LWN.net Weekly Edition for August 29, 2002
Red Hat as the "next Redmond"
By now, many readers are likely to have encountered this eWeek article comparing Red Hat to Microsoft. It includes nice quotes like:
Is this "backlash" real, and should it be?
Red Hat is certainly the Linux distributor with the highest profile and the most evident success. But success does not make a monopoly. To justify charges like this, it is necessary to point out where Red Hat has tried to use its strong market position to force out competitors and extract monopoly prices from its customers. So let's look at a few things from Red Hat's record:
- Red Hat continues to sell a 100% free distribution which anybody can
download for free. The "advanced server" product is not available for
download, but it remains free software; anybody with the interest and
time could reproduce it (including things like Red Hat's kernel
patches) and make it available. Red Hat's customers are probably not
feeling the squeeze too badly at this point.
- The company employs a large number of high-profile free software
developers. These developers collaborate with developers employed by
other distributors on a regular basis, and make their work available
to everybody, including competitors.
- Development versions of Red Hat's distribution are made available to users (and competitors) through beta releases and the "Rawhide" distribution (though you have to know where to look to find it). It is difficult to be surprised by the contents of a new Red Hat release.
This is not the sort of behavior that one normally expects to see coming out of Redmond.
Anybody wanting to criticize Red Hat need not look too far. It would be nice if the company had supported the Linux Professional Institute rather than creating its own certification program. The company's software patent policy is not to everybody's liking. Red Hat has pushed its users toward bleeding-edge versions of gcc while providing (and requiring) ancient versions of Python. They have blown a couple of attempts at coordinated, multi-distributor security updates with too-early releases. And so on.
Complaints like these, however, show only that Red Hat is not perfect. But every free software user has benefitted greatly from Red Hat's work, and will continue to do so, whether or not they have ever bought anything from Red Hat. Linux users are not suffering under the yoke of some Red Hat monopoly, and it is difficult to see how such a monopoly could develop anytime soon.
Charges that Red Hat is the next Microsoft look more like FUD designed to divide the Linux community against itself than like anything based in fact. Let's keep an eye on Red Hat - all free software companies can benefit from some vigilance to keep them honest. But let's not get taken in by people trying to create fears of a monopolist where none exists.
BT fails to patent the Web
Back in June, 2000, the company then known as British Telecom exhumed an old patent that, it claimed, covered the hyperlinking used in the World Wide Web - at least, in the United States. Seeing a potential gold mine, the company sent its lawyer squads off to the U.S. to shake down ISPs, all of which, it claimed, were violating this hyperlink patent. Prodigy got the dubious honor of being the first company to be targeted with an infringement suit.Prodigy, happily, did not choose the "pay them off and hope they go away" response; instead, the company fought the claim in court. And, on August 22, the company was vindicated: U.S. federal Judge Colleen McMahon dismissed the suit outright, ruling that there is no way that a jury could find that infringement had taken place. The company now known as BT has the right to appeal the ruling, but, one way or another, BT looks unlikely to prevail. We can continue to make links without writing checks to BT.
This result is a victory for the Web, but it is a limited victory. The judge has simply determined that this patent, filed in 1980, does not cover the technologies used on the web. Had the patent been written differently, the result could easily have been different. Other patents with claims on fundamental technologies will certainly surface in the coming years, and they will not all be so easily disposed of.
(See also: the text of the judgement, in PDF format).
LWN, credit cards, and subscriptions
First the good news: it appears that most of the issues with credit card donations have been worked out. With luck, we will actually get our hands on the bulk of the money that you all donated to us a month ago, with the rest due to arrive in September. Hopefully, this particular unneeded hassle is just about behind us.We are, however, still without a credit card account we can use to sell subscriptions, which puts a bit of a damper on our plans. We're still working on that one. If any of you have experience with a merchant bank that is friendly toward online subscription services, we would sure appreciate any pointers you could send our way. We need to get this one solved, or it's all going to fall apart before too long.
We'll keep you posted as things happen; meanwhile, we're trying to keep the news coming as best we can. Thanks, yet again, for your support.
(Note that we didn't get any letters to the editor this week, so there is no letters page this time around).
Security
Brief items
IPv4 mapped address considered harmful
Jun-ichiro itojun Hagino has submitted this draft to IETF urging vendors who ship IPv4/v6 dual stack nodes/routers, to consider "if they have made a secure choice."At a glance, it appears that at least some of the problems can be addressed with appropriate filtering rules. Given the current deployment of IPv4/v6 dual stacks changing the protocol definition may not be necessary or desirable.
Security reports
PHP: vulnerabilities in the mail() function
Wojciech Purczynski reports arbitrary code execution and open-relay script vulnerabilities in PHP 4.x up to 4.2.2.
Lynx CRLF injection vulnerability
Ulf Harnhammar reports a CRLF injection vulnerability in Lynx which may be used to break out of restricted realms and communicate with other types of servers than HTTP servers.The problem is also present in links and elinks.
Information disclosure vulnerabilities fixed in Mantis 0.17.5
Mantis 0.17.5 fixes information disclosure vulnerabilites described in Mantis Advisories 2002-06 and 2002-07.
Abyss 1.0.3 directory traversal and administration vulnerabilities
Auriemma Luigi reports directory traversal and administration vulnerabilites in Abyss 1.0.3. A patch is available to close the administration vulnerability is available from Aprelium Technologies.
Arbitrary code execution vulnerability fixed in Achievo 0.8.2
Achievo is a web-based project management tool for business-environments. Versions prior to 0.8.2 are vulnerable to an arbitrary code execution attack.
New vulnerabilities
Locally exploitable buffer overflow in linuxconf
| Package(s): | linuxconf | CVE #(s): | |
| Created: | August 28, 2002 | Updated: | August 28, 2002 |
| Description: | The widely-shipped linuxconf system administration utility has a buffer overflow vulnerability which can be exploited by a local user to obtain a root shell. This exploit only matters, of course, if linuxconf is installed setuid root, but a number of distributions do exactly that. If you have linuxconf installed on systems with untrusted local users, you will probably want to remove the setuid bit until a fix comes out.
For more information check out the full advisory from iDEFENSE. | ||
| Alerts: | (No alerts in the database for this vulnerability) | ||
Remote arbitrary code execution vulnerability in gaim
| Package(s): | gaim | CVE #(s): | |||||||||||||||||
| Created: | August 28, 2002 | Updated: | September 4, 2002 | ||||||||||||||||
| Description: | gaim versions prior to 0.59.1
contained a arbitrary code execution vulnerabilty in the
the hyperlink handling code.
The 'Manual' browser command passes an untrusted
string to the shell without escaping or reliable quoting, permitting
an attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn't display the hyperlink before the user
clicks on it. Users who use other inbuilt browser commands aren't
vulnerable.
