Other stuff:
Contact us
Archives/search
Calendar
Linux Stocks Page
Daily Updates

Recent features:
- Gaël Duval interview
- LinuxWorld
- Touchphone
- Linux Expo Paris
- Red Hat's IPO filing
- Eric Raymond interview
- Linux Expo '99
- Review: Red Hat 6.0
- The Mindcraft Report
- BitKeeper - not quite open source
- Alan Cox interview
- 1998 Timeline

Here is the permanent site for this page.

Leading items

The proof of Channel One's intentions, of course, can be measured by how quickly they transfer the trademark over to Linus Torvalds. Meanwhile, it seems certain that this sort of problem will come up again. There are a lot of countries out there. "Linux" likely remains unregistered in many of them. Chances are good that somebody with poor intentions will pick up on one of them eventually. Even if such a registration can be overturned, it is a major waste of effort to have to do that.

Tracking the status of the Linux trademark seems like a job made to order for Linux International. Some effort put in now could go a long way toward avoiding unpleasant incidents in the future.

IBM has announced a "Red Hat Certified" laptop. The announcement that the Thinkpad 600E has been certified generated quite a bit of press interest, and this certification was held up as an advance for IBM and Linux both. In theory, this certification means that "no special effort" is required on the part of the user to make Linux run on that particular system. Interestingly, that is very much not the case with this laptop.

A look at IBM's guide to installing Linux on the Thinkpad 600E will make it clear that some special effort will indeed be required. The document is lengthy and detailed, containing the various steps required to get sound, APM, and PCMCIA working properly. These steps involve creating a new init script and updating both the kernel and the PCMCIA subsystem. Hard-core Linux nerds will not find these steps to be much of a "special effort," but many other users are likely to feel differently.

Perhaps most significantly: no amount of "special effort" will make the modem work. It is a "WinModem" - a modem that requires most of the signal processing to be done by the central processor. There is no reason why such modems shouldn't work under Linux, except one: the interface information for these modems has not been made available by their manufacturers. This information is all protected under non-disclosure agreements; thus, no Linux driver can be written.

IBM is to be commended for providing such a highly-detailed page on how to make Linux work on their hardware. If all manufacturers behaved this way, life in the Linux World would be much easier. This information is a step above what is normally available, and it is welcome.

But it seems inappropriate to certify this system as "Red Hat compatible." It can only be made to run that distribution after a substantial amount of effort, and a crucial component - the modem - can not be made to work at all. This is, it would seem, a weak definition of "compatibility."

If Red Hat is willing to award "compatible" status to a system which is this difficult to make work, they will be doing harm to both themselves and the Linux community as a whole. "Red Hat Compatible" is a promise that Linux will work on this system. Laptops, still, are not cheap. Any user who invests a chunk of money based on the "compatible" promise, and who subsequently discovers that very little works out of the box, will feel deceived. The numbers of disappointed (possibly ex-) users will increase, and "Red Hat compatible" will be recognized as having little meaning.

One other question that has come up is why is the Thinkpad certified only by Red Hat? Some fear, once again, that Red Hat is taking over everything. The straightforward answer, though, would seem to be that no other distribution has established a similar certification mechanism. If only Red Hat certifies hardware, hardware will only have Red Hat certification.

The one alternative that is worth a look here is KeyLabs' Linux certification program. KeyLabs claims to be vendor-neutral, though readers of their web pages may suspect a relatively close relationship with their neighbors at Caldera. Their Linux Compatible Hardware page shows a fair number of systems which have been tested against one or more distributions.

Vendor-independent testing by companies like KeyLabs is a hopeful way forward. Currently, however, very few people have heard of KeyLabs, and most consumers do not look for the KeyLabs seal of approval prior to making a purchase decision. Perhaps some sort of serious marketing campaign is needed before people will start looking for this certification.

Update: Dave Sifry at Linuxcare wrote in to slap us (gently) upside the head for not mentioning the Linuxcare Labs certification program, which also does vendor-neutral hardware certification. See their list of certified hardware to see what they have been up to. LWN regrets the omission.

(See also: press articles in Salon, ZDNet, and News.com; and the certification report on Red Hat's site - unavailable as of this writing due to Hurricane Floyd).

The Atlanta Linux Showcase is less than a month away. The LWN will be there, with our first booth on the exhibit floor. As a result, we're also looking for volunteers, both those willing to help us with booth duty and those interested in helping put together reports from the conference talks, interviews from exhibitors on the floor and more. If you've always thought doing a little bit of writing for the LWN would be fun, here's your chance!

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News

Postfix, and why it is a preferred alternative to sendmail, is the focus of this article, by Kurt Seifried. He focuses on the improvements postfix brings in security and configurability and the ease of which postfix can be dropped in as a replacement for sendmail. " find a typical Postfix conversion takes around 10 minutes for most sites (assuming you use an RPM and don't have to compile it), and have yet to encounter any major disasters (although I have found several small to medium sized glitches). "

He also reports back on the current state of the postfix license, which caused some initial concern. "Previous versions had a rather ugly termination clause, which prevented wide spread acceptance of Postfix, however this has been removed and Postfix is now "safe" to use. You can distribute the software, develop it, make changes and so forth, the only catch being that you must contribute any changes back to IBM (rather reasonable since they paid Wietse to develop it). "

Security Reports

A shared memory-based Denial-of-service attack has been posted to BugTraq and demonstrated on Linux systems. Currently, there are no effective limit on shared memory currently exists, since shared memory segments can be created without being bound to a process. Henrik Nordstrom posted a patch for Linux 2.2.12 which adds a procfs entry for "tuning the limit of shared memory allocable", freeing unreferenced shared memory pages and getting information on when they were created and by whom.

