Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

The EDK product itself contains much of what is needed to do embedded systems development. Heading the list is the Source Navigator interactive development environment. There is a full set of development tools for embedded x86 and PowerPC targets, and a set of stripped-down kernels for those systems. Debugging tools have been included as well.

And, of course, this package comes with a full set of service offerings. There are two levels of basic support, the lower of which only allows a "limited number" of bugs to be reported and fixed. The $40,000 "platinum support" option, instead, includes unlimited incident support and a number of other goodies, though you still have to shell out an additional $25,000 if you want your own "technical account owner" assigned to you.

One of the more interesting parts of this announcement, however, was buried deep in the EDK General FAQ. It seems that Red Hat has decided that all tools on the EDK should be open source and that, as a result, Source Navigator will be released under the GPL. The source is supposed to show up on the Cygnus Sourceware site within a few weeks. The opening of Source Navigator is an important contribution; look for it to show up on your favorite distribution CD shortly.

The LWN Penguin Gallery has been updated after much too long a time. There are now no less than 233 penguins in the Gallery, each one unique.

We're sure there's lots more out there. Please send your additions to lwn@lwn.net; please always include a URL to the place the penguin lives so that we may link to it. Many thanks to all who have contributed penguin sightings thus far.

Open software required by law in France? Here is an announcement of a proposed law that would require adherence to open standards and availability of source for all software used within the French government. It would also codify the right to publish and use "compatible software" in some situations regardless of any patent or trademark claims.

The effects of the law, if passed, could be wide-ranging. The requirement that open standards be used for data exchange would prohibit the government, for example, from sending around documents in proprietary formats. The idea of a law that bans Word attachments has a definite appeal, but it would certainly shake up the way the government does business.

The source code requirement is there for a couple of reasons. First is the simple need to be able to access data many years after the fact, when the program that created it has perhaps long since fallen into disuse. The other is the need to be able to look for back doors - the Echelon surveillance system is explicitly cited as justification here. Note that this requirement seems to say that "source code is available to the government." It does not require that the software be open source.

The third article says "any individual or moral person has the right to develop, publish and use an original software which is compatible with the communication standards of another software". This is a step in the right direction, but one can see some potential imitations here. Would DeCSS, which allows the decryption and reading of DVD disks, be protected under this clause? One could imagine lawyers arguing for years over whether DVD encryption is a "communication standard" or not.

The announcement ends with the claim that "in a market economy, States can play a significant role on the economy and preserve the public interest." That may be true, though the French government appears to be limiting itself to legislating the sort of software that it will use; closed software would still be legal in the private sector.

(See also: this statement from the Association Francophone des Utilisateurs de Linux et de logiciels libres supporting bill in French and English via Babelfish.)

Eric Raymond, Lawrence Lessig, and others on government intervention. For those looking for more debate on the proper role of government in supporting open source software, a look at this discussion on the American Prospect site should prove rewarding. Participants include Eric Raymond:

...we share a gut-level sense, born of experience, that handing governments more power is more likely in the long term to injure the Internet (and all its potentials for human freedom and property) than to help it grow.

as well as Lawrence Lessig:

I believe this movement has got to get beyond black and white. We have got to wake up from this dreamland where people believe that we neither need government nor need to pay attention to what government does. The argument that government has not played an important role in bringing about the environment within which the revolution of the Internet was possible is just wrong -- historically wrong.

There are some well-expressed and important points of view there - recommended reading. (Those who still haven't had enough can head on over to this Slashdot discussion for lots more).

Book Review: Thinking In Java. Jeff Berry has been kind enough to send us this review of Thinking in Java, by Bruce Eckel. This book, which is also downloadable over the net, turns out to be a good introduction to object-oriented programming and Java, and is recommended for Java beginners.

Feature: Exploring SGML DocBook. Our latest feature article is Exploring SGML DocBook, which was written, translated from the original Italian, and contributed by Giorgio Zoppi. This article looks at the important DocBook standard, with an emphasis on setting up the tools to be able to work with DocBook documents.

Inside this week's Linux Weekly News:

• Security: Piranha, Libsafe and a boat-load of security reports.
• Kernel: Finally: 2.3.99-pre6; poll() and the big kernel lock
• Distributions: In-depth reports on Vine Linux and Plamo Linux.
• Development: The usual host of development reports.
• Commerce: Miracle Linux; Applix spins off VistaSource
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

Red Hat/Piranha security issues: important but not a backdoor. This week, we first heard of the Piranha security problems through normal channels, this Red Hat announcement. It seems that two problems had been found and fixed in Piranha, their in-house heartbeat package, including a binary package shipped with a default password and a vulnerability in the change password function that allowed arbitrary commands to be executed. Both problems are severe and an upgrade is strongly recommended. [Editor: here is an updated version of the original advisory.]

So far, the process seemed normal: bugs are found, fixes are generated and an announcement goes out. However, the bugs themselves were originally found and reported to Red Hat by ISS, who issued this press release, entitled "Backdoor Password in Red Hat Linux Virtual Server Package". This seems a bit inappropriate. A backdoor, by all definitions we've heard, is an undocumented method of getting privileged access. The authentication mechanism in Piranha is quite well documented. It was simply an error to ship a preset password for this documented "front door".

Well, given last week's coverage of a back door in a Microsoft DLL, the ISS advisory initiated a small media frenzy, with press coverage from:

• News.com
• The Industry Standard
• MSNBC

Lucent releases buffer overflow prevention library. Lucent has announced the release of Libsafe, a library which defends against buffer overflow attacks. It works by putting a wrapper (they call it "middleware") around dangerous functions that contains any buffer overflows within the current stack frame, so that the return address can not be changed.

The press release commented, "Linux distributors Red Hat, Inc., Linux-Mandrake, Turobolinux and Debian GNU/Linux are working with Bell Labs to incorporate Lucent Libsafe into their software releases." This could give the impression that Libsafe will be an integral part of each distribution. In response to this, Wichert Akkerman, Debian Project Leader, clarified Debian's intentions. "David Coe is planning to make a Debian package of LibSafe which will be added to the distribution. However it will be an optional package, which means that people will be able to use LibSafe to add some security to their system if so wanted, but we won't make it an essential part of the distribution."

The Slackware team quickly evaluated Libsafe and chose to add it into their "contrib" tree, reported this announcement. Again, though, this is not the same as choosing Libsafe as a default for the distribution. We do not yet have details on the plans of other Linux distributions.

How does Libsafe stack up against other stack protection mechanisms? We found a couple of analyses, one from Solar Designer and another from Perry Wagle (StackGuard developer). Libsafe has an advantage over StackGuard in that recompilation of programs is not required and it can be introduced into a system with little impact. In turn, the protection provided by Libsafe is limited to the system calls strcpy, strcat, getwd, gets, [vf]scanf, realpath, and [v]sprintf, unlike StackGuard. Libsafe does not work on statically-compiled binaries and its effectiveness may be dependent on which version of glibc you link against. Slackware pointed out that the use of Libsafe would break backwards compatibility for non-glibc-based software. In addition, Libsafe will not work properly on machines that require some form of pointer alignment, as pointed out by Olaf Kirch.

In summary, Libsafe is an excellent addition to the available security tools, but not a panacea, nor a full replacement for existing stack protection tools.

