Other stuff:
Contact us
Archives/search
Calendar
Linux Stocks Page
Daily Updates

Recent features:
- The Solaris Trap
- Donnie Barnes Interview
- Gaël Duval interview
- LinuxWorld
- Touchphone
- Linux Expo Paris
- Red Hat's IPO filing
- Eric Raymond interview
- Linux Expo '99
- Review: Red Hat 6.0
- The Mindcraft Report
- BitKeeper - not quite open source
- Alan Cox interview
- 1998 Timeline

Here is the permanent site for this page.

Leading items and editorials

What is really happening? Details at this stage are scarce, but a few things have come out. The code to Solaris will be released, but nobody has said just when. It appears that it may come out in a number of different pieces over a fairly long period of time. It is possible that some portions of the system may never be released, due to third-party licensing constraints or other reasons.

Since Solaris will be released under the SCSL, it can not be regarded as free software. The SCSL divides users into three different classes, and requires licensing fees for any sort of commercial use. It is not generally possible to pull pieces out of SCSL code to incorporate into other systems.

What is Sun trying to do? Clearly they are after some of the benefits of open source software, in that they would like external people to improve their operating system for them. They also probably want to keep current Solaris users from defecting to Linux. And, in fact, there are certainly Solaris shops out there that will benefit from the availability of the source.

Is this release good or bad for Linux? For the most part, it probably does not matter a whole lot. Solaris has not become an open source operating system, it does not have a Linux-like developer community, and is not likely to be a stronger competitor to Linux as a result of this release. The open source operating system landscape has not changed significantly.

Linux hackers may even benefit from seeing how things have been done in Solaris. It is, after all, a large example of the construction of a high quality Unix system. However...

Solaris source code presents a trap to unwary Linux hackers. Without care, licensing problems could rapidly turn into a legal nightmare for Linux developers and businesses. Please see our separate article, The Solaris Trap, for a discussion of how things could go wrong.

It must be Halloween again. Microsoft put up a page intending to address what it sees as "Linux myths". It is strongly written, and goes straight for the jugular.

Anybody who wondered if Microsoft was taking Linux seriously need only glance at this document. It is worth noting that it differs from some previous attempts by that company to attack Linux. This one is (relatively) well researched and well written. It is the product of a great deal of effort.

For a critical look at this document, please see our response. We had to conclude that it is not a fundamentally dishonest effort; it also will apply very poorly to the Linux of tomorrow. In the end, Linux is moving very quickly, and will overtake Microsoft's criticisms in short order.

And, of course, Microsoft passed over one of the most important points: freedom. They have no answer to the advantages that free software brings, so they simply do not bring up the issue.

There is a crying need for the Linux community to produce a similar document. It too must be well researched and well written, and it should make the Linux (and free software) case in a factual manner. The Linux case is strong, but, unless it is presented in a similar form, it will not be seen by many people trying to decide which system to use. The time has come for Linux to develop its own slick marketing materials.

(See also: responses by Martin Brooks, Martin Hebrank, Jamin Philip Gray, David Mentré, and Mandrake).

LinuxWorld Conference and Expo for Japan was held last week. Matthew Cunningham, from Linuxcare, was kind enough to forward to us his conference report. Linux is going to be big in Japan ... but also very different!

Next week, Atlanta! The Atlanta Linux Showcase will be held next week, in Atlanta, Georgia. The Linux Weekly News will be there, with a few firsts for us! We'll be there with our first booth (still have openings for a few volunteers ...) and our first official show page. Keep your eye out for the LWN/ALS Show Page, created in cooperation with the Atlanta Linux Showcase, which will feature information about the show, news updates and reports from the floor.

It will be a busy week, but we're very much looking forward to it. Keep your eye out for Liz Coolbaugh and Dennis Tenney, both members of the LWN team who will be present at the show. Liz will also be giving a talk on Thursday, October 14th at 11am on Linux Distributions, to which you all are invited, of course.

Inside this week's Linux Weekly News:

• Security: A "truly free" version of ssh?
• Kernel: Access Control Lists, coping with USB devices
• Distributions: Red Hat 6.1 released
• Development: The study of Mozilla becomes part of the college curriculum
• Commerce: TiVo joins the Linux Stocks Page, Linux in French Schools
• Back page: Linux links of the week, letters to the editor.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

What does "Secure" mean? A couple of new products showed up this month, both making claims to that word. The first, titled Secure DSL, made this editor wonder if perhaps an encrypted DSL line service was being offered. Closer perusal of the product description shows that it is simply the addition of firewalling capabilities: "The system works by securing each DSL line with network-based, packet firewalls, so precluding outside attacks." Now, firewalls are a good and necessary thing, but all the evidence of the past year clearly proves that they do not guarantee a "secure" line. With a starting price of $30,000 (aimed at ISPs), it is not a low-end solution, either.

The second product that caught our eye was the BRICKhouse from SAGE, a Linux-based web server appliance that they claim provides a "bullet-proof" web-site solution. This one was more interesting to examine. "BRICKHouse is a highly scalable Linux-based Web server that raises the standard on Internet security by incorporating an innovative approach to security called Process-Based Security (PBS)." By limiting access to files on a per-process, rather than per-user, basis, they believe they can prevent both malicious damage to the site and potential down-time. It is an interesting approach and deserves closer investigation.

Do watch out for the marketing, though! One person's "secure" is another person's "insecure". Stick with the rule that "security is a process, not a state". That said, if either product enhances your current security or addresses your needs, it will be worth a look (with a particular bias towards the Linux-based BRICKhouse :-).

In the on-going cryptography battles, the US Federal government has achieved one of their short-term goals, winning a new hearing on the issue of whether or not they have the right to regulate encryption, this time in front of an eleven-member panel of judges. "The existing regulations 'allow the government to restrain speech indefinitely, with no clear criteria for review,' said Judge Betty Fletcher in the 2-1 ruling. That, she wrote, prevents professors such as Bernstein from engaging in valuable scientific expression." Here's hoping that their new hearing only re-affirms the status of cryptography as a form of free speech.