A minor bug in gftpd can result in the display of your password in plain text or saved in plain text to your logfile. The author of gftp has released an update to fix this. For more information, check out Oscar Haeger's BugTraq posting.

Last week's release of ProFTPD 1.2.0pre5 has quickly been followed by the release of ProFTPD 1.2.0pre6. Details on the changes in the latest version have not yet been posted, but they are again security related. Given the length of the list of changes made in pre5, this may just be catching some minor oversights.

Commercial software reports have come in on Netscape Enterprise Server 3.6, and CDE. The CDE problems resulted in the release of this CERT advisory, since the vulnerabilities can result in unauthorized access to root privileges.

Updates

Some buffer overrun problems have turned up in the mars_nwe (Netware) package. So far, we've seen updates from Yellow Dog Linux and Red Hat.

Yet more updates to XFree have come out from Red Hat. These include the XFree 3.3.5 packages, but are marked as security-related, so an update is recommended.

SuSE released a new PINE update to fix the PINE vulnerabilities reported in June. The new package fixes a problem with the original update which broke support for IMAP.

Resources

Stack Shield 0.5 has been announced. Stack Shield is an alternative to Stack Guard; both help make a system less vulnerable to buffer overflow and related problems.

Linux Audit Beta 0.1 is an early release of a package to support auditing under Linux. It requires Linux kernel 2.3.5, plus a patch, to run.

The unix-virus mailing list has been started. The charter indicates that it will be discusses the "virus in the unix environment". This may, of course, be aimed towards anti-virus developers who are now supporting code to run on Unix and Linux systems and find Windows or MacIntosh viruses. Although not theoretically impossible, it seems unlikely that a mailing list could keep active talking about Unix-based viruses ... Also note that the URL provided for the list was incorrect. An update, posted later, indicated that the website for the mailing is http://virus.beergrave.net/.

Events

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Debian Alerts
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

• After many years, PCMCIA support has been integrated into the mainline kernel. At this point the structure is there, but most of the actual drivers themselves are not. It will take some adjustments to each driver to make it work in the new integrated scheme; David Hinds, master of PCMCIA, has requested that people not jump in and start converting individual drivers until he has figured out a consistent and sustainable way of doing the work.

• The Direct Rendering Manager (DRM) has also been put into the kernel. DRM is the kernel-level support needed for the Direct Rendering Infrastructure (DRI), which will be part of XFree86 4.0. Essentially, DRI pushes the handling of three-dimensional rendering into the X server. The server, in turn, can take advantage of the rendering capabilities provided by the video hardware. The result should be secure access to low-level hardware and screamingly fast 3D graphics. More information on DRM can be found on the DRM design document; DRI in general is discussed in this document.

All of the above, however, was overshadowed by the other news: the 2.3 feature freeze is now in effect. Linus announced his intention to get the freeze off to a solid start by taking a two-week vacation, and dumping all of his mail when he gets back. So there is no point in even trying to get him to incorporate new features into the system.

The plan is that the freeze turns into a hard code freeze in a couple of months, with a release still set for the end of the year. Maybe we really will have a "stocking stuffer" kernel for Christmas this time around.

Alan Cox has restarted his "ac" kernel patch series in the hope of having a coherent set of fixes to pass to Linus after the vacation. The "ac" series is intended to only include patches which fit within the feature freeze constraints, so there will be no exciting new features found there. The current patch of this writing is 2.3.18ac5.

The current stable kernel release remains 2.2.12. Alan Cox is active in this field as well; he has a 2.2.13 prepatch up to version 8. Alan's stated intent is to try to make a "rock solid" 2.2.13 - something which would certainly be much welcome in the user community. If that works out, then 2.2.14 can get the knfsd patches (discussed last week).

Low latency and multimedia applications. Paul Winkler pointed us this week at Benno Senoner's low-latency mini-howto out there on the web. Latency, in this case, is the period of time that an application has to wait to get access to the CPU when it has something to do. Multi-user operating systems have tended to have relatively long latencies, making it hard to run applications that must respond to events within one millisecond (or less).

Benno has recently posted some results from his latest tests, which incorporate the work of, primarily, Ingo Molnar. His results: sub-millisecond response times are now possible with Linux, and even the longest latency (500 microseconds) looks like something that should be fixable, once somebody can figure out what is going on. The end result is that Linux is well on the path toward becoming a solid multimedia platform, without the need for real-time hacks and other trickery.

Other patches and updates released this week include:

• A patch to MTRR by Zoltan Boszormenyi to make it work properly on Athlon and Cyrix processors.

• Devfs v121 from Richard Gooch. Richard also put out Devfs 99.5, which is a backport of the latest devfs to the 2.2 kernel.

Section Editor: Jon Corbet

For other kernel news, see:

• Kernelnotes
• Kernel traffic
• Kernel Newsflash

See also: last week's Distributions page.

Distributions

Time for this week's new distribution: Armed Linux has made its existence (and a beta version) known. Their plan seems to be to create "the easiest to use distribution" for first time users. "Armed Linux, a small group of professional developers, has experience in software and web design and support. Currently unfunded, they are open to offers for venture capital."

Caldera

InfoWorld ran this story about the release of Caldera OpenLinux 2.3. "The new version allows corporate IT shops to carry out remote mass installations, and has all of its new features tested for the year-2000 changeover."

On the downside, Erik Ratcliffe, from Caldera Systems, dropped us a note to point out that their User to User Forums are curently off-line due to a major hardware failure on their mailing list server. They hope to have the system back up and functioning by mid-week. A check on the site prior to publication found no new information.

