Other stuff:
Contact us
Archives/search
Calendar
Linux Stocks Page
Daily Updates

Recent features:
- LinuxWorld
- Touchphone
- Linux Expo Paris
- Red Hat's IPO filing
- Eric Raymond interview
- Linux Expo '99
- Review: Red Hat 6.0
- The Mindcraft Report
- BitKeeper - not quite open source
- Alan Cox interview
- 1998 Timeline

Here is the permanent site for this page.

Leading items

Consider, one year later, some events from the last month:

• Linux-Mandrake won two LinuxWorld Editors' Choice Awards, for "Product of the Year" and "Best Distribution/Server."

• AXA Placement Innovation has made an equity investment in MandrakeSoft, the company that produces Linux-Mandrake.

• They have announced "Cooker," their development version, and immediately received a fair amount of developer interest.

• They have also released Panoramix, their new graphical installer, as open source.

• Bynari Systems has entered an agreement with MandrakeSoft to provide support services for Linux-Mandrake in the U.S.

• MandrakeSoft released DiskDrake, a graphical partitioning tool for Linux.

• MandrakeSoft announced the funding of David Faure to work full-time on KDE and KOffice development.

• Andover News Network's Robin Miller makes a highly public switch to Linux-Mandrake.

Obviously Linux-Mandrake is going somewhere. They now have twenty employees, offices in numerous countries, and the ability to fund open-source development projects. Even a year ago, the distribution market was looking crowded; how can it be that such a newcomer can have such success?

Mandrake is a clear example of both the benefits and the pitfalls of being in the open source software business. MandrakeSoft was able to start with a complete distribution - Red Hat 5.1 - and create a new, marketable product with some comparatively minor additions. There is an old joke that, while most scientific fields make progress by standing on the shoulders of those who came before, computer scientists stand on each others' feet. Thanks to free software, MandrakeSoft was able to stand on Red Hat's shoulders.

Was this fair to Red Hat, which might not have wanted to lend out its shoulders in this manner? In a sense, it doesn't matter. Those are the rules of the game that Red Hat chose to play. Remember also that Red Hat has always been free to take MandrakeSoft's additions and fold them back into their own distribution; if they have not taken advantage of this resource, they certainly can not complain if Linux-Mandrake starts to take some sales from them. (And, in fact, if Red Hat has complained we certainly have not seen it).

MandrakeSoft's real advantage would appear to be a strong emphasis on ease of use and integration of the desktop tools. By creating a distribution that people want to use, they have created a market for themselves. Linux-Mandrake is successful because it has added real value.

Linux-Mandrake is now moving away from direct use of the Red Hat code base; they have sufficient development resources that they can do things their way. They intend, however, to maintain their Red Hat compatibility - RPM packages for Red Hat will always install on Mandrake as well. This is a smart move, which will help to guarantee the availability of large amounts of contributed software for their system.

Please see our interview with MandrakeSoft's Gael Duval for details on the above and much more: MandrakeSoft's future plans, and the origin of the name.

Caldera OpenLinux 2.2 and 2.3, and Red Hat 5.2 and 6.0 are year-2000 compliant, according to an independent analysis done by Key Labs (Caldera) and The Software Laboratory Limited (Red Hat). Both tests looked at a variety of commands to insure their proper behavior in the next century. While a few small bugs were turned up, they had little to do with the year 2000 itself. Both OpenLinux and Red Hat have a clean bill of Y2K health.

One could certainly find faults with the methodology of these surveys (the full reports are available from KeyLabs' Caldera page and Red Hat's Y2K page). There was no complete survey of the code done. Other possibly time-sensitive parts of the system (PAM modules, PostgreSQL, sendmail, etc.) were not tested (the Caldera survey was rather more comprehensive than Red Hat's in this regard). Testing of applications was done, with little attention paid to the kernel. They are far from a complete survey of the Y2K readiness of Linux.

Still, it is a step beyond anything we have had before. The Linux community has, as a whole, not been all that concerned about the year 2000 problem; Y2K is a problem that other systems have. And, to a great extent, that is true. The internal Unix time format has no Y2K problem (though 2038 is another story). But that does not mean that libraries and applications have not introduced problems of their own. There must be at least one lurking out there somewhere still.

So it is good to see that a serious attempt has been made to insure that things will keep working after the end of this year. Even with a system as good as Linux, the absolute absence of Y2K problems can not simply be assumed. (See also: SuSE's Y2K page, Debian's Y2K page, and the GNU software Y2K page. We were unable to find Y2K pages for Linux-Mandrake, or TurboLinux; MandrakeSoft tells us that they have a Y2K study underway currently. Slackware has a brief mention on its FAQ page saying "The responsibility for ensuring that Linux is y2k compliant enough rests with the end user.").

Suggestions for the future of the Linux Documentation Project. Matt Welsh, co-founder of the Linux Documentation Project, has dropped us a notewith his thoughts on where the project should go from here. "I think that the only thing the LDP needs to do to get on track is to retain the essential structure it has had for the last five years. Making things any more complicated will only raise the barrier of entry to new authors, which will eventually cause the project to die out." Worth a read.

Linux fragmenting? No way, says Eric Raymond. "Instead, [Linux is] cheerfully absorbing its competition. And the fact that it is `absorbing' rather than `destroying' is key; vendors are belatedly figuring out that the value proposition in the OS business doesn't really depend on code secrecy at all, but instead hinges on smarts and service and features and responsiveness."

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News

XDM Insecurity revisited was the topic of a discussion on Bugtraq this week started by Jochen Bauer. He pointed out that the first report of XDM security problems was made in November of 1997 by Eric Augustus. Despite this, recent versions of Digital Unix, SuSE Linux and Red Hat Linux (among probably others) still ship with an Xaccess file that is insecure by default.

