[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials


Version 1.1 of the GNU Free Documentation License (FDL) is out. As is the case with other licenses from the Free Software Foundation, the FDL is an extensively thought-out attempt to codify user freedoms; this time with regard to documentation. It recognizes, however, that documents raise different issues than source code; thus many of the provisions of the FDL differ from those of the GPL and LGPL.

The FDL does preserve the "viral" nature of the GPL in a couple of ways. A work covered under the FDL can not have its redistribution restricted - there can never be proprietary works derived from an FDL-licensed document. The FDL also does not combine well with other licenses; a document licensed under the FDL can only be combined with other text under the same license.

Derived works can be made from documents covered under the FDL. However, the restrictions are stronger than those spelled out in the GPL. The FDL allows the specification of "cover text" (short bits of text which appear on the document covers) and "invariant sections," both of which must be carried forward unchanged into any modified version. The FDL specifies, however, that "invariant sections" must be "secondary sections," meaning that they do not directly address the subject of the document. The invariant section provisions, thus, are meant to cover author introductions, acknowledgements, rants against software patents, etc. without allowing restrictions on the modification of the technical meat of the document.

The baggage of invariant sections and cover texts will likely make it hard to incorporate small sections of documents into other works, even if the latter are also licensed under the FDL. If one document contains an outstanding tutorial on "using development kernels for nuclear power plant control," that tutorial can not be added to another document without pulling along all of the cover texts and invariant sections as well.

Interestingly, the FDL's requirements vary depending on the number of copies being distributed. The license calls for a "transparent" machine-readable copy (i.e. no Word or StarOffice files) to be made available on the net, but only if more than 100 copies are being made. The FDL also contains something the GPL has explicitly avoided: an attribution requirement. The authors' names must be carried along with copies.

Not everybody likes the GPL, but there is little doubt that it has been one of the defining forces behind the rise of Linux. The FDL attempts to fill a gap in the licensing of documentation. It may well be that the FDL will give a similar shape to the coming wave of free documentation.

XFree86 4.0 has been released, after a long wait. Since the X server provides the view that most users see of a Linux system, a major new release is interesting. Some of the highlights of this release include:

  • The separate server binaries for different video cards are a thing of the past. The X server now comes as a single executable with a loadable module system to bring in pieces as need be, including video drivers, X extensions, font renderers, input device drivers, and so on.

    Interestingly, the X server does not use the loadable module mechanism provided by the underlying operating system. They have a separate implementation which is OS-independent. Thus, a loadable driver compiled for the i386 architecture will work on any operating system (Linux, *BSD, ...) which runs on that processor. This setup should greatly reduce the overhead of supporting drivers on the many systems that run XFree86.

  • Multi-head support has been much improved. There is also a feature, called "Xinerama," which allows a single logical screen to stretch across multiple physical displays.

  • DDC (Device Data Channel) support has been implemented, so the server can learn about your monitor's capabilities directly.

  • The direct rendering infrastructure (DRI) and GLX code has been implemented, providing fast OpenGL support.

  • There is new support for TrueType fonts.

  • There is even an update to the venerable Xaw widget set which provides a long list of new capabilities and even the ability to do themes.

The above list is incomplete, see the release notes for the full list. But it should be clear that this is a major release. Congratulations are due to the XFree86 team, which worked long and hard to make this release happen.

The story of Linux-Mandrake. Gaël Duval, creator of the Linux-Mandrake distribution, has written a feature article describing how Linux-Mandrake (and MandrakeSoft) came to be. A distribution that started as one person's project has turned into one of the major Linux players with 70 employees, venture funding, and more. It's a classic Linux success story.

The Worldforge Project: A Gamer's Perspective We asked Douglas Sundseth, a dyed-in-the-wool gamer, to take a look at the Worldforge Project, an open source effort to develop a complete system for massively multiplayer online roleplaying. Here is is the result: The Worldforge Project: A Gamer's Perspective.

Colorado Linux Info Quest. Now only two weeks away, the Colorado Linux Info Quest has finalized the list of speakers and lined up some prominent names for leading Birds of a Feather sessions as well, including Paul Everitt, from Digital Creations, who will be presenting a Zope demo and leading the Zope BOF, Bdale Garbee, who will be leading the Debian BOF and Tom Christiansen and Nathan Nathan Torkington, who are coming to lead the Perl BOF. For more information, check out the latest press release.

Inside this week's Linux Weekly News:

  • Security: Trustix, Linux, PGP duplicate key id update,.
  • Kernel: The pre-2.4 series begins, fun with shmfs, kernel latency
  • Distributions: ix86 Linux, Linpus Linux, FreeBSD and XLinux 3.0.
  • Development: Progress on the desktop, new Apache release.
  • Commerce: Closing in on Caldera's IPO, a bogus open source license, the latest on Amazon.com patents
  • Back page: Linux links and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


March 16, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and editorials

Trustix Secure Linux 1.0 released. Trustix 1.0, a "secure Linux" distribution out of Norway, has been released. It is aimed at server tasks in particular, and includes strong encryption support. The distribution is also downloadable from http://www.trustix.com. Their mission statement explains their plans in more detail. There doesn't seem to be anything earth-shattering involved, just the incorporation of many security recommendations into the default distribution. It seems to be primarily aimed at supporting their consulting and administrative services.

Duplicate key IDs for PGP-signed mail. We've gotten lots of mail about this issue that we reported on last week. First of all, the problem actually reported turned out to be a case of a PGP server returning the wrong key, not one of a duplicate key, as Florian Weimer pointed out.

Second, followup on BugTraq that came out after we published covered the issue of duplicate keys in detail. The PGP FAQ describes the ability to generate a duplicate key as the "deadbeef attack". It is part of the PGP specification and the reason why key signatures and fingerprints are also important parts of the PGP verification process. Here is a pointer to the information on signing your key.

It was also pointed out that PGP servers should not assume that key ids are unique, according to the RFCs, and should therefore return all matches for a given keyid. For more information, check the relevant thread on BugTraq.

Preventing Distributed Denial of Service Attacks (O'Reilly). The O'Reilly Network talks about prevention of DDOS attacks. "If you want to prevent distributed denial of service attacks on your hosts, the best hope you have is to prevent your own hosts and networks from being used to cause denial of service attacks on others and to encourage other network and system administrators to do the same."

Security Reports

SuSE: IMAP update. SuSE has released an advisory covering a vulnerability in the IMAP server, along with an update to resolve the problem.

StarOffice StarScheduler vulnerabilities. Two vulnerabilities have been reported in StarOffice's groupware server, StarScheduler. These vulnerabilities can allow remote root access, a denial-of-service attack and improper read access to files. These problems were apparently reported to Sun on February 6th, but no fixes have been made available. Disabling StarScheduler or restricting access to the relevant port (801) is recommended.

mtr. Version 0.42 of mtr fixed vulnerabilities in its method of dealing with root privileges. This week, the first distribution update for mtr has become available.

Security hole in ht://Dig. Originally covered in the March 2nd Security Summary, TurboLinux has released their update for this problem.

MySQL. TurboLinux also put out an update for the security hole in MySQL covered in the March 2nd Security Summary.

TurboLinux update for man. TurboLinux also put out an update for man, fixing a problem first reported in the November 2nd, 1999 LWN Security Summary.

Printtool. A vulnerability in printtool as installed on Red Hat Linux 6.1 has been reported. Debian is not vulnerable to this problem.

Resources

Bruce Schneier's CRYPTO-GRAM. The March 15th edition of CRYPTO-GRAM has been released. One interesting tidbit: a law case where cracking software was successfully labeled a "burglary tool".

Mason mailing lists established. A set of mailing lists for the Mason automated Linux firewall builder has been announced. Mason is an interesting tool that seeks to ease the detailed process of setting up Linux firewall rules.

Section Editor: Liz Coolbaugh


March 16, 2000


Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.3.99-pre1. The patch is quite large (4M), but that size is deceptive - much of the patch is devoted to moving files around to effect a reorganization of the block driver hierarchy. This patch also contains a new DocBook-based documentation scheme and a few new documents (all written by Alan Cox), a new, much-reworked PPP implementation, an IBM LANStreamer driver, a MultiGate COMX driver, and Andrea Arcangeli's "elevator" disk scheduling improvements.

The current stable kernel release is still 2.2.14. The 2.2.15 prepatch is up to 2.2.15pre14 - a large patch with a number of new fixes. It still looks like at least one more prepatch iteration will be required before the stable kernel release happens.

The pre-2.4 series is coming. Linus sent out this announcement with the 2.3.51 release announcing that he is getting ready to start the pre-2.4 series - which is why the current release is 2.3.99-pre1. At this point, presumably, a real feature freeze has taken effect, and only bug fixes will go into the kernel. Regarding what may still go in, Linus has said "There's some NFSv3 and other stuff pending, but those who have pending stuff should all know who they are, and for the rest it's just time to say nice try, see you in 2.5.x."

This announcement has, predictably, brought out a number of people who have "pending" patches that they would like to see included. The biggest discussion by far was about reiserfs, Hans Reiser's new filesystem that was discussed in the November 11, 1999 LWN. Quite a few people would like to see reiserfs go in, for two reasons: (1) they are actively, happily using it, and (2) if it goes in, the 2.4 kernel can claim to have a journaling filesystem. The kernel developers are trying not to be influenced by the second reason, but it is clear that many of them would like to be able to make that claim.

The inclusion of reiserfs has drawn some opposition, however, from those who do not like all of the changes that the patch makes. The leading opponent is probably Alexander Viro, who has been busy for a long time fixing up the VFS layer and fixing problems there; he sees reiserfs as being a new source of problems to fix.

The reiserfs folks are trying very hard to listen to the complaints and criticisms that have been going by, and seem to be bending over backward trying to address them. They really want to see their filesystem in the kernel. Linus has indicated that the inclusion of reiserfs is a possibility - for a later 2.4 release, if perhaps not for 2.4.0.

The latest 2.4 jobs list has been postedby Alan Cox. There's still a number of things to be fixed. Randy Dunlap has posted a separate 2.4 USB jobs list.

The great netfilter merge is happening, and should be essentially complete within another kernel release or two. Netfilter is the new implementation of the IP firewalling and masquerading subsystems. Firewalling and masquerading have been massively reworked, and now have a new set of utilities to work with them. ipchains is passé; things are now done with iptables and ipnatctl.

Netfilter actually contains a pair of compatibility modules that allow the old ipchains and ipfwadm utilities to work - so the transition should be relatively easy. But it is never too soon to think about heading over to the current way of doing things. Interested people may want to look at the iptables HOWTO and the ipnatctl HOWTO.

2.3.50 included the new shared memory filesystem. The shm filesystem cleans up the shared memory implementation, and helps in the provision of Posix shared memory segments. But its inclusion has broken a couple of things, and created some surprises for people.

First, SYSV shared memory is not available in the system until the shm filesystem has been mounted. It can be mounted directly with a command like:

mount -t shm shm /var/shm
but the proper fix is to put a line like:
none /var/shm shm defaults 0 0
into the /etc/fstab file (the proper place to mount the shm filesystem is still a matter of debate). Note that the 2.3.51 implementation shows a file named / within the shm filesystem. This file - which would prove difficult to work with - is the result of a minor bug which has already been fixed.

The other surprise is that the new shared memory implementation breaks some applications. In particular, the Gimp as provided by some distributions dies an ugly death on startup. There are reports that recompiling the Gimp fixes the problem, though it is not entirely clear why. The real problem seems to be a change in shared memory semantics - one which makes Linux work more like other Unix systems.

The NT filesystem is unmaintained, and will likely be marked "obsolete" in the 2.4 kernel. It evidently still works, in at least some situations (not with W2K filesystems), but others report problems. It seems that not too many kernel developers see a great need for this filesystem. Unless somebody steps up and takes over its maintenance, the NT filesystem will eventually go away.

Preemptable kernel code? A continuing effort, led by Ingo Molnar, is underway to reduce the time it takes the kernel to respond to events. The low-latency work is inspired by the need to drive devices like sound cards and software modems without falling behind the data stream. The current Linux kernel, in some situations, is simply too slow to respond to do the job properly.

The approach being looked at currently is to change a longstanding assumption in the kernel: that kernel code does not get scheduled out unless it explicitly sleeps. This assumption only holds, of course, on uniprocessor systems, so its demise should not really cause too many problems. Except that there will always be problems that come out with this sort of change.