The problem is fixed in gaim 0.59.1 which is available here. Versions prior to 0.58 also contained a buffer overflow in the Jabber plug-in module which, of course, is still fixed in 0.59.1. "Gaim is an instant messaging client written in GTK and is based on the published TOC messaging protocol from AOL." | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Mailman 2.0.12 closes cross-site scripting vulnerability
| Package(s): | mailman | CVE #(s): | CAN-2002-0855 | ||||||||
| Created: | August 28, 2002 | Updated: | September 4, 2002 | ||||||||
| Description: | Mailman 2.0.12, released on July 2nd, closed a minor cross-site scripting vulnerabilty and implemented "a guard against some reply loops and 'bot subscription attacks." Upgrading to Mailman 2.0.13, which also fixes some Python 1.5.2 incompatabilities, is recommended. | ||||||||||
| Alerts: |
| ||||||||||
Buffer overflow vulnerabilities in PostgreSQL
| Package(s): | PostgreSQL | CVE #(s): | |||||||||||||||||||||||||||||||||||||
| Created: | August 21, 2002 | Updated: | January 27, 2003 | ||||||||||||||||||||||||||||||||||||
| Description: | PostgreSQL 7.2.2 has been released in response to a number of buffer
overrun vulnerabilities which have been identified recently. "...it should be noted that these vulnerabilities are only critical on 'open' or 'shared' systems, as they require the ability to be able to connect to the database before they can be exploited." Buffer overflow vulnerabilities fixed include those reported by "Sir Mordred The Traitor" in the cash_words, repeat, and lpad and rpad functions. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
Light remotely-exploitable code vulnerability
| Package(s): | epic4-script-light | CVE #(s): | |||||
| Created: | August 28, 2002 | Updated: | August 28, 2002 | ||||
| Description: | J. S. Connell recently discovered
that "the IRC script for EPIC4 that I maintain is
vulnerable to a fairly easy remote attack."
All versions of Light prior to 2.7.30p5 (on the 2.7 branch) or 2.8pre10 (on
the 2.8 branch) running under any version of EPIC4 on any platform are
vulnerable to a remotely-exploitable bug that can execute nearly-arbitrary
code. All Light users are very strongly urged to upgrade to stable release
2.7.30p5 or beta 2.8pre10 immediately.
| ||||||
| Alerts: |
| ||||||
Local arbitrary code execution vulnerability in Python
| Package(s): | python | CVE #(s): | CAN-2002-1119 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 28, 2002 | Updated: | October 1, 2003 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | Zack Weinberg discovered that os._execvpe from os.py uses a predictable name which could lead to execution of arbitrary code. According to the Debian advisory, the problem was present in Python versions 1.5, 2.1 and 2.2. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
Kernel update for RedHat 7.3 i810 video
| Package(s): | kernel | CVE #(s): | |||||
| Created: | August 28, 2002 | Updated: | September 4, 2002 | ||||
| Description: | Red Hat has issued a kernel update that fixes an "i810 video oops".
"Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits." | ||||||
| Alerts: |
| ||||||
Denial of service vulnerability in irssi IRC client
| Package(s): | irssi-text | CVE #(s): | |||||
| Created: | August 28, 2002 | Updated: | August 28, 2002 | ||||
| Description: | When a user attempts to join a channel that has an overly long topic description,and a specific string is appended to the topic, the irssi IRC client will crash. | ||||||
| Alerts: |
| ||||||
Resources
Linux Security Week and Advisory Watch
The August 26th Linux Security Week and August 24th Linux Advisory Watch newsletters from LinuxSecurity.com are available.Metis 1.4 released
Sacha Faust announces the release of Metis 1.4. "This is a tool I wrote to collect information from web servers." Metis was written for the Open Source Security Testing Methodology (OSSTM). .Internet anonymity for Linux newbies (Register)
The register has published a tutorial for newbies on how to secure your home system. "For most home PC users, fairly secure is perfectly adequate, and that's what we'll be concentrating on below. In a week or two I'll get into details for power users, but for now I'm going to concentrate on a particular presumed reader: a home user who's fairly new to the Linux desktop, who's using a packaged distro, and who's not intimately familiar with PC security -- a 'recovering Windows user', let's say."
Events
ToorCon Computer Security Conference 2002 Pre-registration Closing
ToorCon 2002 has "recently released our finalized speaker lineup and it looks like it'll be one of ToorCon's best years yet. Pre-registration and RSVP will be closing shortly, so register today!"ToorCon 2002 will be held September 27-29th in San Diego, CA, USA.
Upcoming Security Events
| Date | Event | Location |
|---|---|---|
| August 29 - 30, 2002 | Workshop on Information Security Applications(WISA 2002) | Jeju Island, Korea |
| September 19 - 20, 2002 | SEcurity of Communications on the Internet 2002(SECI'02) | Tunis, Tunisia |
| September 23 - 26, 2002 | New Security Paradigms Workshop 2002 | (The Chamberlain Hotel)Hampton, Virginia, USA |
| September 23 - 25, 2002 | University of Idaho Workshop on Computer Forensics | (University of Idaho)Moscow, Idaho, USA |
| September 26 - 27, 2002 | HiverCon 2002 | (Hilton Hotel)Dublin, Ireland |
| September 27 - 29, 2002 | ToorCon 2002 | (San Diego Concourse)San Diego, CA, USA |
| October 16 - 18, 2002 | Recent Advances in Intrusion Detection 2002(RAID 2002) | Zurich, Switzerland |
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Kernel development
Brief items
Kernel release status
The current development kernel is 2.5.32, released by Linus on August 27. It includes, of course, the IDE code replacement (see last week's LWN Front and Kernel pages). In this (large) patch you'll also find the asynchronous I/O core (covered in the August 1 LWN Kernel page), a bunch more device model work, IA-64 and PPC64 updates, the beginning of the NFSv4 merge, a bunch of input layer changes, Ingo Molnar's thread performance work, and an incredible number of other fixes and updates. The long-format changelog is also available.Linus's current BitKeeper tree, which will become 2.5.33, contains a number of memory management performance fixes from Andrew Morton, some partition and IDE work by Alexander Viro, a set of network driver improvements, and a big pile of typo and designated initializer fixes.
The current 2.5 status summary from Guillaume Boissiere is dated August 28.
The current stable kernel is 2.4.19; Marcelo has released no 2.4.20 prepatches over the last week.
The current prepatch from Alan Cox is 2.4.20-pre4-ac2. The -ac series is now the staging area for ongoing IDE work which, by most accounts, is going well.
Kernel development news
The 2.5 device model
A constant feature of development kernel summaries is "device model work." Perhaps it's time to take a look at what the device model actually is, and where it's going.The device model effort has its roots in the 2001 Kernel Summit. It had become clear, at that point, that support of advanced power management would require a more structured approach to the management of devices in the Linux kernel. There has traditionally been no centralized registry of devices in the kernel - no way to just ask the system what devices were connected to it. Power management needs not only the answer to that question, but also some idea of how all the devices are plugged together. It doesn't do to shut down a SCSI controller before stopping all of the peripherals connected to that controller, for example.
So the device model work, done mainly by Patrick Mochel, started by adapting the existing PCI device scheme to represent a full system. At the center of the scheme is struct device, which, of course, represents a single device in the system. This structure contains quite a few fields, including no less than six different list heads; some of these fields will be examined shortly.
One type of device, of course, is a bus. There is a device structure for each bus, along with a bus_type structure for each type of bus. Almost every device on a system is reached via (at least) one bus, and the device model topology reflects that. Each bus device maintains, via the children list in its device structure, a list of all devices plugged into that bus. By looking at the bus_list field of any device in the system, the kernel can find all other devices attached to the same bus.