Suggestions for securing gdm or xdm were made. Overall, though, it was recommended that anyone using xdm or gdm block UDP port 177 on their firewall. Hopefully, the distributions will take a look at this issue and take measures to better secure their base distributions.

Kurt's Closet is a new column on SecurityPortal; the inaugural article is about Linux and encryption. "If an attacker manages to get access to your backup tapes, or gains physical access to a server, your data is suddenly very insecure, despite file permissions. Or if an attacker puts a laptop with sniffing software on your internal network, all that money you spent on securing the fileserver is much wasted. Encrypting your data can solve these problems."

In the growing conflict between law enforcement concerns and privacy issues in the digital age, a Justice Department proposal, to be dubbed the Cyberspace Electronic Security Act (CESA), seeks to extend authorization to law enforcement to decrypt information that it has legally seized. "A sound and effective public policy must support the development and use of encryption for legitimate purposes but allow access to plaintext by law enforcement when encryption is utilized by criminals. " As reported by ZDNN, however, concern is that the bill provides for surreptitious surveillance, by allowing law enforcement officials to break into someone's house, for example, and disable the encryption on someone's computer without informing them, widening the now-rare use of such "wire-tapping" authorizations. CNN and TechWeb also commented upon the bill, outlining concerns from privacy groups.

Meanwhile, it was interesting to note that the original bill carefully states,

"this Act is not intended to make it unlawful for any person to use encryption in the United States for otherwise lawful purposes, regardless of the encryption algorithm selected, key length chosen, or implementation technique or medium used. Similarly, this Act is not intended to require anyone to use third parties for storage of decryption keys, and this Act does not establish any regulatory regime for entities engaging in such an activity. Finally, this Act is not intended to affect export controls on cryptographic products."

Security Reports

Several vulnerabilities were reported to Bugtraq by Michal Zalewski in this posting. Two of them have been confirmed and recorded as new vulnerability in the Bugtraq vulnerability database.

The first involves a problem with pt_chown, a setuid program that supports non-suid programs that don't have devpts support. Terminal hijacking may be possible as a consequence, along with a root compromise. Until a patch for pt_chown has been made available, the recommended solution is to change the permissions on /usr/libexec/pt_chown. Red Hat 6.0 is vulnerable to this problem.

In addition, Michal reported a new vulerability in wu-ftpd.

QMS 2060 printers allow passwordless access to their root account. This can be exploited to produce a denial-of-service attack or to use resources without proper logging. Check the Bugtraq vulnerability database entry for more details.

Updates

The second advisory reported a buffer overflow in the termcap library, discovered by the Linux Security Audit Team. The advisory indicates that Caldera OpenLinux 2.2 is not vulnerable to this buffer overflow, so OpenLinux users are not affected.

The advisories on August 23rd covered the XDM issue mentioned above, for which they recommend modifying the Xaccess file, and new netkit-telnet and ncurses packages to correct the in.telnetd problem we mentioned in last week's Security Summary.

Debian updates. Debian also issued an advisory about the issues with the termcap library. Since they have abandoned the use of termcap for terminfo, Debian is generally not impacted. However, if you have compiled your own programs using termcap, you will want to upgrade to their new termcap-compat package.

Four additional advisories from Debian came out, including a potential problem with rsync, and /tmp file handling problems with smtp-refuser, trn and man2html. Upgrades are recommended for all four of these issues.

Debian also issued a comment regarding security problems with seyon, why they cannot issue a fix for them. They recommend that seyon users switch to using minicom instead.

Mandrake updates. Mandrake also issued updated isdnutils packages as a result of the problem with xmonisdn. Check near the bottom of their updates page for more details.

Red Hat updates. Red Hat issued an advisory about problems with in.telnetd, reported by the Linux Security Audit Team. An updated package, telnet-0.10-29, is provided. More information on the problem can be found in last week's Security Summary.

In addition, two more advisories were published on August 25th. One of them addresses the problems mentioned with wu-ftpd while the other address a buffer overflow in crond which could allow a local user access to root privileges. Upgrading to the packages listed in the advisories is recommended.

SuSE updates. No SuSE security updates have been listed since June 30th, 1999.

Resources

Events

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Debian Alerts
Red Hat Errata
SuSE Announcements

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The biggest change may be that IP firewalling and masquerading have been removed from the kernel. It is all being replaced with a thing called "Netfilter," which is supposed to provide a much better solution to the problem. Netfilter is much more generic and flexible; it can also emulate the older ipchains and even ipfwadm interfaces for backward compatiblity.

The Netfilter code is currently maintained and distributed separately; there are three sites where it can be found: Penguin Computing, samba.org, and KernelNotes. More information can be found in the Linux Netfilter HOWTO, which is both interesting from a technology point of view and fun from a humor point of view.

The current stable kernel release remains 2.2.11, despite the fact that this kernel has a lethal memory leak bug that quickly brings down the system in certain situations. Alan Cox has has 2.2.12 patches ready for some time, but the release has not yet happened. Soon, presumably.

The RAID 0.90 patches have been pulled from 2.2.12. As discussed last week, RAID 0.90 is a large, incompatible change; not everybody thought it should go into a minor release of a stable kernel series. Since then, a bug turned up in 0.90, Alan Cox got more nervous, and Linus decided that merging it in was not a good idea. That probably pushes the updated RAID subsystem back to 2.4. Of course, current users of the new RAID can continue to apply the patches separately.

FireWire (IEEE 1394) development continues to move forward, according to this update posted by Andreas Bombe. Low-level raw I/O is now working, but a lot of higher-level stuff is still under development. Firewire is not an easy problem, Andreas and company are to be congratulated for their progress. (There is also a Linux IEEE 1394 FAQ available for those who are interested).

Spinlock metering is the latest kernel code contribution from SGI. Spin locks are used in SMP kernels to control access to critical data structures - things that should not be touched by more than one processor at once. Spinlocks are a potential performance killer, since a CPU that is unable to obtain a lock is not only blocked out of a particular resource, but it must "spin" and do nothing else until the lock is freed. For this reason, the Linux kernel has been slowly moving away from a "one big lock" architecture (used to get SMP working) to a much more fine-grained locking scheme.