Security Reports

openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap this week. Check Red Hat Bugzilla ID 10714 for details on this problem.

This week's reports:

• Red Hat
• Linux-Mandrake

LCDproc 0.4 vulnerability. LCDproc, a Linux LCD display driver, introduced a remote vulnerability into the driver in version 0.4. An exploit for Linux/x86 has been published. A patch against 0.4-pre9 has been made available. Alternatively, you can downgrade to version 0.3.

imapd denial-of-service. The imap locking mechanism will prevent a user from accessing their imap mailbox if a lock already exists, even if created by another user, reported Alex Mottram. By combining this vulnerability with the imap problem reported in last week's Security Summary, this produces a remotely-exploitable Denial-of-Service attack.

FreeBSD issued two advisories in response to these issues, one addressing last week's reportand another addressing this week's report. No patch is available; they recommend moving to an alternate server.

Additional reports of buffer overflows in imapd-wu continue to trickle in.

Qpopper fgets(). This report describes a vulnerability in all versions of Qpopper, including 3.0 fc2 and earlier, in which input is improperly verified. No fix has been reported as of yet. Check BugTraq 1133 for more details.

SuSE cron: arbitrary file deletion. The SuSE Linux default configuration of cron can be exploited to arbitrarily delete any file on the system, according to this BugTraq posting. No confirmation or update from SuSE as of yet.

Sendmail mail.local vulnerability. An input verification problem was reported in mail.local, part of sendmail. An official patch was quickly produced and will be included in the next version of sendmail.

PostgreSQL cleartext password storage. Robert van der Meulen pointed out that PostgreSQL stores usernames and passwords in cleartext in pg_shadow, allowing the password mechanism to be bypassed. Versions 6.3.2 and 6.5.3 have been reported to be vulnerable; no official word or update has been seen as of yet.

FreeBSD 3.4-STABLE ncurses overflow.. It appears that FreeBSD 3.4 ncursesis vulnerable to a buffer overflow. Note that both 4.0 and 5.0 have been tested and found not vulnerable.

CVS local denial-of-service vulnerability. The CVS use of /tmp for locking purposes leaves it open to a local denial-of-service attack, according to Michal Szymanski. Check BugTraq 1136 for a work-around.

Realserver denial-of-service attack. RealNetworks, Inc., has put out an advisoryregarding a potential denial-of-server attack in RealServer. Updated executables have been made available for RealServer 7.0 or RealServer 7.0.1. People using RealServer 6.X or earlier need to contact their customer service department.

Cisco Catalyst. Unauthorized access to the enable mode has been reported in the 5.4(1) release of Cisco Catalyst. Upgrades are available and customers are urged to apply them.

Cisco IOS. Security scans can cause a Cisco router to reload unexpectedly, due to problems in the Cisco IOS software, allowing a denial-of-service attack. New releases to fix the problem are either currently available or promised to be available in the near future.

Adtran MX2800 M13 Multiplexer. A Denial-of-Service vulnerabilityhas been reported in the Adtran MX2800 M13 Multiplexer.

Updates

imwheel. For more information, check the BugTraq vulnerability database entry. This vulnerability was first reported on March 13th, 2000.

• Linux-Mandrake (old)
• SuSE (not vulnerable)
• Red Hat

gpm. Improper permissions handling in gpm was discussed in the March 30th LWN Security Summary.

This week's updates:

• Slackware (full advisory)

• SuSE (April 6th)
• Red Hat (April 20th)
• Linux-Mandrake (April 20th)

emacs 20.X.. Problems with emacs 20.X (not XEmacs) were discussed in last week's Security Summary.

• Slackware

Generic-NQS (GNQS). See the February 10th, 2000 LWN Security Summary for more details.

• FreeBSD

Resources

Bruce Schneier's CRYPTO-GRAM (April 15th). The April 15th edition of Bruce Schneier's CRYPTO-GRAM covers testing of various cryptographic algorithms in preparation for NIST's choice of a standard for AES. If this will impact your work, you'll want to review his comments and send in your own to NIST. Bruce also comments on UCITA in this month's edition, pointing out that UCITA's choice to allow software manufacturers to remotely disable software in the event of a licensing dispute essentially legislates backdoors into software under the "naive conceit ... that only the manufacturer will ever know this disable code, and that hackers will never figure the codes out and post them on the Internet".

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The (3.6 MB) 2.3.99-pre6 patch consists mostly of small tweaks to over 900 files; there is also more i386 interrupt handling work, a number of small Sparc tweaks, some large I2O updates, an ISDN update, a driver for LAN Media synchronous serial boards, many changes to the IA-64 support for 32-bit binaries, the removal of kernel debugger support for the IA-64, a large 3c59x ethernet driver update, numerous SCSI subsystem tweaks, some sound driver updates including the incorporation of the EMU10K (SB Live) driver, and some ATM networking updates.

The removal of debugger support for the IA-64 is not entirely surprising - Linus has long had a dislike for interactive kernel debuggers. His position is that they lead developers to fix symptoms; he would rather they stare at the source and come to an understanding of the real problem. Thus, the real surprise is that KDB got in for a while in the first place.

Here is Alan Cox's 2.4 jobs list as of April 25.

The current stable kernel release is still 2.2.14. Alan Cox has had 2.2.15 ready to go for a while, but Linus has not yet released it. The 2.2.15 prepatch has moved forward to 2.2.15pre20, without announcement. Both pre19 and pre20 contain new security fixes that, one would hope, will see a mainline kernel release soon.

Meanwhile Alan has released a first 2.2.16 prepatch with a few larger items that won't go into 2.2.15. It contains some driver fixes (especially sound drivers), some new NLS codepages, and a number of other small changes.

poll() and the big kernel lock. A problem faced by any operating system once it begins to support multiple processors is controlling access to data that may be accessed by more than one processor at once. If multiple processors simultaneously manipulate the same data structures, chaos soon results. Back in the 2.0 days, Linux handled this sort of "mutual exclusion" problem with the "big kernel lock." Essentially, any time a processor went into the kernel it had to take out this lock; as a result, only one processor could be executing in the kernel at any given time.

That approach works, but its performance leaves something to be desired. Even with just two processors, quite a bit of CPU time will be wasted waiting for the big kernel lock. With more then two processors, the cost becomes unbearable. Thus, much work in the 2.1 and 2.3 development series has been aimed at the elimination of the big kernel lock in favor of more fine-grained locking schemes.

Much of the kernel runs without this lock at this point. One notable exception has been the implementation of the poll() and select() system calls. poll() uses the big kernel lock not because of any inherent need, but because nobody has gone through and made sure that all of the device drivers (which have a method used to implement poll() on their devices) will work without it. There are a lot of drivers out there, and auditing them all can be a long and unpleasant task.

The topic came up this week after some results were posted showing that the use of the big kernel lock in poll was creating some real performance problems in certain situations - such as on a busy web server. People began to wonder if the big lock was still necessary with poll(); after some discussion, Manfred Spraul posted a patch which removes the lock_kernel() calls from poll().

Resistance to this patch came from Alan Cox, who is very much trying to work toward a stable, releasable 2.4 kernel and is not pleased by a patch that could affect many dozens of device drivers. Alan appears to have lost the debate, however: Linus has come out in favor of the patch. As a result, a few driver maintainers may have to do a bit of last-minute scrambling to be ready for 2.4, but, as has been pointed out, these drivers needed to make their own synchronization requirements anyway to be safe on multiprocessor systems.

