Other stuff:
Contact us
Archives/search
Links
Calendar
Daily Updates

Recent features:
Alan Cox interview 1998 Timeline

Here is the permanent site for this page.

Leading items

But that would be a short-sighted view, in any case. The Windows refund effort has succeeded in creating a much broader understanding of the nature of the "Microsoft tax." News reports all over the planet presented a sympathetic picture of computer users who simply wish to not be forced to pay for software that they do not use. Awareness of the problem - and of the fact that many of us have found an alternative preferable to Windows - is now much higher. The Windows refund people have done very good work, and deserve the strongest of congratulations.

It's Time to Talk about Free Software Again says Bruce Perens in this editorial sent to LWN. "I fear that the Open Source Initiative is drifting away from the Free Sofware values with which we originally created it. It's ironic, but I've found myself again siding with Software in the Public Interest and the Free Software Foundation, much as I did in 1995."

How Linux handles security problems, part II. As might be expected, last week's somewhat ill-tempered editorial on security drew quite a few responses. We would like to follow up in a couple of areas. First, with regard to how the various distributions responded the the FTP vulnerability:

• Caldera still has not updated its security page (which is nicely available from their front page) since November. We are told that an ftpd fix was made available by Caldera's VAR network, but Caldera still does not appear to have a generally-available fix.

• Debian had a patched FTP daemon available very quickly after the problem was found. However, they held off on a general announcement for a couple of days while the fix got into the archives and the various mirror sites got caught up, and it did not appear on the debian.org web page during that time. Wichert Akkerman tells us that Debian is working on a mechanism to get security fixes out more quickly.

• Red Hat, as noted last week, produced and announced a patch very quickly, but, due to heavy traffic, access to their FTP site was essentially impossible. Their mirror sites, too, were blocked out, and thus did not carry the update for some time. Red Hat claims that things are working better now.

• Slackware users don't like to be left out, and many of them wrote in to tell us that a Slackware fix for the Pine vulnerability was in place before the alerts went out. There still does not appear to be a fix out for the FTP problem, though.

• SuSE also evidently had a patch available and noted on their German updates page. They also mention it on an English page which is accessible via a series of clicks from their English-language European page, but there appears to be no obvious path to it (or a similar page) from their North American page. SuSE tells us that they are hiring a full-time security person.

• TurboLinux does appear to have a patch in place, but you have to look deep into their FTP area to find it. Their errata page was updated on the 16th, but makes no mention of the problem.

So, while we are far from perfection, it would appear that the response of most of the Linux distributions to this security problem was reasonably prompt - certainly far better than is seen with proprietary software.

The problem, thus, lies not with producing patches that close security holes, but in getting those patches into the hands of users and system administrators everywhere. There are two separate aspects to this problem: communications and infrastructure.

Communications has to do with letting people know that patches are needed and available, and with telling them where to find these patches. We repeat our call from last week for each distribution to make security information available from its front page (in each language that they support). When people are looking for a patch (now!), it is too late to tell them they should be on some mailing list.

Putting out patches is of limited use, however, if said patches are inaccessible. As the popularity of Linux grows, servers used by distributions will become ever more susceptible overwhelming surges in traffic. We were taken to task by some readers who thought we were expecting Red Hat to have the bandwidth to handle such surges. We were not suggesting that; as users and their available bandwidth grows it will probably prove not to be possible, much less economical to put in such fat pipes.

Setting up that amount of bandwidth is also unnecessary. All that is really needed is a mirror system that actually works. The Linux kernel archive mirror system, set up by H. Peter Anvin, is a great example of how to do things right. Access to the main site is controlled so that the mirrors are always able to update themselves. DNS is set up properly so that one need not actually know the name of a mirror site. It all just simply works.

Companies like Red Hat already have the most important piece for a good mirror system: a large set of willing mirror sites. A bit of organizational work should be all that's needed to make the mirror system function well.

Free software pioneers. The EFF is seeking nominations for their 1999 Pioneer awards. It would be nice to have some good nominations from the free software world (but remember that Linus Torvalds and Richard Stallman won last year).

See also: last week's Security page.

Security

News

An update to our reports on security problems with proftpd and wu-ftp is available on our front page.

Security Reports

ISS issued an advisory on "Super", a utility which allows restricted super user privileges for some users. The advisory tested the problem on Debian GNU/Linux, though Super is also available for other Linux and Unix distributions. Debian uploaded a fix for the problem within a few hours. An official notice of the fix is being held until binary packages for all architectures are available and the mirrors have been updated.

Alfonso De Gregorio reported two bugs in traceroute which allow it to be used as a UDP or TCP flooder. The problems have been confirmed and, so far, updates for FreeBSD have been released.

Juan Diego Bolanos filed a report on /tmp problems with all versions of lynx. Follow ups on Bugtraq indicate that this is not a new problem; /tmp problem reports for lynx date back to March of 1998. No one seems to be stepping up to the plate to address the problems, however. In the mean time, Glynn Clements and Piotr Klaban stepped up to suggest some workarounds.