Complete Linux

Corel

Debian

Good progress on GNU/HURD has apparently been made over the last week, with over 44 updated packages going in.

Meanwhile, that's having an impact on other Debian development discussions. For example, it has been proposed that Debian move to GRUB for the default boot loader. Pros and cons of the issue were discussed, with no final decision. Check the the Debian Weekly News for September 14th for more details.

DemoLinux

LinuxPPC

Mandrake

Red Hat

Slackware

SuSE

Yellow Dog

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Lists of Distributions
Kernelnotes
Woven Goods
Known Distributions:
Apokalypse
Armed Linux
Bad Penguin Linux
Bastille Linux
Best Linux (Finnish/Swedish)
Black Cat Linux (Ukrainian/Russian)
Caldera OpenLinux
CCLinux
Chinese Linux Extension
Complete Linux
Conectiva Linux (Brazilian)
Debian GNU/Linux
Definite Linux
DemoLinux
DLD
DLite
DLX
DragonLinux
easyLinux
Enoch
Eridani Star System
Eonova Linux
e-smith server and gateway
Eurielec Linux (Spanish)
eXecutive Linux
floppyfw
Floppix
Green Frog Linux
hal91
Hard Hat Linux
Independence
Jurix
Kha0s Linux
KRUD
KSI-Linux
Laetos
LEM
Linux Cyrillic Edition
LinuxGT
Linux-Kheops (French)
Linux MLD (Japanese)
LinuxPPC
LinuxPPP (Mexican)
Linux Pro Plus
Linux Router Project
LOAF
LSD
Mandrake
Mastodon
MicroLinux
MkLinux
muLinux
nanoLinux II
NoMad Linux
Peanut Linux
Plamo Linux
PLD
Project Ballantain
PROSA Debian GNU/Linux
QuadLinux
Red Hat
Rock Linux
RunOnCD
ShareTheNet
Skygate
Slackware
Small Linux
Stampede
Stataboware
Storm Linux
SuSE
Tomsrtbt
Trinux
TurboLinux
uClinux
Vine Linux
Xdenu
XTeamLinux
Yellow Dog Linux

See also: last week's Development page.

Development tools

Java

An interview with James Gosling, the "father of the Java programming language", according to the article, contains some interesting comments. On the question of whether Sun will ever make the Java code open source, he says, "It's unlikely that we will go totally open source in the way some people use that phrase. We're pretty close to it. The main issue for us is that one of the real strengths of Java is that it's a very strong cross-platform. We try to make it as free as possible but still enforce interoperability.

On the other hand, when the question of Java on Linux came up, he pointed the finger back at the Linux community for the problem. "he inter-operability problems with Linux are just horrible. You have to be excruciatingly careful because all the different flavours of Linux are all slightly different."

When these comments were mentioned on the java-linux mailing list, the reaction was mostly puzzlement. To the best of the knowledge available, the problems with the current Java port have nothing to do with differences between Linux distributions. Cees de Groot commented in this posting, "Well, he's right that it is horrible, but not right about the reason. The port is hard because of differences between Solaris and Linux (threads, signals, X11, SMP, stuff like that - it's a horrible mix). The differences between Linux glibc releases are there, 2.0, 2.1 and 2.1.2(?) are binary incompatible, but as far as I can tell these differences are actually due to support for the stuff that the JVM needs getting better."

Perl

Python

Tcl/tk

Section Editor: Liz Coolbaugh

Development projects

Both the GNOME and KDE weekly reports are on hold for the next week, so expect double reports next time around. In addition, with the hurricane hitting North Carolina, many websites supported by Red Hat were down while this issue was being developed, so news from those projects may be missing or behind. We'll try to get caught up next week.

AOLserver

Gnome

High Availability

Maintenance of the Linux-HA FAQ has moved over to Volker Wiegand, as noted in this note from Harald Milz, the former maintainer.

Slides from Lars Marowsky-Bree's talk on LVS, given at the Linux Kongress '99, are now available (in MagicPoint format).

KDE

The second annual KDE Developers Meeting has been announced for October 7-10 at the University of Erlangen, in Germany. Caldera Systems and SuSE are sponsering the meeting.

Midgard

Mozilla/Netscape

• Building Web Content, Applications, and Services with Mozilla and W3C Standards
• Enhancements to the Mozilla Plug-in API
• Embedding Gecko into Software Applications

MozillaZine has a report up from the Jazilla project, which, you may remember, is building a Java-based version of Mozilla. Matthew Schmidt reports, "In the last few months, Jazilla has gained speed has the programmers that were involved have regained interest in light of recent motivation and some new interest in the project. Work has begun on an open source pure Java renderer, but the project needs help. Anyone with experience on the Swing Text package or the Swing HTML package is definitely wanted, although we will take anyone who wants to help."

Wine

Since the latest snapshot still dates back to August 15th, the news this week focuses on development, including a port to BeOS, integrating the OpenGL libraries with Wine, and thread safety. One piece of good news: Ove Kaven received $600 in funding from CoSource and with it, has started development on the 32bit Winsock, very good news since the current Winsock "is still from the Win16 days".

Zope

A Zope Birds of a Feather session is being planned for the Atlanta Linux Showcase next month.

Check out this week's Zope Weekly News for other Zope tidbits.

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

It thus appears that 3Com has understood an important point: if their hardware works well with Linux, then Linux users will buy their hardware. The value of their software is in its ability to bring about hardware sales; thus it makes complete commercial sense for them to release it under a license like the GPL. (Using the GPL in particular, of course, will enable the driver's inclusion into the mainline kernel).