Other patches and updates released this week include:

• Robert de Vries posted an implementation of the POSIX timer calls for 2.3.99.

• Jeff Garzik posted a patch to devfs which gets rid of the automatic mount at boot.

• Modutils 2.3.11 was posted by Keith Owens.

• Richard Gooch has released devfs v164. He has also written a new, "bigger and better" FAQ for devfs.

• The first draft of the Linux USB Interoperability Guidelines has been released by Brad Hards.

• Christoph Rohland posted a patch which makes core dumping interruptible. As he puts it, this patch "makes Netscape over NFS home directories much easier to use."

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• Linux 2.5.x Porting help

Other resources:

• Kernel Source Reference
• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Distributions

Vine Linux 2.0. Maya Tamiya, editor of ChangeLog.net, a Japanese site that provides a translated version of LWN.net material, kindly provided us with more details on Vine Linux and their recent 2.0 release. Vine Linux is a community-based project. "Vine Linux is probably the most popular community-based distribution in Japan. There was even a paper magazine's readers poll which showed the number of the Vine users was the largest of all the other Japanese distributions users including commercial ones. Project Vine claims to have distributed, via CD-ROM, at least one million copies of their previous version over about a year."

For the gory details, note that Vine Linux 2.0 is based on RedHat Linux 6.1, kernel-2.2.14, glibc-2.1.2 + locale-ja and XFree86-3.3.6 + xtt. (Thanks to Toshiyuki Nakata.)

Plamo Linux 2.0. Maya Tamiya also provided us with information on Plamo Linux 2.0, another community-based distribution in Japan, originally based on Slackware. Plamo is famous for the quality of their laptop support, among other features. "Plamo Linux was originally called "Plagiaware" since they borrowed many packages from other distributions, but the name gave too bad impression so they renamed it to "Plamo", short for "plastic models" in Japanese, in the hope that the distribution would grow to be a system that people can change and improve the software by themselves as they like easily."

Linux From Scratch. Here's an announcement for a different sort of distribution. LinuxFromScratch is a running distribution that you put together yourself from source. The "distribution" as such consists mostly of a large, online book describing how to build the whole thing; what finally ends up on your system is up to you. An interesting resource for those who want to see how it's done, or who have never been able to find a distribution they actually liked.

Blue Point Linux

Bluepoint, Intel establish Chinese support center. Bluepoint Linux Software Corp. has announced a deal with Intel to establish a technical support center in Shenzhen, China. According to the announcement, Intel will contribute "technology and equipment" to the center; it's not clear that Intel's involvement goes beyond that.

Corel Linux

Corel quarterly report. Corel has filed its latest quarterly report. It gives the gory details on its recent performance, and talks about the other challenges the company faces, including a suit filed on April 17 attempting to block the merger with Inprise.

Debian GNU/Linux

First European Debian Meeting. The first European Debian Meetingwill be held in Bordeaux (France), from July 5th to July 9th 2000, invited by the French-speaking Debian developers and the Libre Software Meeting organizers (in French).

The conjunction of this meeting with the Libre Software Meeting will provide a low-cost locale for the event and the opportunity for Debian developers to interact with developers from other free software projects.

Debian Weekly News. A brief Debian Weekly News for this week covers the European Debian Meeting, package dependencies, Perl 5.6, and more.

KRUD

April KRUD. The last Red Hat 6.1-based release of KRUD, their April KRUD CD, is now available. This contains Red Hat 6.1, all updates and many fun extras, including "FreeCIV" and "PySol". KRUD 6.2 is in development and expected to be the basis of the May KRUD release.

Linux-Mandrake

Linux-Mandrake 7.1beta available. Linux-Mandrake 7.1 beta is now available for download. It is a beta version, so all the usual warnings apply. Among other things, this release includes the Helix GNOME release, XFree86 4.0, and ReiserFS.

Red Hat Linux

Red Hat begins shipping Motif 2.1. Red Hat has moved a little further away from its "all open source, all the time" approach with this announcement that it will be shipping Metro Link Motif with its "Enterprise Edition."

Slackware Linux

Possibly in response to last week's announcement of the FHS 2.1 (File System Hierarchy), a discussion began in the Slackware devel forum arguing against the possible adoption of the System V init script structure over the BSD structure. Some people did not care, but others felt strongly that the loss of the BSD init script structure would alter Slackware too much, lose a valuable feature of Slackware and make it too much like every other distribution. No official response was included, but if the opinions in this thread hold, Slackware is unlikely to ever being FHS (and therefore LSB) compliant.

SuSE Linux

SuSE 6.4 evaluation ISO. SuSE has released an ISO for their SuSE 6.4 evaluation CD. This is one CD out of the normal 6 CD set and obviously comes without documentation or support, but if you want to take SuSE for a test run, this should have everything you need. "As usual, it ships with KDE, Netscape and a lot of additional goodies like the new YaST2 installation and configuration tool."

SuSE performs mind-share control (Upside). This Upside article looks at the challenges faced by SuSE in the U.S. "Then there's the fact that SuSE avoided the recent Linux IPO frenzy and has had to build its market share with less money and less attention from the wealth-obsessed tech media machine."

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

FSF alternative to Freshmeat. The Free Software Foundation is apparently not satisfied with the existing software databases, including Freshmeat and others. They are building their own and have put out a request for assistance to the Debian developers. "The reason they are not using a happy with existing databases like freshmeat is that their database has a lot more details, and they don't want any non-free software in there."

Browsers and Mail support

TradeClient 0.2beta released. Bynari International has announced the final pre-release of its TradeClient email client and personal information manager. Tradeclient is aimed at people accustomed to or currently using Microsoft Exchange. TradeClient is released under the LGPL. Note that a proprietary product, Bynari TradeXCH, is required in order to connect Tradeclient to Microsoft Exchange.

Education

SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for April 24 is available. This issue concentrates on scheduling and timetable software for schools, but covers a number of other interesting programs as well.

Games

Merchant Empires .1. Merchant Empires is a new GPL'd game that has been ported to PHP. This is a very early release; a link is provided primarily for people who may be interested in its development.

Graphics

Open CASCADE 3.0 released. Open CASCADE 3.0 has been released. This release of this extensive graphic modeling library includes a new "data exchange processors" module and extensive changes to the visualization module.

Gimp Tutorial: 60 Second Reptiles, Paint lines, and Bark. Michael Hammel has put out a new Gimp tutorial over at Graphics Muse. "In this tutorial I'm going to show you the tricks you can play with noise. The Gimp is often thought of as a tool whose end product is a goal in itself. But Hollywood knows better. There, the Gimp is used as just another tool in a long list of tools to generate the final product - a special effects shot for a movie. Noise plays an interesting part in that pipeline of tools."

Gimp 1.1.20. Gimp 1.1.20 is now available for download. Unfortunately, it came accompanied by a segfault-inducing bug came out with Gimp 1.1.20. A bugfix for this is now available and is highly recommended. This release is also sometimes dubbed "1.2pre", containing many features from the upcoming 1.2 release.

Gimp FreeType. Sven Neumann and Jens T. Lautenbacher are working on Gimp FreeType, a project to improve font support in Gimp. (From Gimp News.)