Linus has been pushing an approach that takes advantage of the existing SMP structure to make a preemptable kernel work. Essentially, it uses the spinlock primitives (which are currently no-ops on uniprocessor systems) to mark places where the kernel can not be preempted; any time that a spinlock is not held becomes fair game. Linus's approach explicitly changes nothing on SMP systems, on the theory that there is no need to preempt the kernel to get low latencies when there are multiple processors available. Not everybody agrees with that claim, however.

Thus far there has not been a patch proposed that Linus likes. In any case, a change of this scale may well have to wait until the 2.5 series. Making the kernel preemptable has enough potential to create strange bugs that it should have quite a bit of testing time to settle out before going into a stable kernel.

Other patches and updates released this week include:

  • SUBTERFUGUE 0.1.2 was released by Mike Coleman.

  • Werner Almesberger has posted version eight of his "bootimg" patch. This patch allows the kernel to boot an arbitrary kernel image. See this note for a description of some of the things enabled by this patch.

  • OBDFS v0.004, an object-based filesystem, has been released.

  • Jens Axboe has released a new version (0.0.1k) of his CD-RW packet writing module.

Section Editor: Jonathan Corbet


March 16, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Distributions


Please note that security updates from the various distributions are covered in the security section.

ix86 Linux for the PC. Another distribution out of Germany, ix86 Linux is dubbed "the distribution for the interested private user" (Babelfish translation). This distribution appears, from the Babelfish translation of the site, to support either a minimal 486 install or a slightly larger Pentium install with XWindows support by default, with Gnome as an option. It uses qmail for the default mailer and does not use a package manager, working instead directly with the source tarballs.

Linux from Taiwan: Linpus Linux. Ambrose Li sent us a tip about another new Linux distribution, Linpus Linux, made by Linpus Technologies in Taiwan. The websites are, of course, all in Chinese, but from this picture, we were able to deduce that this is a Red Hat Linux compatible product.

Corel Linux

Corel Linux Deluxe: A First Look (AboutLinux). AboutLinux reviews Corel Linux Deluxe 1.0. "Corel Linux Deluxe is the first distribution (that I am aware of) that ships with a penguin!"

Debian GNU/Linux

Debian Weekly News. This week's Debian Weekly News announces another Bug Horizon on March 27th, and plans to begin the test cycle for the release of Debian 2.2 after that. It also notes that this week is the one year anniversary of the release of Debian 2.1, gives an update on new maintainers and mentions that the Debian elections close tomorrow, March 16th.

Debian GNU/Hurd. The latest Hurd news is available via the Hurd Kernel-Cousin.

FreeBSD

FreeBSD 4.0-RELEASE announced. A new version of FreeBSD has been released. Learning, apparently, from their sibling OpenBSD, a much heavier emphasis on security shows up in this version, including support for OpenSSL, OpenSSH, encrypted telnet and IPsec support. Two new systems calls, jail(2) and jail(8), have been added "for additional flexibility in creating secure process execution environments. ". For more details, check the release notes.

Rock Linux

ROCK Linux 1.3.8 has been released. The Rock naming scheme follows that of the Linux kernel, so the 1.3.X tree is the development tree. It includes a new automated system setup. Check the CHANGELOG for more details. ROCK Linux is a distribution for skilled Linux/Unix Administrators who want to be able to compile all the packages for a system on the system itself at installation.

ROCK in the news. This European Unix Platform (EUP) article describes how to configure a ROCK Linux System as an ISDN Dial-on-Demand Router.

Slackware Linux

BSDi/Walnut Creek press release. Here's the press release from BSDi describing the merger with Walnut Creek CDROM. It contains more information on the merger, and includes a mention that Yahoo will be taking an equity investment in the new company.

Walnut Creek is the parent company for Slackware, currently, which is why we mention this merger here. The Slashdot interview with Bob Bruce, president of Walnut Creek, Jordan Hubbard, FreeBSD core team member and release co-ordinator, and Gary Johnson, CEO of the new company, focuses more on the impact on FreeBSD, which will gain up to twenty new developers.

Slackware, though, will also be impacted. "Our Slackware division will be spun off as an independent company: Slackware Linux, Inc. But our Linux and BSD developers will continue to work closely together. Patrick Volkerding has moved out here from Minnesota and is now managing Slackware development on a day-to-day basis. We will be releasing Slackware 7.1 by summer."

Slashdot has promised an interview with Patrick Volkerding in the near future.

SuSE Linux

Oracle on SuSE Linux. Tips and other information on installing Oracle8i, Oracle8, WebDB, and Application Server on SuSE Linux is now available.

SuSE road show. SuSE has announced a roadshow tour of Germany, starting on March 20, with stops in cities like Munich, Stuttgart, Bonn, Berlin, and numerous others. Details can be found on the roadshow schedule page, which, surprisingly enough, is in German.

SuSE and Enlighten Software partner for Linux management. SuSE and Enlighten Software have announced a deal that will see Enlighten's system monitoring code bundled with SuSE's 6.4 distribution.

SuSE joins up with SourceForge SuSE has announced that SourceForge will be a primary mirror for SuSE's FTP site. Seemingly in return, SuSE is also now represented on SourceForge's compile farm.

TurboLinux

Lutris Technologies Teams With TurboLinux to Offer Enhydra. Lutris Technologies Inc. and TurboLinux Inc. announced a joint effort to certify and distribute the Enhydra Java/XML application server for the TurboLinux operating system. Enhydra is an Open Source Java/XML application server.

TurboLinux opens offices in Latin America. TurboLinux has announced the opening of offices in Argentina and Brazil.

XTeamLinux

XteamLinux 3.0 launched. Xteam software (which "is honored to have the greatest potential to be 'China Red Hat'") has announced the release of XteamLinux 3.0. Not too surprisingly, multi-lingual support is high on the list for this distribution. In addition, a new configuration tool is apparently included, along with enhanced Samba support.

Section Editor: Liz Coolbaugh


March 16, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


Apache 2.0alpha Available. In this Freshmeat editorial, Apache developer Jim Jagielski announces, "It was at the closing plenary of ApacheCon 2000, in Orlando FL, that a long-anticipated release of software was announced: an alpha release of Apache 2.0. With a few short keystrokes, the Apache Software Foundation announced to the crowd of developers at AC2K that Apache 2.0a was available for download." You can find Apache's announcement and download the new code here.

VA Linux Pumps Up Developer Resources (E-Commerce Times). Here's an E-Commerce Times article about VA Linux Systems' compile farm. "CompileFarm will initially allow testing on Linux distributions by Caldera, Debian, Red Hat Linux and Slackware, along with FreeBSD. The service allows developers to switch to any supported distribution, from a single command line, for the purpose of compiling and testing programs in multiple environments."

Application of the week: LavaPS (Linuxcare). LavaPS is Linuxcare's application of the week. LavaPS is described as a combination lava lamp and process listing utility. "For me, system administration has never been easier. Take a look at top next to LavaPS in the screen shot and decide for yourself which one you prefer..."

Browsers

Mozilla Crypto. The first crypto-enabled builds of Mozilla are now available on-line, including support for SSL, the Security Advisor, and IMAPS.

O'Reilly Interviews Mozilla Leaders. The O'Reilly Network has published an interview with Mozilla manager, Mitchell Baker, and main archtect, Brendan Eich. "And one of the goals of Mozilla is to try to integrate the traditional Open Source community and methods and development styles, and the strength of that world with corporate, commercial involvement."

Databases

Andover.Net to work on MySQL. Andover.Net has announced that it is joining an effort to add database replication to MySQL.

E-commerce

YAMS 0.6.1 has been released. YAMS (Yet Another Merchant System) has released version 0.6.1. Besides the bug fixes and other new things, this is the first version to be placed in Sourceforge's anonymous CVS.

Education

SEUL-EDU Linux in Education Report. The March 13 SEUL-EDU Linux in Education Report is now available. The primary topic this week is Linux in homeschooling environments.

Embedded Linux

Report: real-time Linux at CeBIT. Bernhard Kuhn has posted a real-time Linux at CeBIT report with a summary of activities around RTLinux at this large conference.

Games

Dungeons & Dragons to go open-source? (Salon). This Salon article looks at the possiblity of an Open Source version of the popular role-playing-game, Dungeons & Dragons. "The plan is to release basic information on how to create characters for a D&D-like role-playing game under a license that allows anyone to build games based on those rules."

The Nebula Device. Radon Labs, a developer of commercial games, is the driving force behind The Nebula Project, an SDK which they have licensed as free software. Their latest development release is 2000-03-14.

Networking

Web100 Workshop Outcome. As a result of the Web100 Workshop, held in October of 1999 to look at ways to improve data transfer performance over large pipe networks, a three-year proposal has been submitted to the National Science Foundation to support research and development in this area. For some more background, check out our October feature article on the Web100 project.

"Early in the second year of the project, Web100 will produce a complete CD-based Linux distribution ... the Web100 kernel patch set, libraries and tools will be added to the selected base distribution."

Interoperability

Samba. This week's Samba Kernel-Cousin has all the latest Samba news and discussions, including an update on Windows 2000 compatibility.

Wine. This week's Wine Weekly News talks about Windows API testing for Wine and support for non-Linux platforms while evolving Wine.

Office Applications

For a comparison of Linux wordprocessors, check out Linuxcare's product comparison chart, based on user contributed comments. They are missing feedback on LyX and currently show Corel's Wordperfect 8 at the top of the pack. It was interesting to note that the free software wordprocessors Abiword and Kword scored higher than Star Office 5.1 and Applixware 5. That is impressive, considering, for example, that Abiword is still pre-alpha software.

AbiWord Weekly News. The AbiWord Weekly News for March 8 is out. Support for Hungarian has been added and Joaquin Abela's patch to dd command-line file format conversion support has been integrated, along with many other contributions.

For March 15th, the AbiWord Weekly News takes a look at rulers, and Gnome integration, along with "many diverse and significant design issue".

LyX Development News. News from the Lyx project is getting more detailed. Check out this week's issue for discussions of Rbook, a REBOL dialect for writing documents, and its implications for Lyx, along with other development topics.

On the Desktop

Magellan available for download. The first public release of the Magellan personal information manager application is now available for download. Magellan, a KDE application, looks to have some nice features; see the screenshots page for some examples.

Adding shortcuts to your Gnome desktop. Linuxmonth has put out a short article demonstrating how to add a shortcut to the Gimp onto your desktop.

KDE Development News. This week's KDE Development Newsindicates that KDE 1.9, a full beta of KDE 2.0, is scheduled for release in May. If that isn't enough KDE news to satisfy you, check out Mosfet's page for updates on Pixie, Konqueror, and XML based toolbar editing.

The Gimp Development News. Check out this week's Gimp Kernel-Cousin for the latest Gimp news.

If you're German, you may want to check out Gottfried Mueller's GIMP pages. [From the Gimp News.]

GConf. Havoc Pennington writes about GConf, the new configuration data storage mechanism for GNOME 2.0 in this week's Gnome developer feature article.

Science

Rlab moves to Sourceforge. Rlab is a GPL'd project that is building a Matlab-like high-level math program. They've announced a recent point release along with their move to Sourceforge. "Rlab does not try to be a Matlab clone. Instead, it borrows what I believe are the best features of the Matlab language and provides improved language syntax and semantics."

Systems Administration

dump/restore development continues. Fans of the dump and restore utilities for file system backup and recovery should be pleased to see another development release, 0.4b16, just a week after the last one. Although this week's release does not include any security fixes, its release is an indication that these utilities, which are in widespread use despite the beta quality of the software, are finally getting some concentrated attention.

Website Development

OpenCMS. OpenCMS describes itself as an "Open Source Content Management System (CMS)". It is Java-based and is licensed under the GPL. Announced at CeBIT, development updates have been appearing on a regular basis for the past month. (Thanks to Bernhard Reiter.)

Midgard Weekly Summary. This week's Midgard Weekly Summaryreports on the Repligard replication system, extensible record support for Midgard 1.2.X, a patch to support PHP 3.0.15 and other development news for this web application development platform.

Zope Weekly News (March 15th). This week's Zope Weekly News is now available, with the latest development news for this web application server.