Kenn Humborg reported what turns out to be a problem with the rpms for ssh from ftp.replay.com. His followup describes the source of the problem and indicates that he'll contact the creators of the rpms and ask him to rebuild them.

A security patch for Network Flight Recorder is now available. They recommend installing the patch immediately. It appears to fix a variety of buffer overruns and some difficulties handling large alert queues when the central NFR system cannot be reached. This advisory from NAI details the vulnerability for which the patch was released.

A reported buffer overflow in mc, detailed here, does not appear to be exploitable in any way, at least according to this report from Julien Nadeau. It has been reported to the mc authors.

A buffer overflow in snplog was reported by Rupert Weber-Henschel. Check his posting for more details.

HERT reports a buffer overflow in lsof. lsof is a tool used on many systems to list open files. The HERT advisory indicates that the buffer overflow is vulnerable when lsof is installed setuid root or setgid. Vulnerable Linux distributions reported include SuSE, Debian and Red Hat. The workaround is easy, just change the permissions on lsof to 0755.

Updates

The Pine Development Team officially responded to last week's pine exploit report. In it, they explain that the problem lies not in pine but in metamail and specifically in the default mailcap file distributed the metamail MIME-support package. Thomas Roessler followed up with a description of how mutt handles the situation.

John D. Hardin updated his MIME-sanitization procmail filter to address the metamail vulnerability that affected pine. Here is his note with pointers to the new version.

Debian released an updated version of their advisory on wu-ftpd.

Resources

Version 1.0 of the Linux IP Firewall Log Analyzer (ipfwlog.pl) is available. More information and the script itself are available on the web.

Rob Slade has made available his review of "Fighting Computer Crime" by Donn B. Parker, 1998. He dislikes the beginning and end of the book but indicates that there is a great deal of useful information for the security practitioner.

The February 15th edition of CRYPTO-GRAM, Bruce Schneier's monthly newsletter, is now available. [From ISN]

See also: last week's Kernel page.

Kernel development

The dominant conversation this week started with the question of why is fsync() on large files so slow? This problem manifests itself on systems with a very busy syslog daemon; syslog calls fsync after every entry that it logs to a file in the hopes that everything will get out to disk should a system crash happen. Busy loggers can have many entries every second, so fsync calls happen frequently.

The problem is that fsync requires an examination of all of the blocks in a file to be sure that none of them have been modified. If the file is large (and busy syslog daemons can create very large files) there is a lot of work to be done. In the worst case, the system bogs down and things start to hang for periods of time. Not fun.

Ted Ts'o came up with a quick patch which keeps track of which blocks in a file have been modified since the last sync; it works as long as not too many changes have been made. Further discussions with Linus lead to a preliminary design for a more extensive list of "dirty blocks" as a more ambitious solution to the problem. Whether anything that comes out of it will show up in a kernel before 2.3 is unclear.

Thereafter followed a strange discussion resulting from a suggestion by Stephen Tweedie that his journaling extensions to ext2 would also address part of the problem. Linus jumped on that with a pronouncement that journaling would never be accepted into the ext2 filesystem; it's too big a change. Big filesystem changes do tend to make people nervous. When it was pointed out to him that the plan has always been to create an "ext3" filesystem, Linus went further and suggested that ext3 be an entirely new filesystem - not based on ext2. Linus seems in particular to want to get rid of the "." and ".." entries that Unix directories have contained forever; it is not entirely clear why.

In any case, implementing an entirely new filesystem and dropping "." and ".." are not particularly popular ideas at the moment. Expect to see journaling (which is really just a way to make changes atomicly to the filesystem so that 'fsck' is not necessary, even after a crash) show up in an "ext3" filesystem somewhere in the 2.3 series.

A surge of development activity with the modutils package erupted after Björn Ekwall agreed to help maintain the package. He immediately reverted back to an older version of modutils which was written in C++ in a claimed response to some licensing problems. This change was not especially popular; in particular, there is concern about fitting modutils onto boot floppies - where every byte is precious - when the bulky C++ libraries must be included as well.

Development is pressing forward regardless, with an immediate goal of integrating the "modprobe" and "insmod" utilities. The latest snapshot was announced on Tuesday.

Kernel time in nanoseconds. Ulrich Windl put out a request for discussion on his plan to convert internal kernel timekeeping to use nanosecond intervals. This change would help to implement a number of POSIX real time functions, and also helps with the NTPv4 clock synchronization protocol. He's looking for testers for "this very experimental stuff."

New development mailing lists: a list for people interested in working on a logical volume manager for Linux has been announced. There is also a new list dedicated to Linux performance monitoring.

Own a copy of history: Riley Williams is now offering a two-CD set with almost the entire history of released Linux kernels. See his web site for details.

Thanks to Randy Appleton for his assistance with this week's kernel section.

For other kernel news, see:

• LinuxHQ
• Kernel traffic

See also: last week's Distributions page.