It has been hard, however, to know how effective many of these changes have been. And it is almost impossible to know where to put further development effort without knowing which locks are the real performance problems. Thus, improving the scalability of the Linux kernel to more processors requires a better understanding of lock behavior. Thus, lock metering.

Some of the initial results posted by SGI on their lock metering page are interesting. They ran a heavy test load on a four-processor system running 2.2.10; the result was about 8% of the system's CPU time was spent waiting for locks. With 2.3.11, instead, the number of lock operations almost tripled (because there are many more locks), but the amount of time spent waiting for locks dropped to 2%. In other words, the work done to distribute locks through the kernel has been effective.

This is an important contribution which will help Linux reach a point where it can work with large numbers of processors. It is nice to see SGI working toward the improvement of the system in such a clear way. At times, at least, corporate involvement in Linux brings about tangible benefits for all Linux users.

Other patches and updates released this week include:

• Devfs v118 from Richard Gooch.

• MTD 19990820 was released by David Woodhouse. The "Memory Technology Devices" project is working to make memory devices, such as flash memory cards, available on Linux systems. This release "appears to work if you're nice to it".

Section Editor: Jon Corbet

For other kernel news, see:

• Kernelnotes
• Kernel traffic
• Kernel Newsflash

See also: last week's Distributions page.

Distributions

Chinese Linux Extensions (CLE)

Debian

Dpkgv2 has been renamed to the Herring Package Management Library (HPML) for which the design is mostly done. Here is the posting which explains the name change and gives some status on the project. They have compilable code, though no functionality. Expect to see a mailing list for the project soon.

Mandrake

MkLinux

Red Hat

Tomsrtbt

SuSE

In addition, many postings on suse-linux-e indicate that people have started receiving their SuSE shipments in the United States as well. The process is apparently going forward much more smoothly this time.

One minor error reported with 6.2: SuSE 6.2 installs ProFTP by default instead of wu-ftpd, but it will try to run wu-ftpd from /etc/inetd.conf unless you correct that during or after the install. Check out this posting for more details. SuSE has been notified of the problem.

In addition, an update for Yast for 6.2 has already been made available, due to a problem with recognizing some older DOS partitions.

Trinux

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Lists of Distributions
Kernelnotes
Woven Goods
Known Distributions:
Apokalypse
Bad Penguin Linux
Bastille Linux
Best Linux (Finnish/Swedish)
Black Cat Linux (Ukrainian/Russian)
Caldera OpenLinux
CCLinux
Chinese Linux Extension
Complete Linux
Conectiva Linux (Brazilian)
Debian GNU/Linux
Definite Linux
DLD
DLite
DLX
DragonLinux
easyLinux
Enoch
Eridani Star System
Eonova Linux
e-smith server and gateway
Eurielec Linux (Spanish)
eXecutive Linux
floppyfw
Floppix
Green Frog Linux
hal91
Hard Hat Linux
Independence
Jurix
Kha0s Linux
KRUD
KSI-Linux
Laetos
LEM
Linux Cyrillic Edition
LinuxGT
Linux-Kheops (French)
Linux MLD (Japanese)
LinuxPPC
LinuxPPP (Mexican)
Linux Pro Plus
Linux Router Project
LOAF
LSD
Mandrake
Mastodon
MicroLinux
MkLinux
muLinux
nanoLinux II
NoMad Linux
Peanut Linux
Plamo Linux
PLD
Project Ballantain
PROSA Debian GNU/Linux
QuadLinux
Red Hat
Rock Linux
RunOnCD
ShareTheNet
Skygate
Slackware
Small Linux
Stampede
Stataboware
Storm Linux
SuSE
Tomsrtbt
Trinux
TurboLinux
uClinux
Vine Linux
Xdenu
XTeamLinux
Yellow Dog Linux

See also: last week's Development page.

Development tools

People into the whole "Perl vs. Python" thing might want to have a look at Python to Perl Conversions and More random Python observations from a Perl programmer, both posted by Tom Christiansen. Tom is, of course, a strong Perl proponent, but these documents make it clear that he has looked at Python in a serious way.

Java

Perl

"Algorithms with Perl" is a new book out from O'Reilly by Jon Orwant, Jarkko Hietaniemi & John Macdonald. For information on it, you can check out the press release, table of contents, bios, etc., or the cover graphic.

Python

Here's the latest Python-URL! with coverage of happenings in the Python community.

Also of interest: The Most Elegant Scripting Language You'll Probably Never Use by Dan Shafer on CNet's Builder.com. "Interestingly enough, when I started researching Python, one of the questions I had was related to its near-invisibility. Turns out I was only half right. It is largely invisible, but that's not because it isn't being used. Rather, it's because those who are using it aren't making a lot of noise about it."

Tcl/tk

Tcl/Tk 8.2 Final was announced on August 18th.

Section Editor: Liz Coolbaugh

Development projects

"Based on the intellectual-property climate of the world at the time the work began -- long before the virtues of Open Source were widely appreciated -- keeping this work under trade secret seemed both standard and prudent. Today the world is very different. In celebration of the success and vast human benefit of the Open Source movement, we are proud at last to be able to present to the world the technical ideas and methods on which we worked so hard for so long. "

Articles about the Xanadu release can be found on DaveNet and Byte's site.

Information on Electronic Design Automation for Linux has been updated on the LinuxEDA.com advocacy page. They've linked into portions of the Scientific Applications on Linux (SAL) page as well as starting a list of free software EDA projects. In addition, you can find information there about the linux-eda mailing list. Perhaps most interesting is their comprehensive set of links to press articles about Linux and EDA.