Interoperability

Samba 2.0.7 released. Samba 2.0.7 has been released. This is the first release of Samba to include the O'Reilly Using Samba book; it also contains the beginnings of Windows 2000 support and a great many other fixes and enhancements.

Office Applications

Reviewing Linux Word Processors (LinuxPlanet). LinuxPlanet has started off a series of word processor reviews with this review of StarOffice 5.2. "We did our tests on version 5.2 of StarOffice, even though this is still a beta release. We encountered stability problems and a few bugs, which we fully expect to be ironed out by the time it goes into final release. Since StarOffice is free for download and a fairly inexpensive CD purchase, prospective users may want to consider sticking with 5.1a, and moving to 5.2 when its stability is more guaranteed."

Applixware 5.0 announced. Applixware 5.0 was announced this week. The new version is based on the GTK+ toolkit. This is a commercial product; more information is available on the Commerce Page.

AbiWord Weekly News. This week's AbiWord Weekly News indicates that the release of 0.7.9 is imminent and a list of features needed for the 0.9.0/1.0 release has been put together. James Ritchie was lauded for the posting of his constructive suggestions, based on what he needs, as a professional writer, in order to move from Microsoft Word to AbiWord.

On the Desktop

This week's GNOME summary. Here is this week's GNOME summary by Havoc Pennington.

Havoc has also announced the X Desktop Group. Its purpose is to promote collaborative work toward the improvement of the X desktop in general - it is not a GNOME-specific project. Havoc is reaching out to all developers (and writers!) in the desktop area in an attempt to produce concrete results and a better desktop for all.

KDE2 is around the corner. Are you curious? (Olinux.com.br). Olinux.com.br interviews KDE hacker Mosfet. "The difference between KDE and competing projects is KDE developer funding seems to be spread over a wider group of Linux companies. You don't have one or two interests controlling an important group of KDE developers."

News from KDE.org. Updates to the news section of the KDE.org site include a call for documentation writers and a heartwarming letter to KDE from The London Capitals Youth American Football Club. "I am an American who works in London with underprivileged kids. We work with the kids primarily through American football. We have maintained a website for the past 7 years. I teach the kids primarily through Linux. The KDE desktop environment has proved incredibly helpful in giving these kids a simple to understand interface with a dense operating system. "

Sawmill becomes Sawfish. The Sawmill project has announced a name change, due to a naming conflict with an existing Linux log analyzer, also called "sawmill". As a result, the Sawmill window manager will become the Sawfish window manager, with an accompanying change in all websites, etc. (From GNotices.)

Science

Linux in Science Report #5. This week's Linux in Science report focuses on getting binary packages for scientific software and the need for a Linux distribution targeted for scientific users.

Medicine-HOWTO. The Medicine-HOWTO has been updated, with the addition of links to additional software and resources (from Freshmeat).

One of the new links points to LinuxMedNews, a new Zope/Squishdot-based news site that focuses on Linux and the medical community. It looks, perhaps, a bit too much like Slashdot ... it is almost hard to remember which site you're on. However, they are clearly working hard to get good content up.

GNUMed presentation. A presentation on GNUMed, An Open Source Comprehensive Software Package for Paperless Medical Practice will be given at the July 17-20, 2000 O'Reilly's Open Source Conference by Horst Herb.

Website Development

Zope tutorial preview available. Amos Latteier has released the first preview version of his Zope tutorial. The tutorial is a "hands on" experience, and thus requires an installed Zope server to host it. Those who are not in a hurry can wait for the next major Zope release, which will include the Tutorial.

Section Editor: Liz Coolbaugh

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

C

The wonders of glib (IBM DeveloperWorks). This IBM DeveloperWorks article takes a look at the glib utility library for C, which provides data containers, portability and more. "Glib's most prominent and powerful aspect is its containers, although it is also extremely useful in writing portable code. Glib does not require you to restrict code to small subsets of functionality that work on all target platforms, nor, when you use glib, do you find yourself resorting to prayer as a method of ensuring satisfactory implementation of your functions on other platforms." (From Gnotices.)

Java

Blackdown Java3D 1.1.3 status. A note added to the Blackdown Java3d Status Page on April 20th indicated progress on the port. "We are currently working on finishing the final release of Java3D 1.1.3".

Perl

Perlmonth Issue 11 available. Perlmonth #11 is now available, with nine new articles. The focus is very much on web applications in this issue.

Perl5-porters digest. A new version of the Perl5-porters digest was released on April 23rd. It seems that whining was a major response to the release of Perl 5.6. "On the one hand were people complaining about bugs and how it was unstable and saying that nobody was going to switch, and there were some accusations that Sarathy was part of a Microsoft conspiracy to sabotage Perl. Blah blah blah. Then on the other hand were a lot of people saying that the changes were not significant enough to warrant a new version number. "

This prompted Tom Christiansen to post this reply. "If this hadn't gotten out NOW, it might well NEVER would have gotten out? Why? Because Sarathy would have quit in frustration over the demands put upon him, the expectation that he and he alone would rewrite and redesign all the major subsystems for everybody's pet little feeps, from threads to unicode to the codegenerators."

Work appears to be ongoing to try to salvage the working atmosphere of the group. Best of luck, guys.

PHP

PHP HOW-TO. An updated version of the PHP HOW-TO has been made available.

Python

Linux Journal Python Supplement. The May issue of the Linux Journal apparently contains a Python supplement, with articles ranging from the silly to the strictly serious.

It included a reference to the Linux Journal's Python Book Reviews, a joint review of three Python references. (From Daily Python-URL)

Tcl/tk

Tcl/Tk 8.3.1 announced. Tcl/Tk 8.3.1 has been released. This is a patch release for Tcl/Tk 8.3 and contains over twenty different bug-fixes and added features.

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

Miracle Linux. Oracle Japan has funded the creation of a new Linux company, called "Miracle Linux," which will operate in Japan. There is a press release available for those who can read Japanese. Miracle Linux will be "doing development and sales of Linux OS, sales of Oracle's software for Linux, and support including Linux related consulting, education and maintenance."

The company, which is to commence operations at the beginning of June with 20 employees, has been funded with $2 million in capital. The plan is to top that up to $4 million soon, at which point the ownership will be 55% Oracle, 14% NEC, and 14% TurboLinux. The Miracle Linux distribution will use TurboLinux as a base. The company hopes to achieve about $2 million in sales in its first year, ramping up to about $12 million by the third year, at which point it would be profitable. (Thanks to Maya Tamiya of ChangeLog.net).

VistaSource launches. Applix has announced the spinning off of its Linux division into a separate company called VistaSource. "VistaSource will operate under a blended licensing model referred to as 'Source Access,' which is different from Open Source in that it is designed to empower the customer by offering a number of source licensing options, while still being commercial software."

VistaSource looks like a determined attempt to be a "half way" open source company. It has a few open source products, such as its SHELF scripting language. CoSource.com, acquired by Applix a while back, is also part of VistaSource now. But its flagship products, such as its office suite, will remain proprietary (though they make a big point of their use of the GTK toolkit within Applix). With this mix, they hope to be part of the open source world and make the money they need to thrive as a company at the same time.

The new company is currently wholly owned by Applix, but intends to do an IPO of its own sometime in the future.