Cobalt Networks files for IPO. VA Linux Systems was supposed to be the second Linux IPO, but Cobalt quietly slipped in and announced its own while nobody was looking. They hope to pick up $86 million - about the same amount Red Hat went for. Unlike Red Hat, however, Cobalt has lost quite a bit of money - $22 million thus far. Getting started in the hardware business is hard.

Gluttons for punishment can read through Cobalt's S-1 filing describing the IPO. Some items of interest found therein:

• They plan to reincorporate as a Delaware corporation. Delaware, of course, has more corporate-friendly laws than the other American states.

• In their risks section, one of the hazards they mention is that Linux could go proprietary.

• They list their use of open source software (Linux) as one of their big advantages, bringing more third-party applications, lower costs, shorter development cycles, and better application integration.

• They also list their web-based administration software as an asset, and note that it is proprietary software. They also list proprietary clustering software. Open source only goes so far.

• Cobalt currently has 101 employees, 34 of whom are in research and development.

• Significant (more than 5%) Cobalt stock is already held by numerous people, including many of the management team and several venture capital firms.

Another Linux print magazine is coming: Maximum Linux has announced its existence and its plans to start with a 100,000 copy run. They will also be bundling a CD with Linux-Mandrake 6.0. Version 6.0 is already obsolete, of course, but that is the print business.

One wonders how many print magazines the Linux community can support. The Linux Journal and Linux Magazine are already out there and established. The major trade publishers have yet to get into the act, but they can be expected to as soon as they see enough money there. Some sort of shakeout in the Linux magazine business seems almost inevitable sooner or later.

Press Releases:

Hardware:
• Aplio, Inc. announced its first IP Phone appliance, Aplio/PRO, for the SOHO and small business market. The Aplio/PRO is an embedded-Linux Internet Telephony device.

• Arco Computer Products, Inc. announced the DupliDisk RAIDcase, a real-time backup device that offers PC users a way to maintain a duplicate of their IDE hard drives.

• Ariel Corp. announced plans for its POP Culture Celebration at N + I. Several of their Linux systems will be showcased.

• BlueSteel Networks, Inc. announced the uBSec 5501 security processor. Developer support for the 5501 will include a PCI compatible board and Linux driver.

• Brooktrout Technology announced support for the Linux operating system on their TR114 Series intelligent fax and voice boards.

• CoolKeyboards Corporation has announced a keyboard developed explicitly for Linux. Its main feature seems to be that the Windows logo on the modifier key in the bottom row has been replaced with a penguin...

• IBM announced several new RS/6000 computers. The RS/6000 B50 comes with a choice of operating system, including AIX or Linux, and all the new RS/6000s can run Linux applications.

• LAND-5 corporation has announced a new set of RAID arrays aimed at Linux users.

• Motorola Computer Group announced that its Linux-based embedded computing platforms now ship with the newest version of Caldera Systems' OpenLinux.

• Phobos Corporation says their IN-Switch PCI card running on Red Hat 6.2 Linux out-performed the Alteon WebSystems' ACEswitch 180 Plus.

• Try the ProSyst EnterpriseBeans Server and win a PSION Series 5mx Pro palmtop computer in this offer from ProSyst.

• Quicknet Technologies launched an Internet network telephony card that supports Windows and Linux at Networld+Interop.

• Quicknet Technologies announced the Linux-compatible Internet PhoneJACK-PCI.

• Rebel.com has announced a deal with KASAN Electronics to market, distribute, and support the Netwinder in the Pacific.

• TheLinuxStore.com announced that they are offering the Element-L Ion system, pre-loaded with Red Hat Linux 6.0, for $399.

  Software:

• 3dfx Interactive Inc. announced it is making next-generation graphics technology available to software and hardware developers in a free, open-source format. This software makes texture compression technology available for a wide varitey of platforms, including Linux.

• Cobalt Networks has announced its Solutions Directory - an online list of applications for their (Linux-based) servers.

• Common Programming Interface (CPIX) Forum announced that it has been established to develop open standards that make it easy to write software that runs on communications processors from many vendors.

• Dot Hill Systems Corp. announced SANpath 2.0, a member of Dot Hill's suite of SAN management software products. Linux versions are available.

• Hummingbird Communications Ltd. announced the availability of Version 6.2 of Exceed, Exceed XDK, Exceed 3D, HostExplorer, NFS Maestro Client, NFS Maestro Server, NFS Maestro Solo and NFS Maestro Gateway. New in V6.2 - expanded access to Linux servers.

• Instant Video Technologies will showcase the Linux port of its video and audio delivery system, Burstware, at Networld + Interop.

• The folks at Loki Entertainment software have released the "SDL motion JPEG" video package under the LGPL.

• NetBeans and Tendril Software announced the joint availability of their integrated modeling and development solution.

• Peregrine Systems, Inc. announced it will offer Linux support for several of its product suites.

• SCH Technologies announced that its library integration software, SRI (Standard Robotic Interface), is now available for Linux environments.

• SLMsoft.com Inc. released its flagship product, ESP-Link/Financial Transaction Solution, and its Internet banking solution, ESP-Link/Virtual Financial Solution, on the Linux operating system.

• Sony Computer Entertainment Inc announced the release of software development tools designed to support content creation for PlayStation2. The tools can be used as a Linux-based workstation enabling developers to create graphics in the PlayStation2 development environment.

• Unify has announced the availability of its "eWave Engine" and "WebNow" products for Red Hat 6.0.

• Vixel Corporation announced SAN InSite version 2.2, a Java edition of their management software.