Promotion of open source Voice over IP (VoIP) internet telephony software is the goal of the http://www.openphone.org website. "We aim to phone-enable every computer on the planet. There is low-cost telephony hardware available that makes low-bandwidth, real telephone service possible over IP networks... we just need software!"

Apache

Gimp

Meanwhile, Gimp development news is a bit thin, since the gimp-user and gimp-devel mailing lists were recently "nuked" as a result of an upgrade on the server at the Experimental Computing Facility at UC Berkeley. No estimated time is known for their restoration. The Gimp Kernel Cousin still published on August 20th, but simply reports on changes to CVS. The Gimp News for August 24th still seems robust. It mentions Jon Peterson's review of the Gimp user interface, the addition of JPEG previewing and a couple of other items. It does also mention the damage to the mailing lists. Apparently no freeze date for Gimp will be set until after the lists are restored.

Gnome

Also, the announcement for the GNOME-ES web pages has gone out. GNOME-ES is a group which has set out to translate the gnome documentation into Spanish.

Havoc Pennington's Gnome Summary for August 15th-22nd can now be found nicely formatted on the web. From it, we learned of the Gnome Status Page, which tracks the status of major release goals. Note that it does not try to perform comprehensive tracking for all Gnome components, just the portion being worked on by the core team.

A File Manager Status Report has been issued by Ettore Perazzoli and more candidate window managers are showing up. "We'll see how it goes; you can never have too many window managers. :-)"

High Availability

Meanwhile, the links on the High Availability website have also been updated to include other commercial products. A Phase I TO-DO list has also been added, for anyone interested in a project to work on.

KDE

One good piece of news announced this week: Daniel M. Duley (aka Mosfet) has been hired by MandrakeSoft to work on KDE. He's also started a news site to cover the work he'll be doing. For more information, check out this interview with him done by Linux.com on August 18th. The interview covers the KDE 1.1.2 and 2.0 releases, plus some comments on Mandrake's new open development process.

Midgard

Mozilla

And Mozilla: success or failure? looks at whether Mozilla has been worthwhile or not. "There are certainly many more contributors outside of Netscape working on Mozilla today than there were in the first six months of the project. This phenomenon was largely due to the state of the Mozilla code at the time, and the lack of a clear architectural direction."

PHP

Slides from LinuxWorld tutorials on PHP given on August 21st at the O'Reilly Open Source conference by Jim Winstead and Rasmus Lerdorf have been made available.

Wine

Wine is an implementation of the Windows 3.x and Win32 APIs on top of X and Unix.

WorldForge

From this issue, we glean that WorldForge 0.2.0: The Demo has been released, which everyone is encouraged to try.

"The WorldForge Project is developing a complete system for massively multiplayer worlds."

xmms

Zope

"Zope is a free, Open Source application server and portal toolkit used for building high-performance, dynamic web sites."

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

• Market capitalization information (the value of all outstanding stock) was often requested. It will be there shortly.

• Charts of the Linux Stock Index showing its history. It's coming, once the index actually has some history.

• An explanation of how the index is calculated will also be made available shortly. The calculation of the index will change to something that, hopefully, makes more sense as well.

• A third tier for companies which do a little bit of Linux business. We may add that at some point, but such a list would be very long and hard to keep current.

Thanks for your support of the Linux Stocks Page, and keep an eye on it as it gets better.

Lego Mindstorms Robots are the topic of a new O'Reilly book which has recently appeared in their catalog. This isn't really a Linux book, but it's hard to imagine that those who like to play around inside Linux wouldn't be into this too...

and speaking of books,
MacMillan has put out a press release stating that their Sams and Que books on Linux will henceforth be reviewed by the folks at LinuxCare for accuracy.

There were a couple of LinuxWorld announcements that didn't make it into last week's LWN.
Craig Southeren was elected as the Linux development representative to the International Softswitch Consortium. The seat is sponsered by Vovida Networks.

Sybase Enterprise Application Server for Linux was selected as a winner of the LinuxWorld Conference & Expo Show Favorites Awards, sponsored by LinuxWorld magazine, in the Web Server category.

The SourceXchange has posted its first six Requests for Proposals. These RFP's all originate from within HP. All of the projects, of course, are to be released as open source.

Hardware:

Rave Computer Association, a long-time Sun reseller, has announced that it is now selling Sparc systems with Linux (Red Hat) preinstalled.

Lineo has announced the release of "Embrowser," their embedded web browser product. It runs on DR-DOS now, but will end up on their embedded version of OpenLinux ("Embeddix") shortly.

Software:

Mentor Graphics will be making its "Calibre" physical verification tool (for the semiconductor industry) available for Linux, according to this Semiconductor Business News article. "Calibre for Linux will be available in the fourth quarter. Pricing for Linux, Windows NT and Unix versions of Calibre starts at $50,000."

Motorola has announced its intention to buy Metrowerks, makers of CodeWarrior for Linux, among other things. (Thanks to Bill Shotts).

Press Releases:

• Actiontec Electronics, Inc. announced the 56K PCI Master Modem. It supports all of the popular operating systems including Linux.

• Active Tools has released Clustor 2.0. Clustor is software tool for high performance computing and is especially useful on Beowulf clusters.

• Aspen Systems, Inc. has commenced shipping its Twin Peaks II line of 667MHz, 64-bit dual-Alpha 21264 processor workstation, server, and cluster solutions.

• Frontier GlobalCenter announced that Red Hat, Inc. will be utilizing Frontier GlobalCenter's Web hosting and digital distribution architecture to host its site, www.redhat.com.

• Future Power has introduced two Dual Millennium PCs -- the first systems ever equipped with two Intel Celeron processors. Some configurations can be shipped with Linux pre-installed.

• GraphOn Corporation announced it has signed a strategic reseller agreement with Simple Future Corp. to provide Linux application delivery over networks.

• Hewlett-Packard Company issued a clarifying statement on its IA-64 position. HP is commited to delivering Merced-based workstations and servers that support HP-UX(2), NT-64 and Linux.