Distributions

Debian

Debian GNU/Linux 2.0r5 has been released. This is an update to the current stable Debian 2.0, containing security and bug fixes. For details on the changes, see the changelog. Check out the announcement for pointers to more information.

Wichert Akkerman contacted us in response to mention of Debian's security practices on the front page of the February 11th, version of LWN. He corrected some minor errors in the coverage, which should be reflected on this week's LWN, but also indicated that they are looking for ways to improve their security efforts, primarily by improving people's access to information about problems and fixes, since security reports already receive a rapid response from Debian maintainers.

The Debian Weekly News for February 15th is available. Joey Hess commented that the issue is a bit slim, due to Windows Refund day and other projects. They are looking for more contributors to divide up the work.

CUTE 2000, an "all-in-one" Linux server providing DNS, SAMBA, WWW, FTP, etc, was announced at the NET & COM '99 show. It is Debian-based and you can read more about it in this article.

Definite Linux

As an extremely nice additional feature, about 150MB of additional security-related and other software, such as ssh, Apache-SSL, etc, are available on the Definite Linux CD, though not installed by default. They have, for example, already acquired an export license for Roxen Challenger with full encryption from the Swedish Government. If you are in the U.K. and already using Red Hat, you will want to take a good look at this distribution as an alternative.

easylinux-kr

Red Hat

Slackware

A large number of updates to Slackware have been released since February 4th. Information on these updates can most easily be found in the ChangeLog file for slackware on ftp.cdrom.com. Some of the more critical updates include sendmail 8.9.3 (along with procmail and smail recompiles), various changes to help support the 2.2.X kernel, new versions of imapd and pine, in response to security alerts, and, biggest of all, KDE 1.1 is now part of the current slackware.

SuSE

People are very happy with 6.0! In comparison with charting reponses to 5.3 international, which had to be withdrawn due to rare, but severe, problems, SuSE seems to have reclaimed its reputation of providing extremely stable, easy-to-use releases.

SuSE 6.0 is glibc based! This is probably the largest change with the move to 6.0. Now those of you who have been waiting to try out Oracle or other glibc-based applications on SuSE have lost your last excuse ...

Reports of upgrades to 6.0 indicate that they are going reasonably smoothly, though it should be noted that the parameters for pppd have changed and some links to the rc2.d and rc3.d directory may need to be recreated. Some people have received their SuSE subscriptions while many others are still waiting.

Lenz Grimmer posted a tip on how to get GNOME up and running with SuSE 6.0.

SuSE's support for security is likely to improve in the future. We've heard that they are adding on another person for whom security will be the sole focus.

Trinux

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

See also: last week's Development page.

Development tools

Java

Note that the location for up-to-date news on the JDK port has moved to the News and Contact Information page. This may have been in response to a request that the information be dated. The last note is from February 13th and just states that information on the port will be provided when the porters have sufficient time.

In addition, in a move which he states he hopes he doesn't regret, Steve Byrne's has mentioned that he plans to create a JDK 1.2 porting status page with information on what portions of the JCK they have passed so far and on what platforms. Of course, that will take time and therefore has not yet happened.

This week's JDC Tech Tips is available.

Perl

Several new Perl books have been published, including:

• Learning Perl/Tk, by Nancy Walsh (O'Reilly)
• Perl Annotated Archives, by Martin C. Brown (Osborne/McGraw-Hill)
• Perl Power!, by Michael Schilli (Addison-Wesley)

CPAN Testers has moved to the Perl Institute web page. The new site has a database and search capabilities. [ed. some problems with this URL were seen on Wednesday, Februrary 17th]

Tom Christiansen has released pmtools 1.00, a collection of small tools to aid in managing modules, including finding modules, updating them, etc. Download pmtools from here.

Joseph N. Hall will be teaching a four day Introduction to Perl class March 2nd through the 5th in Moorestown, NJ.

Python

CNRI has summer positions for students. CNRI, the home of Python, is looking for graduate and under-graduate students to work on globally distributed name service, e-commerce, computer animation and remote instrument control, digital library architecture and mobile agent technology. Sounds like some fabulous and fun opportunities. For more information, check out their description of the work.

Tcl/tk

Will Duquette has released an updated version of Will's Guide to Creating Object Commands. This version fixes some errors in the original and extends it.

New Tcl-based offerings for the week include:

• TclPro 1.2beta2
• autodoc 2.1, convert embedded documentation into HTML pages
• xSITE 0.20 Beta, HTML editor

Development projects

Ganymede

Glibc

GNOME

GNOME "Still Conspicuously Skillful Cow" 0.99.8 is now available. GTop 0.99.8 has also been released.

The GNOME FTP site has updated its non-GNOME packages. These are packages needed to help you compile and enjoy GNOME. This note from Martin Baulig describes the new tarballs, source and binary rpms that are available.

Midnight Commander 4.5.14 is out. The new version should no longer hang when used to run other programs.

Reference documentation for gnome-libs has been made available on the web. Here is the announcement.

A mailing list for gnome-db is now available.. Michael Lausch provided instructions for subscribing.