Each device structure also maintains a parent pointer (to another struct device, of course), and an entry into another list (called simply node) of all its siblings under the same parent. This hierarchy may look a lot like the bus lists already mentioned, but that is not the case. A device may be on a USB bus, but its parent may be the USB hub to which it is connected. Similarly, a SCSI tape drive may be reached through a PCI bus, but its parent is the SCSI host adaptor.
Thus, it is the parent and node lists that model the true hierarchy of the devices in the system. One could suspend a computer by starting at the top-level devices and doing a depth-first traversal of the device hierarchy via each device's children list. In fact, the device model makes this sort of traversal easy by maintaining a separate "global device list" which contains every device on the system, in the depth-first order.
As an example, your editor's system is represented in the driver model with a hierarchy like the following:
root
pci0
PCI host bridge
ISA bridge
IDE interface
USB controller
USB bus
Lexar SmartMedia reader
ACPI bridge
SCSI adaptor
SCSI bus 0
Target 0 (disk drive)
Partition 1
Partition 2
Target 1 (DAT tape)
st0
nst0
...
Target 4 (CDRW)
Audio controller
MIDI port
Ethernet controller
Graphics card
sys
Interrupt controller
8253 Interval timer
floppy controller
Each entry in the hierarchy above is one device structure in the model; each device's children list holds each indented entry below that device. The global device list, instead, contains the full hierarchy shown above, in order from top to bottom. ("sys" is a virtual bus for devices not otherwise connected to a system bus).
The model, as described so far, shows the hierarchy of the system, but does not allow the kernel to actually do much with those devices. The next step involves a new generic structure: struct device_driver, which is registered for each driver in the system. This structure tells the system what type of bus the driver expects to work with, and provides a set of useful functions. One of those functions is probe; when a new device is discovered on the system the base code calls the probe function of every likely-looking driver for the relevant bus until a driver agrees to manage the device. The system then sets the driver pointer in the device structure, and knows how to find the right driver for the device from then on.
This driver pointer is not used for normal, user-space accesses to the device - that is still handled through the device arrays (indexed by the device's major number). What that pointer can be used for, however, is power management and hotplug events. If the kernel has been told to suspend the system, for example, it now need only pass through the global device list, calling the suspend function found in the device driver structure for each device. Similarly, if the user unplugs a device, the kernel can call that device's remove function to let the driver know.
The above is sufficient to handle the basic functions needed by power management and to support hotpluggable devices. It also unifies much of the device probing and accounting logic in the kernel, allowing the removal of a great deal of duplicated code. The device model work has not stopped there, however. One recent (2.5.32) addition is the notion of device classes and interfaces. The "class" of a device is the basic function that it performs - it could be an "input" or "storage" device, for example. Not much is done with the class information currently, but the structure is there for class-level drivers to affect how the device is managed.
"Interfaces" are paths to the device from user space - normally entries in /dev. Devices which implement a given interface can be expected to respond in certain, well-defined ways. As with classes, about all that is done with interfaces, for now, is to remember them. But that could change.
This discussion, so far, has left out an important subsystem which, while technically not part of the device model, is intimately tied in with it. "driverfs" is a virtual filesystem which provides a userspace representation of the driver model data structure. This filesystem, normally mounted at /devices, contains (currently) three top-level directories:
- root contains the entire device tree in the usual
hierarchical form. By digging around in /devices/root, users
(or code) can get a handle on how the system is put together.
Driverfs also makes it easy for devices to export tunable parameters
(much like those found in /proc/sys) which can be found - and
tweaked - in the device tree.
- class contains an entry for each device class
registered in the system. Further down, an entry for every device
which implements that class can be found (it's a symbolic link to the
entry in the /devices/root tree). There are also entries for
each interface registered with a class, and, again, a symbolic link
for every device implementing the interface.
- bus lists each bus type (not each physical bus) on the system and the devices managed by each.
Some readers may be noting a certain similarity between driverfs and devfs. They do resemble each other in that they are both kernel-generated virtual filesystems which contain entries for the devices in the system. They differ, however, in that driverfs is intended to be a physical representation of the system, while devfs is intended to provide user-space access to the devices themselves. A devfs user can mount /dev/discs/disc0; somebody perusing driverfs can, with sufficient typing pain, find the directory /devices/root/pci0/00:0e.0/scsi0/0:0:0:0/0:0:0:0:p1, but there's nothing there to mount. Instead, a bunch of information - including the device's major and minor numbers - is available.
So devfs and driverfs serve different purposes, but driverfs (with /sbin/hotplug) could conceivably supplant devfs in future kernels. While driverfs is not intended to be the way users access devices, all the information needed to create /dev nodes is (or can be) there. In the future, the /sbin/hotplug script may be used to configure all devices as they are discovered in the system; there is no reason why that script can not use the driverfs information (including class and interface information) to create /dev nodes implementing whatever policy the system administrator likes. The result would be a flexible device naming and administration scheme which removes policy from the kernel code.
That all remains in the future, however; the device model and driverfs are still works in progress. Most driver code does not yet interface with the device model; thus far, there has been little need to change the drivers themselves, since the PCI code has done the necessary device registration. Full implementation of classes and interfaces, however, is likely to require digging into the driver code, and that could take a little while. It could yet happen for 2.6, however.
The scheduler and hyperthreading
Hyperthreading is a hardware technique where a single CPU behaves as if it were multiple (usually two) virtual processors. When one virtual processor stalls (on a cache miss, for example), the other runs. Hyperthreading can yield significant performance improvements (numbers of around 30% have been floated) for a very small silicon investment. And the software side is free: a hyperthreaded processor is almost indistinguishable from a pair of real, physical processors, and the current Linux (or whatever) SMP code works.However, a scheduler which handles SMP, but which is unaware of hyperthreading, will not obtain optimal performance. If you have two processes running on two virtual processors on the same physical CPU, they will be contending with each other in a way that processes on separate CPUs will not. A naive scheduler, such as the one currently found in the Linux kernel, does not understand the difference between the two situations, and will thus make wrong decisions.
Ingo Molnar has posted some scenarios where the current scheduler gets things wrong, along with, of course, a patch that makes everything right. Consider a system with two physical CPUs, each of which provides two virtual processors. If there are two running tasks, the current scheduler would happily let them both run on a single physical processor, even though far better performance would result from migrating one process to the other physical CPU. The scheduler also doesn't understand that migrating a process from one virtual processor to its sibling is cheaper (due to cache loading) than migrating it across physical processors.
The solution is to change the way the run queues work. The 2.5 scheduler maintains one run queue per processor, and attempts to avoid moving tasks between queues. The change is to have one run queue per physical processor which is able to feed tasks into all of the virtual processors. Throw in a smarter sense of what makes an idle CPU (all virtual processors must be idle), and the resulting code "magically fulfills" the needs of scheduling on a hyperthreading system. The actual patch involves a bunch of tricky details, of course, but the end result is that a relatively simple idea yields a 10% or greater performance improvement.
A change in the BitKeeper license
Larry McVoy recently posted a note to the Linux kernel list regarding changes in BitKeeper licensing. The big change is that the new license gives BitMover the right, if you are using the free (beer) version of BitKeeper, to require you to make your repository available under a free license. The point is that the free version of BitKeeper is meant to help free software development; it's not meant for proprietary work.Larry also states that BitMover may about to make a sale which can be tied to the kernel developers' use of BitKeeper; should that happen, he'll set aside $25K in BitKeeper developer time. Linus can use that time to cause the implementation of features he wants, regardless of whether that's something BitMover otherwise would have done.