• IBM joined with Reedy Creek Technologies. The partnership unites Reedy Creek's web content management software and Real-time Page Management with the Linux friendly IBM Netfinity ServerProven program.

• Instant Video Technologies announced that it has ported its Burstware enterprise-class server and conductor software to the Linux platform.

• Intel Corporation announced the latest versions of its Pentium III Xeon processor family for server and workstation platforms. Naturally Linux is supported on this platform.

• Kingston Technology announced the addition of a new 10/100 Fast Ethernet adapter with Wake on LAN and ACPI support. Linux drivers are included.

• Macromedia, Inc. announced that versions of its Flash Player will be available free on 1 September for Linux and several other platforms.

• MandrakeSoft, the makers of the Linux-Mandrake distribution, announced that they have received an equity investment from AXA Innovation.

• Medullas Publishing Company announced its new upcoming site, Unix Applications (www.UnixApps.com). The new software download portal will merge Linux Applications and include applications from all Unices including FreeBSD and Herd operating systems. Moreover, Unix Applications will also feature applications from BeOS and other operating systems.

• Neal Nelson & Associates helped Fore, Xylan and Cabletron to install a linux-based test bed.

• NetGem has an Internet television with a combined TV/Internet board that uses the Linux operating system.

• SAP announced that its R/3 ERP system has begun shipping for Linux. This is an important step in getting Linux into high-end business applications.

• SAP will also be showing off the Linux version at the "SAP TechEd '99" conference, which starts on August 29.

• Scriptics Corporation announced new versions of both the open source Tcl scripting language and the TclPro development tool suite. The TclPro tool suite is available for multiple platforms, including Linux.

• Global Telemann Systems, Inc. announced the official release of WindowsNT and Linux driver for DVB-IP PC Card (SkyMedia-300, SkyMedia-200 and SkyMedia-200D). (Actually this came out in July, but we seem to have missed it then.)

• TheLinuxStore has the Element-L Alpha Systems, with Red Hat Linux 6.0 installed.

• Thinworks, a thin client server business, released a series of new products with the Linux operating system.

• ZD Education launched welcome.zdu.com, a site dedicated to corporate training. Course topics range widely and include certification paths for Linux.

• Ziatech Corporation introduces an e-newsletter to provide timely product, technology and event information for the CompactPCI Industry.

Section Editor: Jon Corbet.

See also: last week's Linux in the news page.

Linux in the news

ZDNet's Jesse Berst doesn't think much of Sun's plan to buy StarDivision. "The idea would be to promote Linux (and possibly Sun's Solaris operating system) as a viable competitor to Microsoft on the desktop. [Sun President Scott McNealy is] not interested because it makes business sense; he's interested because he's obsessed with Bill Gates and can't resist a chance to attack him. Hang on, give me a second? I'm thinking... I'm trying to decide if that's the dumbest idea I've heard this year." (Thanks to Cesar A. K. Grossmann).

Here's a ZDNet column by Evan Liebovitch about AOL's withdrawal of their TiK instant messaging program, which had been released under the GPL. "AOL's vain attempt to take back what it started indicates that it may not really have ever known what it was dealing with....Even if AOL stopped further distribution of TiK from its own Web site, it can't stop those who already have it from freely passing it around. If Microsoft wanted a copy, I'm sure they already have it. The damage is done."

Linux vs. Microsoft:

Here's an ABC News article about the Microsoft and LinuxPPC "hack this box" contests. "It should be noted that the Linux machine is getting one-tenth the number of attacks that the Microsoft server has endured - and that the Windows 2000 operating system is still in beta, and is due for more debugging once it has been released."

Computer Reseller News ran this article on Microsoft's approach to Linux. "IT departments are saying they will evaluate the technology, but not much beyond that, [Microsoft product manager] Edwards said. In the corporate space in particular, Microsoft has a more compelling story than Linux, based on performance, reliability and track record."

Here's a ZDNet article about Compaq's abandonment of Windows NT on the Alpha processor. "[Marketing VP] Borkowski added that Linux has taken hold on the Alpha architecture far more quickly than most vendors anticipated." (Thanks to Cesar A. K. Grossmann).

Why do computers not improve the overall productivity of industry in the U.S.? According to Fred Moody in this ABC News column, it's all Windows' fault. "In other words, we're fighting a losing battle by throwing more computing power at our worker-productivity problem. The more computers we bring into the workplace, the more resources we spend repairing system-crash damage and the more overall productivity is lost." Unfortunately, he doesn't see fit to mention the existence of more reliable systems. (Thanks to Ted Ede).

Microsoft is polling the German press about Linux, according to this Heise Newsticker article (in German). They are looking for perceived strengths and weaknesses in Linux, presumably so they know where to attack it. English translation available via Babelfish. (Thanks to Lenz Grimmer and Fred Mobach).

Is Microsoft opening up? asks Sm@rt Reseller. "If Microsoft wants to test the open-source business paradigm, it needs to go all the way and truly open source its technologies. If the company merely wants the credit for being 'open,' it should be very clear about the fact that the company does not plan on being an open-source contender." (Thanks to Cesar A. K. Grossmann).

C't Magazine has run a lengthy summary of the "Wizards of OS" conference held in Berlin last July. "Those who simply call Stallman a nutcase are taking it too easy on themselves: The numerous Open Source projects, Netscape's releasing its source code, the close co-operation between IBM and Apache Group and the stir the success of free software has caused at Microsoft ... are proof of how much is in motion at present." (Thanks to Fred Mobach).

Here's a Salon Magazine article about alternative operating systems in "free" PC's and "appliance" systems. "After all, the interface of an 'appliance' doesn't necessarily have to look like a traditional desktop; each interface could be customized for the purpose of the machine, so a user wouldn't care whether it's running on Windows or Linux -- if, that is, the free PC makers succeed in making the back-end operating system invisible." (Thanks to Paul Hewitt).