Section Editor: Liz Coolbaugh


March 16, 2000


Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

   

 

Development tools


Java

HP wins round in Java battle (News.com). Here's a News.com article about Lynx's choice of HP's "Chai" Java implementation to bundle with Blue Cat Linux. "The deal is an important endorsement for Chai. HP's software will now be exposed to a larger audience, giving the company more leverage in its discussions with Sun about whether to call off their divisive dispute over Java. However, Linux is a new arrival in the embedded and real-time markets, and it will take time to see whether the open-source operating system will repeat the success it has had so far in the server market."

Sun Microsystems to release Forte for Java source. Sun has announced the release of the source for the "Forte for Java Community edition 1.0" Java development environment. The code will be released under the "Mozilla public licensing model," which presumably means a modified version of the MPL. Code should be available "within the next 90 days."

Perl

Perl 5.6 Release Candidate 1. The first release candidate for the upcoming perl 5.6 has been announced.

Perl Certification. A mailing list has been started to discuss Perl Certification, apparently on the theory that enough people want Perl certification that it is likely to come about eventually, therefore it would be better to step to the plate now and keep control of such certification in the Perl community.

perl5-porters is back. The perl5-porters report on perl development is back, after a two month hiatus. As might be expected, it catches up on a lot of activity and discussions.

Python

This week's Python-URL. Here is this week's Dr. Dobb's Python URL. It contains info about optimizing Python programs, the Python 101 cheat sheet, and more.

Tcl/tk

This week's Tcl-URL covers recent discussions on the Tcl/tk lists.

Section Editor: Liz Coolbaugh

 
Language Links
Guile
Blackdown.org
IBM Java Zone
Perl News
PHP
Daily Python-URL
Python.org
JPython
Smalltalk
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and business


Caldera Systems' initial public offering (IPO) is scheduled to happen this Friday, March 17. One publication printed that the price of the offering had been raised from the initial $7-9 level, but that appears not to be the case. Many people are looking to this IPO as an indicator of whether Linux stocks are still interesting to investors or not. There is never any way to really know what will happen until it goes out, however.

Caldera has filed an updated S-1 describing the IPO. There's not much new in the amended S-1, they have mostly just updated some of the financial numbers and added a couple of forms. There is an interesting note, however, about an increase in their reserves due to slower sales of OpenLinux 2.3 than they had been expecting.

In a separate filing Caldera disclosed much of its corporate documentation, including its articles of incorporation and bylaws. There is also the interesting tidbit that the IPO will cost Caldera $2 million beyond the underwriting fees. The largest line item is $600,000 for insurance premiums.

Caldera has also announced a partnership with SCO to sell SCO's professional services to Caldera's customers.

STFB's bogus open source license. Bernhard Reiter noticed this announcement from STFB, Inc. that was mentioned in last week's LWN commerce page. They claim: "STFB Inc. plans to change the open source market for Windows application software by offering open source licensing on all of its current and on all of its future accounting and ERP products." Mr. Reiter went through, however, and actually read STFB's licence agreement, which includes phrases like: "There are no limitations on the number of times the package may be customized and resold. The only restriction is that only the executable program and documentation, and not the source code itself, may be distributed."

In other words, the "open source" claim is bogus. Since the term is not trademarked (or trademarkable), there is nothing stopping STFB from making this claim, other than public pressure. Concerned folks may want to drop a polite note to the given contact address for STFB: erricoe@stfb.com.

Amazon.com calls for patent law reform Amazon.com's Jeff Bezos has put up this page with a call for reform of software and business model patents. His suggestions include a review period prior to the issuance of patents, and a much shorter period of protection (3-5 years). Not perfect, but a step in the right direction.

Tim O'Reilly has put up a response to Bezos' latest. "While Jeff hasn't done what I originally asked for--to rescind his patent claims--he has most definitely engaged with the problems I was raising, thought seriously about them, and proposed an answer that works for him and his business. That being said, I don't want to let Jeff entirely off the hook. One thing about a call for action in Washington is that it could be seen as just a way of shifting the focus away from Amazon and onto the PTO."

Industry leaders launch Embedded Linux Consortium. The Embedded Linux Consortium has announced its existence. Its goal is "to amplify the depth, breadth, and speed of Linux adoption in the enormous embedded computer market;" the initial leader will be Rick Lehrbaum, the guy behind LinuxDevices.com, among other things.

Italy's Prime Minister on Linux. We just got a pointer to a contribution by Italian Prime Minister Massimo D'Alema to the "The action plan for the development of the information society: a project for Italy" conference which was held in January. Linux is held out as an example of how things can be done. "I find it amazing that an operating system ... has been developed by young volunteers - not tied by a contract or monetary remuneration, outside of a business organization - and that this system is able to compete with that elaborate system from a large multinational corporation, which is the richest company in the world" (Editor's translation). The full text (in Italian) is available from the Prime Minister's web site; Babelfish translations are available for the full text as well. (Grazie a Roberto Bagnara).

Alan Cox on a Chip. For those of you looking for the latest in processing technology, check out Alan Cox on a Chip. It has many interesting features, including an "optional 5C00B1 D00 multimedia coprocessor." (Thanks to Lenz Grimmer)

VA Linux Systems to acquire TruSolutions and NetAttach. VA Linux Systems has announced the acquisition of two more companies. The first is TruSolutions, a maker of rack-mount server systems; the second is NetAttach, which is in the network storage appliance business. TruSolutions went for 1.8M shares of VA stock plus $10 million in cash; NetAttach got 286,000 shares plus $10 million.

Applix Announces growth strategy. Applix has put out an announcement describing its future growth strategy. Among other things, this strategy includes spinning off its Linux division as a separate company.

Lineo gets new director, investments. Lineo has announced that John Egan has joined its board of directors, and that it has received equity investments (amounts undisclosed) from Egan Managed Capital and Motorola.

Lineo to acquire USE, Inc. Lineo has announced the acquisition of United System Engineers, a Japanese engineering firm. The main purpose of this acquisition seems to be to allow Lineo to support its Embeddix distribution on a new set of hardware platforms.

SAS comes to Linux. SAS Institute has pre-announced a port of SAS to Linux, scheduled to become available later this year. "Based on positive customer feedback, as well as the increasing number of Fortune 1000 companies looking seriously at Linux as a viable operating-system choice for their enterprise-wide business applications, we felt that the time was right for us to offer a Linux version of SAS software."

Inprise/Borland announces JBuilder 3.5. Inprise has announced JBuilder 3.5 - the latest version of its Java development environment.

VA Linux Systems quarterly report. VA Linux Systems has filed an SEC report for the quarter ending in January, 2000. In that quarter they had just over $20 million in revenues, and lost $11.5 million. There is also a copy of the consent letter signed by Linus Torvalds allowing the use of "Linux" in the company name.

RealPlayer 7 beta for Linux. RealPlayer 7 beta for Linux is available for download, all you have to do is fill out the forms. (Thanks to Robert Taylor).

Open content encyclopedia launched. A project (called "Nupedia") to create an open content encyclopedia has announced its existence. The Nupedia web site is up, but there does not yet appear to be much in the way of content there. Some people have expressed concerns that Nupedia's license agreement, which includes a strong attribution requirement, may make it hard to use Nupedia's content in other settings.

InterBase 6 for Linux beta available. InterBase has put up the first beta release of Interbase 6 for Linux. No source code as yet - they hope to have something "real soon now"... (Thanks to Daniel Work).

Section Editor: Jon Corbet.

Press Releases:

    Open Souce Products:

  • Intel has announced the release of an open source driver for its ethernet adapter family.

    Commercial Products for Linux:

  • Alias|Wavefront announced shipment of its Maya Batch Renderer for the Linux platform.

  • Chili!Soft has announced the availability of its Active Server Pages implementation for Linux. Linux users in general may not have much interest in ASP, but it could well prove to be an indispensible transition tool for those moving to Linux from other environments.

  • Connectix Corporation announced shipment of Connectix Virtual PC with Red Hat Linux. Connectix Virtual PC gives you a hassle-free way to run Linux on a Mac.

  • Corel has announced that Photo-Paint for Linux will be available for free download. Nobody can accuse them of announcing too late, anyway - it won't actually be downloadable until "early summer."

  • DataLight has announced that its "FlashFX" media manager, which makes flash memory devices look like disk drives, will be supported for embedded Linux applications.

  • ILOG has announced that its Parallel Solver system now is supported on Linux.

  • Intelligent Computer Solutions, Inc. unveiled ICMail 4.2.

  • Lynx Real-Time Systems has announced that BlueCat Linux 1.0 will sell for $299.

  • Novell has announced the availability of NDS eDirectory and NDS Corporate Edition for Linux.

  • Rebel.com, vendors of the Linux-based Netwinder series, has announced its shop.rebel.com site.

  • Sendmail, Inc. announced Sendmail Secure Switch, a next generation Internet Mail routing solution.

  • VA Linux Systems, Inc. announced the availability of the VA Linux Systems 1000 server, a high-performance, very high density rackmount server in a 1U (1.75") format.

    Products Using Linux:

  • Last week our commerce page had an article about a Swedish talking clock, apparently made by a company called Framfab. A couple of readers wrote in to tell us that Framfab was only responsible for about 10% of the system. The rest, we are told, was made by Cendio Systems AB, Telia and Swedish National Testing and Research Institute. Here is Cendio's press release in Swedish. (Thanks to Jan Smith and Jerker Nyberg)

  • Neoware and Csoft have announced a partnership to develop and market Linux-based point of sale and kiosk systems.

  • Red Hat, Inc. announced that its eCos (embedded configurable operating system) is powering Brother International Corp.'s HL-2400CeN & HL-3400CN laser printers.

  • VillageWorld.Com announced that it is in trial testing of its Linux-based Set-top system.

  • Worldwide Online Corp. announced the launch of Phase I of the application development for RegisterOnNet Technologies Inc., of Mississauga, Ontario. RegisterOnNet has developed a Linux based system, supported by an Oracle database application, providing a dynamic, business to business, e-commerce application.

    Products with Linux Versions:

  • Advantech Co., Ltd. announced the SPC-200, a compact thin server.

  • Aestiva LLC announced Aestiva HTML/OS, which allows anyone to design advanced Web sites without CGI programming or the need for complex integration tools.

  • Analytical Graphics, Inc. (AGI), producer of the Satellite Tool Kit (STK) software suite, announced that the next release, STK 4.1.1 and its add-on modules will run on any Linux release compatible with Red Hat Linux version 6.0.

  • BulletProof Corporation released version 4.0 of JDesignerPro, its Java Development and Deployment system.

  • Chronology Corporation announced the shipment of several new advancements to its QuickBench Verification Suite. Linux support is new with this version.

  • Compaq Computer Corporation announced SANworks Storage Resource Manager, an Open SAN management tool.

  • Data Connection Limited announced that DC-Share for Linux has entered external beta testing with full release scheduled for 2nd quarter 2000. DC-Share is a NetMeeting-interoperable, standards-based, H.323- and T.120-compliant VoIP conferencing endpoint.

  • Egan Systems, Inc. introduced an enhanced COBOL runtime environment. Available for an Apache HTTP Server running on Red Hat Linux.

  • GoAhead Software announced the release of GoAhead FieldUpgrader 2.2, the latest version of the company's remote upgrading software.

  • Inference Corporation announced the availability of k-Commerce Sales v2.0.

  • Intergraph Corporation announced availability of the new version of DiskAccess, the Network File System (NFS) interoperability client software. This version has improved connectivity with Linux NFS servers.

  • IONA Technologies announced Orbix 2000, an e-business middleware product.

  • JNI Corporation announced it has released the PC Server DriverSuite, the "world's first" integrated suite of software drivers for Fibre Channel host bus adapters (HBAs).

  • JNI also announced 'Novell Yes' Certification for the Fibre Channel HBAs.

  • Network TeleSystems (NTS) announced the release of the EnterNet Software Developers Kit (SDK), a product designed to assist broadband service providers, chipset vendors, and CPE suppliers who are developing, testing, and demonstrating subscriber-oriented software and related system-level applications. The Linux version of this product comes with source code.

  • PentaSafe Security Technologies, Inc. announced VigilEnt Security Management Solution for e- business.

  • PowerCerv Corporation released ERP Plus version 9.0. ERP Plus is an integrated suite of Customer Relationship Management and Enterprise Resource Planning solutions, and version 9.0 is the first version to support Linux.

  • Rave Computer Association introduced the Rave Systems RackMount-1UAXe, for Solaris or Linux.

  • SoftBase Systems, Inc. announced the availability of NetLert 2.0 software in a version optimized for the corporate call center environment.