  Other:

• 32BitsOnline and O'Reilly and Associates announced that they are joining forces to giveaway books to the Linux and Open Source community.

• Andover.Net announced it has completed hardware upgrades to Slashdot and Freshmeat, Linux news and resource sites.

• Cyber Station of Victoria announced it has incorporated CSV Technologies Inc. This development marks the next step in the company's expansion to its internet cafe business to include software development.

• eSoft Inc. announced the completion of its merger with Technologic Inc.

• eSoft Inc. announced at Networld + Interop, a new product roadmap. Linux is the core of the new product strategy focusing all new product development on Red Hat Linux.

• LinuxForce Inc. completed the design, construction and installation of a high-end file server as the first step in the migration of Spanco to Linux-powered computing systems.
• Red Hat has announced the opening of training offices in San Francisco and Santa Clara.

Section Editor: Jon Corbet.

See also: last week's Linux in the news page.

Linux in the news

Upside Magazine interviews Bruce Perens. "With the Internet, we're as powerful as political lobbies used to be. We have the power of the press. We don't need the New York Times to print something to get people to hear about it. Let's build on it. I'm just trying to turn that power onto things that hackers don't traditionally like."

Thresh's Firingsquad, a gaming site, ran this introductory article which is long and quite positive. "The three biggest draws to Linux are it's stability, versatility, and raw performance. When compared to the OS's most people are used to, Linux is an extraordinary stable system." (Thanks to John Thacker).

The Red Herring looks at Red Hat's stock price. "Red Hat's success means that Linux could now be safe for corporate America, and Linux products will no longer be whispered about in wired closets but openly discussed in corporate boardrooms."

See also: this Washington Post article about V-One's stock. "It used to be that the word 'Internet' was what it took to blast a stock into outer space, but this week it was 'Linux' that sent shares of V-One Corp. rocketing like the World War II buzz bomb of that name."

Hmm...it must be about time for another one of those "free software as communism" articles. This one is in Salon Magazine. "But Barbrook's analysis does jibe well with fears expressed by some software programmers concerning the possibility that free software could prove to be an economic disaster for the software industry. As these programmers see it, the GNU General Public License that ensures that source code to GPL-protected programs will always remain free is a real-live communist virus designed to wipe out profitability in the software biz."

Cobalt, Unify and Other Stocks:

Here's a News.com article about Cobalt's IPO filing. "Cobalt's IPO filing puts the company a step ahead of VA Linux, another manufacturer of Linux computers. VA's chief executive, Larry Augustin, predicted in August that his company would be the second Linux IPO after software seller Red Hat." (Thanks to Cesar A. K. Grossmann).

Inter@ctive Week ran this article about Cobalt's IPO filing. "Besides counting on Linux's popularity surge, Cobalt is trusting the validity of Dataquest's predictions that the server market will grow from 1999's 2.2 billion to $15.8 billion by 2003."

CBS Marketwatch looks at Unify's stock price. "The Linux party was in full swing when Unify decided to arrive fashionably late. Shares of Unify (UNFY: news, msgs) soared 21 percent when news of an extended relationship with Red Hat hit the tape."

E-Commerce Times looks at Unify's latest announcements and partnership with Red Hat. "The move, which builds upon a strategic developer partnership established in May, will allow users of Unify's eWave Engine and Unify WebNow! to tap into the power of open-source through Red Hat Linux 6.0 package. The two companies, according to their original agreement, will also be developing co-marketing initiatives."

The Rocky Mountain News looks at eSoft's stock price. "ESoft Chief Executive Jeff Finn said investors are probably eyeing his company as an inexpensive Linux play. 'Brokers and investors have started looking for alternatives in the marketplace since stocks like Red Hat have become so expensive,' Finn said."

Reviews:

TechWeb looks at Compaq's new thin client systems. "The desktop system will be available in the fourth quarter, with two models, one running Windows CE and another running Linux. The Linux system will be designed for users who require a browser resident on the thin client itself, rather than the Windows NT server.... The Linux model will also be designed for users who desire a product without the taint of Microsoft." (Thanks to Martin Eskildsen).

Computer Reseller News looks forward to the 2.4 kernel. "These developments, made possible by kernel improvements, likely will help dispel the notion that Linux is not ready for corporate prime time, advocates hope."

Sm@rt Reseller looks at operating systems for the Merced processor and concludes that nothing will be ready for a while. "Once Intel lifts its Merced nondisclosure agreements, Trillian plans to put the entire IA-64 Linux source tree on the Web. Then the group will approach Linux founder Linus Torvalds about including its work in the next Linux build."

Here is a lengthy review of VA Linux Systems' VARServer S3500e system in Performance Computing. "VA's technical support proved to be excellent. We really tested out VA's support-because of a glitch, the company shipped a misconfigured system. The S3500e systems come with Linux preinstalled, though, so most users won't have to deal with any of this."

Linux and the US Federal Government:

Here is (until it moves) the Federal Times story about how the U.S. government is going to look into ways to better use free software and diversify away from Microsoft products. "Linux, an open-source operating system similar in functionality to Microsoft Windows, is being given serious consideration as an alternative for government computer users, the official said. Access to the Linux source code 'gives us some confidence,' the White House official said, adding that it simplifies patching security breeches and correcting routine errors."

Linux grabbing more federal biz says Federal Computer Week. "In one of the first public pronouncements by a government official of the advantages of Linux, Przemek Klosowski, a scientist at the National Institute of Standards and Technology, said the history of Linux - a 1960s-vintage operating system - shows that it has made a 'sneaky entry' into the government." Sneaky indeed, if it has been there since the 1960's...