Can Linux live up to the hype? asks PC World. "...be wary of getting caught up in the Linux hype machine. Like any promising farm league rookie, Linux needs seasoning before making it in the big leagues."

Linux Can't Handle Life As A Corporate Client says Internet Week. "And what about file and print services? The other half of the last ATM Lab Test Linux experience was getting three new Linux machines to see our lab's two printers. Let's just say that Linux, Samba books and bits of the lab director's hair were flying all over the place. And I don't think those machines ever did print."

Linux will never dominate the desktop, according to this osOpinion piece. "Linux was not designed for general PC use, and trying to fit the square peg of extensive functionality and accessibility does not fit into the round hole of usability."

More Red Hat IPO:

Will success spoil Linux? asks E-Commerce Times. The article is really about the Red Hat IPO and the community offering difficulties. "If Red Hat really wants to show the world that it is not just another money-grubbing corporation, it should find some other way to pay back those programmers whose hard work made its IPO such a hit on Wall Street."

Liberation covers (in French) the Red Hat IPO with attention to the community offering difficulties (described as "catastrophic"). English text available via Babelfish. (Found in NNL).

News.com predicts downward mobility for Red Hat's stock. "Red Hat's success may imperil the company's relationship with the programmers who work on the program and maintain the source code.... One of Red Hat's strengths today is its brand name. That reputation could be tarnished if Linux programmers decide that Red Hat is becoming too much like Microsoft in trying to dominate the Linux market."

More Business:

Here's an Information Week article about open source software in e-commerce applications. "Among application servers, two packages, PHP and ZOPE, are starting to gain a following. Since custom coding is a necessity with application servers, there's a big win if you can have access to the source."

Computer Reseller News writes about the use of Linux at International Trucking Specialists. "The reseller demonstrated that Linux has major security advantages over other flavors of Unix..."

Why do computers not improve the overall productivity of industry in the U.S.? According to Fred Moody in this ABC News column, it's all Windows' fault. "In other words, we're fighting a losing battle by throwing more computing power at our worker-productivity problem. The more computers we bring into the workplace, the more resources we spend repairing system-crash damage and the more overall productivity is lost." Unfortunately, he doesn't see fit to mention the existence of more reliable systems. (Thanks to Ted Ede).

Penguinitis' Sweeps Monterey UNIX Consortium says Sm@rt Reseller. "While the partners involved in the Monterey Project--the initiative between SCO, IBM, Intel, Sequent Computer and Compaq Computer Corp. to create a high-volume unified UNIX--were upbeat on Monterey's prospects, they still had Linux on the brain."

PC Week looks at SCO's entry into the Linux services field. "...the move, like so many other commercial vendors' moves into the open-source realm, shakes up the company's business model and may lead users to think more deeply about the different hats their vendors will be wearing once Linux is added to the fold."

Reuters ran this article about Corel and its Linux plans. "Ottawa-based Corel has not seen the spillover it expected from the wildly successful initial public offering of Linux firm Red Hat Inc. Red Hat's sought-after shares, which debuted at $14, closed at $72.31 on the Nasdaq on Thursday. In contrast, Corel closed at C$6.65 on the Toronto Stock Exchange on Thursday, up just 5 Canadian cents from the August 11 launch of the Red Hat shares."

Here's a couple of osOpinion pieces: An open business plan for Red Hat suggest how Red Hat should move forward with their pot of money. It includes buying SCO.... And Microsoft Linux is an interview with Mariko El-Nabi on when and how Microsoft will move into the Linux business.

Federal Computer Week looks at Linux use in the U.S. government. "GSA's Heffernan said he has been amazed at how quickly Linux has become competitive in the operating system market. He chalks that up to the open-source philosophy -- not necessarily the fact that the operating system does not cost anything but the fact that the source code is totally open to anyone." (Found in NNL).

Also:

It's the top ten Linux-related web sites on LinuxPlanet - an Internet.com site. Happily LWN is one of the top ten. "Of course, I haven't included our own LinuxPlanet.com, which is certainly one of the most useful and informative Linux sites on the Internet. However, if you for some unknown reason ever feel like looking elsewhere, here are a few places you might want to check out....."

Network Computing ran this article complaining about the security of Unix systems. "For the time being, Unix security is relegated to those who want to revolve their life around security bulletins and patches. Not to mention putting up with some downtime and rebooting to activate some of the patches." There's not much talk about which alternatives (MacOS??) are better...

MacWeek says that the PowerPC will become the RISC chip of choice for Linux users. "Assuming someone takes IBM up on its offer and builds inexpensive PowerPC boxes for Linux, Alpha won't be the RISC favorite for Linux much longer. And indications of this shift are already appearing."

The Boston Globe looks at Loki Entertainment Software and Linux games. "Backers of the upstart Linux operating system like to joke that their ultimate goal is world domination. They're getting there. In fact, anyone with a Linux computer can create an interplanetary empire, sort of."

This column in Christian Computing Magazine looks at finding hardware and software for Linux systems. "While there is plenty of software for the general public available for Linux, finding software specifically tailored to Christian needs is a little more difficult. For example, I am writing this column using WordPerfect 8 (which is free for personal use on Linux.) But at this time there is not a piece of software for Linux specifically for church management."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

Events

The First Annual Ottawa Linux Symposium was a tremendous success, according to the followup press-release. It does sound like an extremely enjoyable time. Their focus was on bringing together Linux developers and they succeeded in attracting an impressive lineup. ""The Ottawa Linux Symposium was a great technical conference," said Alan Cox of Building Number Three. "Three tracks of high quality tutorials and technical presentations, an E-mail garden and beer, everything needed to make it a great success.""

Computer Professionals for Social Responsibility has announced its conference, to be held October 2-3 in Stanford, CA. Events include a session on the UCITA ("shrink-wrap software") act and the presentation of the Norbert Weiner award for Social Responsibility in Computing Technology to the "open-source software movement." The award will be accepted by Eric Raymond and Larry Wall.