  • SolutionsIQ announced the launch of CONNX 8.2, its latest version of data access middleware, which will add support for IBM's recent and current versions of DB2 database on several platforms, including Linux.

  • Sonica Software Corporation announced the availability of Sonictrack-ifs, a Warehouse Management System.

  • One has to wonder what the DVDCC thinks of this announcement from Ultera Systems and NewWave Technologies. It's a hardware solution (supported under Linux) which allows up to twelve copies of a DVD to be made at once - no DeCSS software required.

    Partnerships, Investments and Acquisitions:

  • Here's the press release from BSDi describing the merger with Walnut Creek CDROM. It contains more information on the merger, and includes a mention that Yahoo will be taking an equity investment in the new company.

  • Corel Corporation announced it has signed a Department Individual Standing Offer, with Public Works and Government Services Canada, for Corel business and graphics applications.

  • Eagle Wireless International, Inc. and etoolz, Inc. announced the signing of a letter-of-intent for the acquisition of etoolz by Eagle.

  • Hewlett-Packard Company announced that its WebQoS technology is available for sale anywhere HP OpenView products are sold, and HP WebQoS will be fully integrated into the OpenView Authorized Partner Program.

  • IBM formed a string of strategic partnerships with top wireless and Internet names in Europe and the United States. IBM said it and its partners aim to foster an "open source" community in wireless.

  • The Linux Journal has announced that it will be cosponsoring the "Linux University" events being run by SGI.

  • Merlin Software Technologies announced that IBM has awarded Merlin's PerfectBACKUP+ network backup and crash recovery tool as an IBM Netfinity Partner.

  • Microtest, Inc. announced an alliance with Enhanced Software Technologies. Microtest will bundle EST's Backup and Restore Utility (BRU) with FileZerver allowing users to schedule unsupervised backups.

  • Platform Computing announced support for LSF 4.0, its new application resource management suite, from Compaq Computer Corporation, Hewlett-Packard Co., SGI and Synopsys.

  • Rogue Wave Software announced that the Intel 64 Fund has made an investment in the company, for the development of optimized versions of its cross platform and Stingray product lines for Intel's upcoming IA-64 product family.

  • Sealcorp Computer Products announced that it is the sole distributor of Silicon Graphics products in New Zealand.

  • Silicon Valley Research, Inc. announced the completion of a $1 million funding. The Company is also continuing to focus on the sale of Linux versions of its software that run on Red Hat Linux 6.1.

  • SteelEye Technology, Inc. announced that it has completed the strategic acquisition of LifeKeeper. "LifeKeeper will become the centerpiece of SteelEye's strategic offering for the Linux community".

  • Technauts announced that it has entered into a joint development arrangement with Tata Consultancy Services, a large global consulting company, to open an engineering center in India. Technauts makes a Linux-based eServer information appliance.

    Personnel:

  • Covalent Technologies has announced the makeup of its Apache "dream team", which includes a number of well-known Apache developers.

  • EBIZ Enterprises Inc. announced that Bill Blair has joined their management team as vice president, marketing and vendor services.

  • iBIZ Technology Corporation announced that they have completed employment agreements for new members of their Internet services group. Brad Senff, Phil Senff and Mike Phillips will be managing all technical aspects of equipment implementation, facilities specification and operations. Brad's background indicates significant expertise developing and maintaining Linux, BSD and Unix-based systems.

  • IDC announced Matthew Eastwood has joined the program as research manager.

  • Resonate, Inc. announced the appointment of Alan Button as vice president of sales.

    Other:

  • 1mage Software, Inc. announced the installation of its first Linux-based imaging system to Plastic Dress-Up Co., a manufacturer of awards and recognition components.

  • Centromine, Inc. announced plans to upgrade to the Linux Operating System with Allaire's ColdFusion 4.5 release.

  • Computone Corporation has issued this press release about Linux. "'Last year, we took part in more than a dozen Linux industry events with Caldera as part of our ongoing commitment to the Linux industry,' [Computone president Pickerign] said, noting that drivers for Computone's Gold Card RS-232 serial PCI controllers and its IntelliPort II family of high-speed serial communications products, are incorporated in the Linux kernel source code base."

  • Cybernet Systems, provider of Linux-based software for Internet appliances, posted this corporate profile.

  • EBIZ Enterprises Inc. announced an increase of 268% in unique visitors to its Linux web sites, www.TheLinuxStore.com; www.Linuxwired.net; and www.TheLinuxLab.com.

  • Another company trying to broker Linux support services is eLance, which has put up this page where projects can be posted and consultants found. They currently have several projects listed.

  • This press release compares the web-sites of 5 presidential hopefuls. Al Gore is listed as having the 2nd fastest site, and he is running Apache/1.3.9 on Red Hat Linux.

  • Quicknet Technologies, Inc. reported the success of the IP Telephony Demo Center at the Computer Telephony Expo Spring 2000. It seems Linux was big hit.

  • TurboLinux, Inc. announced that judges at the IT 2000 Sydney computer show had named TurboCluster Server as the Corporate IT Best Product winner for enterprise-class customers and Finalist Best Product honor at the Linux Open Source Expo & Conference.

Section Editor: Rebecca Sobol.


March 16, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


Events

The Linux Expo held in North Carolina for several years in a row isn't happening this year.Evan Leibovitch got confirmation that the show was officially cancelled and provided his reaction.

"Innocence lost. With the Linux Expo fades yet another icon of Linux's innocent early years. While my first Expo experience wasn't until the third show in 1997, even then the atmosphere was one of a small family. I found the event to be quite extraordinary: echoing the nature of Linux's openness, attendance at the conference was free of charge. If you bought admission you could sit in the theater where the presentations were given, but it cost nothing to sit in one of a number of lounges and watch it on closed-circuit screens. Given that one of the lounges was outdoors, it was a pleasant way to hear the newest Linux developments ..."

Products

ZDNet UK reports on the release of Novell NDS for Linux. "What ZDNet US did find out was that although Novell has said at least part of the NDS for Linux code would be open source, none of it -- under any open-source licence -- is currently available. Despite years of open source lip service, the Novell Community licence remains more of a mock-up than a working model."

Here's a News.com story about the announcement of Corel Photo-Paint for Linux. "But Corel has a lead when it comes to graphics software for Linux. The biggest competitor is the Gimp, an open-source program that's distributed along with several versions of Linux. On the horizon, though, is software from graphics powerhouse Adobe, which has begun translating some of its software for Linux."

AboutLinux reviews Corel Linux Deluxe 1.0. "Corel Linux Deluxe is the first distribution (that I am aware of) that ships with a penguin!"

Development

LinuxMall.com has put up an article about resources for blind Linux users. "The innovative and cooperative spirit of Open Source is illustrated best by a group like BLinux (or Blind + Linux). BLinux and its related pages, BLinux-list and BLinux-announce runneth over with questions, comments and tips from all kinds of users and specialists."

Forbes has chimed in with an article about Eazel which is cast in the light of the Gnome/KDE rivalry. "Eazel intends to stay true to the open source spirit by making its interface freely available, just as Linux is. But startups don't get $13 million in funding--Eazel's total so far--just so they can give stuff away. Eazel also has a business plan, which is to make money by using the Internet to remotely install, configure and manage Linux desktops for consumers and businesses."

Simson Garfinkel sounds the alarm in this Security Focus article; according to him, a flood of Linux-based viruses is just around the corner. "No, what's stopped the spread of viruses on the Linux platform isn't technology, but the lack of interest from the virus writers. Why write a Linux virus when the same skills will let you bring up a new web-site and become a millionaire in just a few weeks? But if the economy goes south, we're likely to see a suddenly bloom of viruses from out-of-work overachievers."

Wired News covers the latest in the DVD case. "With scant time to erect a defense, lawyers from the Electronic Frontier Foundation were handed a crushing defeat when a New York city judge on 20 January ordered DeCSS be yanked from the defendants' Web sites. This time, they're better prepared. The letter invokes a slew of procedural reasons arguing why the case should be dismissed -- points that likely will be raised in the New York case as well."

First Monday has run a long, academic article looking at free software as an evolutionary process. "Considering the quality of human resources in corporate realms, however, neither foresight nor individual experience by itself is an adequate account for the superior quality of Linux to its rivals on the market. Nor is it a sufficient explanation that the Linux project has produced an operating system of such complexity and coherence without central planning." (Thanks to Karl Vogel).

Open source software in the schools is the subject of this Wired News article. "Computer science teachers believe that open source encourages creativity and innovation among their students. Students can modify and improve on current software and they learn to be 'empowered programmers.'"

Interviews

ZDNet interviews Richard Stallman about UCITA. "UCITA would make it harder for us to avoid liability for bugs that turn up in the free software we develop -- while giving proprietary software developers a very easy way to avoid all liability for their products, even for faults that they know about in advance. This is grossly unfair."

Infoworld has published an interview with Steve DeWitt, Cobalt's CEO, about internet server appliances. "Open source is the real value here, and the reason why you see Linux with 25-plus percent share in terms of the server side of the equation is not because people are pissed off. It's because it works. It's highly reliable."

Olinux.com.br interviews Ian Clarke, creator of the FreeNet project. "A friend of mine recently asked me a similar question: 'Don't you think that making Freenet available is like giving a knife to a room full of people when you know that one of them is a murderer?'. I replied 'No, I think it is like giving some fire to a room full of freezing people even when you know that one of them is an arsonist'".

The Washington Post asks what Marc Ewing is doing with all his money. Apparently being rich isn't as easy as it seems. "He has cashed out a portion worth $31.5 million and splashed out on new digs. He paid about $8 million for a 12-room apartment on the Upper East Side here. He spent nearly $7 million for the historic Pabst mansion on Chicago's North Shore. It has nine bedrooms and a five-car garage. Plenty of space for himself, his wife and young son."

Business:

Wired News reports on the upcoming Caldera Systems IPO. "Although Caldera only reported revenue of $500,000 for its quarter ended 31 January, analysts expect its stock will do quite well on opening day."

Inter@ctive Week chimes in on Caldera's upcoming IPO. " Despite this illustrious lineage, Caldera doesn't seem to know what it wants to be when it grows up. The company started out as a distributor of Linux. Then it veered in the direction of a professional services company, such as Linuxcare. Now the prospectus says Caldera is concentrating on providing the fully buzzword-compliant 'Linux for e-business.'"

The Red Herring takes a critical look at the Caldera Systems IPO. "Despite their struggles, the other four publicly-held Linux vendors have a big leg up on Caldera. Although the company has been operating since 1994, sales have been pathetically sluggish. Caldera lost $5.5 million in its recent quarter on sales of $553,000, which are up 3 percent from the period a year ago. What's even worse are gross profit margins of less than 1 percent."

Nonetheless, the Red Herring lists Caldera as "Red Hot" on its IPO calendar.

News.com looks at the upcoming IPO round. "'Linux companies have been getting huge pops, then the stocks settle back,' said Jeff Hirschkorn, senior analyst with IPO.com. 'Even though Caldera raised their range today, I expect to see another increase before they go out. And no matter what price they set, these companies always seem to go higher (when they debut).'"

ZDNet ran this article about the declines in Linux stock prices. "What bears watching is how Linux partners handle the cooling-off period. Major enterprise vendors such as IBM and Dell Computer Corp. have bear-hugged Linux and launched major initiatives around the platform. If such large vendors believe they got caught up in the hype, they could easily recoil and scale down investment, further affecting Linux penetration in the enterprise."

The Montreal Gazette reports on the snags in the Corel/Inprise merger. "Based on share prices before the announcement, Corel was to pay $1.1 billion U.S. in shares to acquire Inprise. The value of those shares has now fallen below $800 million U.S. Dale Fuller, Inprise's interim chief executive, told Corel's shareholders that this decline should be seen in the context of a weakness in the over-all market for Linux technology - especially considering that the Corel-Inprise merger is being billed as the making of a Linux powerhouse. 'I would be worried if the whole Linux community was going in the opposite direction to us,' he said."

The Ottawa Citizen looks at the problems with the Corel/Inprise merger. "Originally designed to create a powerhouse in the developing field for Linux-based products, the deal has suffered because Linux-based stocks have fallen out of favor with investors."

Here's a News.com article about Lineo's acquisition of United System Engineers. "The 15-year-old firm will help Lineo explain to prospective customers why they might want to switch from existing operating systems to Lineo's version of Linux for set-top boxes, factory robots and other 'embedded' devices..."