VistaSource wasted no time in putting out its own press release announcing the launch of Applix 5.0. This version is based on the GTK+ toolkit; the word processor and spreadsheet will also be available as separate products.

Announcing LinuxSolve. A company called LinuxSolve has announced its existence. LinuxSolve is another vendor of Linux-based server appliances; their particular angle seems to be an especially strong emphasis on security. Their systems run the Immunix distribution, which gives some protection against buffer overrun attacks. They also offer the usual array of consulting and support services, of course.

Userland discussion on open and proprietary software. For a relatively (relatively!) low-heat discussion of an inflammatory topic, check out this Userland posting by Dave Winer regarding the split between free and proprietary software. "I think we took a wrong turn a couple of years back, all of a sudden every hard-working software guy is on the defensive, unless he's one of the O'Reilly-annointed gods of open source. Raymond's writing put us there. O'Reilly monetized it. It's irresponsible and hurtful and it stops progress."

There is a thoughtful response from Brian Behlendorf, among the others. "Pragmatically speaking, I think it's fine to have a world where open and closed source software speak - by far the most important thing is that the protocols and APIs be stable and open and free from encumberance, that the software source code is open is secondary. However I think we are approaching a future where in every software category there is an Apache equivalent, a tool that is good enough to do the job 90% of the time."

SecureNet PRO for Linux. MimeStar Inc. has announced that its "SecureNet PRO" intrusion detection system is now available for Linux. It's available as a software-only product; they also sell it bundled with a VA Linux Systems server.

Exile III: Ruined World. Spiderweb Software and Boutell.com have announced the release of "Exile III: Ruined World" for Linux. Exile III is a fantasy role-playing game; it is supposed to come out this spring.

Section Editor: Jon Corbet.

Press Releases:

Open Source Products
• Axis Communications (Lund, Sweden) announced the release of a journaling filesystem intended for use on flash ROM devices. It's thus aimed at embedded systems; it is licensed under the GPL.

• Axis Communications (Lund, Sweden) also announced a Linux-based Axis 2100 Network Camera.

• QNX Software Systems (OTTAWA) announced an initiative to promote its QNX OS. QNX is offering free downloads, and Linux compatibility, and will release source code for many QNX applications, drivers, and libraries.

  Commercial Products for Linux

• Deneba Software has announced the availability of the second beta of Canvas 7 for Linux.

• Loki Entertainment announced its newest Linux game "Heavy Gear II" is now available at SuSE.

• NetSys Software Group AB (Gothenburg, Sweden) announced that its Message-Oriented Middleware solution VCOM supports the Linux computing environment.

• Novadigm, Inc. (EMERYVILLE, Calif.) announced the availability of Radia client support for Red Hat Linux.

• NovaStor Corporation (SIMI VALLEY, Calif.) announced the release of NovaNET 8 for Linux, a new version of its NovaNET tape backup software family.

• Red Hat announced that its distribution has been named "product of the year" by Network Magazine.

• Symantec Corporation (CUPERTINO, Calif.) announced a new version of Norton AntiVirus for Linux-based virus protection.

• Entera, Inc. (FREMONT, Calif) has won DAVECENTRAL.com's "The Best of Linux Award" for its TeraCAST Lite, a standards-based media streaming server.

  Products Using Linux

• eOn Communications Corporation (MEMPHIS, Tenn.) introduced the eNterprise 400 communications server.

• Here are press releases from Caldera Systems, Red Hat, and TurboLinux about their distributions being offered preloaded on IBM's Netfinity servers.

• Rackspace.com (SAN ANTONIO) a provider of Linux-based Advanced Internet Hosting services, announced that it will add the SecureGuard security system to its array of advanced Web hosting services.

  Books

• Andover.Net (ACTON, Mass.) announced that Slashdot will publish Jon Katz' new book "Voices from the Hellmouth".

  Products with Linux Versions

• Addonics Technologies Inc. (FREMONT, Calif.) announced the NetStor Combo Server, a plug-and-play, multi-protocol CD/DVD/Archive server.

• Bristol Technology Inc. (DANBURY, Conn.) announced eSleuth, its transaction analysis software.

• Dirig Software, Inc. (NASHUA, N.H.) released version 1.7 of Proctor, the company's flagship management suite.

• ELSA, Inc. (NEW ORLEANS) announced ELSA GLADIAC, a new game for PCs equipped with Pentium II or later processors as well as AMD K6 and K7 enabled systems.

• Flash Networks, Inc. (HOLMDEL, N.J.) introduced NettGain, a family of software- and hardware-based solutions that accelerate TCP/IP network performance.

• Force Computers (SAN JOSE, Calif.) announced the CPCI-540 family of SPARC-based computers for a CompactPCI environment featuring Force's SENTINEL universal PCI-to-PCI bridge.

• JNI Corporation (SAN DIEGO) announced the Unix DriverSuite, an integrated suite of software drivers for Fibre Channel host bus adapters (HBAs) running under Red Hat Linux, and several UNIXs.

• Mindbridge.com (PHILADELPHIA) announced its enhancement to its Web-based Groupware Solution IntraSmart, version 2.0 now supports Linux.

• NEC Computers Inc. (SACRAMENTO, Calif.) announced the NEC Express5800/180 Ra-7 server, an 8-processor capable Intel Pentium III Xeon-based server.

• NovaStor Corp. (SIMI VALLEY, Calif.) announced the release of InstantRecovery, an image-based disaster recovery and hard disk copying utility for any Intel-supported operating system.

• Novell, Inc. (PROVO, Utah) announced that ScheMax 1.1 is now available as a free download from the Novell Web site.

• Optibase (Herzliya, Israel) announced Linux support to VideoPlex XPress, its streaming media endpoint platform.

• Progress Software Corporation (BEDFORD, Mass.) announced Progress SonicMQ 2000.1, a new version of its Internet messaging server.

• Wombat Games Inc. (AUSTIN, Texas) announced Dark Zion, a massively multiplayer online world. Wombat Games will release parts of the game as open source, and has already released one library as open source (license not mentioned).

  Partnerships

• AmeriQuest Technologies, Inc. (WILLOW GROVE, Pa.) announced their partnership with Cobalt Networks, Inc. that will enable AmeriQuest to provide preferred partner pricing, support and services of Cobalt products to AmeriQuest's clients.

• Arkeia (CARLSBAD, Calif.) announced that it has joined the Oracle Backup Solutions Program. Arkeia plans to introduce database backup and recovery solutions to customers with high-end requirements who are running Oracle on the Linux platform.

• Cybernet Systems Corporation (ANN ARBOR, Mich.) announced the addition of reseller Zolar Information Technology Solutions in Hong Kong to its international distribution channel for the NetMAX product line.

• Evergreen Internet Inc. and Caldera Systems Inc. (PHOENIX) announced a strategic alliance to deliver OpenLinux eBuilder, an integrated, open standards-based Linux for E-Business solution.

• GoAhead Software (BELLEVUE, Wash.) and Intel Corporation are collaborating to provide a highly available communications infrastructure platform running on Linux.

• Merlin Software Technologies International Inc. (ALTAMONTE SPRINGS, Fla.) announced an agreement with Hanmi I & C Co. Ltd., Korean software resellers.

• Merlin Software (ALTAMONTE SPRINGS, Fla.) products are now available at LinuxMall.com.