Linux for Suits. Somehow we missed until now the Linux for Suits event at Internet World, October 6 in New York City. It features an impressive set of names: Linus Torvalds, Esther Dyson, Bob Young, Ransom Love, Chris DiBona, Michael Tiemann, and more.

More suits: The Linux Business Expo (which will be part of Comdex in November) has announced its list of keynote speakers: Michael Cowpland (Corel), Bob Young (Red Hat), and Ransom Love (Caldera).

More LinuxWorld photos. SuSE's Lenz Grimmer has put up a page of photos from LinuxWorld.

Cowpland in Miami. Ziff-Davis has put out an announcement about "Comdex/Miami," which is happening in, of all places, Miami at the end of September. It seems that Corel's Michael Cowpland will be there speaking on "Understanding the Benefits of Linux Open Source in the Software Industry"

User Group News

The Greeley Linux User's Group is forming up in Greeley, CO, USA. In fact, their first meeting has been scheduled for Sept. 1 1999, 7:00 pm at the Centennial Park Library. If you are interested, contact Chuck Morrison or go to their new homepage.

Help Wanted

Hangover sarl in Paris is also looking for Linux folks.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

The Review of Operating Systems is a simple and lengthy page which attempts to present a comprehensive list of operating system resources on the net. There's a lot of stuff out there...

Section Editor: Jon Corbet

Letters to the editor

Date: Thu, 19 Aug 1999 15:35:02 +0200
From: Bernd Paysan <bernd.paysan@gmx.de>
To: letters@lwn.net
Subject: RHAT overpriced?

Well, aside from the fundamentalist opinion, that all internet stocks,
and certainly Red Hat are way overpriced, there's some logic behind it.
After all, Amazon or Yahoo aren't priced that high for their business
they make now, or for the class of business they do (everybody can build
a web-based bookstore or a portal site, lots do), but for building up a
brand name. $5 billion for a brand name isn't overpriced (supposed that
this thing becomes a commodity), perhaps $50 billions are.

Look at traditional brand names like Levis. Everybody can make jeans,
after all, it's nothing more than blue cotton and yellow thread; jeans
are really a generic product. In fact, a lot of companies do make jeans,
yet brand name jeans can sell at a premium price, although the only
difference (to quality generic jeans) is the label.

The same goes for Linux. Everybody can make a distribution, even a close
rip-off or immitation of a brand name Linux (e.g. Mandrake is mostly Red
Hat). The idea then is that even though there are a lot of "cheap
immitations", the masses still will choose the brand.

The main problem that contradicts that logic is that these things change
in "Internet time". A few years ago, Slackware was the dominant
distribution. Next year, Corel could be the dominant distribution. Or
SuSE, when they continue to expand in the USA; they already are dominant
in Europe. I don't think any of those can maintain a first class brand
name for as long as Levis did. After all, none of them invented Linux,
so nobody could write "The original Linux" on their package. And the
value of the brand really depends on becoming a commodity (i.e. "Total
world domination(tm)"), or at least a luxury good (such as Rolls Royce
or Lamborghini).

-- 
Bernd Paysan
http://www.jwdt.com/~paysan/

Date: Thu, 19 Aug 1999 10:04:26 -0400 (EDT)
From: "Timothy D.J. Hunt" <tim@NewExpression.com>
To: letters@lwn.net
Subject: Linux IPO's and the Linux Community


Sir,

I am been watching with some frustration as Redhat attempted to do the
right thing by the Linux community, and ended up being frustrated by
market regulations intended to protect the naive investor.

Given that we are expecting many more successful Linux based IPO's, 
and given that each Linux based company should be attempting to return
some of the wealth to the community that created it, how could we prevent
this happening again? I have a couple of suggestions:

1) How about setting up a Linux foundation that Linux based companies can
make stock grants to, pre IPO. The foundation can then funnel the wealth
to the Linux community by sponsoring new development, and/or grant awards
to significant contributors (similar to the MacArthur foundation). This
also has the potential to create a virtuous cycle, since any new
development that adds value to Linux, also adds value to Linux based
companies.

2) Maybe an enterprising mutual fund company could setup a Linux based
mutual fund with membership offered to significant contributors within
the Linux community. Linux companies can then allocate some of their
community stock to this mutual fund, without have to deal with the issues
involved in offering stock to lots of individuals.

Regards

Tim Hunt
timh@usa.net

From: "Jim Watts" <jamescwatts@hotmail.com>
To: lwn@lwn.net
Subject: Best and worst CD from the Linux World show.
Date: Thu, 19 Aug 1999 19:29:49 PDT

Hey guys,

I just finished going thru your Linux Show review, and while I was
disappointed not to see a picture of myself (in my very rare Amiga
shirt), I was even more disappointed to see you choose Amdahl's CD as
the worst of the show... and then drag them thru the mud for it.

To be honest I haven't even looked at my copy yet.  But I have looked
at Storm, Turbo, and SuSE, and none of those would install on my
laptop, only Red Hat did.  So I have no use for any of them either.

I not going to try to excuse the copyright bull on the back.  It was
obviously a canned blurb they got from legal... and we all know what
we should do with them.

You do have to give them some credit for even trying.  Fujitsu is not
a small company (Amdahl's owners) and for Amdahl and Fujitsu to
support Linux can not be a small thing for them... or the Linux
community.  Maybe the best way to get them to realize the error was to
post a flaming review like yours, maybe not.  At least they are
trying, you have to give them that.  If they can get Linux into just
one shop where it has never been before, they've done well enough in
my book.  And if 10 more companies do the same, so much better.

Hopefully the next public display from Amdahl will be better.  Time
tells all.  How would you like to see Linux running on a 2000Mips (a
Millenium) mainframe?  That would be a nice demo.  Cluster THAT!