CodeWEB, "An Exploratory Approach to Software Reuse", has created a case study using Gtk/GNOME for people interested in what the project can do (a Qt/KDE case study is also available, check the KDE section for the URL).

Version 0.12 of Gnumeric is out. The new version contains improvements to the importing of Excel files and many bug fixes.

KDE

kpv (KPackViewer) now has its own mailing list. Kpv is a utility to help systems administrators with package administration. Here is the note that mentions the new mailing list.

CodeWEB, "An Exploratory Approach to Software Reuse", has created a case study using Qt/KDE for people interested in what the project can do (a Gtk/GNOME case study is also available, check the GNOME section for the URL).

Icecast

Linux-HA

Mozilla/Netscape

Developer.com has a nice article available on Gecko and the NGLayout Engine. It claims that the NGLayout engine is the primary reason that AOL acquired Netscape and goes into how they may use it. By being modular, the NGLayout engine can be used in other networked devices like handheld PC companions such as the Palm Pilot or set top boxes such as WebTV. Expect to see AOL use the NGLayout engine to produce information appliances as part of its AOL Anywhere campaign to make Web and AOL access both wireless and ubiquitous.

As always, check out the latest Mozilla/Netscape news at http://www.mozillazine.org.

Wine

See also: last week's Commerce page.

Linux and business

Real-time Linux CD's are now available from Zentropix. Their product is essentially a version of Red Hat 5.2 with a real-time kernel added. $35 gets you the set. They have also put out a real-time Linux roadmapshowing what products they intend to come out with in the near future.

Silicon Graphics is releasing their GLX (OpenGL/X window system integration) source under an open source license. See their press release for details. The immediate target, of course, is allowing high-performance graphics under Linux on their hardware, but this release will be of general benefit to anybody doing serious graphics. Very good news. (Thanks to Jeremy Allison).

Advice from the Gartner Group for companies contemplating Linux. This report suggests a very cautious approach at this time, and questions the sincerity of vendors in the Linux market. "...while PC server vendors are seriously considering a Linux strategy, fears of cannibalizing their own Unix strategies and concerns about the chaotic nature of the market will limit their sincerity to opportunistic sales." (Found in Slashdot).

Linux-installed UltraSparc systems have been available from EIS Computers for a while. They have just announced a new line of systems based on 350- and 400-MHz processors. These look like nice, fast systems, and you can get them with Linux. No need to organize a "Solaris refund day" here...

Pacific HiTech has rolled out a server version of their TurboLinux product - at least in Japan, according to this AsiaBizTech article. "TurboLinux Server version 1.0 is the first corporate server product provided by the company. The company is preparing for the sales by creating corporate alliances with system integrators and arranging support services. To date, system integrators selected for providing support services are Fujisoft ABC Inc. and a company in the Otsuka Shokai group."

On-site support from Linux Hardware Solutions has been announced, see their press release for details.

Sun Microsystems has released a Samba benchmark result on their hardware; from the Samba web page: "We have measured Netbench performance of Samba on Solaris 2.6 on an E450 at 231.954 Mbits/Sec. While not officially supported by Sun, Samba has been found by many of Sun's customers to be a high quality, acceptable solution." (Thanks to Jeremy Allison).

LinuxWorld is a commercial success. IDG has put out a press release crowing about the success of the upcoming LinuxWorld conference (9,000 attendees, over 100 exhibitors). "Based on the response from the Linux community, space has already been secured for the twice-per-year LinuxWorld/US conference for the next four years. Internationally, LinuxWorld Singapore will be held this March 5-7 at the Singapore International Convention and Exhibition Centre, and plans are currently underway to launch conferences and expos in Europe and Japan."

Press Releases:

• emWare Inc., Jini support, with Linux support "soon."
• Phobos Corporation, price drop on quad ethernet card (with Linux support).
• Corel, pricing for WordPerfect 2000.
• REALM Information Technologies, OEM deal and LinuxWorld presence.
• Cygnus Solutions, Source Navigator 4.2
• LinuxIT, distribution deal with Cygnus for Source Navigator
• Powerware, download statistics for the Linux version of its LanSafe software in Europe.
• InfoWorld, product of the year awards.
• O'Reilly, "Apache: the Definitive Guide" updated to version 1.3.
• Dialtone Internet, $99/month dedicated servers running Linux.
• C't Magazine, interview with Bill Gates naming Linux as a competitor.
• Synergy Microsystems, Linux support for their VME and CompactPCI processor boards.

See also: last week's Linux in the news page.

Linux in the news

• First Monday reports on hacking. "Hacking is discussed in the context of being a method for system development. Finally, it is argued that this system development method under certain circumstances may yield superior software artifacts." (Thanks to Dunstan Vavasour).

• What is a business to do with all the confusion coming out of Microsoft? That's the topic of this PC Week editorial. "We think the real message to IT managers is that they need an independent technology strategy. If Microsoft's meanderings sow confusion, then managers should not lean too heavily on Microsoft as a partner. Instead, they should scan the horizon for products based on such standards as CORBA, Java and Linux."