Linux Journal 2002 Editors' Choice
We'll now take a brief moment for editorial self indulgence... The Linux Journal's 2002 Editors' Choice awards have been announced. The selection for "best technical book" was one Linux Device Drivers, 2nd Edition by Alessandro Rubini and Jonathan Corbet.
Patches and updates
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Caldera International becomes The SCO Group
Earlier this week Erik Ratcliffe sent LWN a note, saying only to check out the Caldera International website. We did, and found the familiar Caldera logo gone, and a new SCO logo in its place. Caldera International is now, or will be after shareholder approval, The SCO Group. The change reflects where the company's money is made, explains this News.com article. Not in its Linux products, but in the proprietary Unix technology acquired from SCO 2000. A complete rebranding such as this can be expensive, but the company obviously feels that the SCO products will sell better, under their former names. So, SCO Unixware, briefly called Caldera OpenUnix, will once again be SCO Unixware.What does this mean for Caldera OpenUnix? Well, it won't be called that anymore. The latest distribution, about to enter beta testing, is called SCO Linux 4.0 powered by UnitedLinux. Much of what was once OpenLinux will remain, but elements are changing. Exactly what and how much remain to be seen, but these changes will have less to do with the name change, and are very dependent on the UnitedLinux product. For example, SuSE's YaST (Yet another Setup Tool) program will be integrated with Caldera technology for the UnitedLinux (and SCO) installation and configuration program.
There will be a closed beta of SCO Linux (limited to a small number of testers) followed by an open beta. In this post to the Caldera user's group SCO's John Boland explains the process and how to get registered.
Distribution News
Debian GNU/Linux
Here is the Debian Weekly News for August 27, 2002. Topics include the Debian constitution, OpenLDAP, GCC 3.2, Python 2.2, Gnome 2, Wordlists, and the debian-installer.We also have an update on the debian-installer status.
Mandrake Linux
The Mandrake Linux Community Newsletter for August 22, 2002 is now available. This edition contains information on the Beta 3 release; a summer special at MandrakeStore; Mandrake's LSB certification; Star Trek Actor Wil Wheaton recommends Mandrake; and much more.
Beta 4 of the upcoming Mandrake Linux 9.0 is available.
Changes and improvements based on previous reports include:
* Drakconf: memory leak has been fixed. Additionally, Drakconf offers an
improved look and feel.
* 'tinyfirewall' is now active.
* RpmDrake: Many improvements have been made including the ability to
search package descriptions and the availability of 'noclearcache'
option.
New software includes OpenOffice 1.0.1.
Mandrake has a new French language website for the discussion of Linux-Mandrake at Mandrakefr.org.
Red Hat Linux
IBM developerWorks has a tutorial on Tuning Red Hat for maximum performance. Free registration is required.
Here's a Linux Journal how-to on getting Red Hat
7.3 running on a Compaq Presario 711 laptop computer. "Linux
has made great progress on desktop systems. Installing a modern operating
system like RH 7.3 on a desktop is almost easy enough for Aunt Minnie, as
Jerry Pournelle likes to call the everyday computer user. But laptop
installs are a different matter. The hardware on laptops is less generic
than what's on the desktop, but with the move to ATX-style motherboards
with integrated peripherals, this has become less of a problem.
"
New Distributions
DOSSLACK
DOSSLACK is a bootable FreeDOS disk image which has been designed to boot into a Slackware 8.1 install. It can boot any of the kernels in the Slackware 8.1 CD's kernels/ directory. It supports most common ATAPI (IDE interface) CD-ROM drives. The Slackware 8.1 ISO image used a "no-emulation" boot image. Most recent BIOS's are capable of booting that CD, but many older (and some not-so-old) systems cannot. So if you have had problems installing Slackware 8.1, DOSSLACK may be the answer.
Minor distribution updates
Arch Linux
Arch Linux has released 2.1 of the package manager Pacman.Cool Linux CD
Cool Linux CD has released v1.33. This version adds CDRW software, VoIP software, and the PSI Jabber client. There are also some changes to the bootup procedure.DMZS-Biatchux Bootable CD Distro turns to FIRE
The distribution formerly known as the DMZS-Biatchux Bootable CD Distro has changed its name to FIRE. The first release since the name change is FIRElite release v0.2b. (Thanks to JR Gimblet)NSA Security Enhanced Linux
NSA Security Enhanced Linux has released v2002082308 with minor feature enhancements, including kernel updates to 2.4.19 and 2.5.31.ROOT Linux
ROOT Linux has released v1.3 with major feature enhancements. "This release features big improvements to the installer, support for devfs and PAM, the latest versions of KDE and GNOME (3.0.3 and 2.0.1), GCC 3.2, and PureFTPd as the default FTP daemon. The 'agetty' program has been replaced with the smaller 'mingetty'. Non-free packages has been moved to a 'nonfree' folder."
SmoothWall
SmoothWall has released Smoothwall GPL 2.0 beta1 (metro).TA-Linux
TA-Linux has released TA-Linux 0.2.0-Beta2 (i386) with minor feature enhancements.Topologilinux
TopologiLinux has released v1.0 with lots of shiny new packages.<tt>ttylinux</tt>
ttylinux has released v2.4 with minor bugfixes. including updating isdn4k-utils, modutils, and util-linux to their latest versions. The filesystem was recreated with less inodes to make some extra space.uClinux
uClinux has released v 2.4.19-uc0 with major feature enhancements, including an upgrade from 2.4.17 to 2.4.19.VectorLinux
VectorLinux has released 2.5 (SOHO). The SOHO branch containes preinstalled productivity software such as KDE 3.x, OpenOffice 1.0, and several other productivity applications. The installation program does not ask which packages should be selected, and instead simply installs its preselected set of software.Webfish Linux
Webfish Linux has released 1.2 (Fishwall) with minor feature enhancements.xbox-linux
xbox-linux has released v0.2 with major feature enhancements, including Framebuffer support..
Page editor: Rebecca Sobol
Development
The OpenPKG cross-platform software packaging facility
Version 1.1 of the OpenPKG cross-platform software packaging facility has been announced.The announcement states:
OpenPKG has been released under an MIT style license.
The aim of the OpenPKG project is to create a software packaging facility that works across a wide variety of Unix flavors. Currently it supports FreeBSD, RedHat Linux, Debian GNU/Linux, Debian GNU/Linux, and Sun Solaris. NetBSD, OpenBSD, and Compaq Tru64 are partially supported.
OpenPKG is based on code from version 4 of RedHat's RPM package manager, organized as a self-contained system so that RPM does not need to be installed in order to use the system. An interesting feature is the way in which OpenPKG handles the modification of system files, changes are recommended, but the administrator has to manually make the changes. This should please security conscious admins, although it sounds like a big slow-down for automated installations across many machines.
Version 1.1 of OpenPKG adds more supported platforms, more packages, more granularity in user and group selection, better security for handling system files, support for package activation via software switche variables, and support for proxy packages, which allow multiple packages to share resources with base packages.
Currently, there are over 200 packages available for OpenPKG, conveniently organized into numerous groups. See the package repository for the list.