Just my 2 cents.  (Have you noticed that the cent key is gone?
Where'd it go?)

-Jim

Date: Thu, 19 Aug 1999 12:04:56 +0100
From: Sid Boyce <szb50@amdahl.com>
To: letters@lwn.net
Subject: RE: The CD Giveaways

Amdahl Corporation is still around with excellent products to sell.
Without fanfare, quite a number of us have been avid Linux users going
way back, many machines dotted around the Corporation are running
Linux for serious work. On a visit to our Sunnyvale HQ in January, I
was using a Linux machine for 3 days before I knew it was Linux, I had
never seen Window Maker before, that's one of the beauties of this
great Linux we know and love.

	This was a hastily put together CD and from my soundings, the
standard licensing document should definitely not have been used - the
equivalent of a kernel oops perhaps ?.

	Rest assured, we are serious, we are keen to get going, we
feel the buzz. We've got some serious and solid hardware in TeamServer
and Elvis (RAID) and we shall have Linux solutions in the Corporate
sector to complement our excellent Mainframe offerings.

	Most people at Amdahl are still new to Linux, but the pin is
dropping rapidly, for me, I've been with Linux since it first appeared
and have preached it to all. At first I gained the impression they
thought I was a total eccentric, now I am something of a prophet
perhaps. Everyone knows the sort of reaction you got on mentioning
Linux, one colleague installed it on a Quad P-II which we sold with
NT, when the Dept.  manager passed by, he said "gosh, that's quick",
"what's that ?", having been told it was Linux, he put his nose in the
air and marched of saying, "that's not one of our supported operating
systems". We get the last laugh!.

Regards
-- 
... Sid Boyce...Amdahl(Europe)...44-121 422 0375 
Any opinions expressed above are mine and do not necessarily represent
 the opinions or policies of Amdahl Corporation.

Date: Fri, 20 Aug 1999 11:38:01 -0700
From: Anand Srivastva <anand@nmi.stpn.soft.net>
To: webmaster@osopinion.com, letters@lwn.net
Subject: Linux won't dominate the desktop

Hi,

I don't agree with you that Linux won't succeed on the desktop.
Its like saying MSDOS can't work on the Desktop, remember how bad MSDOS
was initially. The only thing wrong with Linux is that its too new. How
much time has it been since people started even thinking of a GUI for
Linux, just two years. Remember how much time MSDOS took to have a GUI.
How long MS had to work to get a decent Windows GUI. How long it had
failed, before it started succeeding. Just wait for a couple of years
and Linux will be better.

People don't want to blame someone. They want to get their work done. If
there are problems then they want to be able to call up people who can
solve the thinks. I think as Linux gets more mainstream people will find
someone around them who knows about it. There are already companies who
can help them with their questions. At the end its been asked a lot, but
have you ever called up MS support. I have seen a lot of support for
Windows, and the only solution that there ever is reboot or reinstall. I
think people will appreciate if the problem can be really cured. Also
the freedom they get when they can choose their support company. If
Compaq doesn't do a good job, call up IBM ;-).

I think, it is on the desktop that monetory price becomes very crucial.
For the Corporate desktop you maybe right but for the common user,
monetory price is very important. And when we generally talk about
desktop users we are mostly talking about the common user. For them
anything, linux's cost effectiveness will matter a lot. When the price
of the PC with Linux is $400 and with Windows you have to add another
$100, I think that $100 will mean a lot.

Of course this includes the disclaimer that Linux is not yet very
feasible for the common user. But the time is not very far away, maybe
another year maybe some more, when Linux will become very useable by the
common user.

BTW, there is a notepad app for linux, and MS notepad I think works
through WINE on linux.

Linux just needs time, 
-anand

Date: Mon, 23 Aug 1999 19:29:53 -0700
From: John Gardiner Myers <jgmyers@netscape.com>
To: letters@lwn.net
Subject: ESR's 'Will You Be Cracked Next?'

I am astounded by claims that Linux is "invulnerable to macro attacks"
and "immune to viruses."  They are simply false.

GNU Emacs will, upon loading text files, execute elisp code embedded in
certain ways; it is vulnerable to macro attacks.  Unix viruses have
existed since 1989, an excellent reference is 
http://www.cyber.com/papers/plausibility.html

To: Matt.Wilkie@gov.yk.ca, letters@lwn.net
Subject: re: Back Orifice
Date: Mon, 23 Aug 1999 02:31:13 -0400
From: Piotr Mitros <pmitros@MIT.EDU>

> Although Linux can laugh at Back Orifice itself, Linux is -not-
> immune to a BO style of attack: a trojan wrapped inside an innocuous
> program which the recipient/user does want to run.  (rootkits
> anyone?)

Despite Eric's flair for unsubstantiated hype, he is correct here. The
major hole demonstrated by Back Orifice is not merely the idea of a
trojan horse. The real problem it is meant to show is that if any
(non-administrative) account is compromised, the whole system is
compromised. This means that if a secretary in some company is fooled
into running a trojan program, the accounts of all future users to log
in on that machine can automatically be compromised. By sticking a
small program in their startup files, any other machines they log in
on can be compromised. This can easily spread over a corporate network
like wildfire. Windows 95/98 simply lacks a real security
model. Windows NT has a security model, but most NT configurations
that I've seen do not take advantage of it (configuring it with real
security in place takes away a good deal of normal Windows
functionality).

On the other hand, with a properly maintained Linux system, if one
account is compromised, only that single account is compromised. The
danger is contained; a mistake made by single secretary on a network
of 15,000 cannot bring down the entire network and compromise all of
the information; the loss is limited to at most what that one user has
access to.

Root kits are not terribly relavent to this discussion. They should
not effect a properly maintained system any more so than DOS attacks
or remote root exploits do. Under Linux, bugs that allow root exploits
tend to be fixed within a few hours of their discovery.

Piotr