ZDNet Labs admitted it was their choice not to apply security patches to the Red Hat system used in the recent PC Week challenge. LinuxToday waxed eloquent on that choice, which has called the integrity of ZDNet Labs into question, since they did choose to apply the latest service packs to the NT box.

Security Reports

mirror: The mirror package contains a perl script which is used to duplicate directory hierarchies across machines and is popular for maintaining "mirror" sites. A vulnerability in this package can allow a remote site operator to create or overwrite files on the local machine. Vendor fixes for this problem are starting to come in. Check below in the updates section for details.

mutt: A buffer overflow has been found which can allow someone to send an email message containing commands that are then executed as the user. An immediate upgrade to mutt 1.0pre3 is recommended. Several vendor updates have already come out; check below.

Updates

mirror updates:

• SuSE

mutt updates:

• LinuxPPC
• SuSE
• Yellow Dog

• Red Hat
• LinuxPPC

SuSE has released yet another new update to sccw, which fixes a vulnerability in this (setuid root) utility. Upgrades are recommended. Note that this is a different sccw update than the one that came out last week - more problems have come up since then.

Resources

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The "final" version of "The Wonderful World of Linux 2.4" has been released by Joe Pranevich. This documentdescribes the new features to be found in the upcoming stable kernel release.

Access control lists (ACLs) for Linux are one of the missing security features that Microsoft criticized in its "Linux Myths" document. ACLs allow for more control over file access by allowing the granting (or removal) of permissions to individual users and groups. In even slightly complicated situations, this kind of control over file access becomes important; that is why many operating systems have had ACLs for decades.

A number of ACL projects for Linux exist. Perhaps one of the most advanced is the Posix ACLs for Linux project, led by Andreas Grünbacher. This group has set out to implement ACLs conforming to the draft Posix standard. Their goals include the creation of an easy and well-defined framework so that ACLs can be added to any filesystem, the ability to support existing ACL structures in other filesystems (NTFS, AFS, etc.), and, of course, a stable ext2 implementation.

The Posix ACLs project has produced working code, but they have run up against a snag. Deep filesystem code like this requires a great deal of testing before one can even consider submitting it for inclusion into the mainline kernel. There just have not been enough people testing out the ACL code. Until people run it and find the problems, the confidence just is not there to press forward.

If you would like to help out with Linux kernel development, but have not been able to dig into the code, here is your chance. Grab the ACL patch, run it, and send your experiences back to the development team. With some help, this project can move forward and close up one of the big holes in the Linux security model.

USB device names and numbers are under discussion again. The Universal Serial Bus presents certain naming problems which stretch the Linux notion of devices toward the breaking point.

Allocation of device numbers is one of the problems that comes up. A typical /dev contains a lot of "devices" which do not actually exist on the system. The device major and minor numbers (and, incidentally, the names in /dev) have all been preallocated and are there waiting for the device to show up.

USB's flexible way of dealing with devices makes this static allocation hard to maintain. A USB port can contain up to 127 devices, and many systems already have more than one such port. Consider, for example, an ISP that would like to populate a system with dozens of USB modems. That actually looks like a reasonable and cost-effective way to set up a modem bank. But how can Linux allocate enough device numbers to accommodate that application while still allowing for all the other possible USB device configurations?

Clearly device management on the USB has to be a more dynamic thing. So, of course, some people immediately proposed devfs as the solution to this problem. The conversation then wandered into the usual devfs debate; we have been there before.

Whether or not devfs is involved, some sort of solution to dynamic devices needs to be found. The final solution is likely to involve some sort of hook into the kernel whereby a user-space daemon process is notified when a device is added to (or removed from) the USB. That process can then tweak things in /dev to its heart's content, taking into account any local policy (i.e. device permissions) that may be applied.

Another network security vulnerability was found this week by Andrey Savochkin. This one happens at the Internet Protocol (IP) level, and takes advantage of the fact that the generation of IP packet identifier numbers is done in a predictable way. Normally the ident field is used to properly reassemble fragmented packets, but a suitably sneaky adversary can use this vulnerability to slide in spoofed packets from another source.

There is still some discussion over the proper fix for this problem. Currently no exploits are known to exist.

Other patches and updates released this week include:

• PPSkit 0.7.2 by Ulrich Windl. PPSkit patches the (2.2.12) kernel to provide high-resolution timekeeping services.

• Speaking of devfs, devfs v122 was released by Richard Gooch.

• Pset 0.65 was released by Tim Hockin. Pset allows for control of CPU utilization on SMP systems.

• H.J. Lu has released knfsd 1.5.2.

Section Editor: Jon Corbet

For other kernel news, see:

• Kernelnotes
• Kernel traffic
• Kernel Newsflash

See also: last week's Distributions page.

Distributions

Expert Linux 1.0 was announced this week. This is a product, not a distribution, a version of Linux built on a CD to run directly from the CD. You can pop on over to Amazon.com for more information or to order it. Expert Linux is based on DemoLinuxand all bug reports, suggestions or contributions will be fed back to the DemoLinux project.

Conectiva Linux

Definite Linux

Debian GNU/Linux

Also reported this week was a new Debian SGML/XML HOWTO.

The debian-hurd Kernel Cousin for October 6th is available, with lots of nice detail on the development project for those of you who have been wondering how this project was going.

Linux-Mandrake

Red Hat Linux

From the LinuxViews mailing list, we found an excellent report on Red Hat 6.1. Some minor problems are mentioned, but overall the reaction seems pretty favorable.

Here is a round-up of the official press coverage:

First, the official announcement for Red Hat 6.1.

News.com reports on the Red Hat 6.1 release without going much beyond the press release. "Red Hat Linux 6.1 also provides customers with fast access to the latest software technology from Red Hat through the Red Hat Update Agent, an online customer service application for retrieval and management of software updates."

Internet.com reports on Red Hat 6.1. "Coming on the heels of Sun's recent decision to open-source its Solaris operating system, this latest version includes automatic software update notification, improved management and installation tools, and the Linux 2.2.12 kernel."