• Perot Systems Corporation and Rackspace.com (DALLAS and SAN ANTONIO) announced an agreement to jointly offer Internet hosting services to startup and mid-tier e-commerce clients.

• Pervasive Software Inc. and Aperian, Inc. (AUSTIN, Texas) created an alliance to put Tango 2000 Application Server and Pervasive.SQL 2000 database on the Internet to provide an instant deployment environment for Linux and Solaris-based applications.

• Protectix and Lynx Real-time Systems have announced a joint venture to develop a secure, embedded Linux distribution.

• Quadratec and MandrakeSoft (PASADENA, Calif.) announced a partnership to deliver automated backup solutions for Linux.

• TurboLinux, Inc. (SAN FRANCISCO) announced a sales and distribution agreement with Merisel, Inc.

• The Wireless Developer Network (SEBASTOPOL, Calif.) announced that it has entered into an affiliate agreement with the O'Reilly Network.

  Investments and Acquisitions

• Salon.com announced the sponsors of its Free Software Project; VA Linux Systems and TurboLinux.

• TeamLinux Corporation (AUSTIN, Texas) announced the acquisition of Austin- based Three-Sixteen Technical Services.

• WireX Communications, Inc. (PORTLAND, Ore.), a web-based supplier of custom, secure Linux server appliance software, announced that it has closed a $3 million round of venture capital funding.

  Financial

• 1mage Software Inc. (ENGLEWOOD, Colo.) announced that its first-quarter revenues and earnings were significantly improved over the first quarter last year.

• SCO (SANTA CRUZ, Calif.) announced its second fiscal quarter and six month financial results for the period ended March 31, 2000.

• SGI (MOUNTAIN VIEW, Calif.) announced results for its third quarter. Revenue for the third quarter was $564 million.

  Linux At Work

• DreamHost Webhosting (LOS ANGELES) announced the launch of their new domain registration system. Their servers all run Debian Linux.

• VeriSign, Inc. (MOUNTAIN VIEW, Calif.) announced that Red Hat has integrated VeriSign's 128-bit website digital certificates with Red Hat Linux 6.2 and Apache-based web server software, enabling secure e-commerce transactions.

  Personnel

• Caldera Systems Inc. (OREM, Utah) announced that it has named Kenneth Bergenthal as director of Asia Pacific Caldera Linux sales.

• Penguin Computing Inc. (CHICAGO) appointed to its board of directors, Pete Keeler, co-founder, chairman and CEO of Next Level Communications.

• Piranha, Inc. (DALLAS) announced the expansion of Piranha's Board of Directors to six members with the addition of Mr. Arthur Tauder.

• TimeSys Corp. (PITTSBURGH) announced the appointment of David Tannenbaum as the director of marketing. Tannenbaum will lead the TimeSys marketing strategy for the TimeSys Linux/RT and Real-Time Java products.

• VA Linux Systems, Inc. (SUNNYVALE, Calif.) announced that it has named William Cobert as managing director of European operations. The company is currently in the process of establishing its operations in France, Germany, The United Kingdom and The Netherlands. VA Linux Systems' European operations will be headquartered in Switzerland.

  Other

• Applix Inc. (WESTBORO, Mass.) announced that it has chosen Miller/Shandwick Technologies as its new public relations agency of record.

• Enerdyne Technologies Inc. (SAN DIEGO) announced that it will demonstrate the LNX7000 Linux Communications Server, and other products at the ITS America Meeting and Exposition 2000 in Boston.

• IDC (FRAMINGHAM, Mass.) announced results of a study, Server Workloads 2000 -- Understanding Server Deployment. The study revealed "surprisingly similar workload patterns between Windows NT and Linux."

• LinuxMall.com (CHICAGO) has opened an international distribution center in Amsterdam, Netherlands.

• This press release from Management Recruiters International (CLEVELAND) suggests that, "If a job requires knowledge of Linux, use that word a few times in your resume."

• MontaVista Software Inc. (SUNNYVALE, Calif.) announced the opening of design centers in Arizona and New Hampshire.

• TurboLinux, Inc. (SAN FRANCISCO) announced that it has established TurboLabs, a computing laboratory based in Santa Fe, New Mexico with a research and development focus on Linux and clustering for the enterprise.

• TurboLinux, Inc. (SAN FRANCISCO) announced that retail unit sales of TurboLinux products in the United States grew 200 percent from January to March, 10 times faster than the overall market, according to PC Data.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Salon's Andrew Leonard has added a new chapter to his "The Free Software Project" book. This chapter, the second one to be posted, is actually Chapter 6, and covers Mr. Leonard's trip to Finland. "Finland's love affair with high technology runs deep. The closer you look, the less remarkable it seems that a 21-year-old undergraduate at the University of Helsinki cooked up some code that ended up throwing the entire software industry into turmoil."

Business

AsiaBizTech has an article about the founding of Miracle Linux in Japan. "The new company will develop Miracle Linux, based on Turbo Linux, which is a server Linux OS fine-tuned for the Oracle8i relational database management system (RDBMS). It will begin selling and supporting this Linux software in September targeting midsize companies. Also, the new venture will sell Oracle's Linux products, and offer training and consulting services." (Thanks to Maya Tamiya).

Upside reports on ZDNet's acquisition of LinuxDevices.com. "The Linux open-platform philosophy is winning over an increasing number of converts in the overly-Balkanized embedded operating systems market..."

Here's an article on the LinuxMall.com site about the FSL "Jet" cluster. "Designed and built entirely using the Linux operating system, JET will be running weather models over the next two years at a rate of 2 to 4 Teraflops."

News.com has put up this article about Applix's new spinoff VistaSource. "Applix gave VistaSource a $6 million investment, but the subsidiary will seek its own venture funding and plans an initial public offering at the end of 2000 or in early 2001..."

TechWeb looks at the high level of interest in IBM's Linux for the S/390. "Since December 1999, when IBM began offering free versions of the open-source Linux operating system for its S/390s, more than 1,100 copies have been downloaded. 'These folks are jumping on it as fast as they can,' said Chris Rohrbach, an IBM S/390 business executive. 'In fact, some of them-many of them-are beginning to adopt Linux for the S/390 in production workloads.'"

News.com looks at IBM's plans to start selling its servers with Linux preloaded. "IBM typically lets computer retailers worry about installing operating systems, but it's altering that strategy because Linux computer buyers tend to be cost-conscious and less in need of hand-holding."

Here's this week's Linsider stock summary by Michael J. Hammel. "Bluepoint Linux, up a whopping 86% from 3.625 to 6.75, announced that their offices had been visited by key Chinese officials who stated that Bluepoint Linux would be a major player in the Chinese Governments Shenzhen Special Economic Zone. Bluepoint reports they have an 80% market share in China, though Asian heavyweight TurboLinux might have something to say about that."

ZDNet looks at the decline in Linux stock prices. "The low stock prices are not stopping the whirl of mergers and acquisitions as Linux firms snap up minnows, and the largest Linux concerns can point to some high-profile financial support when queried about their financial stability."

The San Jose Mercury looks at the rise and fall of VA Linux Systems' stock. "Given the market's short attention span and sales from the flippers, it was almost inevitable that the money-losing Linux companies would come back to earth. The essential thesis that the Linux companies were worth a percentage of Microsoft was flawed. And even superb marketeers like Red Hat's chairman, Robert Young, faded into the noise."