Rick Lehrbaum has written a Dr. Dobb's article on why embedded Linux is interesting. "But is Linux, like Windows, too large and demanding of system resources to fit the constraints of embedded systems? Well, unlike Windows, Linux is inherently modular and can be easily scaled into compact configurations - barely larger than DOS - that can even fit on a single floppy. What's more, since Linux source code is freely available, it's possible to customize the OS according to unique embedded system requirements."

The Australian Financial Review has posted an article about IBM's Linux team. "It is a team that is growing in line with a tenfold increase in IBM's commitment to Linux this year. IBM last month announced top-to-bottom support for the free software right across its hardware, software and services businesses."

LinuxMall.com has run a column by Mark Bolzern looking at Microsoft's position on Linux. "Microsoft's contradictory position on Linux as a viable competitor seems indicative of the difference between the marketplace and the court. It also indicates that Microsoft senses a paradigm shift similar to the shift that allowed Microsoft to replace IBM as the dominant force in the computer industry."

USA Today ran this introductory article about our favorite OS. "Linux was relatively unknown just two years ago. Today it powers 31% of all Web servers -- the machines that run Web sites -- and is used in cutting-edge devices such as pocket-size computers and set-top boxes. IBM, Sun Microsystems, Dell Computer and Intel are embracing Linux, creating products to support the operating system and investing in Linux-based businesses."

Finally

The latest Linuxcare 'Dear Lina' column is about PPP connections and converting over to Debian. "Now, wouldn't it be easier to put in another drive? Maybe. Possibly you were hoping it was easier than this. And just possibly, someone will put together a conversion kit for RedHat users, one rpm and boom, you're on Debian now. Or vice versa - it's just as hard the other way, you know."

Fairfax IT talks with an IBM executive about how almost all college graduates have Linux experience these days. "We talked to a CIO (chief information officer) of one of the top 20 websites in the world and he said he was considering moving to Linux because he couldn't get enough people with skills for his current proprietary OS."

Walter Effross reviews Neal Stephenson's "In the Beginning...Was the Command Line", calling it a new generation's "Zen and the Art of Motorcycle Maintenance." "In [Stephenson's] analysis, Windows 95 becomes a 'colossal station wagon,' Windows NT a 'hulking off-road vehicle,' Apple's operating system 'sleek Euro-styled sedans' and competitor BeOS 'fully operational Batmobiles.' Best of all, though, is Linux, an indestructible, maneuverable and fuel-efficient armored vehicle that, astonishingly, is available free."

Here's an introductory article in The Hindu. "You can recognise them at twenty paces, and not just by the unwashed jeans, the unkempt hair and the thick glasses. They stand apart from other programming freaks by the sheer intensity of their commitment to their favourite operating system. For them, Linux can do no wrong."

This osOpinion column takes Linux to task for its multilingual support, or lack thereof. "For all Linux lovers, I'm sorry to say this: Linux is useless for me as a work platform. I installed it out of curiosity, a desire to learn a new way of operating the machine. There are many applications - the 'No Applications' FUD cannot be waved - but for my line of work, multilingual work, Linux lacks what I need - full Unicode support."

This OSOpinion piece looks at the dangers of over-commercialization in Linux education. "While I should have been grateful that Linux is mentioned as often as it is, There is a danger here... if you promote Linux as some simplified item, then the student will quickly be disillusioned and frustrated when he or she faces Linux' raw power (and sometimes in its raw fury, especially if you screw up a command as root.) A disillusioned Linux student stands a very good chance of becoming a hardened anti-Linux decision-maker further on down the road."

Andover.Net has run this installation nightmare story. "I think I need a nap and a few hours to let the caffeine wear off. That's not to say that I'm having a bad time -- quite the contrary. This reminds me of the time more than a decade ago when I was first becoming familiar with DOS. It was fascinating, and learning my way around Linux is no less so." (Thanks to Cesar A. K. Grossmann).

Section Editor: Rebecca Sobol


March 16, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

Linuxcare has put up a page comparing Linux word processing systems. There's also a form for readers to input their own reviews.

LinuxLinks.com presents its checklist for newbies - a page of information on how to get started with Linux. It's in FAQ format, with questions like "what is the best Linux distribution?" and "how do I download Linux?"

The tenth issue of PerlMonth is now available.

Linuxer is a new magazine, in Chinese which covers Linux and BSD. (Thanks to Ambrose Li)

Events

Andover.Net announced that it will sponsor the Geek Pride Festival being held in Boston from March 31 through April 1.

Here's a press release hyping the upcoming Linux Business Expo in Chicago. "On April 19, John A. Johnson, Director of Information Services for Papa John's International, Inc., will discuss the pizza restaurant's migration to the Linux environment."

Web sites

internet.com has announced the addition of a Chinese version of LinuxStart.com, and a new French news feed as well.

User Group News

Swedish/Danish SSLUG recently welcomed its 5000th member.

Jobs

Wirex has three jobs, one for a Linux Developer, a Compiler Specialist, and a Network/VPN Engineer.

March 16, 2000

   

 