OpenPKG appears to be very well documented, here are some pointers:
Systems administrators who deal with multiple versions of Unix should consider using OpenPKG, it looks like the kind of utility that could greatly increase productivity.
System Applications
Audio Projects
Ogg Traffic for August 20, 2002
The August 20, 2002 edition of Ogg Traffic covers the Ogg Speex file format, using Ogg for doing online voice chat, a VP3 Patch for Xine, OggShell v1.0, WebSiteRobot support for Ogg, and more.
Database Software
Which Table, Which Column? (O'Reilly)
Jonathan Gennick gives some tips on using designing SQL tables. "Many potential problems lurk when you do not fully qualify column names using either table names or table aliases. In this article, I'm going to focus on just one such problem recently brought to my attention by a perplexed reader."
Electronics
Gaf development snapshot 20020825
A new development snapshot of Gaf (Gschem and Friends) is available from the gEDA project. This version includes big changes to the underlying attribute definition syntax. See the release notes for the details.
Networking Tools
Release of iptables-1.2.7a
iptables version 1.2.7a is now available. This release fixes some bugs that were introduced in version 1.2.7.
Printing
HPIJS 1.2.1 is released! (LinuxPrinting)
LinuxPrinting mentions that version 1.2.1 of the HPIJS PCL printer driver is now available. This release includes improved grayscale performance, paper tray selection, and support for more printers.
Web Site Development
Connecting middleware to Apache 2.0 (IBM developerWorks)
Uche Ogbuji explains how to use an Apache 2.0 filter module on IBM's developerWorks. "Apache became the most popular Web server in part because of the rich availability of third-party extensions for the server, and because its open architecture made it quite easy to roll your own extensions. Of course, nothing is ever just easy enough, so in developing Apache 2.0, one of the main goals was to improve the Apache API to make it even easier to develop extensions."
ZEO 2.0 beta 1 released
Version 2.0 beta 1 of the ZEO, the Zope Enterprise Objects, has been released. "ZEO turns the Zope object system into a distributed architecture, allowing multiple processors, machines, and networks to act as one website."
First Beta of Mod_python 3.0 available
The first beta release of mod_python 3.0 for Apache 2.0 is available.Zope Members' News
This week, the Zope Members' News covers Zope performance on Solaris, XMLTransform 0.8, CVSFile 0.8.1, ExternalFile 1.1.0, Wing IDE 1.1.5 final, Ordered List Product version 2.0, and more.
Desktop Applications
Audio Applications
WaveSurfer version 1.4.3 released
Version 1.4.3 of the WaveSurfer sound visualization and manipulation tool has been released. "The new version of WaveSurfer uses Snack v2.2, which incorporates code from the ESPS speech analysis library. ESPS was recently licensed to the Centre for Speech Technology by Microsoft and AT&T, with the aim to make it available to speech researchers again." See the changes document for the full story.
Desktop Environments
KDE 3.1 Beta 1: Hot off the Servers
KDE.News has an announcement for KDE 3.1 Beta 1. "This release, which marks the second testing release of the KDE 3.1 branch, offers many improvements and bug fixes over KDE 3.0.x. New features include improved OpenPGP handling in KMail, handy tooltips that provide details of files in Konqueror quickly, and even new ways to be less productive thanks to four new games."
KC KDE #43 is available
Issue #43 of Kernel Cousin KDE is available. "featuring everything from KDE 3.1's new look, the future of multimedia in KDE, a refitted Konqi, math app news, mouse news, and much more."
Office Applications
Release of GnuCash 1.6.8
GnuCash version 1.6.8 has been announced. Several project compile bugs have been fixed.Gnumeric 1.1.8 released
Version 1.1.8 of the Gnumeric spread sheet has been released. Click below for a detailed list of changes.Kernel Cousin GNUe #43
Issue #43 of Kernel Cousin GNUe covers the specification for Supply Chain Management, the GNUe data dictionary and open standards, and other GNU enterprise development issues.AbiWord Weekly News #106
Issue #106 of the AbiWord Weekly News looks at AbiWord use from within a web browser, replacing Microsoft's formerly free fonts with CoreFonts, a new font preview project, and more.
Web Browsers
Mozilla 1.1 released
Mozilla 1.1 is now available. Changes include improved stability and performance, better compatibility with more web sites, improved CSS, DOM and HTML standards support, and more. See the release notes for the list of changes.Also, see MozillaZine for links to a number of articles on Mozilla 1.1.
Galeon2 status update
A Galeon2 development synopsis has been posted. "While all may seem quiet in galeon world, we are working hard on Galeon 2, a new major version based on Gnome 2. We decided to do a full rewrite of the our code base because of the huge changes in Gnome architecture, to improve maintainability and stability. The new code is already pretty stable and all the major features of Galeon 1 have been reimplemented. Many people are using it as their full time browser. We tried to improve the usability of the user interface and the integration with the desktop."
Miscellaneous
Privoxy 3.0.0 released
Privoxy is a "privacy-enhancing proxy" server; the just-announced 3.0.0 is the first stable release of this package. "Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk."
Languages and Tools
Caml
The Caml Hump
This week, The Caml Hump covers Caml and OCaml exercises, MetaOCaml, Cameleon, Cash, SpamOracle, camllets, the Ensemble Juke Box, and more.
Java
Robocode Rumble: Tips from the champs (IBM developerWorks)
IBM's developerWorks covers a virtual Java-based robot contest. "The Robocode Rumble opened with programmers around the world using their coding skills to create the most fearsome Java "robots" they could, and releasing their 'bots to battle it out in a virtual arena. With names like TheArtofWar, BienatorII, SandboxLump, BulletMagnet, and Cake, these robots were a little more fierce and a lot more entertaining than your ordinary Java objects. When the dust cleared, only a few 'bots were left standing. Dutch programmer Enno Peters had taken the overall victory."
JSP Overview, Part 1 (O'Reilly)
Hans Bergsten covers Java servelets in an excerpt from his book on Java Server Pages. "JSP is the latest Java technology for web application development and is based on the servlet technology introduced in the previous chapter. While servlets are great in many ways, they are generally reserved for programmers. In this chapter, we look at the problems that JSP technology solves, the anatomy of a JSP page, the relationship between servlets and JSP, and how the server processes a JSP page."
Lisp
Pascal Costanza's Highly Opinionated Guide to Lisp
Pascal Costanza's Highly Opinionated Guide to Lisp is an online document that has been placed in the public domain. Check it out for a good introduction to the history and ideas behind Lisp. Thanks to Paolo Amoroso.
Perl
Damian Conway publishes Exegesis 5 (Perl.com)
Damian Conway has published Exegesis 5 for Perl 6, an examination of Larry Wall's Apocalypse 5 document.This Week on perl5-porters (use Perl)
The August 19-25, 2002 edition of Perl 5 Porters is out. Topics include a Config.pm discussion, a threads tutorial, a Perl 5.8.0 memory leak with PerlIO for sockets, problems with B::SV::FLAGS, Regex optimizations, Valgrind bug fixes, p5p patches, Copy-On-Write issues, and a fix for shift // 0.Web Basics with LWP (O'Reilly)
Sean M. Burke shows how to perform common tasks with LWP. "LWP (short for "Library for WWW in Perl") is a popular group of Perl modules for accessing data on the Web. Like most Perl module-distributions, each of LWP's component modules comes with documentation that is a complete reference to its interface. However, there are so many modules in LWP that it's hard to know where to look for information on doing even the simplest things."