See also this OS Opinion editorial on the subject. "Uncle Sam dropped a bombshell this weekend on the Internet. An article from the Federal News web site publicly told Microsoft that its software was expensive, its OS was buggy and both were as secure as a porcelain piggy bank with a cork in its belly."

The Linux Revolution:

Money's to be made in the Linux revolution says the Globe and Mail. "Now, many people are eager to discount the potential of Linux to create wealth because it is obtainable for free and isn't owned by a person or company. I beg to differ: The massive global adoption of Linux under way throughout many sectors of the high-technology community means there's plenty of money to be made, even as its fundamentally free philosophy remains intact." (Thanks to Peter Koster).

Here's a Computer Reseller News article about Gateway's entry into the Linux systems market. "[Gateway manager] Berger left open the possibility Gateway would offer other vendors' Linux operating systems in the future. 'At this stage, we're concentrating on Red Hat,' he said. 'That brand, that company, has a leading market share, and market momentum. But if that changes, we could work with someone else in the future.'"

Also in Computer Reseller News: this look at SGI's future. "One move illustrative of the new Silicon Graphics is its contract to provide a 128-node Linux cluster for the Ohio Supercomputer Center, Columbus, Ohio. The system will be preloaded with SGI Linux Environment with Red Hat Linux 6.0 on an SGI 1400L server."

From PC Week: Linux enters adolescence. "The outlaw operating system that was developed by geeks with too much free time on their hands is perched on the edge of the invisible dividing line between its early-adopter childhood and late early-adopter adolescence. Corporate IT managers no longer risk their jobs by admitting publicly that they are testing Linux--maybe even deploying it in some back-room application."

ComputerWorld ran this article about the pros and cons of open source software in business. "Hazier future: Software developed by a consensus of part-time programmers is unlikely to ever have the razor-sharp focus on the future that you'll get from a company like Microsoft Corp. Open-source software tends to follow trends: As developers find a use for something, they add the code. Commercial software can help define trends by creating uses and anticipating problems before customers even know they exist."

Red Hat:

Red Hat's Japan office wants to make $9 million in sales its first year, according to this AsiaBizTech article. Given that the U.S. office sold just a little more than that last year, they are being ambitious. "However, at a press conference, there was no concrete explanation about the business plan, nor were questions regarding the amount of capitalization and other aspects of business management answered."

PC Week interviews Red Hat's Bob Young. "This term "Linux community" and the implication to outsiders that the community is cohesive -- it has never been cohesive. It is, far and away, the most argumentative, acerbic group I have ever had the misfortune to be a part of. But don't get me wrong. That has been good for the technology. It's a community that values the truth and values engineering excellence over marketing and compromise."

Finally:

21st Century Penguin (aka LinuxPower) presents Making Movies with Linux, Part 5, which deals with adding sound to video clips.

Time speculates on what Transmeta is doing. But they don't know any more than the rest of us. "Like many start-ups, Transmeta has no announced products. But unlike those other IPO-seeking missiles, it has never issued a press release. Nor does it have a p.r. department. No one even knows how many people work there. Or what they're working on."

Michael Dell says that NT will prevail over Linux, according to this article on IDG.net. "'I don't think it will happen,' responded Dell, when asked when he thought the much-talked-about Linux operating system will ship in more Dell servers than Microsoft's NT." (Found in NNL).

Nicholas Petreley gives a possible future for the proprietary software business as a mafia-style protection racket in this InfoWorld column. "The best way to illustrate how this works is through a sample sales pitch. Imagine being paid a visit by a rather large fellow (about the size of a minivan) in a dark suit with a white tie. He opens the conversation with, 'The Don gives youse guys his sincerest regards and wants to know how his software is working for your business.'"

PC World ran one of those "live a week without Windows" experiments. "For a week, I created and edited files using StarDivision's free StarOffice 5.1 suite (with word processor, spreadsheet, and more), browsed the Web and sent mail with Netscape Communicator, and even played Quake II. But I couldn't quite cut the umbilical cord to Redmond."

Here's a free version of the Wall Street Journal article about FreeBSD. "BSD buffs like to think of themselves as a slightly more grown-up version of the 'open source' movement, which distributes underlying programming instructions so users can study and modify software. Although Torvalds has full control of Linux, for example, FreeBSD is overseen by a 15-person group called the 'Core.' What's more, the various BSDs say that their software, by virtue of its head start on Linux, is more mature and stable." (Thanks to Paul Dickson).

The Washington Post has this article about the Microsoft trial. The Linux Defense is back... "A Microsoft attorney said the company will point to the remarkable financial success of Red Hat Inc., a leading vendor of the upstart Linux software operating system. Red Hat stock has soared from $14 on its first day trading last month to close Thursday at $123.25." (Thanks to Dan York).

Why I hate Linux is the title of the latest troll in osOpinion. "I took a big step back, and realized that if all code was free, no programmers would eat, or at least very few of them would. Of course, thinking thoughts like that is unacceptable, and may be cause to put on your asbestos suit because if you challenge the Gnu Public License, the flames are going to get you."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

The Cash and the Calling is a paper by Brian Marshall which looks at the development of commercial artificial intelligence applications. He concludes that a hybrid approach - where parts of the system are developed in an open-source mode - could work well in this realm. "Programmers with a calling and/or a desire to make a name for themselves will do original research, write new open-source software and start open-source projects. Much unconventional thought will be brought to bear on various problems in artificial intelligence.... the effect of the open-source movement on the state of the art of AI may be the next great thing that happens in the world of computers."

Events

Linux Demo Day in Toulouse, France will happen on September 18. Details in the announcement, which is in French.