Here's News.com's take on the departure of Linuxcare CIO Doug Nassaur. "Growing pains at start-ups aren't unusual, particularly when outside managers are brought in to take over the company from founders. But the difficulties at Linuxcare are compounded by the pessimistic stock market and the steady decline of stock in Linux companies such as Caldera Systems, Red Hat, VA Linux Systems and Andover.Net."

Here's a brief article in the Korea Herald about the "Korea Linux Council," a group of Korean Linux businesses which plans to promote the system in Korea. Among other things, they plan to distribute 1 million Linux CDs this year.

StockHouse.com interviews Corel CEO Michael Cowpland; they talk mostly about Corel's Linux strategy. "Considering that we're kind of creating the desktop for Linux from scratch because up to now, people have said it was purely a server-based OS and the market didn't exist with that stuff, I think we've begun to prove that wrong and now we're beginning to develop the market for the desktop."

Here's a ZDNet column by Evan Liebovitch on current events - especially the possible breakup of Microsoft. "Just about the only benefit I hear from others is that a separate Microsoft applications division would be more inclined to make versions of its business apps for Linux. I'm neither convinced that this would benefit the Linux community, nor that an independent MS Apps Inc. would even rush to embrace Linux."

Resources

LinuxPower looks at the GNOME Pilot Project. "The GNOME-pilot project is currently making great strides forward and from the GNOME 1.2 release and onward Palm Pilot integration will be an well functioning part of GNOME. With the groundwork now having been done and it stabilizing you can expect that many of your favourite GNOME applications will start to add Palm syncronization, at least those with developers who have a Palm :)."

This week's Dear Lina, from Linuxcare, looks at devices. "My modem is connected to /dev/ttyS1. In order to dial out as a non-root user, I changed the permissions on /dev/ttyS1 to 0666. Every time I reboot, the permissions of /dev/ttyS1 are rolled back to 0600. I have to set the permissions again every time. This is a frustrating problem. How can I change the permissions of /dev/ttyS1 permanently? I am using Red Hat Linux."

Upside looks at Linux journaling filesystems, and reiserfs by Namesys in particular. "Although the Gnu General Public License enforces a certain level of altruism upon companies such as Namesys and SGI, the fact that Namesys and SGI have plowed ahead with their own separate projects, rather than merging into one, offers proof that competition and open-source software development need not be mutually exclusive."

Commercial document image software is now available for Linux. Michelle Head takes an indepth look at 1mage's choice to port their software to Linux. "Black Tusk Technologies, a South African application service provider (ASP) company, is using 1mage's new ability to port to their strictly-Linux server. Black Tusk uses 1mage's document imaging ability to aid their manufacturing and aviation customers, DeYoung said."

The Industry Standard posted this article about the Red Hat/Piranha vulnerability. "The fact that they've been finding holes in (Unix-based) Sendmail for 20 years indicates that open-source is not the best for security..."

Events

Take a look at what it took to get a Linux Pavilion at FOSE, the largest computer trade show targeted specifically at the US Federal government market, estimated to be over $35 billion dollars in size. "The main-floor pavillion was the brainchild of Northern Virginia LUG (NoVaLUG) member Tim Bogart, by day a network server administrator for a major telecommunications company, and furthered by Lois Rude, industry manager with FOSE. After a Washington-area Linux exposition was cancelled nearly a year ago, Bogart asked himself and fellow LUG members 'Why don't we get in on the real action?'"

Here's some Comdex coverage on the LinuxMall.com site. "On Wednesday, the Linux community showed it's lighter side when Dust Puppy from the User Friendly comic strip and Tux paired up after a press conference to take pictures with the Linux visitors. Dust Puppy was, understandably, given a wide berth, but Tux embraced members of the crowd that stepped forward to have a picture taken with the six-foot penguin."

ZDNet covers Caldera CEO Ransom Love's talk at the Linux Business Expo. "Love threw a damp towel on the revolutionary sentiments surrounding the open-source operating system and instead espoused an evolutionary approach to building momentum behind Linux. His fear is that in pushing the overthrow of the existing technological infrastructure, many options could be silenced."

Reviews and Interviews

Jerry Pournelle reviews Corel WordPerfect Office 2000 in this Byte article, which also looks at a system from Penguin Computing. "This may be worse news for Microsoft than Judge Penfield Jackson's decision. With a decent Linux box and the Corel WordPerfect Office 2000 suite you can do a good part of what you can do with Windows and Microsoft Office, and do it without a byte of Microsoft code in your system."

LinuxMall interviews Erik Hovland, founder and reigning president of the University of Southern California's Linux User Group (SCLUG). "In a recent interview with LinuxNews.com, Hovland discusses his history with Linux, his passion for robotics, his LUG with the snail mascot and Linux politics on the campus where famed hacker Kevin Mitnick once roamed free. "

Finally

The New York Times has this introductory article about Open-Source software. "There are thousands of open-source projects, of varying popularity and complexity. Aside from Linux, some of the most prominent include the PERL language, Apache server software, the Emacs text editor and the Sendmail e-mail routing program. Companies like Red Hat make money not from the code itself, which customers could get free, but from the products or services bundled with it." [The New York Times is a registration required site.] (Thanks to Marty Leisner)

Andover.Net columnist Julie Bresnick discovers the Linux community. "An industry insider once suggested to me that Linux was simply an anti-Microsoft Jihad, that its success was propelled by hatred for the big guy. Oy, what a killjoy. Linux, Open Source, will be the next standard because that's where the smartest folks go." (Thanks to Cesar A. K. Grossmann).

Salon looks at vigor, the version of vi with its very own "helpful" paper clip. "So is Vigor a sign that Microsoft-ian bloatishness will infect even the pristine world of free software? Or is it proof that irreverent hackers hold nothing sacred, to the point of blaspheming against their own holy tools?"

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

The RPM System A simple introduction to the RPM System is now available from LinuxPapers.

Italian Linux FAQ page Italian-speaking readers may want to bookmark the Italian Linux FAQ page, part of the ZioBudda news site. It contains over 500 FAQs and a search engine as well.

Events

Phillip W. Katz. An obituary for Phillip W. Katz lists his date of death as April 19th, 2000. Information can be found in this ABC News article". The Slashdot coverage contains more historical information on the creation of PKZIP. Age 37. Passed away unexpectedly on Fri., April 14, 2000. Beloved son of Hildegard and beloved brother of Cynthia. Also survived by other relatives and friends. Phil was a graduate of UWM Computer Science Engineering Program. He was the author of the PKZIP/PKUNZIP software and owner of PKWARE Inc. Co."

Web sites

User Group News

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

Python hackers may want to have a look at the Vaults of Parnassus, a comprehensive, hierarchical collection of available Python modules.

Section Editor: Jon Corbet

Letters to the editor

Date: Mon, 24 Apr 2000 13:26:57 -0400
From: "John F. Gibson" <gibson@mae.cornell.edu>
To: letters@lwn.net
Subject: DOJ vs MS, law vs libertarianism

Eric Raymond writes "Economic competition is ... a robust and
ubiquitous phenomenon that flourishes whenever human beings need 
to solve scarcity problems and are not forcibly prevented from 
trading with each other to do it."