PHP
PHP Weekly Summary
Issue #100 of the PHP Weekly Summary covers PHP 4.2.3 RC 1, mysql_db_query(), Pcntl extension updates, problems with ob_gzhandler, Nicer Alpha-blending for GD, using UDP from within PHP, test suite updates, support for WebDAV, a Streams filter API, and more.Pear Weekly News
This week's Pear Weekly News is out. "With 5 new releases this week, including the Second MDB Release Candidate, along with 2 new packages PEAR continues to grow, heavily benefit from new contributors sending code, bug fixes and new ideas. The eternal problem of documenting this growing collection of tools is being attacked on many fronts with phpdoc to docbook tools, and openoffice converters. This week, existing classes like Auth/Permissions, Config have been re-examined and plans are underway for major improvements. Meanwhile, Rasmus has been helping out with the issues of licensing conflicts with GPL code."
Python
The Daily Python-URL
This week's Daily Python-URL entries include articles on XMLdiff, omniORBpy 2.0, XMail Library 1.00, using PDF for presentations, doclifter, Easy Publisher 1.7, cPickle, the Python Bibliotheca, and more.
Ruby
The Ruby Garden
This week's Ruby Garden looks at a faster IO#read interface.The Ruby Weekly News items include FXRuby-1.0.13, ZenWeb 2.12.0, the TCLink credit card processing extension, scanf for Ruby, Amrita 0.8.5, and more.
Scheme
Scheme Weekly News
The August 27, 2002 edition of the Scheme Weekly News is out. Topics include SRFI support in Guile, Guile 1.5.8 beta, Quack.el 0.6, and more.
Tcl/Tk
Page editor: Forrest Cook
Linux in Business
Press Releases
Open Source Announcements
- Data Storage Institute (Singapore): DSI Releases New Network Storage Protocol Into Open Source.
- Free Software Foundation (Boston, Mass.): GNU Project Will Use Freenode as Its Official IRC Network.
- Nelsonville Public Library (Nelsonville, OH): Nelsonville Public Library Chooses Open Source.
- Sigma Designs, Inc. (MILPITAS, Calif.): Sigma Makes Source Code Available for Its MPEG-4 Video CODEC.
- Zope Corporation (FREDERICKSBURG, Va.): Zope Wins Coveted Linux Journal 2002 Enterprise Application Server Editors' Choice Award.
Software for Linux
- @HDL (SAN JOSE, Calif.): @HDL Releases Distributed Processing Support in Functional Verification Product.
- AbsoluteValue Systems (MELBOURNE, Fla.): Remote Wireless Network Testing and Analysis Tool is World's First; AbsoluteValue Systems Provides WLAN Monitoring From a Distance.
- BakBone Software (SAN DIEGO): BakBone Software Announces Novell NetWare 6 Support.
- Borland Software Corporation (SCOTTS VALLEY, Calif.): Borland Wins Best of Show at LinuxWorld for Kylix 3.
- INNOVATION Data Processing, Inc. (LITTLE FALLS, N.J.): IBM SHARK, 800 and 800 Turbo Disk Storage, Gains Full Support of INNOVATION Solutions for Non-Disruptive Hardware Installation and Instant Storage Management.
- Jacada Ltd. (ATLANTA): Jacada Launches Web-to-Host Terminal Emulation Product; Jacada Terminal Emulator Provides Powerful, Low-cost, Easy-to-Deploy Solution for 3270, 5250 & VT Access.
- Mentor Graphics (WILSONVILLE, Ore.): Mentor Graphics Delivers New Version of ADVance MS to Support Growing Analog and RF Content in AMS SoC Designs.
- Mentor Graphics (WILSONVILLE, Ore.): Mentor Graphics Announces Calibre xRC, Full-Chip, Transistor-Level Parasitic Extraction for SoC Designs.
- Mentor Graphics (WILSONVILLE, Ore.): Mentor Graphics Announces New Front-to-Back IC Design Flow to Meet Today's Analog/Mixed-Signal SoC Design Challenges.
- Microlite Corporation (LAS VEGAS): Microlite Introduces Update Manager for BackupEDGE SS.
- Microlite Corporation (LAS VEGAS): BackupEDGE SS Supports Caldera Volution Manager.
- Objectivity, Inc. (MOUNTAIN VIEW, Calif.): Objectivity/DB Release 7.1 Delivers Enhanced Interoperability With Support for .Net, Java and SQL Environments.
- Sonic AuthorScript CE (NOVATO, Calif.): Sonic Introduces AuthorScript CE; Empowers Set-Top DVD Recorders with Industry's Leading DVD Creation Technology.
- SurfControl (LONDON, England): SurfControl Launches E-Mail Filter Application Programming Interface for ISPs.
Hardware with Linux support
- AMD (SUNNYVALE, Calif.): AMD Delivers Increased Performance and Lower Power with AMD Athlon MP Processor 2200+; 0.13-micron copper process manufacturing technology boosts AMD's multiprocessors to new heights.
- Addonics Technologies (SAN JOSE, Calif.): New Addonics Flash Reader/Writer and PC Card Hard Drive Puts Nine Media Storage Types in Your ''Pocket''.
- Dell (AUSTIN, Texas): Dell Launches Small Business Server For $599; Company Also Announces High-Performance Intel Xeon-Based System for Corporate Customers.
- HP (PALO ALTO, Calif.): HP Unveils Industry's First Multi-processor Blade Server Architecture for the Enterprise.
- Imperial Technology, Inc. (EL SEGUNDO, Calif.): Imperial Technology Announces MegaRam-200F For Entry to Mid-size Unix, NT, and Linux SANs; New Mid-Market File Cache Accelerator.
- RackSaver Inc. (SAN DIEGO): RackSaver Announces AMD Athlon MP 2200+ Processor Support on the BladeRack Series Clusters and Servers.
Java Products
- Codemesh, Inc. (CARLISLE Mass.): Codemesh Provides Robust Language Integration on Windows, Solaris, and Linux; Solutions for Language Integration.
- Cysive, Inc. (RESTON, Va.): Cysive(TM) Bundles JBoss Runtime With Cysive Cymbio(TM) 2.3 Interaction Server.
Books and Documentation
- O'Reilly (Sebastopol, CA): "XSL-FO" Released by O'Reilly.
Trade Shows and Conferences
- Penton Media (DARIEN, Conn.): Penton Media Unveils New Conference Program for Streaming Media East 2002.
Partnerships
- Jabber, Inc. and CustomWeather (DENVER & SAN FRANCISCO): Jabber Announces Partnership with CustomWeather -- Leading Provider of Syndicated Global Weather Data.
- MontaVista Software Inc. (SUNNYVALE, Calif.): MontaVista Selects Vanteon as Professional Services Partner.
- OEone Corporation (HULL, Quebec): OEone Corporation Joins Leading Linux Forces in the OpenOffice.org Groupware Project: New Applications Coming of Age - Linux heads Mainstream.
- TeamLinux and JAYD (CINCINNATI, OH): TeamLinux and JAYD LLC Form Strategic Partnership to Promote SmartCard Payment System.
- TransDimension and Accelent Systems (IRVINE, Calif. & AKRON, Ohio): TransDimension Partners With Accelent Systems to Offer USB On-The-Go Developer Kits for Intel XScale and StrongARM Application Processors.