• Red Hat Linux wins InfoWorld's Product of the Year Award for operating systems. "Red Hat Software has definitely been an instrumental force in ushering Linux into the enterprise. In past years, Red Hat Linux won for its ease, stability, and utility as a multipurpose, low-end to midrange server platform. We selected the product again this year for continuing to build on those themes in its latest release." (Thanks to Troels Arvin).

• Fortune Magazine has put out a hilariously cynical summary of Microsoft's defense thus far in the antitrust trial. "But no moment has been quite so Alice in Wonderland as the one we're about to see... The video begins. 'Hello,' chirps an effervescent young Microsoft employee. 'This is a demonstration of the Caldera OpenLinux operating system.' ... The young Microsoftie continues: 'The demonstration will show that Caldera's operating system provides effective functionality for end users.'" (Thanks to Marty Leisner)

• The LinuxPower folks have put up an interview with Wichert Akkerman, the leader of the Debian project. Worth a read.

• The folks behind the Linux in Brazil site have put together an extensive review of all word processors that run on Linux. And they mean all, proprietary and free alike. The site is in Portuguese, of course, but translations of a sort are available via Babelfish. (Thanks to Augusto Campos).

There were just a couple of introductory articles out there:

• PC World discovers Linux with this basic introductory article. It seems almost like something from a year ago. "It won't be replacing Windows anytime soon, but a geeky, once-obscure variant of UNIX is winning the hearts and minds of a growing number of PC users."

• The L.A. Times ran this introductory article. "'Intends' seems to be an operative word when it comes to programs that turn Linux into a user- friendly operating environment. Although Linux is well-tuned as a server operating system for professionals, it is more of a work in progress as a desktop platform for the masses."

There were lots of business-oriented articles, as usual. IBM, VA Research, and LinuxCare all got special mentions, but there was a lot of other stuff as well.

• Perhaps the most detailed coverage thus far of IBM's plans can be found in this News.com article. "IBM is in the midst of a company-wide adoption of Linux, lifting the Unix-like technology to the status of more traditional operating systems."

• InfoWorld reports on IBM's upcoming Linux announcements. "Some observers question whether bundling an open-source operating system might threaten proprietary software businesses surrounding AIX, including the operating system and the thousands of AIX-compatible applications. IBM officials reportedly believe the opportunity available to them in the Linux market can cover any losses they would suffer elsewhere."

• This PC Week column tries to make the point that Linux is not IBM's most interesting offering - AS/400 is. "With its gestures of support for Linux, IBM opens people's minds, but IBM is ready to drive through that opening with a system that is more fully proven and supported."

• The first report on IBM's plans seems to have been this PC Week article. "IBM also will lead a new trend by announcing support for more than just one commercial Linux vendor. IBM plans to announce licensing deals with several top Linux distributors, including Red Hat Software Inc., Pacific HiTech Inc., Caldera Systems Inc. and S.u.S.E." (Found in Slashdot).

• This TechWeb article is yet another in the series about LinuxCare's opening, but they also claim that Cygnus will be announcing a Linux support program at LinuxWorld. "With corporations suddenly being faced with having to pay for support for something they didn't even know they had, it raises the questions as to whether there could be an anti-Linux backlash by corporate managers who seek to regain control by ripping out all the Linux and installing NT."

• Folks wanting more coverage of LinuxCare's startup can find it at Inter@ctive Week or MSNBC (but it's the same article in both places).

• The Age writes about VA Research (with a digression into the writings of Eric Raymond). "Augustin said the move to open source is so inexorable, it is likely that soon we won't even consider its existence; instead we will question when we can't get the code. He said Sun Microsystems has told all its divisions they have until the end of the year to provide road maps to move development to open source, or give good reasons why they should be exempt."

• VA Research was also the focus of this article in Internet Week... "At a time when blue-chip names like Compaq, Dell Computer, IBM, Lotus, Oracle and Informix Corp. are tossing their hats into the Linux arena, why should anyone pay attention to an unknown company? Because it knows more about Linux than the large companies, according to VA Research founder Larry Augustin..."

• This article in ComputerWorld is about how most IT managers still don't know what Linux is, or oppose it if they do. (ComputerWorld also doesn't know, given their frequent use of the term "shareware"). "A typical Linux-averse example is Wells Fargo & Co., a commercial bank based in San Francisco... The bank knows how to deal with blue-chip operating systems such as Windows NT and NetWare, he said. But shareware -- with little or no support -- could pose a risk, he said. The company has sought to root out unauthorized shareware installations, including at least one Linux implementation."

• Computer Currents is carrying a Newsbytes article about the North American release of SuSE 6.0. "'We've almost sold more in the past week than we sold of (version) 5.3 in its whole distribution,' [SuSE manager] Kohlmeyer said. 'The preorders have been really strong here and the pattern is international. The German version has sold 100,000 in the past 6 weeks, compared to about 60,000 for the whole run of 5.3.'"