An installfest at will be held in Sergipe, Brazil on October 3. See the Linux-SE web pages for details.

Web sites

User Group News

Linux Install Fest at Sergipe-Brazil
Finally, after the success of the first, the 2nd Install Festival is going to be done. It is going to take place in a hotel, in Aracaju-SE, on October 3rd 1999. The event is promoted by Linux-SE, which is a Local Linux User Group. More information on http://www.linuxstart.com/~linux-se/

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

The Linux Bulletin Board is set up to host Linux-related discussions on a number of topics. The number of messages thus far is low...let's see of LWN readers can stir things up a bit for them...

Section Editor: Jon Corbet

Letters to the editor

To: letters@lwn.net, gnu@toad.com
Subject: Debian FSG vs. DNS Security license for BIND
Date: Thu, 09 Sep 1999 23:22:22 -0700
From: John Gilmore <gnu@toad.com>

As the person who negotiated the DNSSEC license that permits BIND to
use patented RSA technology, let me clarify the intent involved.
Debian is free to put in as much effort as it wants in eliminating
this 'DNSsafe' code, but I believe it won't exist in BIND after the
patent expires in October 2000 anyway.  I therefore suggest living
with it for a year as the easiest and most beneficial course.

The reason the BIND authors licensed the code, and the reason RSA
licensed them to use it, was for the mutually beneficial purpose of
jump-starting a public key infrastructure centered on the Domain Name
System.  Debian should not undermine this goal if it can see a way
to support it.

The DNSsafe code is copyrighted by RSA and requires custom licensing,
unlike the rest of BIND.  If the BIND authors continued to use the RSA
code in BIND even after the patent expired, it would make BIND
distribution and maintenance more cumbersome.  They are far more
likely to replace it with code that is unencumbered.

Debian contributors could perhaps best use their time by writing a
free, compatible, and extremely fast replacement for this code.  This
would provide ISC with a ready-made free alternative as soon as they
are released from having to license the patent.  Given the US Commerce
Department's erratic interpretation of the export regulations, I
recommend having a non-US contributor write it, even though the
regulations make it clear that authentication code is not covered by
US export controls.  (An earlier prototype of BIND that used RSAREF
for authentication was denied access to the authentication exemption;
this denial was administratively appealed by Hugh Daniel, the
applicant, and is awaiting a determination from the US Bureau of
Export Administration.)

As a firm believer in free software I don't want Debian to undermine
their stand for freedom.  The question at hand is what's the best
response when the unfree code is temporary.

	John

From: "David Jao" <djao@sc-24018.fas.harvard.edu>
Date: Thu, 9 Sep 1999 03:44:40 -0400 (EDT)
Subject: Caldera and GPL
To: hoserhead@bigfoot.com


> Caldera says "Ok, if you want to get your hands on this CD you've
> got to sign this piece of paper which says that you have decided to
> not exercise your rights under the GPL

Section 6 of the GPL (attached below) states very clearly that under
no circumstance may Caldera impose _any_ further restrictions on the
end-users rights under the GPL, even if the end user has signed a
document permitting Caldera to do so. The end user has no legal
authority to give up their end-user rights. Those rights are mandated
by the original licensor (i.e., the software author), and only the
original licensor of the software can give permission for Caldera to
restrict those rights.

>   6. Each time you redistribute the Program (or any work based on
> the Program), the recipient automatically receives a license from
> the original licensor to copy, distribute or modify the Program
> subject to these terms and conditions.  You may not impose any
> further restrictions on the recipients' exercise of the rights
> granted herein.  You are not responsible for enforcing compliance by
> third parties to this License.

The end user can certainly agree not to sue for their rights, but the
original licensor is under no such restrictions. No matter what the end
user has signed, the original licensor of the software could sue
Caldera, and would have a pretty strong legal case.

-David

Date: Thu, 09 Sep 1999 13:51:45 -0600
From: Bruce Ide <nride@us.ibm.com>
To: letters@lwn.net
Subject: Security and Kernel Modules

Please note that at the time the kernel module is installed, the
intruder already has root access to your system. I think a bigger issue
is the simplicity of obtaining root access once you've compromised a
user account. In my humble opinion, distribution maintainers are far too
free with those setuid bits. Packages requiring setuid access to the
system should undergo thorough and documented third party source code
auditing, as should the C library itself and any other components that
the setuid package relies upon directly. Closing the buffer overflow
hole would be a huge step in the right direction too, perhaps through
the implementation of something like the Linux-Privs project.

No one takes security seriously enough and I believe that a major
disaster is going to be the result of this lazyness. I'm not talking
about just Linux either. Will it take a bank losing several billion
dollars or some group shutting down a huge portion of the nation's
electrical grid before we start taking security seriously? Will we take
security seriously even if that happens? It's only a matter of time
before something like this happens, and I only hope there won't be a
huge loss of lives in the process.

As far as kernel modules go, perhaps some mechanism could be put in
place to allow cryptographic signing of the modules and the execution of
only signed modules. Of course, this would be pretty difficult to
implement given the US Government's asinine stance on crypto but I'm
sure our friends in free countries like Finnland or Russia could come up
with a set of patches that could be downloaded and applied to a kernel.

-- 
----------------
Bruce Ide
nride@us.ibm.com

To: "LWN letters" <letters@lwn.net>
Date: Thu, 09 Sep 1999 10:15:33 -0700
From: "   " <lkollar@my-Deja.com>
Cc: 
Subject: Kernel feature thrashing

> The natives on linux-kernel are starting to get
> restless. These patches are considered necessary
> by many just to get a working system. Why do they
> not find their way into the mainstream kernel?