InfoWorld looks at Red Hat 6.1. "Responding to criticism from the Linux community at large about the difficulty many have in getting timely updates to the operating system, Red Hat is introducing the Red Hat Update Agent. The new software combines RPM package management technology with the inherent Internet capabilities of Linux so users can get continuous access to customized updates available across the Linux development community, officials said."

ZDNet looks at Red Hat 6.1. "But what will prove more interesting, if it works as advertised, is Red Hat's inclusion of Intel Preboot Execution Environment (PXE) 2.0 technology. PXE, as part of Intel's Wired for Management Baseline 2.0, is supposed to enable a network administrator to remotely configure systems, with a PXE complaint BIOS, from a bare hard drive to a functioning Red Hat system without lifting a finger at the local workstations."

Slackware Linux

SuSE Linux

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Lists of Distributions
Kernelnotes
Woven Goods
Known Distributions:
Apokalypse
Armed Linux
Bad Penguin Linux
Bastille Linux
Best Linux (Finnish/Swedish)
Bifrost
Black Cat Linux (Ukrainian/Russian)
Caldera OpenLinux
CCLinux
Chinese Linux Extension
Complete Linux
Conectiva Linux (Brazilian)
Debian GNU/Linux
Definite Linux
DemoLinux
DLD
DLite
DLX
DragonLinux
easyLinux
Enoch
Eridani Star System
Eonova Linux
e-smith server and gateway
Eurielec Linux (Spanish)
eXecutive Linux
floppyfw
Floppix
Green Frog Linux
hal91
Hard Hat Linux
Independence
Jurix
Kha0s Linux
KRUD
KSI-Linux
Laetos
LEM
Linux Cyrillic Edition
LinuxGT
Linux-Kheops (French)
Linux MLD (Japanese)
LinuxOne OS
LinuxPPC
LinuxPPP (Mexican)
Linux Pro Plus
Linux Router Project
LOAF
LSD
Mandrake
Mastodon
MicroLinux
MkLinux
muLinux
nanoLinux II
NoMad Linux
OpenClassroom
Peanut Linux
Plamo Linux
PLD
Project Ballantain
PROSA
QuadLinux
Red Hat
Rock Linux
RunOnCD
ShareTheNet
Skygate
Slackware
Small Linux
Stampede
Stataboware
Storm Linux
SuSE
Tomsrtbt
Trinux
TurboLinux
uClinux
Vine Linux
WinLinux 2000
Xdenu
XTeamLinux
Yellow Dog Linux

See also: last week's Development page.

Development projects

West Virginia University is using Mozilla for the basis of a class "to track and study the creation of a full-scale 'real-life' software project." For more information, check the reference on Mozillazine. This is a great idea and a great way to introduce students to the development of free software. As one person commented, think about working with your own alma mater to get such courses into place!

Apache and PHP came in for some praise in this Network Computing article on picking a web server to suit your needs. Platforms considered included Netscape, Microsoft and Apache. The article is well-balanced, acknowledging faults and accomplishments in each of the products.

Embedded Linux

Here are two sites that you may want to take a look at, for more information on Embedded Linux:

• EmbedLinux.net
• EMLAB

Gnome

High Availability

Midgard

For more Midgard News, check out this week's Midgard Weekly Summary.

Mozilla

MySql

Wine

And for even more Wine news, check out this week's Wine Kernel Cousin.

Zope

Squishdot 0.3.0 has been released. Squishdot is a Slashdot-like news site framework used at sites like Technocrat.

For a total wrap-up, check out this week's Zope Weekly News, from Amos Latteier.

Section Editor: Liz Coolbaugh

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
PHP
Wine
Zope

More Information
Freshmeat
LinuxDev

Development tools

Java

Perl

Python

Das Python-Tutorium, the German translation of Guido's Python tutorial, is now available in its finished state.

Tcl/tk

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

Linux in French schools. Jean-Paul Smets writes to us about the deployment of a Linux-based network in a school in Saint Dié, France. It is an interesting description of both the adoption of Linux in a public institution and the network architecture put together by the people at Linbox. Worth a read.

Selling Unix to suits Nicholas Carroll has written up a speech he uses to sell Unix (and Linux) systems to business customers. "You can try to sell them Linux right off, if you want. However, suits aren't into 'cool' much. They like established, accepted, winners. In the Internet, Unix is the winner. Linux is still a flavor coming into its own. If you want to pitch Linux, I think it makes more sense to make the Unix case first, and then pitch the Linux."

Siemens announces SAP R/3 benchmark record Siemens issued this release proclaiming its benchmark results with SAP R/3 on a Linux server. This claim has proved to be a bit controversial, since there is, in fact, an existing benchmark that got faster results on NT. The point seems to be this: the Siemens benchmark ran with R/3 4.0, while the NT benchmark used an earlier version. Apparently R/3 4.0 is somewhat slower than its predecessors, so lower benchmark results are to be expected. This issue will not be resolved until benchmarks with identical systems have been performed.

Linux banned from "large corporation". Here's an amusing (and disturbing) posting in the RISKS digest regarding "a large corporation" that banned Linux systems after a misconfigured Samba server created difficulties on their network. Of course, Linux has nothing to do with the problem...

The Computer Underground dumps Intel The Computer Underground, a vendor of Linux-installed systems, has announced that it will henceforth sell no more Intel-based systems.

Press Releases:

Hardware:
• Blue Disc announced a new 40GB DLTtape storage drive. Should work with a Linux system.

• Hewlett-Packard Company announced a $50 rebate on its thin-client systems, including the Linux-based model.

• IndyBox Systems announced they would be lowering the price of their AMD Athlon based 500MHz ~ 700MHz KA Series by 25%. Pricing begins at $1,000.00, with one of the many GNU/Linux distributions pre-installed and optimized with the latest stable kernel and X server.

• Sun Microsystems, Inc. has reduced the price of its Ultra 5 workstation. When coupled with the SunPCi PC co-processor card, the Ultra 5 offers the flexibility of six different operating environments in a single box, including Solaris, Windows*, and Linux.