• InfoWorld has handed out more "1999 Product of the Year" awards. The Industry Achievement Award goes to "Tim O'Reilly and the collaborative software community." Oracle, Sybase, and Informix won the Enterprise Development award. "I bestow this joint award in recognition of the companies' database implementations on the Linux platform this past year. The introduction of these database management solutions on Linux promotes continued growth and collaboration among open-source, commercial, and corporate developers." And the Firefighter of the year award went to a guy named Scott Anderson, who made a crucial travel agency application work properly by moving parts of it to a Linux system.

• InfoWorld columnist Bob Lewis rates several technologies for their potential for success. Linux as a server is "a winner"; on the desktop, instead, it's "iffy." (Thanks to David Morgan).

• Here's an interesting story in The Age about Samba. "[Samba developer Andrew Tridgell] said customers were starting to demand Microsoft be compatible with Samba, edging out the larger software vendor as the locus for the network."

• Also in The Age: a two-part piece about the "Slashdot effect." The first part is about Slashdot proper, while the second half focuses on LinuxToday and, well, LWN.

• The Swedish paper Datateknik has put out a lengthy "white paper" on Linux that is said to be an interesting read. It's available in PDF format (in Swedish, of course) from this directory. (Thanks to Mattias Sandström).

• For Dutch-capable readers: De underground-software mist een promotiedienst in InterMediair is a positive introductory piece. (Thanks to Mark Tetrode).

• Also for Dutch folks: this article in De Volkskrant, which is about Linux and how it may be a threat to that large, proprietary software firm. (Thanks to Jan Christiaan van Winkel, Jaap van Bekhoven, and Pieter van den Hombergh).

• If you want to read just one article on this topic, you can do worse than this San Francisco Chronicle story. It also includes some pictures and a quicktime movie. "Yesterday's demonstrations could be dismissed as the act of a small but vocal band of Linux fanatics. Yet computer industry analyst Rob Enderlee of Giga Information Group in Santa Clara said the protests may be only the first assault by Linux proponents on Microsoft's seemingly impenetrable fortress."

• There are two separate articles in Wired News ( firstand second).

• Also two in PC Week, the first geing a general piece, and the second about activities in Manhattan.

• There is an article in the Deseret News.

• CBS Marketwatch has a windows refund day article which looks a bit more closely at efforts to market Linux. "'Hackers are finally discovering the power of publicity,' said [Don] Marti. 'It should have been obvious. Instead of using code to improve a machine's behavior, you are using words and actions to improve a person's behavior.'"

• ComputerWorld also has a windows refund day story which includes some brief coverage from New York City and Germany.

• Stéfane Fermigier has sent out a summary (in French) on windows refund day events in France. (English text available (sort of) via Babelfish).

• The Age had a windows refund day article of its own.

• There's an article in the New York Daily News with a microscopic picture. (This is the AP article which ran in a lot of US papers).

• MSNBCran a longer AP article (with a bigger picture).

• Finally, there was an article in The BBC.

See also: last week's Announcements page.

Announcements

Resources

Using TrueType Fonts in XFree86 is a mini-HOWTO by Ying Zhang for anyone that wants to get the Truetype font server up and running.

Jean Tourrilhes has updated his Linux Wireless LAN HOWTO.

Rob Slade sent in his review of "Upgrading and Repairing PCs", by Scott Mueller and Craig Zacker. To say that he liked the book would be a gross understatement. ...the book is without peer.

Meta-Slashdot effect. Steve Adler has put out another Slashdot effect paper, this one chronicling the effect of the appearance of his first paper in Slashdot...

Sang-Hyun Shim has provided a Korean translation of RMS's article "Why you should't use the Library GPL for your next library".

Events

THE LINUX HAPPENING - TEL-AVIV '99 will be the first big Linux event in Israel. Scheduled Feb 25, 1999 as part of InternetWorld@Israel, the Linux Happening is sponsored by the Israeli Linux User Group.

Emacspeak at LinuxWorld. T. V. Raman, "Mr. Emacspeak," will be presenting his package for blind users during the conference. See their announcement if you're interested.

The folks organizing ApacheCon 1999 are looking for suggestions on how this year's event should go. Fill out their survey and help make a better conference.

Web sites

User Group News

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

A new Linux-specific search engine has popped up at 1stLinuxSearch.com.

Letters to the editor

Date: 11 Feb 99 00:20:22 PST
From: Ken Engel <kenengel@netscape.net>
To: editor@lwn.net
Subject: Untapped markets

In response to your observation of the paucity of cheap Linux desktop
offerings:

I want the world to know that I, for one, would grab a sub$1000 Linux PC
faster than NT boots up, if an OEM steps up to the plate.

And even sooner, I would get a reasonably priced Linux PowerPC or ARM or
Alpha desktop.  

C'mon, guys!!