Software Announcements


Package Version Description
5DT Data Glove Driver 1.02 A Linux/Unix/Win32 driver for 5DT Data Gloves.
ACS 0.5.4 GPL licensed multi-line voice response telephony platform
Address Book 1.1-LeMay A very simple Web-based, MySQL-backed address book.
Aegis 3.21 Transaction-based software configuration management system
AeroMail 1.26 PHP based e-mail client
AfSoek 0.2 Afrikaans computer term search tool
AirTraffic 0.1 An air traffic controller game.
aKtion! 0.4.1 KDE video player based on xanim
Alexandria 0.0.2 A Java source code/CVS manager.
Algae 0.1a A C++ matrix math library.
Allen Bradley Ethernet utils 0.1.7 Simple utilities for Allen Bradley Ethernet PLCs
ALSA driver 0.5.6 An alternative implementation of Kernel sound support
AoNettool - Alex's own Nettool 0.9a revision 2 A graphical frontend to finger, whois, traceroute, nslookup and ping.
Apache 2.0a High performance, UNIX based HTTP server
apachedb 0.09 Logs Apache transfers into a mysql database.
APSEND 1.51 TCP/IP packet sender
Artec As6e Scanner Driver 0.4.0 A driver for the Artec As6e parallel port scanner.
ascpu 1.9 A CPU load monitor.
BAIM 0.5a A BitchX AOL Instant Messenger plugin/module.
BASHISH SR1 A modular Bourne-shell theme engine.
bbkeys 0.3.1 A key-grabbing tool for Blackbox 0.6x.0.
bcnu 1.21 Powerful Web-based client-server system monitoring
BEAST/BSE 0.3.2 A music composition and audio synthesis tool.
BibleReader 0.2.1 Bible browsing program using Gtk
Big Brother 1.4b Highly efficient network monitor
Binary Grabber 1.3.4 Automated tool for downloading binaries from UseNet newsgroups.
BioMail 0.50 A program to send new references from a Medline database to its users.
Bluetail Mail Robustifier 2.0.1 Unix clusters specifically for email
bOmb! 0.1 A networked Bomberman clone written in Java.
boxes 1.0 ports Draws any kind of box around some given text
bras 0.99.2 rule based command execution with Tcl
BsdScan 0.5.1 Simple port-scanning utility
BTW Calculator 0.0.3 Beta 1 A program that adds taxes to a price.
BW whois 2.2 A whois in perl that works with the newly mangled whois system as of 1 Dec 1999.
Cardfile 2.0 A simple curses-based flatfile database.
Cawfee CGI SDK 0.12 A C++ CGI library.
cdrecord 1.8.1a02 Allows the creation of both audio and data CDs
CD_Aud 0.86 A CD-ROM audio-playing class for C++.
CGI Fortune Cookie 1.1 A Random Fortune viewer CGI.
Circus Linux! 0.0.2 A clone of the Atari 2600 game.
class.overlib.php3 0.4 A PHP class to easily construct popup windows.
class.tree.php3 0.2 A PHP class for easy construction of expandable list trees.
CLISP 2000-03-06 ANSI Common Lisp interpreter, compiler and debugger
code2ref 0.07 A reference generator for C/C++ header files.
CodeCommander 0.3.20 Multi language programming IDE.
Comanche 2.0b1 Multiplatform configuration manager for the Apache web server
Common C++ 0.9.0 A portable environment for C++ threads, sockets, etc.
Common UNIX Printing System 1.1b2 Internet Printing System for UNIX
Condor 6.1.12 A distributed batch system that takes advantage of idle cycles of computer
CONFIG:: 0.99.09 Cached and Pre-parsed file reading.
console othello 0.03 The Classic Othello Board Game
console-apt Console APT 0.6.7.3 AptFind is an ncurses interface for finding and installing packages using APT.
CoreLinux++ 0.4.11 A set of C++ class libraries to support common patterns in software development.
Corewars 0.9.5 A simulation game.
ctheme 0.8.3 A console palette tool for themes and effects.
curl 6.5 Command line tool for getting data from a URL
daemontools 0.70 A collection of tools for managing UNIX services.
DBIx::AnyDBD 0.97 DBD Abstraction Layer
dbm 0.12 A command-line based DBM file editor.
Deadman's Redirect 1.2.2 A feature-added PHP redirect script.
Deltree 2.2.3 A Windows Recycled.bin-like program under UNIX.
Diablo 1.29 Fast and efficient NNTP newsfeeder software
DialControl 2.7.0 Remote control for Internet/WAN connections of a masquerading server.
Disc-Cover 1.0.0 Generate covers for audio cds non-interactively using cddb
dissipate 0.1 An SIP library.
dnscache 0.93 Domain Name System tools.
doxygen 1.1.1 A documentation system for C and C++
Dr Geo 0.8.4 Interactive geometry program.
Drall 1.1.3.1 Allows users to access their directories and files remotely via a web browser
DreamBot 0.0.6 pre6 IRC Bot written in Perl
dribble 0.0.3 alpha A simplistic workflow library.
dsniff 1.6 Sniffing utilities for network security testing.
Dump/Restore 0.4b16 Utilities to dump and restore an ext2 partition
DynamicJava 1.1.1 Java source interpreter
dyndns_s alpha 0.2 A daemon/client combo for updating named records with dynamic IPs.
E-FancyLauncher 0.7 Enlightenment button launcher epplet.
E-SETImon 0.2.3 SETI@home progress monitor epplet
Ecomready Eshop 1.2 A complete e-shop solution with front-end and administration.
eiffel-fftw 0.1 An Eiffel interface to FFTW.
ELE 0.4 Realtime audio effects and sample looping.
Ellipsis 0.2.1 A C++ library for parsing VRML.
Empire 4.2.7 Complex internet multi-player real-time wargame.
envelope 0.53 Envelope Printer
Epona 1.0pre2 Nick, chan, memo, and bot IRC services.
etherape 0.2.7 etherman cloneto graph net activity in real time.
Etherboot 4.4.4 Source code for making TCP/IP boot ROMs to boot Linux and other OSes
eyep-updater.sh 1.1 A shell script that updates your IP for eyep.net dynamic DNS.
ez328boot 0.04 A bootstrap debugger for Motorola 68EZ328.
fancylogin 0.99.6 A powerful login program.
Fastresolve 2.5 Fast log file IP address resolver and utilities
FaxMail 0.03 efax utility to forward the faxes as jpeg images to your e-mail.
feh 0.6.4 Fast image viewer / indexer / montager which uses imlib2.
fetchmail 5.3.3 A free, full-featured, robust, well-documented remote-mail retrieval utility.
Finder 0.1.6 A utility to find files.
FreeAmp 2.0.5 Open Source MP3 player
FreeBSD 4.0-RELEASE A stable secure open source operating system.
gASQL 0.5.1 A frontend to administer a Postgres database.
gbiff 0.4 An xpbiff replacement program.
GCO 0.2.1 A database for keeping track of your comic collection.
GCoo 1.1 Send an email to yourself or play a sound at a specified time.
gd 1.8 A library used to create PNG images
GDAM 0.918 Geoff and Dave's audio daemon, dj mixing software.
GDancer 0.1.12 A dancing Space Ghost XMMS plugin.
GEXml 0.03 A graphical XML editor.
GKrellM 0.9.6 System monitor package
glFtpD 1.19 FTP Daemon for Linux. Great program for an ISP or anyone!
GMatH 0.2 Computer Algebra Environment
Gnapster 1.3.7 GNOME Napster client
Gnews Alert 0.2 Semi-Real-Time news alert for the GNOME
Gnofin 0.8.0 A simple GNOME checkbook application
gnome-passwd 0.1.0 A GNOME program for changing passwords.
gnome-python 1.0.52 Python interfaces to gnome-libs
GNU Phantom.Home Beta0.62a Home Automation
GNU Phantom.Security 1.00 Computer Controlled Security System
GNU shtool 1.4.8 Shell Script Collection
GnuCash 1.3.2 A program to keep track of your finances
go-moku 0.4 Console based Networked GO-MOKU aka Five in row game.
Goal 0.1 General purpose libraries for C++ programmes
gocr 0.2 Optical character recognition software.
Gorm 000215 Graphic Object Relationship Modeler
gPS 0.7.2 GTK-based process status reporting like ps, top and task manager
gpstrans 0.35 up/download track,routes,waypoints-data to/from Garmin GPS
GQL 0.0a0.2 Generic C++ SQL interface library.
GRacer 0.1.5 A 3D motor sports simulator.
Groups, Algorithms, and Programming Groups, Algorithms and Programming (GAP) 4.2 A computer algebra system for discrete mathematics.
gruftistats 0.2.1 IRC web stats generating program
gShield 1.5.4 Godot's Modular Firewall
GSokoban 1.0 A GNOME implementation of the Sokoban game.
Gsysboard 20000310 GTK+ application which show informations in real time about the system.
GTimer 1.1.5 Scheduler for your personal activities
Gtk-- 1.2.0pre1 C++ interface for the popular GUI library gtk.
gtk-manix 1.0 A Pacman-style game for GNOME.
GtkExtra 0.99.3 A widget set for GTK+.
GtkExtra-- 0.5.3 C++ wrappers for GtkExtra, for use with Gtk--.
GtkFortune 0.10 GTK+ Based frontend to Fortune
gtkmail 0.9.1 gtk-- mail client
Guppi 0.34.3 GNOME application for plotting and analyzing data
Gutenbook 0.1.8 The original Perl/GTK+ application for reading Project Gutenberg Etexts.
Gxrio 0.04 A graphical Rio utility.
Half-life Admin MOD 0.70 A plugin mod to Half-Life.
Heise Newsticker Backend for PHP 0.3 A PHP-Backend for Heise Newsticker.
Hextego / TkHextego 0.0.1 A two-player Hex-based Stratego game.
Hissim 1.1 A history generator for WorldForge.
HPFind 1.20 A script to search user directories for webpages.
htdump 0.9t A WWW automation and debugging tool.
Hugo 1.1.0 Moving map software for UNIX/Linux
ICI 2.1.4 A dynamic, interpretive language with C-like syntax
id3tool 1.1e Command Line tool for editing ID3 tags on MP3s.
IDS 0.1 CGI that produces image galleries on-the-fly.
ImView 0.3 Image viewer for scripts
InfraRed-HOWTO 2.11 How to use the software provided by the Linux/IrDA project.
Install-Sendmail 5.3.1 install-sendmail will configure sendmail and fetchmail for you.
IRC2WEB 0.3 A gateway for the IRC protocol to several WebChats.
irssi 0.7.28 GTK+ based IRC client with GNOME panel support
irXxD 0.11 A library for sending/receiving infrared remote control codes.
isdn-config 0.6-10 An ISDN configuration tool.
ispdb 0.1 An ISP customer billing system.
ivtools 0.8.1 Application frameworks for drawing editors and spatial data servers
j 0.2.1 A programmer's editor written in Java.
jdbtool 0.3 GPL Java Graphical Debugger
jEdit 2.3final Powerful text editor
jpilot-Mail 0.0.2 A mail plugin for jpilot.
JRobots 0.9 A programming game implemented in Java.
jrt 0.2 Retrieve astronomy related postscript journal articles
juice 0.03b User friendly dialog-based frontend for mpg123 and other players.
Karchiveur 0.80 A little archiver for KDE, like ark but more powerful
Kazlib 1.17 Robust ANSI C data structure library.
kcd 4.16.0 Directory change utility.
KEasyISDN 0.5 Frontend to isdnctrl and onlinecounter.
Kexx 1.1.2 Shoot'em up for Linux/Win32/BeOS
Kgutenbook 0.5.4 KDE port of the perl app gutenbook, to download, and read etexts from Gutenburg
khrono 1.2 A watch/timer/countdown utility for KDE.
kmpg 0.5.4 A mp3 player for the K Desktop Environment.
Knight Rider MP3 Player 0.5-2 An interactive car MP3 player.
KShell 0.3 Wrapper to shell that restricts hosts, ttys, multiple logins and more.
kTFXshell 2.6 KDE frontend for tfmx-play
KVolume 0.1.2 A KDE-panel volume control
KWebGet 0.4 Download and Mirror-Utility for the KDE-Project
KWMount 0.5.0 A frontend for Samba.
lagoodbc 0.1 An ODBC driver for the lago database.
LANdb 0.90.1 Your entire network in a Web-based database application.
Lanlord 0.3 A dhcpd lease reporting program. Uses CSS to modifiy report
LDE lde 2.5 A Linux disk editor with ext2 and other fs editing.
LeanEdit 1.6.6 XML editor written in Java.
Ledcontrol 0.2.0 Shows info on your keyboard's LEDs.
less 352
lftp 2.1.10 Sophisticated command line based FTP client
libgaudio 1.2 A game audio library.
libglade 0.12 XML-based runtime user interface loader for GNOME
libiconv 1.2 Character set conversion library, portable iconv implementation
libnatl 0.0.1 A network audio tuning language (NATL) parser.
LibPenguinPlay 0.1.0 A game utility library.
libxml 2.0.0 The libXML library.
Licht 1.1 An X11 client/server DMX lighting application.
Lift Off Java Installer 0.2.2 An installer for Java applications.
LinkChecker 1.1.1 LinkChecker is a URL link checker
Linux Preview Headlines Browser 2.0-1 Headline browser for the popular spanish Linux news site NCC
Linuxconf 1.17r6 Sophisticated administrative tool
lm_sensors 2.5.0 LM78 and LM75 drivers
lomega 1.01 Iomega tools supporting Zip, Jaz, File Manager, Trashcan, and Backup.
Lout 3.19 Document formatting system
Lynx 2.8.3dev.21 Fully-featured, text-based World Wide Web browser.
MadHouse Forum Manager 1.06.0 A flexible forum manager.
mail2news-easy 2.4-3 Converts mail to news and news to mail.
maildrop 0.99.1 maildrop mail filter/mail delivery agent
MailStudio 2000 3.0 Free web based e-mail server solution
makeHTML 0.06 Script for generating HTML code
mary 1.0a51 native code optimizing Forth compiler for PIC microcontrollers
matrixfortunes 0.1.0 A fortune file with quotes from The Matrix.
mcrypt 2.5.1 A replacement for the old unix crypt(1). Uses several block algorithms.
mdate 1.0.5 A freely-available mayan date program
medown 03152000 An efficient download utility for a list of mirror URLs.
MemoPanel 1.7 A tiny memo applet on the GNOME panel.
mibfm 0.1 A utility for transferring files to/from iButtons.
Micq 0.4.4 Publically available ICQ clone for the console
MindTerm v1.2pre5 SSH-client in pure Java, includes stand-alone ssh- and terminal(vt100)-packages
MiniVend 4.02 Powerful freely redistributable shopping cart package.
Mino 0.6.3 An XML parser.
MisterHouse 2.11 Home Automation with Perl
Modicon Ethernet Library (MEL) 0.0.1 An ethernet library for Modicon PLC's
mod_backhand 1.0.8 Local-area, heterogeneous web cluster load balancing module for Apache.
mod_layout 1.1 Layout module for Apache.
mod_perl 1.21_03 Brings together the fullpower of Perl and the Apache HTTP server
mod_repository 0.3 An Apache module that creates a file repository.
moon-buggy 0.4.1 A game in which you drive a car across the moon.
MP3info 0.7 A simple utility to read and write MP3-TAG info.
Mp3Jukebox 0.4 Internet/Web-based Mp3Jukebox
MP3VoiceControl 0.0.1 voice-controlled MP3 jukebox
mpatrol 1.1.1 A library for controlling and tracing dynamic memory allocations.
Mptn 0.3.0 Regexp-like pattern matching library
MTXL 1.4.4 A media changer control program for SCSI tape changers, jukeboxes, etc.
MultiNet 2.2 An easy IP-address switcher.
Mutt 1.1.9 Small but very powerful text-based mail client for Unix operatingsystems
MuX2d 0.2.1 WYSIWYM editor for MusiXTeX.
mwForum 1.0.0 Web-based discussion forum
MySQL Import 1.0 Imports data into MySQL with a Web browser.
MySQLMailer 1.0b2 A local delivery agent with MySQL lookup.
MyThreads-Links v0.5.5 Yahoo like links manager writen in PHP/MySQL
nano 0.8.8 Pico editor clone with enhancements.
NCO 1.1.46 Operators for netCDF and HDF self-describing data files
NeoMail 0.65 A Web-based interface to user mail spools on a system.
Netrek: Multiplayer Battle Simulation Game 3.0.2 A 16-player graphical real-time battle simulation.
new 1.0.0 A simple template system.
NewsPic.sh 1.1 A news reading shell script.
NFC 0.9 Extensible client/server chat program written in Java.
NFTP 1.62.b3 Powerful, full-featured FTP client
NMPEG 0.02 control for use with MPEG decoder
Nucleus XFonts 0.67 A fixed width font package for X
oftpd 0.1.2 Yet another anonymous FTP server.
omniORBpy 1.0 pre 2 CORBA ORB for Python
OpaL Database Administration Tool 0.1.0 Database Administration Tool
OpaL Mirror Tool 0.1.2 Web mirror tool
OpenMuscat 0.1.0 High performance probabalistic search engine library.
ORBit-Python 0.1.1 Python bindings for ORBit.
Outlook2Ical 0.1 Convert MS Outlook Caledar to Ical (.calendar).
Overflow 0.1.0 A visual scientific programming environment.
OWSKiller 3.0.4i-Cocoon Replacement for Oracle Web Server based on Java Servlets
Paw 0.50 Perl ASCII Widgets
pgp4pine 1.74 An interactive program for using PGP with Pine.
phone-list 0.1.9 Company Phone list for LDAP and PHP.
Phorum 3.1 RC1 Phorum is a web based discussion software written in PHP
Photo Collection 0.1 A web-based picture organizer.
Photoseek 0.1.8 A Web-based image cataloging and management system.
PHP Picture Voting Booth 0.0.1 Let your website visitors vote on pictures
PHP4-Beta4pl1 + Japanese libgd patch 0.2 A Japanese patch for PHP4+libgd to enable use of Japanese characters in images.
phpMyChat 0.7.1 chat system based on PHP and MySQL
phpSched 0.4b Schedule creation and maintenance for shift based departments
PicMonger 0.9.0 Scans Usenet newsgroups for UU- or MIME-encoded binaries and decodes them.
playlist 2.0 Generates lists in plaintext and HTML for a directory tree of music files
playmp3list 0.92 A console-based MP3 player frontend for mpg123.
pmc 0.5 A Perl/GTK mail client.
PMTS: Templates for Tiny Websites PMTS 1.1 Simple and extensible webpage template system
pngcrush 1.3.6 An optimizer for PNG files that can also insert or delete specified chunks.
Polarbar Mailer 1.16a A POP3/IMAP4 GUI Java email client.
popa3d 0.4 A pop3 daemon which attempts to be extremely secure
portfwd 0.10 Forwards incoming TCP connections and UDP packets.
Postfix 19991231-pl05 The Postfix MTA
PostgreSQL-php Shopping Cart 1.0 PHP shopping cart for PostgreSQL
Powertweak-Linux 0.1.10 System performance enhancer.
pppdropper 0.0.3 A line-usage-based PPP connection dropper.
PresTiMeL 0.5 A tool to create HTML presentations.
printerdb-utils 1.1-1 Editing functions for RedHat's printerdb configuration file.
PSXDEV 1.0 release 6 A development environment for the PlayStation.
PTimeTracker 1.5.1 Track the time spent on different activities.
PTlink Services 2.1.3 IRC Registration Services
pwcheck_mysql 0.2 MySQL password authentication for the Cyrus IMAP server.
Pybliographer 0.9.7 tool for bibliographic databases manipulation
pycmail 0.0.6 An incoming mail sorter written in Python.
pyle 0.1.7 A WikiClone.
PyNcurses 0.1 A Python binding for ncurses.
Python Remote Procedure Calls 1.1 Python classes for easy client/server programming based on SocketServer.
QDMerge 0.54 A utility to generate documents from a template and data files.
Qpopper 3.0b36 POP3 server
QpThread Library for C++ 1.0.0 Thread library for C++ with support for signals, exceptions, timer etc.
QScheme 0.3.2 Really fast, small and easy to interface Scheme interpreter
QStick 0.6 Send keyboard messages to X from Linux-supported joysticks.
Quanta+ 0.99 HTML editor for KDE
Quiz Cards 0.1 A Java flash card application.
rch 0.2 An rc script handler.
RealPlay 0.0.41 A Linux console interface to SidPlay, including STIL support.
RealPlayer 7.0 beta Plays streaming audio and video over the Internet
Recall 0.4 Framework for replicated fault-tolerant storage servers.
Remind 03.00.21
Replicator 1.4 Automatic replication of a Debian GNU/Linux installation.
Restaurant Guide 1.2 A PHP/MySQL eatery ranking system.
ripple 0.5 Water Ripple X Eyecandy
Rlab 2.1.05 Mathematical program similar to Matlab
rol_demo 0.01 Modeling package for interactive 3D graphics.
Romanian KDE-1.1.2 translations 1.1.2BETA3 Romanian PO files for KDE-1.1.2
rp-pppoe 1.7 A user-mode PPPoE client.
RPM 3.0.4 Red Hat's package management system
rpmlint 0.10 rpm error checker.
rprint 0.09 A remote printing tool.
Saint 2.0 beta 2 Security Administrator's Integrated Network Tool
sawmill 0.25.2 Extensible window manager
SCAIN 2.0 alpha A simple crypto algorithm.
SCREEM 0.2.3 Site CReating & Editing EnvironMent
sendfaKs 0.4 A wrapper for sendfax
SendIP 0.0.3 A commandline tool to send arbitrary packets.
series 2.0.2 SERIES iteration package for Common Lisp
SETI@Home Client 2.03 Distributed SETI data-analysis client
setup 1.2 Graphical installer for Unix applications based on GTK and XML
sfront 0.57 Translates MPEG 4 Structured Audio to C
sharesecret 0.1.0 A utility to split or join a secret using a threshold algorithm.
SICKnotes 0.6a A Web-based inventory, configuration, and knowledge base.
Simple Web Server 0.5.1 Simple web-server
Sing Along Disc Player 3.0.1 CD player with spectrum analyser, oscillator, mixer and remote DB support
Site Studio 1.0 Online template-based Web site creation tool.
siteupdate 0.3 Perl scripts to ease site synchronisation
slackjaw 3.5 Bot for FirstClass server chat rooms
SlashWatch 0.8 A PHP news-grabber from news sites, stored in a MySQL Database.
sn 0.3.2 Hassle-free usenet news system for small sites
SNAC 0.2 SNAC's a Neat Algebraic Calculator
Snoopy 0.92 Snoopy is a PHP class that implements web client functionality.
SoundTracker 0.5.0 A music tracker for X / GTK+
Spruce 0.5.18 Simple email client coded for X with the Gtk widget set
sqlsession 1.0 A PHP library for MySQL-based session management and variable registration.
Squidtaild 2.1a6 Squid monitoring program with plug-in filter support.
SquirrelMail 0.3.1 A PHP4 Web-based email reader.
sr 0.1.0 PHP script for Site Reviews
srecord 1.5 A collection of powerful tools for manipulating EPROM load files
Stella 1.1 An Atari 2600 VCS Emulator
SUBTERFUGUE 0.1.2 Framework for building tools that observe and play with the reality of programs.
SuckMT 0.50 A multithreaded suck replacement.
swapd for Linux 0.1 A dynamic swapping manager for Linux.
SXP 0.061 Simple XML Persistence Library for C++
syslog-ng 1.4.2 A portable syslogd replacement with enhanced, flexible configuration scheme.
tab_merge_pdf 0.1 Merges tab-delimited data into a PDF document with forms.
tcpdump2ascii 2.00 Perl program which decodes tcpdump hex output to ASCII
TeXmacs 0.2.4b W.Y.S.I.W.Y.G. technical text editor
tfmx-play 0.2 A player for TFMX music modules (an Amiga game music format).
The Exchange Project Preview Release 1 An online shop project written in PHP.
The Harbour Project Alpha Release 32 An open source, cross platform xbase compiler
The Nebula Device 2000-03-14 A free, portable game engine.
ThoughtTracker 0.5.1 Knowledge base application storing arbitrarily linked notes.
threads 2.0.2 A C++ library for working with threads under Linux.
Timer_q timer_q 0.9.0 Shared C library for creating timed events (doesn't use alarm()).
Tk 42 0.2.1 A networked 42 (dominos) game.
Trf 2.0p6 Filtering channels for Tcl, MAC, Encryption, Error correction, various encodings
TWIG 2.2.3 A web-based IMAP client written with PHP3
twin 0.2 A text-mode window manager and terminal emulator.
txtbdf2ps 0.7 A script that prints plain text to PS using a BDF font.
ucspi-tcp 0.87 TCP client-server command-line tools.
UdmSearch 3.0.9 Fast WWW search engine for your site
ULW 0.5 Analyze custom Apache logs for hits by User-Agent and Remote-Address.
unifdef 1.0 Removes #ifdef'd lines.
unixODBC 1.8.7 Provides ODBC 3 connectivity for Unix
unsquid 0.2 Dumps Squid cache files, preserving site layout.
Uptime Client 4.10 Keep track of your uptime and compare it with other hosts.
Uptimed 0.1.4 Uptime record daemon keeping track of the highest uptimes the system ever had
Vide 0.2.2 File manager with vi keybindings
vsound-patch 2 A patch for vsound, a 'virtual audio loopback program.'
VTun 2.1b3 Virtual Tunnels over TCP/IP networks.
wakeup 0.0.2 An interactive MP3 alarm.
Watchdog Service Cluster 2.1.0.3 A modular multiple-platform High Availability system.
Watchdog Service Cluster Light 2.1.0.3 A High Availability system for Linux.
WaveLAN/IEEE driver 1.0.4 A kernel network device driver for WaveLAN/IEEE wireless network card.
Web Designer 0.1.0 An HTML editor built in C with GTK
Webalizer 2.00-6 Web server log analysis program
webcamII.pl 0.2 Graphical frontend for webcam tools
WebPrint 0.01 Print files via the Web.
webshout 0.96 Control shout playlists via CGI.
Webwatcher 0.1.2 A tool for helping to manage web content.
WeirdX 1.0.9 A pure Java X Window System server
wget_worker 1.04 release 5 A Perl script that uses wget to download from the Web in parallel.
wmpinboard 0.99 Window Maker pinboard dock-app
wmScoreBoard 0.20 Shows sports scores on the WindowMaker Dock.
wmtheme 0.6.1 A window manager theme utility.
wmusic 1.2.2 a remote-control DockApp for xmms
wordtrain 0.4.3 Vocabulary trainer
WreckedNet IRC Services 1.1.5 Channel, nick, memo, and oper services for IRC Networks
X-Chat 1.4.1 GTK+ based IRC client, similar to AmIRC (Amiga).
x-wvdial 0.16 An X11-based frontend for wvdial.
XawTV 3.10 TV application and a few utilities
Xcdda2wav 20000313 An X frontend for cdda2wav.
XDC 0.4.3 X Client for DialControl
XEBOT 0.7.00 Visual GUI application builder and self contained execution environment
XFree86 4.0 Freely redistributable implementation of the X Window System
XLoadtime 2.1 A replacement for xload.
XMail 0.34 An SMTP/POP3/popsync/finger server.
XML Parser for Java 3.0.1 XML Parser & Generator for Java
XML::Node 0.10 Simplified interface to XML::Parser
xmms-tfmx 0.1 A TFMX input plugin for XMMS.
XPilot 4.2.0 A multi-player 2D client/server space game.
xpuyopuyo 0.3.4 Tetris-like puzzle game with AI
XRally 0.9 An X11 clone of the Rally X arcade game.
xrate 0.0.4 A transfer-rate measurement utility.
xremote 1.3 Tool for grabbing mouse and keyboard of another display.
XRolyPoly 1.5 A GTK+ addressbook.
XShipWars 1.33e Space oriented highly graphical network game system.
Xskat 3.2 Skatordnung card game, playable against humans or the computer
XTux Mar 11 Humorous Arcade game for X
xxdiff 1.4.1 A graphical file comparator and merge tool.
Yams 0.6.1 An e-commerce package written in Perl and utilizing a MySQL database.
YAWMPPP 1.1.1 Yet Another Window Maker PPP dock applet
YConsole 2.06 A graphical console for controlling Y Sound Servers.
YumfK 0.5 A libmikmod/mpg123/MySQL frontend.
Zebra 0.85 Route Server and Route Reflector daemon
ZMech 1.3.00 State machine development tool
Zombie 0.71 Library and server for developing networked apps/games.
 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux links of the week