- XIOtech Corporation (EDEN PRAIRIE, Minn.): XIOtech Demonstrates World's Largest Database Running Oracle9i RAC; SANbuilder for Oracle Products Now Available from XIOtech.
Investments and Acquisitions
Financial Results
- HP (PALO ALTO, Calif.): HP Reports Q3 2002 Results.
- Neoware Systems (King of Prussia, PA): Neoware Delivers Record Q4 and Fiscal 2002 Revenue and Earnings.
- VA Software (FREMONT, Calif.): VA Software Reports Fourth Quarter and Fiscal Year 2002 Results; Pro Forma Operating Results Represent Best Results as a Public Company.
- Webb Interactive Services, Inc. (DENVER, CO): Webb Interactive Services Announces Filing.
Miscellaneous
- Aberdeen Group (BOSTON): Aberdeen Group Sees IT Purchasing Recovery; Research Indicates Spending Decline Has Bottomed Out; CIOs Expected to Regain Power in Purchasing Process.
- CapeScience (CAMPBELL, Calif.): CapeScience Helps Web Services Programmers Find Music While They're Checking the Weather.
- D.H. Brown Associates, Inc., Port Chester (PORT CHESTER, N.Y.): D. H. Brown Associates, Inc. Study Concludes That Sun Linux with J2EE is Competitively Priced With Dell-Based Microsoft .NET Server Platforms.
- IBM (ARMONK, N.Y.): IBM Grew More Than Any Competitor in Intel-based Server Revenue, According to Gartner Quarterly Statistics Database.
Page editor: Rebecca Sobol
Linux in the news
Recommended Reading
The Linux developer lifestyle, exposed (ZDNet)
ZDNet examines the "typical" Linux hacker. "According to a new survey, open-source software developers are mostly men in their twenties, and they vastly favor the Debian operating system distribution. The "Free/Libre and Open Source Software (FLOSS)" report also found that although many might not make a living from their open-source activities, they spend a serious amount of time on them."
UK's DMCA: there ain't no sanity clause (Register)
The Register reports on a critique of the European Copyright Directive. "The UK's take on the "European DMCA" - the European Copyright Directive - will make criminals out of ordinary computer users, according to a new critique by the UK Campaign for Digital Rights. And it will also fail to protect researchers, says Julian Midgley who penned the report."
Study: Governments need open source (ZDNet)
This ZDNet article follows up on the FLOSS report, showing why governments need open source. "The FLOSS report argues that open-source software, by its nature, better fulfils certain governmental responsibilities than software to which source-code access is restricted. These responsibilities include the public's right to public information and to know how that information is processed; the permanence of public data; and the security of that data."
XVID GPL violation issues resolved
Apparently, there was a recent GPL license violation involving a company known as Sigma Designs' and the XVID video codec project. The issue centered around code that was modified, but was not released, as per the GPL licensing requirements. The XVID designers reacted by freezing development of the project. After a period of silence, Sigma Designs' eventually complied with the request to release the code. This is one example of how the GPL was successfully used to protect open-source code.Thanks to Mike Hopper.
Trade Shows and Conferences
More Business, Less Boothness (Linux Journal)
Doc Searls gives his views on the recent LinuxWorld Expo in a Linux Journal article. "We have an interesting irony here: while Linux gets bigger than ever, and its leading tradeshow gets more popular than ever, the show itself gets physically smaller. So where did all the old booths go? Well, a lot of companies went out of business with the dot-com crash. A few more left Linux altogether. A few more moved into the Big Boys' booths, which was the case with Ximian and Linuxcare."
Companies
AMD pushes ahead with new server chips (News.com)
News.com covers AMD's release of two new Athlon processors, which are aimed at the server market.A Rose by Any Other Name--Is It Still the Same? (Linux Journal)
The Linux Journal reports (from GeoFORUM) on the Caldera name change. "Now for the the simple financial facts. Say your company has no debt to speak of. You have a distribution channel of 14,000 SCO dealers. These dealers are on target to sell $60 million (US) for the year 2002. SCO products generate positive cash flow, while Linux products cost $2.00 of marketing for every $1.00 of sales. Maybe these facts are enough collectively to make you rethink your business plan."
See also this
followup article on where Caldera/SCO is going from here. "Well,
if you are Darl McBride, the new CEO of The SCO Group, you use
Harley-Davidson as a model.
"
Caldera name change puts Unix first (News.com)
Erik Ratcliffe pointed out that Caldera International is now called SCO Group. News.com covers the name change. "Analysts said the name change reflects simple market economics: Nearly 95 percent of the company's revenues come from its Unix products, not from Linux."
Russian Coding Firm Back for More (Wired)
Wired News looks at what Russian software firm ElcomSoft has been up to lately. "But despite the courthouse angst, ElcomSoft plans to continue to market exactly the sorts of products that led to their entanglement with the U.S. legal system."
Lindows faces a reality check (News.com)
News.com reports on a change of corporate strategy for Lindows.com. "A representative for Lindows.com confirmed that while some Windows applications will run on LindowsOS, this compatibility is no longer the company's top priority. "Our product does not target the user who wants to save a few dollars on the operating system, but then still run out and spend thousands of dollars on Microsoft Office, Photoshop, etc," she said. Instead, Lindows.com will focus on making Linux applications easy to download and install. However, where there is no Linux-based alternative to a Microsoft application, LindowsOS will support "some 'bridge' programs, file types and network devices to help people interact with the legacy Microsoft world," the representative said."
MandrakeSoft to warrant holders: Show us the money (News Forge)
News Forge reports on efforts by MandrakeSoft to raise capital. "MandrakeSoft CEO Jacques Le Marois says it is hard to raise money these days. "The biggest challenge we face is the current depressed state of the financial markets." In fact, since MandrakeSoft introduced the increase of capital initiative in May, the Nasdaq has dropped from around 1700 to 1395, a decrease of about 18%. "Even with MandrakeSoft's recent positive financial results and an attractive valuation, most people are difficult to convince. Just two years ago, we could have raised all the necessary funds in only four days with a similar operation.""
Fighting Linux the Microsoft way (iTnews)
The Australian publication iTnews covers various strategies used by Microsoft to convince its customers not to switch to Linux. "At Fusion 2002, Microsofts partners and resellers forum, principal technology specialist for Microsoft, Mark OShea, outlined strategies for fending off the Linux threat. OShea highlighted to the assembled resellers, recent research by IDC showing Windows to be cheaper to maintain and manage despite Linuxs perceived lower acquisition cost." Thanks to Con Zymaris.
Business
Landscaping the server OS field (ZDNet)
This ZDNet article looks at the Gartner group's predictions of change in the server OS market. "Linux will impede the progress of Windows in the midrange (up to at least 16 CPUs during the five-year period). By 2006, Linux will be a key foundation for a strategic, cross-development-platform development environment, accelerating Unix server consolidation, while creating a powerful alternative to Windows .NET."
Swedish government mulls Linux (Register)
The Register reports on the consideration of open-source software by Sweden. "Despite signing a recent deal with Microsoft, Sweden has become the latest country to investigate the benefits of free software. In a report entitled "The state wants to save money" in Swedish magazine Ny Teknik, the Statskontoret, (Swedish Agency for Public Management) is setting up a working group to investigate the value Linux could provide."