Ken Engel

Date: Thu, 11 Feb 1999 13:24:35 -0500
From: Eric Lee Green <eric@linux-hw.com>
To: editor@lwn.net
Subject: Why Linux VARS don't do much low end stuff

Basically, economies of scale. Compaq buys motherboards in quantity
1,000 for about 2/3rds the price of what a Linux VAR would pay. Compaq
buys processors in quantity 1,000 for about 80% of the price that a
Linux VAR would pay. The savings they get at the low end from
economies of scale go across the board -- basically, for components of
equal quality to Compaq's or Dell's, today's Linux VARs will pay
anywhere from 10% to 33% more for the component.

On the other hand, in the server market Compaq doesn't have the
advantage of scale. Thus we can sell for $20,000 a machine that Compaq
sells for $35,000 because our labor costs are lower, our manufacturing
costs are lower (believe me, getting Linux to run on a high-end server
is a LOT easier than getting Windows NT to run on a high-end server!),
and standardized "white box" components mean that we don't pay the
huge R&D costs that are a pittance on a run of 100,000 desktop
machines, but which add up to a hunk of change for low-volume server
machines.

Thus expect Linux VARs to continue scrambling for the middle and
middle-upper end of the server market. Without huge infusions of
venture capital to buy their way onto the shelves at Best Buy (and
thus be able to churn out tens of thousands of machines and take
advantage of economies of scale), they just can't compete at the low
end. Not at a 10% to 33% price disadvantage on components alone.

[Disclaimer: I *DEFINITELY* do not speak for Linux Hardware Solutions.] 
--
Eric Lee Green         eric@linux-hw.com     http://www.linux-hw.com/~eric
 "Linux represents a best-of-breed UNIX, that is trusted in mission
  critical applications..."   --  internal Microsoft memo

Date: Fri, 12 Feb 1999 23:32:37 -0600
From: Jeff Licquia <jeff@luci.org>
To: editor@lwn.net
Subject: Module Interface Compatibility

As a sysadmin with little kernel hacking experience, I thought I should
weigh in on this debate.  I think Linus is right.

It seems that one of the enduring fallacies of the proprietary world is
some sort of "ownership" feeling about the operating system.  Perhaps it
is bred from the monopoly position Microsoft currently owns.  Wherever
it comes from, it seems that ISVs who do anything interesting to feel
that they have to patch the operating system to do it.

The results are such curses as the various DiskMangler programs (Disk
Manager, EZDrive, etc.), which sought to solve a problem in MS-DOS's
ability to access large drives by patching the OS in very scary ways.  I
don't need to get into the problems that caused; I'm sure anyone with
lots of experience with them is shuddering right now.

If they were willing to do this without source access to the OS, imagine
what they'll do with source.

I'd much rather encourage people to avoid patching the kernel (for
that's what a module does) for their own proprietary gains.  Or, better
yet, release source for their patches.  Or roll the proprietary stuff
into a userland daemon of some kind, interfacing to the kernel with an
open-source module that hooks into the userland daemon.  Or something.

By not guaranteeing the module interface, Linus effectively discourages
this.  By forcing those few vendors of proprietary modules to recompile
for a new kernel interface once in a while, Linus is also forcing
vendors to actually look at their code every so often and make sure it's
still needed and still makes sense with the general turn of Linux.

From: "chyung g choi" <cgchoi@hotmail.com>
To: editor@lwn.net
Subject: [News] Using linux without installation??
Date: Fri, 05 Feb 1999 19:04:28 PST


 Hi there.
 This is Chyung Choi from South Korea.
 Recently I developed new distribution form of linux.
 I put the name "EASYLinux-kr". I found German company
 put the name easylinux and I put -kr in the end of name.
 One can use linux as CD-ROM as well as installed form 
 on hard disk. Therefore beginner can use it quickly.
 One can use it as demo and rescue and education material.
 I am more than happy to answer any questions
 My homepage is "http://www.netian.com/~cgchoi"

 Thank you for reading.

 Chyung Choi


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Date: Thu, 11 Feb 1999 21:41:25 +0100
From: Andi Kleen <ak@muc.de>
To: cph@martigny.ai.mit.edu
Subject: Re: Structure vs purism


You wrote:

> I've written a fair amount of code in Pascal, and I can
> say from experience that I missed the goto statement when programming
> in that language; at least C _has_ a goto statement, and I use it when
> I think it is appropriate.

It is hard to believe that you did that without noticing that Pascal has 
a (although inconvenient) goto statement - at least all versions of Pascal
I used had and I'm pretty sure that Wirth's original definition had it too.

-Andi

-- 
This is like TV. I don't like TV.

From: David Kastrup <dak@neuroinformatik.ruhr-uni-bochum.de>
Date: Thu, 11 Feb 1999 13:10:41 +0100 (MET)
To: editor@lwn.net
Subject: Goto followup


For your information: Pascal *does* have "goto" and did from the
start.  Better check up the documentations you have been using.

Yes, you have to declare any "goto" labels you want to be using in
advance.  But what of that if it's really needed?

Most commonly the necessity for "goto" arises for structured leaving
of scopes.  C at least offers "break" and "continue" for the innermost
scope, but beyond that it's "goto" or the obfuscated use of flags and
stuff.