This is quite likely true for emerging markets among individuals
with comparable economic clout. However, the situation is more 
complex in developed economies, with economies of scale and large 
disparities between the players. In such an environment, a player
with sufficient resources can effectively prevent trade among others,
through threats, coercion, dumping, buying and squelching potential 
competitors, etc. Monopolies are especially capable of such tactics. 
This is why we have anti-trust law. 

Over the last ten years, Microsoft has effectively prevented trade 
in operating systems by secret pricing structures and threats of
exclusion to manufacturers, in productivity software by closed,
rapidly changing file formats and coerced bundling of Office, in 
browsers by dumping Internet Explorer and corrupting Internet 
protocols. These actions have manifestly harmed consumers, the
software industry, and ultimately the U.S. economy. 

Mr. Raymond writes, "There are any number of counterexamples to the 
... claim that government-made law is essential to economic competition. 
Customary law maintained by the self-interest of economic actors is
quite sufficient." 

Perhaps examples prove that law is not necessary in every case,
but they don't prove it's unnecessary in all. If so, how does one 
explain away the harm Microsoft has already done? We're talking 
about billions of dollars, warped evolution in the software 
industry, the paths of thousands of people's lives, and ninety 
percent of the country subjected, for the past twenty years, to 
an operating system that crashes daily! You can't claim that 
Adam Smith's invisible hand will ultimately prevail and right 
these wrongs retroactively. 

Clearly what is needed is more effective law and better, more timely
enforcement.

Lastly, the First Amendment is in fact a regulation on the behavior
of Congress. It prevents Congress from making laws that restrict certain
freedoms of individuals, the press, etc. The founders recognized the
disparity of power between the majority, acting through Congress, and
minorities. They enacted the First Amendment to ensure fair
competition between unequal bodies. Kind of like antitrust law for
speech.    

John

--
John F. Gibson     gibson@mae.cornell.edu   
Mechanical and Aerospace Engineering, Computational Fluid Dynamics Lab
288 Upson Hall, Cornell University, Ithaca, New York, 14853-7501
Tel:    (607) 255 0360        Fax:    (607) 255 1222

From: ghaverla@freenet.edmonton.ab.ca
Date: Thu, 20 Apr 2000 09:29:44 -0600 (MDT)
To: letters@lwn.net
Subject: Printing and Re: WordPerfect "review"

Hi!

  I haven't run WordPerfect (or any other word processor),
but where are people getting this misconception that printing
is screwed up on Linux/*BSD/...???

  Printing is simple on any UNIX or UNIX-like machine, you
send the print job to the lpr (or lp) program, which sends
it to the print spooler (lpd), which ....  The program 
requesting the printing doesn't have to know a darn thing
about whether the printer is directly connected to "this"
computer, is directly connected to some other computer,
is a network printer, or is something acting like a printer.

  Word processors like to know what kind of device they are 
printing to, but this isn't a problem.  They only have to
look in the printcap file to find what devices are available.
Maybe the information in the printcap needs to be extended
a bit for word processing applications, or augmented, by
another config file.  But this certainly doesn't require the
word processor people to run around writing drivers or any
such nonsense.

  LPRng is actively in development.  Of late, we have someone
looking for a little tuning advice on having a bank of modems
attached to the system (somehow) to be used for outgoing
faxes, with each modem getting its own customized cover
sheet (phone number of the modem).  A little while ago we
had someone write in about using LPRng as the spooler for
a system where some kind of "ink" was placed on cookies
prior to baking.

  Just my $0.02.

Gord

Matter Realisations     http://www.materialisations.com/
Gordon Haverland, B.Sc. M.Eng. President
101  9504 182 St. NW    Edmonton, AB, CA  T5T 3A7
780/481-8019            ghaverla @ freenet.edmonton.ab.ca

Date: Sun, 23 Apr 2000 06:38:02 -0700
From: Steve Powell <stevenrpowell@sprintmail.com>
To: letters@lwn.net
Subject: WP Office Works Great for Me

I just installed WordPerfect's office suite, and while it still isn't
doing everything I want, it isn't nearly as fouled up on my system as it
seems to be on yours. My menus work fine -- everything works fine. The
only problem I have is I can't save to a .pdf yet. I haven't done
exhaustive tests but I've opened Paradox and looked around a bit in the
help system and what not, and it looks good. QuattroPro opens and can
perform routine tasks. I've used WordPerfect the most, and it was able
to create a document, run spell and grammar checks, etc.

Again, I haven't performed an exhaustive test of anything, but it
certainly isn't as goofed up as your experience suggests. Sounds like
something else is wrong. I installed to Corel Linux, and maybe that
makes a difference. Not that that's any excuse, but in any case I don't
think the package is nearly as far from functional as you found.

--
********************************************************************
Steve Powell
StevenRPowell@SprintMail.com
921 Coast Blvd South Apt 1
La Jolla, CA 92037-4150
Home: (858) 551-2021
Work: (858) 505-3460
********************************************************************

From: "Allan Stokes" <allan@stokes.ca>
To: <lwn@lwn.net>
Subject: soft tissue
Date: Fri, 21 Apr 2000 04:19:29 -0700

Hi Liz,

Story in /. tonight:
<<
"According to this AP story, the remains of a 66 million-year-old dinosaur
suggest that the extinct creatures were warmblooded - not coldblooded as
once believed - and capable of the swift and sustained motion typical of
modern birds and mammals. A whole site dedicated to the discovery of this
specimen is here."
>>

Your comments about encryption:
<<
Evidently the QNX folks decided to roll their own, closed-source, unreviewed
encryption, with the usual results.
>>

Do you see the parallel between your logic and the logic which decided that
dinosaurs were cold blooded?  It's the looking under the street lamp because
the light is better fallacy.  Starting out with only the bones they
concluded that dinosaurs were cold blooded because nothing was telling them
otherwise.  It's only what you don't have that is capable of arguing against
you.

It's exactly the same when look at the bone yard of proprietary encryption
algorithms broken and ignore the "soft tissue" of proprietary encryption
which hasn't been broken.  Or as most people assume "hasn't been broken
yet".  Which is exactly what the dinosaur people assumed about the kinds of
fossil fragments they had not yet found.

Perhaps someday the mathematics of "provable security" will be invented and
they will look back at some of the proprietary work done today and discover
that some of it was actually warm blooded after all.

I see this over and over again.  Things which can be measured compared
against things which can't be measured.  The light is always better under
the street lamp.

Even the experts fall into this trap.  Data directed encryption primitives
(which Ron Rivest plays around with) are often rejected because the analytic
tools available are not capable of finding defects.  Yes, it's true.  We
reject this approach because we have not yet invented the appropriate
mathematical tools for demonstrating that it doesn't work.  If we can't even
shoot at it we trust it even less.

Encryption has become a bravado culture.  You are told to wander out into
the mine field of techniques which mostly fail, and you are only respected
if you emerge safe after being shot at by a hundred different people.  This
really says a lot more about the inadequacy of our mathematical framework
than it does about whether a warm blooded individual who wanders away from
the mine field is capable (or not) of getting lucky with a proprietary
method.

Of course, anyone dumb enough to trust someone who spends too much time
alone in a dark room deserves what they get.  But that doesn't mean they
were wrong.  People spend too much time forming opinions about what is
technically possible (we don't know) and then end up misplacing the emphasis
which belongs entirely on the social issue of what kind of development
processes we choose to trust.

Allan