AUUG calls for adoption of open-source software by the Australian Government
The Australian Unix and Open Systems Group has sent out a press release calling for the adoption of open-source software by the Australian government sector. "AUUG is calling on the Government sector to review all areas of IT procurement and information standards to ensure that there is no bias against Open Standards based Open Source solutions. This would allow government IT managers to calculate the true ROI for each software acquisition and deployment - enabling the comparison of open and closed solutions on an equal footing. A comparison that AUUG believes Open Source will win. Ultimately delivering major savings to Australian tax payers."
Linux, StarOffice in frame for 45k Oz desktop deal? (Register)
The Register writes about a possible platform change at Australia's Telstra telecom company. "Australian telco Telstra is looking at Linux as a possible new standard platform for its 45,000 desktops, according to a report by ITnews Australia. Telstra at the moment is just considering Linux and Sun StarOffice as possible candidates for its corporate standard, but a deal of this size would be a major boost for open source on the desktop, particularly as, ITnews reports, Telstra is Microsoft's biggest Australian customer."
Interviews
Pouring over the Facts: Andreas Pour on KDE (Open for Business)
Open for Business interviews KDE hacker Andreas Pour. "Governments, of course, need also worry about national security, and it is hard to see how they can be fulfilling their obligations with reliance on a monopolist's proprietary computers and networks. Being totally dependant on one vendors' systems - systems which can be disabled remotely or possibly simply by the absence of remote commands - is a most serious national security threat."
Unplugged: Sun chief engineer Rob Gingell (ZDNet)
ZDNet interviews Sun chief engineer Rob Gingell. "Gingell talks about his desire to open source Solaris and intermarry it with Linux. He also discusses his focus on other parts of the software stack, especially Java, and why he believes Sun will succeed at a time when Solaris and SPARC are no longer the company's crown jewels."
Resources
Embedded Linux Newsletter for August 22, 2002
The August 22, 2002 edition of the Linux Devices Embedded Linux Newsletter is out with the latest Embedded Linux news.Linux, the GPL, and a new model for software innovation (LinuxDevices)
LinuxDevices.com is carrying a white paper with a detailed look at the GPL. "This license 'promises' cannibalization of intellectual property, but does not quite deliver on this promise, and so has attracted the affection of mammoth electronics companies (normally IP-protective) who see Linux as their key to the future. In turn, this most 'anti-IP' of licenses is arguably doing more to foster innovation than patents or copyrights ever have."
Reviews
Mozilla upgrade sees need for speed (ZDNet)
ZDNet reviews Mozilla 1.1. "The release of Mozilla 1.1 comes relatively quickly after Mozilla 1.0, which arrived in June after years in development. The browser is the result of an experiment by Netscape Communications, now part of AOL Time Warner, in which the company released its next-generation software to the open-source community in exchange for the volunteer efforts of developers around the world."
Miscellaneous
Briefing Book: Development Tools (TechWeb)
Tech Web has a story about the rise of open-source development tools. "The development tool market is going through an interesting transition. Just as browsers, Web servers, and operating systems have been reinvigorated by the introduction of open source alternatives, so has the development tool market. It makes sense; IDEs, editors, and other tools lie closest to a developer's heart; it's not surprising they are looking for -- and of course in some cases creating -- the tools they themselves would like to see."
Why Larry Lessig gets an 'F' in software (News.com)
Here's a News.com article about free software advocate Lawrence Lessig. "But Lessig is also going further. In his latest book, "The Future of Ideas: The Fate of the Commons in a Connected World," he draws a distinction between the intellectual property developed by, say, an Ernest Hemingway, and the intellectual property created by a code jockey."
Dot Compost and the Danger to Your Privacy (Linux Journal)
In this Linux Journal article Dave Sifry looks inside some computers he bought on eBay. "I pulled out my Linuxcare Bootable Business Card, a disk I helped develop that I often use when doing forensics of unknown systems. It's a utility that allows me to quickly and easily bypass the operating system and retrieve data, a task critical for performing data recovery of corrupted systems or for performing forensic analysis of systems that have been compromised by intruders. Within 45 seconds I was looking at the data on the computer's hard drive, and what I saw shocked me. It turns out that the first computer I bought used to be the main e-mail server for a highly visible startup."
Linux and the corporate desktop
Several of this morning's articles have focused on getting Linux onto the corporate desktop. ZDNet says Desktop Linux is for real and talks with industry analysts about corporate adoption of desktop Linux. ZDNet also takes a look at how Ximian Evolution fuels interest in desktop Linux.On the practical side, Linux Journal looks at Creating Web Pages with OpenOffice.org.
Page editor: Forrest Cook
Announcements
Resources
Digital DJing with TerminatorX tootorial (Quick Toots)
Quick Toots has a new tootorial on TerminatorX, a utility that turns your computer into a digital DJ mixer. "If you've ever wanted to DJ/CJ with your machine take a toot on this one. Here we explain step by step how to set up a session in terminatorX. You will learn how to play multiple audio files at once, how to use the various FX to manipulate the soundz and how to scratch it up phat like a true Grandmaster."
Upcoming Events
2nd Open Source CMS Conference
The second Open Source CMS conference will be held in Berkeley, California from September 25-27, 2002.RSA Conference 2003 CFP
A call for papers has been issued for the RSA Conference 2003 security conference, to be held on April 13-17 in San Francisco, CA.Events: August 29 - October 24, 2002
| August 29 - 31, 2002 | Linux Beer Hike | (Russell Community Centre)Doolin, Co. Clare |
| September 4 - 6, 2002 | Linux Kongress 2002 | (Physics Institutes, University of Cologne)Cologne, Germany |
| September 5 - 6, 2002 | SciPy '02 | (CalTech)Pasadena, CA |
| September 11 - 13, 2002 | Open source GIS - GRASS users conference 2002(GRASS) | (Centro Servizi Culturali S. Chiara)Trento, Italy |
| September 12 - 13, 2002 | Perl 6 Mini::Conference | (ETF, E1, ETH Zurich)Zurich, Switzerland |
| September 16 - 20, 2002 | 9th Annual Tcl/Tk Conference | Vancouver, BC, Canada |
| September 18 - 20, 2002 | Yet Another Perl Conference Europe 2002(YAPC::Europe 2002) | Munich, Germany |
| September 25 - 27, 2002 | The Second Open Source Content Management Conference(OSCOM) | (Lawrence Hall of Science, University of California)Berkeley, CA |
| September 27 - 29, 2002 | Lulu Tech Circus | (State Fairgrounds Complex)Raleigh, North Carolina, USA |
| October 11 - 13, 2002 | V Congreso Hispalinux | San Sebastian-Donostia, Spain |
| October 14 - 16, 2002 | The Singapore Linux Conference 2002 | (Le Meridien Singapore)Singapore |
| October 14 - 15, 2002 | The Open Group Conference | (Hotel Martinez Palace)Cannes, France |
| October 17 - 18, 2002 | Open Source for E-Government | Washington, DC |
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Miscellaneous
Finalists for the XML Application Awards 2002
The finalists have been announced for the first international XML Application Awards 2002.LPI-News August 2002
The August, 2002 edition of the LPI-News is out with the latest news from the Linux Professional Institute.
Page editor: Forrest Cook