Perl has very nice multi-level "break" and "continue" constructs, so
hardly ever needs a "goto" when doing properly structured programming.

"Goto" has got its worst reputation from Fortran's arithmetic if, a
three-way goto.  And of course, from other "if"s that only offered
gotos as targets.  In many cases, programmers would not interrupt the
flow of the not-taken branch by jumping to the end of the taken
branch, so the code for a true "if" tended to accumulate somewhere at
the end of the program, giving the dreaded spaghetti code.  If anybody
should be allowed to produce spaghetti for efficiency, it is to be the
compiler, not the programmer.

For this reason, structured "if"s and other control structures have
helped to get rid of "goto" where it was causing problems without end.
It is still a good idea to avoid uncalled-for "goto"s whenever possible.
It takes a skilled programmer to know precisely when a "goto" is indeed
in need.  For that reason, it is a good idea to tell newbies to not
use it.  Only after you know all the ways of avoiding it and their
consequences are you in a qualified situation for judging when it is
better to use it than not.

David Kastrup                                     Phone: +49-234-700-5570
Email: dak@neuroinformatik.ruhr-uni-bochum.de       Fax: +49-234-709-4209
Institut für Neuroinformatik, Universitätsstr. 150, 44780 Bochum, Germany

Date: Thu, 11 Feb 1999 14:23:40 +0300 (EET)
From: George Bronnikov <goga@bronnikov.mccme.ru>
To: cph@martigny.ai.mit.edu
Subject: Re: Structure vs purism

I want to reply to your letter published in the latest issue of LWN.
While I tend to agree that gotos are sometimes tolerable, the posting
has a number of technical errors:

1. Pascal does have a goto statement. Read the standard
(unfortunately, I don't have a copy at hand to give an exact
reference).

2. Scheme has other iterating constructs besides tail recursion: read
the standard (the do construct, section 4.2.4 of R5RS).

It is true, however, that the constructs mentioned are not used
widely; in fact, they are considered bad style in both languages.

3. The 'expressive power' of a language is not that easy to define. It
is a proven fact that you can reformulate any program that uses gotos
by using only 'normal' iterating constructs like ifs and loops. In
fact, if the initial program was written in a style that Dijkstra et
al. fought with in the late 60-ies, the result of de-goto-ifying will
usually even look and read better.

3. Tail recursion is not simply 'goto with arguments': it is a highly
restricted version of goto, which only allows gotos to the beginning
of the function.  Thus it also reduces 'expressive power'; it just
happens to do that in a way that does not cut out interesting cases.

By the way, Scheme happens to be my favourite language as well.

	George Bronnikov

Date: Thu, 11 Feb 1999 10:44:24 -0500 (EST)
From: cph@martigny.ai.mit.edu (Chris Hanson)
To: goga@bronnikov.mccme.ru
Subject: Structure vs purism

   Date: Thu, 11 Feb 1999 14:23:40 +0300 (EET)
   From: George Bronnikov <goga@bronnikov.mccme.ru>

   I want to reply to your letter published in the latest issue of
   LWN.  While I tend to agree that gotos are sometimes tolerable,
   the posting has a number of technical errors:

   1. Pascal does have a goto statement. Read the standard
   (unfortunately, I don't have a copy at hand to give an exact
   reference).

I guess the version I used back in the 80s (HP Pascal for the HP 9836)
was broken; it didn't have goto.

   2. Scheme has other iterating constructs besides tail recursion:
   read the standard (the do construct, section 4.2.4 of R5RS).

Those other iterating constructs are all defined as patterns of
iterative procedure calls, and in practice are implemented as macros
that expand into those patterns.  So I stand by this statement.  (And
you don't need to quote references to Scheme's standard -- I'm one of
the authors.)

   3. The 'expressive power' of a language is not that easy to define.
   It is a proven fact that you can reformulate any program that uses
   gotos by using only 'normal' iterating constructs like ifs and
   loops. In fact, if the initial program was written in a style that
   Dijkstra et al. fought with in the late 60-ies, the result of
   de-goto-ifying will usually even look and read better.

Nevertheless, I still claim that not using goto eliminates some of the
expressive power, at least in the case of C.  The problem I usually
run into is that "break" only exits the innermost construct, and
there's no way to specify that you want to get out of multiple
constructs.  So it's necessary to either kludge around this using
flags, or to use goto and say what you mean.  Theoretically, I can
imagine a language that doesn't have this problem, but C isn't it.

There are other situations in which goto is useful, but that's the
primary one.

When I say "expressive power", this is the kind of thing I mean: if
you can say something that _directly_ conveys your intent, the
language is more expressive than one in which you must do so
indirectly.  Perhaps I am misusing the term.

   3. Tail recursion is not simply 'goto with arguments': it is a
   highly restricted version of goto, which only allows gotos to the
   beginning of the function.  Thus it also reduces 'expressive
   power'; it just happens to do that in a way that does not cut out
   interesting cases.

Yes, you're right about that.  My mistake.