That's a valid question, but IMHO another question that should be asked is
"are people upgrading because they have to, or because a new version is
out?"

One of the reasons people use Linux and other open-source software is to
step off that "upgrade treadmill." Why apply that commercial-software
thinking here? If the kernel you're using does the job you need, maybe you
should consider keeping it until you have a good reason to upgrade --
especially if you have to hand-patch in features you consider essential.

Old habits die hard, I guess.

I guess the anti-Linux camp will have a field day with this issue. I can
see the quotes now: "Linux is having growing pains" or "Linux is collapsing
under its success" or "Linux failures underscore need for commercial
support." Yuuuuuck-o. All this <b>really</b> means is that Linux users
should examine their needs and determine whether a new kernel release meets
those needs before upgrading. (If you want to be a guinea pig to help the
cause, that's a different story.)

After all, it's not like you won't be able to find working software just
because you don't have version 2.2.10 or greater. In fact, you could use
kernel 2.0.37 and not be left behind, except for a few specialized admin
tools. This <b>is</b> Linux we're talking about, not Windows.

	Larry "Dirt Road" Kollar

Date: Thu, 09 Sep 1999 10:13:04 +0200
From: Michael Thayer <michael.thayer@student.uni-tuebingen.de>
To: letters@lwn.net
Subject: New code in stable kernels

I can see that people are reluctant for major changes to be made in
stable kernels.  However the RAID and NFS problems might be solved by
creating a new stable line (something like 2.2b) when 2.2 has settled
down - a sort of "half major" release like Debian is planning.

Yours,

Michael Thayer

To: letters@lwn.net
Subject: User space utilities that depend on kernel version
Date: Thu, 09 Sep 1999 14:12:30 +0100
From: Andrew Stitcher <astitcher@orchestream.com>

It has seemed to me for as long as I have been using Linux (since 
0.99 and SLS days) that there is a problem in the way that utilities 
that are intimately bound up with the kernel are distributed.

There are quite a number of user space utilities that depend on a 
particular version of the Linux kernel to function and vice-versa for 
some things the kernel depends on the correct user space program - 
for instance update, insmod, ps, procinfo. mount and similar things.

As the kernel and these utilities can't really be separated it makes 
sense (to me at least) that they should all be distributed together 
and maintained in the same source tree, that is the kernel source 
tree.

If this were done the days of getting a kernel patch to fix NFS or 
RAID say and then needing to go search the web for the correct 
versions of the user space tools would be over.

What do other people think?

Andrew

Date: Sat, 11 Sep 1999 21:41:00 -0500 (CDT)
From: <surazal@is.toofarnorth.com>
To: letters@lwn.net
Subject: Thoughts on sort-of-open-source Star Office (long)


I've been brewing over this Star Office deal for a while and have come up
with some thoughts on the matter...

I've always had sort of an ambivalent attitude towards Sun the
corporation.  While they do produce some really good software (about an
order of magnitude better than MS's usual crud), and have played an
extremely important role in the Unix world, their political plays in the
free software world leaves me wondering.

Sun seems to want to have their cake and eat it too.  On the one hand Sun
played a key role in helping to legitimatize Linux in a number of ways.
They were one of the early players to join up with Linux International.
They sponsor an excellent service at http://www.sunfreeware.com by
providing packages for the GNU tools so that us poor saps who have to
administer Sun boxen don't have to recompile the tarballs all the time.
All this and many other "small favors" do add up in the long run.  But on
the other hand we got this SCSL thing: all the disadvantages of commercial
software combined with none of the advantages of free software.  Why?  Let
me elaborate a bit:

Back in the dawn of the century, there was a popular type of music called
Ragtime that was all the rage with younger folks (and was condemned as
Satan's music by some older folks :^).  If you actually took a close look
at Ragtime music, you noticed two immediately apparent things.  One, the
inherent structure of the music was hideously complex.  Two, all ragtime
tunes were hideously complex in a rather identical manner.  In other
words if you wanted to write a ragtime song, you had to follow some rules
that were set down in stone.  Ragtime did not entirely allow for a lot of
flexibility.

Needless to say, ragtime didn't last for very long.  For one, all the
songs sounded the same (go figure :^), and so it got a little old with the
listeners.  For another, song writers had mostly migrated to a new
type of music that was gaining ground: Jazz.  Jazz was nice in that you
could pretty do what you wanted to do.  Granted, there were some basic
rules you had to follow, but the flexibility of Jazz allowed it to survive
for nearly a century (and it's still going strong).  Similarly, Rock music
has the same sort of flexibility (more or less), and thus it too has
lasted decades longer than ragtime could ever hope to.

Which brings me back to the SCSL.  Now the SCSL is Sun's answer to free
software.  They say "We give you the source, but we control everything you
do, and you have to play by our rules."  Well, having rules is fine.  But
the restrictiveness of the license puts Sun's license in the same position
that Ragtime had when Jazz started to become really popular.  The GNU
license provides flexibility in that if, say, Red Hat ever decides for
whatever reason to drop GNOME, a group of developers can pick it up
and continue using it and working on it.  Not so with Star Office.  I am
at Sun's mercy, which is no better than being at MS's or AOL's mercy.
Heck I got into Linux because I was no longer shackled by what some
faceless corporation thought was best for me.

That's why I feel that Star Office, though it may end up being somewhat
successful, won't take the steam out of any free software office suite.
There's more flexibility and freedom over there.  :^)

Just like how I might be able to listen to a Ragtime song or two every
now and then, I'll pick one of the many flavors of Jazz that have come
down the pipe over the decades to listen to any day.

			- Dave Finton