Are you stuck behind an oppressive firewall? When things get really desperate, have a look at MailTunnel, which somehow actually manages to tunnel TCP/IP connections through a series of email messages...

The i-opener is a $99 flatscreen computer system sold by Netpliance. The system runs a special version of QNX, and is intended to make money via ISP fees - it only connects to Netpliance's proprietary service. People have figured out, however, that, with the addition of a cheap disk drive, these systems can be made to run Linux. For information on how to make a bargain-basement Linux system, see this page on linux-hacker.net (where you can also buy the needed drive bracket and cable), or the i-opener Linux page. (Thanks to Dub Dublin and Gordy Perkins).

Section Editor: Jon Corbet


March 16, 2000

   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Thu, 9 Mar 2000 16:50:01 -0500
To: lwn@lwn.net
Subject: Something to think about...
From: Zygo Blaxell <zblaxell@genki.hungrycats.org>

This is possibly an abuse of statistics...no, wait, I take that back.
This is _definitely_ an abuse of statistics.  But it's interesting to
think about this nonetheless, especially in light of FUD-generators who
like to point out that Linux is "unstable", meaning that it changes often,
as if that were something undesirable.  The obvious question to ask
a FUD-generator is "how stable does software have to be, before it
becomes good?"  The following may be an answer, and I think it'll catch
a lot of FUD-generators off guard...

I was recently auditing some data I had collected from the Debian project
and came across the following statistic:  Code changes are submitted to
or accepted by the Debian project once every 13 seconds to 7 minutes
(depending on time of day).  In other words, in the time it takes to
dial a 1-800 number, someone may have fixed a bug in or added a feature
to Debian, sometimes before the first ring, and definitely before you
finally get off the holding queue and talk to a real human being. 

By contrast, the Linux kernel often sits idle for just under 6 minutes
at a time without anyone even discussing, much less submitting, patches
for it.  Bug fixes can take several hours to get integrated.

(This data comes from the debian-devel-changes@debian.org and
linux-kernel@vger.rutgers.edu mailing lists.  If the results are
reproducible at all, the errors are at least one order of magnitude.)

Interestingly enough, many people feel that Debian is a Linux distribution
that is technically superior to a number of similar Linux distributions
which are revised less often.  Apparently having a very high revision
rate does not by itself have a negative affect on software quality, or
Debian is doing something else which compensates for this effect.

Perhaps a future Debian project slogan should be:

	"Debian:  the most unstable software of all time." 

Unfortunately, many people would require re-education before they are
able to interpret that statement correctly...

--

Opinions expressed are my own, I don't speak for my employer, and all that.
Encrypted email preferred.  Go ahead, you know you want to.  ;-)
OpenPGP at work: 3528 A66A A62D 7ACE 7258 E561 E665 AA6F 263D 2C3D
   
Date: Fri, 10 Mar 2000 12:05:37 -0500 (EST)
To: erricoe@stfb.com
Subject: the meaning of "open source"
From: kragen@pobox.com (Kragen Sitaker)

I understand you are claiming http://www.stfb.com/fagreement.html is an
"open-source license".

