| January 15 - 17, 2004 | Linux.conf.au | Adelaide, Australia |
| January 20 - 23, 2004 | LinuxWorld Conference & Expo 2004 | (Jacob K. Javits Convention Center)New York, New York |
| January 20 - 21, 2004 | FSF Free Software Licensing Seminars | (Columbia Law School)New York, NY |
| January 22 - 23, 2004 | Vancouver PHP Conference | (SFU Harbour Centre)Vancouver, BC, Canada |
| January 28 - February 1, 2004 | NordU/USENIX 2004 | Copenhagen, Denmark |
| January 31 - February 1, 2004 | WineConf 2004 | (Court International Building)St. Paul, Minnesota |
| February 2 - 6, 2004 | EclipseCon 2004 | (Disneyland Hotel)Anaheim, CA |
| February 2 - 4, 2004 | Open Standards and Certification Conference | (San Diego Marriott Mission Valley)San Diego, CA |
| February 3 - 5, 2004 | Linux Solutions 2004 | Paris, France |
| February 9 - 12, 2004 | O'Reilly Emerging Technology Conference(ETech) | (The Westin Horton Plaza)San Diego, CA |
| February 20 - 22, 2004 | CodeCon 2004 | (Club NV)San Francisco, CA |
| February 20 - 24, 2004 | PaWS PHP and Web Standards UK 2004 | Manchester, UK |
| February 21 - 22, 2004 | Mozilla Developers Meeting in Europe 4.0 | Brussels, Belgium |
| February 21 - 22, 2004 | FOSDEM 2004 | (SOLBOSCH)Brussels, Belgium |
| February 23 - 27, 2004 | PostgreSQL Bootcamp | (Big Nerd Ranch, Inc.)Atlanta, GA |
| February 25 - 26, 2004 | UKUUG LISA/Winter Conference and Tutorial | (Lansdowne Campus, Bournemouth Univ.)Bournemouth, UK |
| March 1 - 5, 2004 | PHP|Cruise | The Caribbean |
Mailing Lists
KDE Dot News: Mailing Lists Relaunched
KDE.News has an announcement for two KDE mailing lists. "I'm pleased to announce that the dot-stories and dot-headlines mailing lists are finally back online. For those of you who don't know, dot-stories is the list to be on if you wish to receive the latest KDE Dot News in your inbox, and dot-headlines is the list you should subscribe to if you wish to receive the headlines only."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
Demise of Netscape Voted Most Significant Mozilla Event of 2003 (MozillaZine)
MozillaZine ranks the Mozilla Project's most significant event for 2003, the demise of Netscape. "The top choice was the demise of Netscape, which received 35% of the 1,947 votes cast. The launch of the Mozilla Foundation came second, with 29%, followed by the new end user focus (16%) and the new Roadmap (12%)."
Page editor: Forrest Cook