  Complete Systems:

• Concentric Network Corp. unveiled ConcentricHost Managed Server Linux, a new dedicated hosting solution utilizing Cobalt RaQ 2 server appliances from Cobalt Networks, Inc.

• Cybernet Systems Corporation put out four seperate announcements describing its NetMAX software, which is meant to turn a Linux system into a "network appliance." The series includes web serving, firewalling, and file and print serving.

• SSE Telecom Inc. announced the iP3 satellite Internet gateway product line. The iP3 gateway is built on a PC platform running the Linux operating system.

  Software:

• Ariel Corp. released its "remote access driver" software for Linux under an open source license.

• ARPHIC TECHNOLOGY CO.,LTD. announced the release of 4 sets of True Type Fonts as Free Software.

• CRYPTOCard and Red Hat, Inc. announced the shipping of CRYPTOCard's CRYPTOAdmin 4.0 authentication server with the application CD that ships with Red Hat Linux 6.1.

• CSV Technologies Inc. announced the release of EZTerm 1.3 for the Linux Operating System Platform.

• Dirig Software, Inc. introduced Proctor 1.5, Dirig's software for managing client/server, distributed and Internet applications running on Windows NT, Solaris and Linux Server Environments.

• Enlighten Software Solutions, Inc. announced that EnlightenDSM Version 3.4 is available for download and supports TurboLinux Workstation Version 3.6. Downloads are available at www.TurboLinux.EnlightenDSM.com.

• Entera, Inc. announced the availability of a streaming server for (Red Hat) Linux which supports QuickTime 4.

• Hewlett-Packard Company announced availability of OpenMail for Linux with a promotional discount bundle.

• Informix Corporation presented Internet Foundation.2000 for Linux, an XML data-driven Internet application.

• Knox Software Arkeia software received the Editor's Choice Award for file storage and recovery from "LinuxWorld Magazine" at LinuxWorld on Aug. 10, 1999 in San Jose, Calif. For some reason they are just getting around to making a press release about it now.

• Lutris Technologies announced the inclusion of Enhydra 2.2, an Open Source Java/XML Application Server, on the Red Hat 6.1 Application CD.

• Macromedia, Inc. announced that it's Macromedia Generator 2 will be available for Linux in November.

• OfficeFree.Com, Inc. is offering the iConfigurator Suite of Internet Sales Automation tools for small to medium sized businesses who want to quickly create a Business-to-Business (B2B) e-commerce site. iConfigurator v1.0 is available for Sun Solaris, Windows NT and Linux.

• OpenNetwork Technologies announced the release of an extended suite of companion products to DirectorySmart that provides solutions for secure access control, PKI integration and communication management. DirectorySmart 3.11 is available now and runs on Windows NT 4.0, Solaris 2.6, Linux, Red Hat 6, and Caldera 2.2. It is compatible with Netscape's Directory Server 3.0, 4.0 and IBM's SecureWay Directory 3.1.

• Planet-Intra.Com announced that its Instant Intranet Portal is now available in 10 languages. The Planet-Intra software package runs on the NT and Unix -- including Linux and Solaris -- operating systems and is available through the company's website.

• Quantified Systems, Inc. announced the genesis of Return On Investment Reporting (ROIR) with e-Urchin, a built-in module in the Urchin 2.2 software. Urchin is available for most UNIX platforms including Linux.

• SuperAnt announced the Expert Linux CD which contains a live Linux filesystem that autoboots into a full version of Linux without using a harddisk. For more information and ordering goto s1.amazon.com/exec/varzea/ts/exchange-glance/Y01Y\6537598Y8342874/

• Tripp Lite says the Linux communitity has responded favorably to their decision to make it's PowerAlert Universal UPS Management Software available to Linux developers in an open source environment.

• VSI (V-Systems, Inc.) announced the latest version of VSI-FAX 4.0, now available for Linux.

• WebTrends Corporation announced a trial version of WebTrends Enterprise Reporting Server for Linux will be included on the upcoming server edition of Red Hat's Linux Applications CD (LACD).

  Web Sites:

• Aceweb Internet announced the launch of GameArchives.com (http://www.gamearchives.com), a computer gaming site featuring free downloads of the best games available for PC. All major platforms, including Linux, are supported.

• Computer Associates International, Inc. announced the availability of MasterIT for Content Management, CA's Web site and server management product. MasterIT for Content Management supports Web applications running on the Windows NT server platform, as well as all client and authoring tool platforms supporting Java II specifications -- including UNIX, Linux and MacOS.

• HiTecSoft Corp. announced that their Patchlink.com Portal Service has won the final round of Novell Developer Contest in Best Custom Internet/Intranet Services Category. Patchlink has all the commonly used patches for every popular operating system, including Linux.

• Jintek announced ScheduleOnline Intranet, a productized version of its group collaboration Web site, ScheduleOnline (www.scheduleonline.com). There is a beta version available for Linux.

• The NetAid Web Site was launched in the Philippines. The project will hopefully benefit poverty-stricken countries. The web site is powered by Red Hat Linux.

• Number Nine Visual Technology Corp. unveiled its new NINE.com online store. The new NINE.com website runs under Linux.

• ProVillage, Inc. introduced its business community portal solution at Fall Internet World '99. ProVillage runs under Linux.

• Up!Lot, Inc. announced today the launch of uplot.com, a virtual PC for users to store, edit, and share their files in a secure location on the Web. Up!Lot is designed on the Linux system.

• VServers announced the release of a free Web hosting and domain name parking service called DomainValet. VServers offers a range of Unix, NT, and Linux virtual servers as an alternative to buying and maintaining a dedicated server and Internet connections.

• WebLine Communications Corp. unveiled WebLine Media Router. Platforms supported include Windows NT, Sun Solaris and Linux.

  Other:

• Linux application software maker Applix, Inc. announced that it has chosen Frontline Now! to expand the Applixware presence in the retail, catalog, e-tail, corporate reseller and academic markets.

• BeLinked and X and Mail announced that they have entered into a marketing and product development alliance. BeLinked's web calendar, integrated with X and Mail's Xwebmail web-based client, platform is easily customized to fit specific business models, and supports Open Source systems including LDAP, Linux and Apache.

• Caldera Systems announced that OpenLinux 2.3 is the company's best selling product ever.

• DigitalThink announced the immediate availability of "Linux/UNIX Network Administration I," the latest course in the Linux/UNIX System and Network Administration Series.

• eSoft, a Linux thin server company, announced the completion of another round of financing.

• Linuxcare signs a deal with Inter Space Planning Corporation. ISP sells servers in Japan, and Linuxcare will now be supporting them.

• Magic Software announced a partnership with Red Hat which will include the release of the "Magic Enterprise Server" for Red Hat 6.1.

• National Semiconductor Corporation has appointed INFOMATEC AG / IGEL Technology Labs to serve National's Asia Pacific customers of its information appliance platforms.

• Oracle Corp. announced that with the immediate availability of Oracle Application Server 4.0.8., it is also launching a sales promotion aimed at former NetDynamics, Netscape and Forte application server customers. They say that the Oracle Application Server is one of the most popular products on OTN, amassing some 64,000 downloads in the past six months, and of those, 42,000 have been for the Linux operating system. This promotion will be available through Oracle's online store at oraclestore.oracle.com or from any Oracle sales representative.

• O'Reilly and Associates published "Learning Red Hat Linux," by Bill McCarty, a new beginner's book, and 'Practical Internet Groupware' by Jon Udell.

• Pinacor, Inc. recently signed new Apple-complementary suppliers to its list of partners. These new suppliers include Yellow Dog Linux by Terra Soft Solutions, Inc.

• Rare Medium Inc. announced it has opened a Java competency center in San Antonio.

• Survey.com and ENT magazine announced the "Linux and Open Source Software Research Initiative." They say they plan to produce a comprehensive set of reports on open source software. ENT, of course, is a Windows NT magazine... "The open source software market is currently experiencing tremendous growth, accompanied by a degree of zealotry and hype that is obscuring the real impact of this software licensing model on corporate IT."

• Tzolkin Corporation announced that it has joined Red Hat's developer partner program, and that its dynamic DNS implementation will be available for the Red Hat distribution.

Section Editor: Jon Corbet.

See also: last week's Linux in the news page.

Linux in the news

This article in Al Fasoldt's "Technofile" looks at Microsoft and how Linux is giving it grief. "Linux pushed Microsoft into the third phase. Suddenly we were able to see the emperor clearly, and we could see that he had no clothes. Nothing that Microsoft says seems believable any more. An operating system that cannot perform properly is not acceptable any longer. We have a choice."

Here's a Wall Street Journal article, via ZDNet, on Sun's plans to release the Solaris source. "Sun hasn't yet worked out the timing of the community source release of Solaris, which is likely to phase in over a long period of time"

LinuxToday talked with Michael Tiemann of Cygnus Solutions at the Embedded Systems Conference. "So Tiemann is saying that there is a big part of the embedded space where Linux as we know it will do just fine. Without any risk of fragmentation, Linux will scale down into all those cell phones, digital cameras, personal digital assistants, and set-top boxes that are complex enough to need software with two or more processes to run them."

Sun Solaris:

Here's a ComputerWorld article assessing the potential impact of the Solaris source announcement. "Ultimately Sun's move is unlikely to amount to much, agreed Jonathan Eunice, an analyst at Illuminata Inc., a consultancy in Nashua, N.H. 'If they had done something like this years ago, they would have probably been a leader of the open revolution,' Eunice said. 'Now it looks like they are chasing the Linux tail.'"

Computer Reseller News ran this article about Sun's intentions toward Linux with their release of the Solaris source code. "The hardware and software giant, while confirming it will release the source code to Solaris, its implementation of the Unix OS, said it is not trying to destroy the growth of the Linux OS."

Here's The Red Herring's take on Sun's plans to put the Solaris source out. "This does not mean Sun is giving up the rights to its software. Sun's code will be available free for download, but if developers incorporate any of it into a commercial product, they will owe Sun a 'community-source' licensing fee. Some analysts don't equate community source licensing with open-source distribution."

News.com says that Sun will be releasing the source to Solaris under its "Community Source License." That means, of course, that it will not be truly free software.

Would Linux survive if Solaris were free? osOpinion answers the question: "The answer is no. Why re-invent the wheel? Solaris is a fully operational, scalable and reliable OS. Linux would have no place in a world were Solaris was free. Sorry, that's the truth."

Here is Dave Winer's take on Sun's Solaris announcement (scroll down a ways). "But it's OK for Raymond and the open source purists to reject this offer. It wasn't designed to please them. It was designed to please Sun's customers. Look at it this way, Solaris is the perfect operating system for Sun customers. It's a live and let live answer. Sun says they don't have to be Linux, and it leaves room for Linux to find a multitude of niches that Solaris can never occupy because of its economics and how it's developed."

Red Hat:

TechWeb reports on Red Hat's European plans. "Linux vendor Red Hat expects to be the dominant market player in Europe within eighteen months, its chief operating officer, Tim Buckley, said on Wednesday."

Salon Magazine interviews Red Hat's Marc Ewing. "[Linux-Mandrake] doesn't necessarily bother us. Clearly if there were no other Linux distributors besides us and we had 100 percent of the market we'd be pretty happy. But in a sense the task is a lot larger than that, if you think about what the competition really is. The competition really is Windows NT."

Here's an interview with Masanobu Hirano, leader of Red Hat Japan, and Bob Young which ran in AsiaBizTech. "Red Hat of the United States has been studying the possibility of establishing a subsidiary in Japan since January 1999. As a result, we noticed two serious problems. First, Linux support for users, especially for enterprise users, have not been sufficient. Second, 'Red Hat Linux' enjoys more than 50 percent share of the Linux distribution market in the United States, but here in Japan, we only have less than a 20 percent market share."

Performance Computing reviews Red Hat 6.0, a little belatedly. "One of the biggest bullets fired from the anti-Linux crowd is that it is an OS without applications. While an OS can be a novelty, the inability to do anything with it can be quite a hindrance. Red Hat addresses this issue head-on by including a CD containing almost 400 applications."

Caldera:

Here's a News.com article that speculates on Caldera's IPO plans. "However, sources familiar with Caldera Systems' plans tell a different story, saying the IPO is scheduled for the end of November. The company has set aside special stock for the open-source companies that have helped Caldera--the KDE programmers who have improved Linux user interface options and Troll Tech programmers who helped Caldera with its Lizard installation routine."

E-Commerce Times reports on Fujitsu's partnership with Caldera. "According to International Data Corp., there were 2,200 Linux-based servers in Japan in 1998. That number is expected to increase to 10,000 by the close of this year, moving to 65,000 by 2003. The predictions are based on a 97 percent compound annual growth rate."

PC Week reports on the Caldera/Fujitsu deal. "But there's more to the story than just another company adopting Linux on its servers. Fujitsu also has signed on for Caldera's educational and service offerings and is moving toward preloading OpenLinux on desktops, handhelds and other devices."

Business:

PC Week looks at a number of Linux-related events involving Red Hat, Lineo, and Sun. "Amid all the action, Sun Microsystems Inc. has opened its Solaris operating system under its own Community Source license, which hasn't received the popular support from the open-source community that one might expect."

Upside Magazine looks at the Question Exchange. "For years, the primary knock against Linux, both within the tech media and corporate circles, has been the seeming lack of organized user support. Users who didn't want to take out a one-year multi-incident contract with Red Hat have traditionally braved the free Internet relay chat channels and Usenet sites. But in users' bargain basement searches places the only way to tell the difference between unqualified and qualified 'experts' was by the amount of scorn qualified Linux veterans heaped on clueless newbies."

This article in AsiaBizTech looks at LASER5 - Red Hat's former partner and present competitor in Japan. "Prior to the cancellation of the agreement, Red Hat said that they wanted to purchase our Japanese version, but we could not agree on a price. We are ready to put it back on the table if appropriate terms and conditions are to be discussed."

Here's a Computer Reseller News article about LinuxPPC. "...earlier this year, LinuxPPC caused a splash when, at a LinuxWorld expo, it provided the operating-system software that the IBM RS/6000 group used to demonstrate its RISC-based system running Linux."

News.com ran this article on the LinuxOne IPO filing. "What observers find interesting, however, is that some passages of the LinuxOne filing read like a mirror image of Red Hat's filing. Indeed, many of the descriptions LinuxOne provides of its strategy and market opportunity are identical to the words found in the earlier Red Hat filings."

Here's an article in ZDNet UK about Amdahl's Linux plans. "The Fujitsu-owned systems integrator announced support for Linux on its singleand dual-Intel Pentium III-based Fujitsu Teamservers. It also introduced 24-hour global telephone support for Linux-based hardware and software, and professional services for setting up and customising the Linux operating system and open source products such as the Apache Web server." (Found in NNL).

Inter@ctive Week looks at Macmillan's Linux activities including the new "PlaceForLinux" web site. "'Thirteen percent of Macmillan's revenue comes from the sale of Linux books and software,' said Steve Schafer, Linux software title manager. Macmillan first began adding Linux disks to books four years ago, he added."

Here's an Inter@ctive Week article about Macmillan's new web site at PlaceForLinux.com. (Said site currently opens with a form asking for name and address information). "Aiming to become a supplier of Linux to consumers, computer book publisher Macmillan has opened a Web site offering Linux information and support, with plans to sell a Mandrake variation of Linux in book and software stores."

CNN looks at recent developments in the Linux world. "Separately, development tool vendor Inprise is trying to fill the Linux applications gap. Early next year the company will go into beta testing with a native rapid application development tool for Linux, code-named Kylix. The tool is a component-based, drag-and-drop environment with support for multitier databases and the Internet."

News.com looks at Compaq's new thin client systems. "Though Compaq is committed to Linux, it is betting the bank on Windows CE."

Computer Reseller News discusses Linux on laptop systems. "Although the open-source nature of Linux is attractive to a Web-minded IT community, most in the industry agree that the operating system cannot compete with Microsoft Corp.'s Windows on notebook computers."

Here is a New Zealand Herald article about how a set of NT systems is being replaced by Linux systems in the New Zealand housing agency. "The selection of Linux has proved something of a master stroke because the pilot has demonstrated the substantial licence fees, upgrades and maintenance costs inherent in the previous NT-based approach can all now be side-stepped," (Thanks to Ian McDonald).

Federal Computer Week ran this article about the large Linux cluster being purchased by NOAA's Forecast Systems Lab. "According to NOAA officials, the cluster will involve 277 workstations capable of crunching 300 billion arithmetic operations per second -- a capability that is 20 times more powerful than the lab's current system. The cluster will represent one of the most powerful computers in the world, they said." (Found in LinuxToday).

The Chicago Tribune looks at Linux jobs and certification. "To date physical credentials have consisted of a beard or ponytail, complemented by a T-shirt saying 'Will write code for Chinese food.' As with most obscure technical jobs, hiring has been done on a techie-to-techie basis."

Here's a Computer Weekly article about an interesting corporate deployment. "A Kent-based insurance firm is overhauling its IT infrastructure by rolling out about 200 desktop PCs on the Linux operating system. Reliance Mutual Insurance's decision to deploy Linux on desktops demonstrates the business viability of open source code in a commercial environment." (Thanks to Alan J. Wylie).

Hack PC Week:

ZDNet admits it did not apply the security updates to the Linux box that was part of its "hack PC Week" challenge. (See last week's Security section for a discussion of how the system was cracked). "Large companies often spend weeks or months testing NT service packs from Microsoft Corp. before they are deployed. Imagine the work involved in integrating 21 separate fixes into a change process to be deployed across an enterprise. Red Hat Inc. and other large open-source companies will have to make fixes available in a more manageable manner if they expect organizations to adopt Linux on a larger scale."

This osOpinion piece looks at the "Hack PC Week" silliness. "To me, the whole hacking contest smacks a little bit too much of Mindcraft III; worse, PC Lab's reputation has been tarnished."

Linus:

InternetNews.com reports on Linus Torvalds' talk at Internet World. "He also forecast that user interfaces will diverge from the operating system in order to allow people to mix and match according to their own requirements, and to end the unnecessary development of interfaces for systems which do not require them, such as servers and embedded systems."

The San-Jose Mercury asked Linus what he thought was the most important development of this century. "I think the most important development of the 20th century has been the advances in physics and our understanding of how the world works -- quantum mechanics and the theory of relativity from earlier in this century."

Finally:

Here's a brief article in ZDNet UK about Microsoft's 'Myths' document. "The 'Linux Myths' page seeks to redress misinformation spread by those evil Linux advocates and tackles issues such as reliability, stability and affordability of the fastest growing operating system in the market place." (Found in LinuxToday).

The fifth issue of PerlMonth has been released.

ZDnet pitches the Linux Business Expo, which will be attached to Comdex next month. "The technical track will feature cool kid Miguel de Icaza, coordinator of the GNOME Project, on the future of the GNU Network Object Model Environment;"

LinuxPlanet ran an interview with Tim O'Reilly. "I also don't believe that necessarily you get a lot of benefit in the same way from making documentation completely free. At the end of the day, a book is its own source code, it's not as though the content is hidden in some way."

Web Techniques ran this column on how some people are responding to the commercial success of Linux. "If we add marketing to the picture, then our hacker's utopia will become contaminated. With commercialization, one starts dealing with money and then greed and envy, along with competition. We will become the opposite of what our ideals are, and end up where we don't want to go."

ZDNet has figured out that "Jesux" was a joke. "Sm@rt Reseller spoke to several developers, who wish to remain anonymous because of what they see as the anti-Christian hysteria Jesux caused in some circles, who claim they plan on implementing many of Jesux's ideas. So, the idea of a 'Christianized' Linux lives on."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

Help requested with Printing HOWTO. The maintainer of the Printing HOWTO support database sent us a note asking for volunteers to help him keep up with the range of printers out there. If you have a moment, and are up on the printer world, please consider giving him a hand.

Version 2.0 of the Linux Laptop HOWTO has been released.

The Online Troubleshooting Resources HOWTO is now available.

Finishing out the pile of HOWTO news: The Linux Wireless LAN HOWTO has been updated.

Events

Eric Raymond in Arizona. Eric Raymond will be at the Arizona Internet Professional Association (AZIPA) Monthly Meeting on Monday, October 18. Info & RSVP at www.azipa.org.

The Atlanta Linux Showcase has announced that the proceeds from their benefit dinner and T-Shirt sales will go to the Pediatric Oncology Group. It looks like a good time for a good cause.

Report from Pluto Meeting 1999. Here's a report (in Italian) in opensource.it on the Pluto Linux meeting held in Padova, Italy, in September. "...tutto quello che un appassionato Linux avrebbe sempre voluto sapere ma non ha mai osato chiedere" ("everything a Linux fan always wanted to know but never dared ask"). English text available via Babelfish. (Grazie a Carrer Yuri).

Web sites

User Group News

A new LUG is forming in Belfast, Northern Ireland.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

The Linux User Groups Worldwide page has been reworked with new technology. If you are ever trying to find a Linux user group for a particular place, this is the place to look.

Section Editor: Jon Corbet

Letters to the editor

From: reynolds@cs.duke.edu
Date: Wed, 6 Oct 1999 22:44:01 -0400 (EDT)
To: corbet@eklektix.com
Subject: Microsoft myths, correction/addition

Jon,

Microsoft said this:
> Linux security is all-or-nothing. Administrators cannot delegate
> administrative privileges: a user who needs any administrative
> capability must be made a full administrator, which compromises best
> security practices.

To which you (on LWN) replied thus:
> There is some truth here. The "superuser" model has a number of
> problems, and utilities like "sudo" are a sort of fragile kludge made
> necessary by this model. The Linux kernel has increasing support for
> capabilities, which provide the sort of fine-grained privileges needed,
> but support for capabilities at the user level will be a while in
> coming. Access control lists (ACLs) are also in development and in a
> testing mode.

There are irony and hypocrisy there that you (having not administered NT
in a large, distributed-administration environment, I assume) didn't pick
up on.  NT's fine-grained administration delegation isn't much better off
than Linux's!  It's well-intentioned but almost useless.  For example, a
user can be given the right to add NT machines to an NT domain, but this
right turns out to have little practical use, because users with this
right cannot remove or refresh machines in an NT domain.  (So
reinstallations, ever common in the NT world, are not a possibility
without full Domain Admin privileges.)  Another example: a user can be
given the right to add new accounts, but this right does not include
related tasks such as deleting accounts or resetting the password on
existing accounts.

To be fair, being able to remove machines from a domain or reset other
users' passwords has huge security implications if not done right: you
could replace a backup domain controller using the former privilege and
take over administrative accounts using the latter.  So I'm not saying the
solutions are easy.  But administrative privileges as they now stand in NT
aren't much better than in Unix.

And now a bit of purely anecdotal evidence: I spent a couple of summers as
an NT administrator, and for a while I was charged with the task of
creating machine- and user-administration web scripts.  This allowed a
user that the web script authenticated to add/remove/refresh machines in
the NT domain or create/delete/reset user accounts (with certain machines,
such as domain controllers, and certain accounts/groups, such as
administrators, protected).  By making it a web script, we could make it
run as the administrator but provide our own authentication and limited
functionality -- much like the much-maligned SUID feature of Unix, but
with the added nuisance of a web server.

(A footnote to that story is the nastiness that web servers run with
administrative privileges, so hacking an Active Server Page or the server
itself yields far more privilege than hacking Apache on a Linux box.  If
NT has such great fine-grained security, why does the web server run with
Administrator/Service privileges?)

There is apparently at least one (expensive) third-party product to
provide finer-grained administrative delegation.  My ex-employer didn't
buy it, though, so I'm not sure what approach it takes.  Since it is a
kludge, and not part of the core system, it hardly counts...

--Patrick

Date: Wed, 06 Oct 1999 16:11:20 -0400
From: Bob <general@gis.net>
To: letters@lwn.net
Subject: Linux At Home,LA Times, 9/23/99 edition LWN

    This article mentioned that Intuit gets insignificant numbers of
requests for ports of their popular Quicken program to Linux.

Why bother with Quicken for Linux when you can simply download ,at no
cost, a very nice program called CBB which seems to give all the
functionality that Quicken does for working with checking  and savings
type accounts. A very nice html style tutorial even explains the simple
act of exporting .qif files from Quicken into CBB and vice versa.

My goal is to bring my Linux setup to the point that all my needs are
filled there and then there will be no need for Windows anylonger.

Programs such as CBB make that event seem much closer on the horizon.

Bob Lee
general@gis.net

Date: Fri, 01 Oct 1999 10:45:55 -0700
To: letters@lwn.net
From: Seth Cohn <sethcohn@yahoo.com>
Subject: Learned opinions on GPL..
Cc: Bernd Paysan <bernd.paysan@gmx.de>, rms@gnu.org, esr@thyrsus.com

Letter to the Editor of Linux Weekly News (for publication)

Sirs,
When this 'Corel beta' turmoil arose, I emailed RMS himself
as well as 'Open Source' advocated Eric Raymond (among others), looking
for clarification on just when GPL 'kicked in'

According to _both_ of them, all of the 'hardcore' GPL advocates who
are saying 'any distribution at all is covered by GPL terms' are misguided
at least.

I asked:
     Is an internal ONLY change to a GPLed program subject to GPL
     copying and distribution requirements, source providing requirements,
     etc?

 >From: Richard Stallman <rms@gnu.org>
 >Subject: Re: GPL question...

 >If it is truly internal use, within one organization, our view is that
 >that is not distribution.

and

 >From: "Eric S. Raymond" <esr@thyrsus.com>
 >Subject: Re: Fwd: GPL question...

 >No, in my opinion.  GPL requirements trigger when you distribute binaries
 >to a third party.  There are some definitional questions about what
 >constitutes an 'internal-only' release, but the principle is clear.

Based on those answers, Bernd Paysan (lwn.net letter to editor on 10/31/99)
is wrong when he claimed:

 > This also covers "internal projects", which usually restrict rights of
 > recipients of informations by NDAs or other contracts. These contracts
 > are null and void if the information given to them is a GPL'd program -
 > or the license to use the GPL'd program terminates immediately. Note
 > that the GPL is an individual license (it talks about "the recipient"),
 > thus the program isn't licensed to a company, but to persons. Moving a
 > disk from cubicle 318 to cubicle 319 is a distribution in the terms of
 > the license, and henceforth any restriction or limitations are null and
 > void *and* cause the license to terminate.
 >
 > In other words: IMHO the current treatment of "internal projects" with
 > modified GPL'd software are based on the goodwill of the participants,
 > as nothing prevents them to redistribute the software they get under
 > GPL. More so for less internal projects like a public beta test, where
 > nobody risks getting fired.

According to both RMS and ESR, they see that 'internal' is a valid limitation
on GPL. If I choose to give my employees software which I've custom modified
for them for company use, they shouldn't be able to hand those changes out if
I request they don't.  Not honoring this will stop larger companies from using
GPL code for important sensitive projects, customizing to their particular 
needs,
or creating NDA projects (even when they intend to release them under GPL 
eventually, but want to wait till it's ready to distribute in a 'good' form).

Maybe it's time for GPL Version 2.1 which can put some definition on 
'distribution'.  Since all previous GPL licenses give you the option of 
choosing a more current
license, this would resolve the issue painlessly.  Defining 'distribution' 
and 'copying' seem to be required issues for more mainstream usage of 
GPL.  Better for
RMS and the FSF to define them than to leave it to the courts, lawyers and 
so on.

using GPLed code at work, a lot of it,
Seth Cohn
network administrator

Date: Thu, 30 Sep 1999 07:10:41 -0400 (EDT)
From: Kyle Sparger <ksparger@dialtoneinternet.net>
To: letters@lwn.net
Subject: Re:  Anti-Corel Article in National Post 
(http://www.lwn.net/1999/0930/backpage.phtml)

Regarding the trolling by "news" sites, I have a fairly easy-in-theory,
more-difficult-in-practice way of solving this:

Someone could run a web page with news sites that tend to run inflammatory
editorials, that "we" feel are inflammatory primarily to increase
circulation.

Make this web site "known" -- announce it's purpose, etc.

Form a "boycott" of such web pages.  Make the community at large aware of
it.  (Or at least try)

However, don't hit them where it doesn't hurt -- don't not-visit the web
sites (sorry for the double negative).  Visit them all you want.  However,
members who want to participate in this project (I imagine there would be
quite a few), would pledge to NEVER, EVER, regardless of the circumstance 
circumstances, click through on banners, or purchase from a company as a
result of those banners.

Then make the companies doing the advertising aware of the effort.

Let's assume we have 150,000 pledges visit an article on a site known to
publish inflammatory editorials -- it wouldn't suprise me if we got more
(or less), but let's assume that that's how many we get.  

If the web site makes money per-click through or if the company sells
something as a result of the advertisement, then they just served up 150k
web pages to no avail.  It was a waste of effort and resources on their
part.  Make sure they know it.  Maybe the editors will get a clue, and
start pressuring their editorial writers to write up some useful content.
Mentioning the offending authors by name might help too.

If the web site makes money per display of a banner, let the advertising
party know.  I'm sure they'll be none too happy knowing that they just
paid for 150,000 views that had absolutely no chance of making a sale.

Simply put, hit them in the bank account.  Done properly, this might just
eliminate all incentive to troll for circulation.

Kyle