As applied to software licenses, "open source" is a term invented by
Christine Peterson a couple of years ago to denote a specific kind of
license: licenses that give all users the freedom to use, modify, copy,
and redistribute the software, for profit or otherwise, in source-code
and executable forms.  The detailed definition is at
http://www.opensource.org/osd.html.

Your license prohibits users from redistributing your software for
profit and prohibits redistribution of the source code.  It is,
therefore, not an open-source license.

Your claim that it is an open-source license is confusing to people new
to open-source software.  When they encounter software that is
correctly labeled as "open-source", they will not understand the
guarantees this gives them until they understand that your software is
not open source.

I understand that there are many software developers who see the
advantages of open-source development and would like to join our
community.  I assume that your efforts in this direction are honest,
and I hope the flood of flames that is surely descending upon your
mailbox due to your premature labeling doesn't discourage you.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>
The power didn't go out on 2000-01-01 either.  :)

   
Date: Sat, 11 Mar 2000 19:07:47 GMT
From: Cor Gest jr <cor@clsnet.nl>
To: letters@lwn.net
Subject: Opensource vs GPL


Often I see comments on ads which advertise non-free programs
which balk at the fact that although "Open-Sourced" they are not GPL'ed also. 

But Hey, get real:

GPL'ed software is always Open-Source but not all Open-Source software
has to be GPL'ed by default.

It would be nice, but even coders have to eat.
 
I rather pay for a non-GPL'ed piece with Source-Code-Included than a free
(as in beer) binary without and thus being at the mersy of the makers.

All cars are motorised-vehicles but not all motorised-vehicles are cars ! 

just my 2 euro-cents 

cor

   
Date: Mon, 13 Mar 2000 09:09:49 -0600 (CST)
From: Dave Finton <surazal@nerp.net>
To: letters@lwn.net
Subject: Thoughts about "We Teach Linux Too!"


This is in response to the OSOpinion article "The Dangers of
Over-commercialization" at
http://www.osopinion.com/Opinions/TJMiller/TJMiller17.html

I think the person writing the article might be a bit paranoid about
teaching Linux to students.  Granted, Linux shouldn't be misrepresented as
something as "easy to learn" as Windows (use-of-use is more of a personal
bias... I think that Linux is *much* easier to *use* than Windows, which
is why I use it).  However there are a couple of items to keep in mind:

TJ Miller writes:

"Unix is usually taught at the collegiate level, and most *ix professors
seem to thrive on intimidating their students into utter shock (well, mine
surely did...) On the other extreme, all this cooing and singing about
Linux as being 'no big deal' to learn, does just as much harm to the
novices as scaring them would do."

That has nothing to do with the complexity of the system.  That Unix
professor he mentions comes from a strange and distant culture where it
took balls and talent to even so much as get an account on a Unix machine,
let alone own one for yourself.  Those days are far gone.  The type of
arrogance you once saw in the old-school Unix culture is still around, but
those days are numbered.  A larger and larger portion of the normal people
like himself and many others are using Unix now, in the form of Linux
usually.  The old elite culture won't last too long in that environment,
and you'll see teaching methods changing from "here's a few commands, now
go compile yourself a C program" to more comprehensive programs.  Things
like certifications, etc. will help in this regard a great deal.

Another question I have to ask is: Why is Unix taught at the collegiate
level only?  Why not at elementary school or at high school?  Before you
say it's because kids won't understand anything so complex, remind
yourself who exactly it is that first figures out to program the time on
the VCR in your average household so that it won't blink 12:00 all the
time.  The early years are ideal for learning this stuff, because it shows
kids how a well-engineered system is designed.  And since kids soak up
knowledge like sponges (well, at least they do during the pre-teenage
years), it makes sense to teach the young folk how to use a "hard" system
before they even figure out what a "hard" system is supposed to look like.

The problem lies at the teaching level.  It's not the kids who are to
worry about.  It's the grown-ups teaching the kids.  If a teacher has a
negative experience with something (like Linux) they can easily transfer
that dislike to the kids with little effort.  The solution is, of course,
advocation of the Linux certification programs out there, as well as good
training courses.  That will do the hand-holding that T.J. Miller desires.

Well that was a tangent, so I'll finish with this parting
thought:  "Beware MCSE's offering Linux candy."  :^)

                          - Dave Finton

---------------------------------------------------------
| If an infinite number of monkeys typed randomly at    |
|   an infinite number of typewriters for an infinite   |
|   amount of time, they would eventually type out      |
|   this sentencdfjg sd84wUUlksaWQE~kd ::.              |
| ----------------------------------------------------- |
|      Name:      Dave Finton                           |
|      E-mail:    surazal@nerp.net                      |
|      Web Page:  http://surazal.nerp.net/              |
---------------------------------------------------------

   
Subject: Stallman interview
To: lwn@lwn.net
Date: Mon, 13 Mar 2000 16:46:24 -0700 (MST)
From: woods@ucar.edu (Greg Woods)

In a recent online interview, Richard Stallman was quoted as saying:

   "That movement studiously avoids mentioning idealistic concepts such
   as freedom and community, and as a result most of the
   newcomers have no idea that you can think of free software in those terms."

You *can* think of free software in those terms, but the reality is
that only the religious fanatics actually do. The vast majority of
ordinary people, especially in the business world, *will* think about
open source software as being in direct competition with pay-for
closed-source software. Is it cheaper and/or better, does it give us
more bang for the buck. Those are the questions they will be asking,
not is this politically correct or does it help the environment :-) You
can argue the religion all you want, but in the end, this is how open
source software will succeed or fail. Take my own case. I have a Linux
server at home, not because I believe in the open source religion, but
because I can run a mail and web server on it and use it as a
masquerading firewall. Commercial software to perform those functions
would cost more than my PC and be less efficient and reliable to boot, so 
I use Linux, simply because it is *better* than the alternative. Sure, if
I have a chance to, and should I ever develop something worthy of it, I
would want to contribute back to the open source community, but I am in
no way *obliged* to do so. 

Here at work, I would like to introduce Linux into our environment, but to
do that, I can't argue the open source religion, or my managers will look
at me like I'm nuts. I will have to present practical arguments about
capability, reliability and cost savings.  *That* is what they will listen
to.

I particularly dislike people who imply that there is something evil about
being paid to develop software or to make a profit from developing
software.  Not all of us are trust fund babies, some of us have to worry
about putting food on the table. I would say that if enough value is
present in closed source software to make it worth the price they are
asking, I'll buy it. If there isn't, I won't.

--Greg
   
Date: Tue, 14 Mar 2000 17:42:41 +0000
From: kevin lyda <kevin@suberic.net>
To: letters@lwn.net
Subject: Big mouth, little code...


A few years or so ago he pointed out a process table attack in the
finger daemon shipped on most linux boxes.  He bitched and moaned a year
later that no one had fixed it.  So I did, and dropped it into Red Hat's
Bugzilla.  It was about a dozen lines of code.  (including a little
comment that Mr. Garfinkle was an ass, it does my heart good to know
that millions of cd's around the world have that encoded on them...)

I think it's great that he can spot all these problems.  I think it's
lame that he doesn't get off his ass and offer solutions.  If a person
spots a problem with a closed system the author of the software has
forced the user to comment mode.  With free software the author is
saying, "here, use this fine piece of software that was worked great
magic for me.  I want it to work great magic for you, and I am providing
you with source so that you can make better magic if you feel up to
it."  That includes security fixes.  Free software doesn't get written
by little elves on the north pole after all.

I might also mention that the rpm format (and I think the deb format)
for binary packages allows for gpg/pgp signatures.

Anyway, the moral of this letter?  The GPL should be changed.  It should
state that all reviews should be prefaced with a commentary on the
programming skill level of the author.

That way I could finally know the answer to the question, "Is Simson
Garfinkle too lazy to learn to code, or too lazy to code?"

Kevin
-- 
kevin@suberic.net       "we were goin' for breakfast.  in canada.  we
fork()'ed on 37058400    made a deal: if she'd stop hookin', i'd stop
meatspace place: home    shootin' people.  maybe we were aiming high."
                                                   --porter, "payback"
   
Date: Tue, 14 Mar 2000 13:53:58 -0900
From: "Tony Taylor (ISD)" <tony@searhc.org>
Subject: Virii, and Mr. Garfinkel
To: letters@lwn.net

Mr. Simson Garfinkel seems to have quite a list of credentials. 
However, he seems to lack logic.

He claims there is a coming plague of Linux virii.  He claims the
current lack of virii for Linux (and Unix in general) is a lack of
interest in those able to write them.  He lists some basic requirements
for a successful Linux virus:

It must install itself as root
OR: It must propogate through holes in security

He lists "root abuse" and casual use of root for the first case, and
major server security holes (such as the Sendmail hole that allowed the
Morris worm to propagate years ago, and the recent Red Hat IMAP hole) as
examples for the second.

His logic fails, however, when he does not analyze why there are so many
virii for the MS-Windows platform.  He doesn't realize that the *only*
reason MS-Windows machines are so vulnerable to virii is that *nobody's
fixed the holes* that allow these virii to propagate.  There are boot
sector virii, macro virii, .com and .exe virii, and in every case,
Microsoft hasn't closed the holes that allow them to spread.  Although
there are thousands of strains of virii, there are really only a dozen
or so propagation mechanisms.  In every case, if the fundamental problem
were fixed (for instance, turning off the autoexecute of macros in
programs, instead of making it harder for users to turn it off
themselves), there would be no way for *any* virus of that class to
spread.

Why haven't we seen any more Morris-like worms?  Because that hole was
plugged within days of discovery.  Why isn't the IMAP worm around? 
Because that hole was also plugged within a few days of discovery.

There may be short-lived virii in Linux's future, but the solution won't
be stop-gap prophylactics; the holes will be closed, and the virus will
die a natural death.  And the virus detection software will die a
natural death along with it.

					- Tony
   
Date: Sat, 11 Mar 2000 12:25:24 -0600
From: Dylan Griffiths <Dylan_G@bigfoot.com>
To: letters@lwn.net
Subject: Misquoting PGP informationg.

"This issue will need to be dealt with, and quickly. The existence of a
duplicate key ID could allow falsified mail. If a duplicate key ID can be
generated by accident, presumably it can also be generated on purpose, as
well. Network Associates was not directly informed of the problem, which was
posted today, so no response from them is yet available."

Not so.  The OpenPGP standard allows this.
From: Tobias Haustein <haustein@INFORMATIK.RWTH-AACHEN.DE>
"As said, the key id is calculated from the key. A V3 key id consists
of the lowest 64 bits of the public modulus ot the RSA key, whereas a
V4 key id equals the lowest 64 bits of the fingerprint of the whole
key. However, the OpenPGP standard (RFC 2440) explicitly says that:

  "Note that it is possible for there to be collisions of key IDs --
  two different keys with the same key ID. Note that there is a much
  smaller, but still non-zero probability that two different keys
  have the same fingerprint." (page 53)"


So it's all a matter of the non-zero probability that two different keys
have the same fingerprint.  Two passwords that are not alike could also have
the same MD5 hash. 
-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread!

[Editor: Correct. Please see the security section for an update on this topic.]

   
From: Collins_Paul@emc.com
To: letters@lwn.net
Subject: Duplicate PGP key IDs
Date: Mon, 13 Mar 2000 11:57:39 -0500

Dear Editor,

The best way to resolve the duplicate key ID issue is to use the key
fingerprint, a twenty-byte number of which the key ID is the last eight
bytes.

Duplicate key IDs are only a problem with regard to the key servers, and to
users who do not make sure that the keys they use are genuine.  Duplicate
key IDs do not affect the fundamental security of PGP itself.  Two keys with
the same ID do not have the same fingerprint, and are not the same.
Signatures generated by one will not verify with the other.

If a user uses a key from a keyserver without checking the fingerprint with
the supposed recipient, or checking the other signatories to the key, they
are in any case violating best practices.

Of course, there are (elaborate) ways to circumvent the security of
public-key cryptography, some involving man-in-the-middle attacks using fake
keys.  However, if the recipient has the real key of the sender (and not the
fake one), the attacker will not be able to generate a fake signature, since
that requires access to the sender's private key.  See "Applied Crypography"
by Bruce Schneier for details.

Note that GNU Privacy Guard is an implementation of the OpenPGP
specification, and hence should have been mentioned for clarity.

Yours sincerely,

Paul Collins.

-- 
Please note that I speak for no-one but myself.
   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds