Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

Even though LinuxMall.com will end up in control of the new company, it is being structured as an acquisition of LinuxMall.com by EBIZ. Things are being done this way because EBIZ is already a public company. LinuxMall.com had an IPO process in the works, but current market conditions are not all that friendly to Linux IPOs. By joining with EBIZ, LinuxMall.com gets a quick path to a publicly-traded stock and doesn't have to go through the whole, long IPO routine.

The details: there are currently just over 8 million shares of EBIZ outstanding, traded on the over-the-counter market. By the time the deal is done, that number will go up to approximately 24 million. EBIZ has been trading in the $2-3 range since April. If the combined company can get that value up over $4 for at least a month, the stock will qualify for listing on the NASDAQ (where they evidently want the symbol "LINX" - the same one LinuxOne wants). LinuxMall.com management and "affiliates" will have a one-year holding period on their new EBIZ stock, so much of the new stock will not hit the market for some time.

This deal is an important milestone on a very long road for LinuxMall.com, which is truly one of the original Linux companies. It started out as "Work Group Solutions," founded by Mark Bolzern. WGS, back in 1993, was looking for a stable environment for its business, and gave Linux a try. Shortly thereafter, Mr. Bolzern discovered the "Clipper" language, which was then available on SCO systems. He talked with folks at Multisoft, who produced the "Flagship" Clipper compiler, and managed to convince them to do a Linux port; WGS then resold the resulting product. Mr. Bolzern tells us that it was, to the best of his knowledge, the first commercial product ever to run on Linux.

There was just one problem: the Slackware system that almost everybody was using in those days was a hard platform to support products on. Linux was young, and things were changing all the time: file layouts, libraries, etc. In order to have a more stable system, WGS put together a distribution called "LinuxPro"; it was based on Slackware, but was developed and maintained to be more consistent and not break commercial products. To Mr. Bolzern's surprise, LinuxPro quickly began to outsell Flagship. It grew to the point that it won a "Best of Show" award at the 1995 Comdex.

The 1995 Comdex show was also a watershed event in that it was the first to feature a Linux Pavilion. The separate area for Linux was also a result of Mr. Bolzern's work; he pushed for and organized it in the belief that it was best for the fledgling Linux commercial sector to show a unified front and grow the market share of Linux as a whole. Subsequent events have certainly supported this view.

As other early Linux distributors, such as Caldera, emerged, LinuxMall.com slowly withdrew from that market. LinuxPro is actually still available - though in 1995 it changed its base to become perhaps the first commercial distribution to add on to Red Hat. But LinuxMall.com decided to focus on reselling the products of others. It has played a crucial role in providing a market for Linux products, large and small. There is a large and vibrant Linux market now; LinuxMall.com laid much of the foundation that allowed that market to exist. The respect shown in the long-term Linux community can be seen in the makeup of LinuxMall's advisory board: Michael Cowpland, Alan Cox, Gael Duval, Adam Goodman, Jon "maddog" Hall, Miguel de Icaza, Ronny S.L. Ko, Ransom Love, Don Rosenberg, Linus Torvalds, and Ted Ts'o.

Mr. Bolzern fears some will be disappointed that, with this merger, the opportunity to do a directed share program with its IPO has been lost. That may well be, but LinuxMall.com has already done much to bring about the current success of Linux - and it did this many years ago, when there was far less money flying around. Mr. Bolzern also thinks that the merger with EBIZ may provide a better way to reward people: he sees EBIZ stock as being currently heavily undervalued. Nobody can say for sure, but the combined company may prove to be worth substantially more. Says Mark: "I hope instead of a huge bounce, that this approach will bring solid long term growth in a stock worth holding."

PHP 4.0 has been released. The announcementfor this long-awaited release came out on May 22. PHP is perhaps the most common Apache add-on, running on millions of web sites. It is the motor behind no end of dynamic, database-driven sites and the basis of the Midgard application server. So a new PHP release will eventually affect a large portion of the web.

There is actually relatively little in the way of new features with this release - the big changes are mostly hidden under the hood. At the top of the list is the new "Zend" engine, which is said to greatly speed the execution of PHP code. Zend also brings reference counting (leading to better memory utilization), better object support, and even a boolean type. PHP 4.0 also features a new "server abstraction layer" that makes it easier to host PHP on servers other than Apache. The 4.0 release is currently supported on Apache and IIS.

One other nice feature of PHP 4.0 is backward compatibility. It should be possible for most sites to upgrade without having to dig into their scripts and fix things. The change to version 3 was not so easy; it is nice to say that fewer problems await PHP webmasters this time around.

Congratulations are due to the PHP team for this milestone release. See the PHP web site for more information.

Lineo has filed for an IPO. The company seeks to raise on the order of $60 million from the offering. No offering time has been set, of course, but it generally takes about two months from the filing for the stock to actually go out. Thus, one can maybe expect Lineo to go public sometime around mid-July.

LWN has posted an analysis of Lineo's IPO filing as a feature article. These filings always give some interesting insights into how a business works, and Lineo's is no exception. In some ways, Lineo looks less like a Linux company and more like a traditional software company. It plans to make its money on the sale of proprietary software components - in this case its embedded web browser and the "Embedix Software Development Kit." The core of Embedix - Lineo's embedded version of Linux - must remain free, but there will be proprietary add-ons there as well. In any case, Embedix itself receives little play in the IPO filing; it looks like the loss leader which drives the sales of the other products.

Lineo's proprietary model will certainly not endear it to the purists in the free software community. At first reading, Lineo's "GPL statement" seems not to help:

There is often ambiguity regarding the exact meaning of certain clauses or conditions of the GNU General Public License (GPL).

Lineo goes on to state that it does not see a number of types of code - such as kernel or Apache modules - as "derivative works" that are covered under the GPL. Lineo can thus extend the kernel via modules and keep the extensions proprietary.

One may not like that interpretation, but it does agree with what others - and Linus Torvalds in particular - have said. There is probably very little in Lineo's GPL statement with which a lawyer would be able to argue. Lineo intends to push the GPL as far as it can - but no farther. The fact that Lineo has actually thought about the issue and put together a policy statement is probably a good sign.

The timing of this IPO is interesting. The market is being, shall we say, not entirely friendly to Linux stocks in this period. The LWN Linux Stock Index, which came out at 100 in September, 1999, and which peaked over 200 last December, now stands below 60. A number of Linux companies which wanted to go public have not even filed. Linuxcare's IPO died a horrible death. Will Lineo be able to pull it off in this environment?

Not even LWN is foolish enough to try to predict what the market will do. But it seems clear that Lineo has taken a difficult and risky path. Lineo's response to the considerable competition it faces (MontaVista, Red Hat, LynuxWorks, TimeSys, plus a whole crowd of well-established, non-Linux players) has been to grow quickly through acquisitions. After having consumed six companies, Lineo stands at a full 200 employees.

This is not a bad performance for a pre-IPO company. But those six companies sold with the understanding that Lineo's stock would be worth something sometime soon. And keeping all those employees paid is expensive. Both of these factors will certainly push Lineo toward going public sooner rather than later - even if the timing is perhaps not the best.

What happens if this IPO fails? If the market remains grim, a failure is a distinct possibility. Lineo is depending on the IPO cash to keep operating - they say it's enough to keep them going for 15 months. Without that money, Lineo starts to look a lot like Linuxcare: a high burn rate and a shrinking bank account. The company currently has $30 million in the bank, thanks to all the investments it has received. That's a big stash, but 200 employees could burn it up in a hurry. For the sake of Lineo and its stash, one hopes that this gamble (and an IPO is always a gamble) works out.

Inside this week's Linux Weekly News:

• Security: Standard and Poor's Comstock's Linux-based multiCSP.
• Kernel: Eric Raymond hacks kbuild.
• Distributions: The embedded Linux distribution arena heats up.
• Development: ActiveState endorses Mozilla, another GPL'd software package.
• Commerce: Scriptics changes name to Ajuba Solutions.
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

Security in New Places. This week, we took a look at a security report on a commercial product based on Linux. Stephen Friedl placed a posting on BugTraq regarding security problems he saw in Standard and Poor's Comstock's multiCSP, used within a virtual private network to provide real-time stock quotes. This was not the first such report; Kevin Kadow posted a similar, though less scathing review of the security of these systems in March, after contacting the company about the problems in January.

Following the thread, it appears that Standard and Poor's was slow to respond to these security reports. A version of the server "burned" in February had, indeed, somewhat improved security, but a customer letterwas not sent until yesterday, May 24th. No effort appears to have been made to fix already deployed servers in the meantime.

We contacted Standard and Poor's last week and received a response from them yesterday. They were not yet ready to acknowledge the accuracy of Stephen's original report, in which he documents being able to access and obtain root access on other mCSPs on the VPN after gaining root access on the initial device. They did promise to quickly address other reported security problems, but of course, having been slow to respond to them so far, only the availability of complete fixes in the near future will fulfill this promise.

They also stated that they were actively pursuing the issue with Stephen to see if the remote access vulnerability could be confirmed (at which point, they promised to address the problem swiftly). A quick check with Stephen elicited the information that they had indeed contacted him to follow up the report -- after our phone call. We expect that Stephen's report will be verified.

Meanwhile, CNet posted an article Wednesday, entitled, "Flaws in S&P service could put companies' data at risk". Standard and Poor's had run out of time to deal with the reported security problem before facing adversarial media scrutiny.

This is an example of education through experience. Security issues have real consequences and one area where they can have impact is the potential undermining of customer trust. Enabling clear procedures for handling security reports, verifying them in a timely fashion and keeping customers and the public informed can minimize the potential damage. Standard and Poor's Comstock just had an object lesson to this effect. They get little sympathy from BugTraq members, who have previously educated companies in many other industries and situations. They will get even less if these problems are not addressed in the near future.

Web-site defacements, sorted by OS. Attrition.org has made available an interesting set of charts. Provided are moving 29-day averages of the number of reported web-site defacements, sorted by operating system. Add this to your statistical fodder, for comparing the security of various operating systems. Of course, the preponderance of defacements on Microsoft-based servers could be based on personal biases of the defacers, rather than the ease of the defacement.

Sendmail, Inc. on ILOVEYOU. Sendmail, Inc. has issued this press release stating that the ILOVEYOU virus attack demonstrates the need for server-level protection of the variety that is available from, well, Sendmail, Inc. Those who read closely will note the absence of a claim that Sendmail's products would have actually prevented the ILOVEYOU episode.

Sendmail, Inc. has also announced the opening of an office in Germany.

Guide to Home Networking (justLinux). Here's a look at home-network security from justLinux. "Now, the network's probably not bulletproof, but it is tighter than before the attack. It's about 3 a.m. by the time I get back online. I head to bed feeling like I've done all I could do to stop further attacks. Little did I know that intruders had already setup residency on my box." (Thanks to Jay R. Ashworth)

Security Reports

Xserver: nasty denial-of-service vulnerability. Chris Evans reported a nasty denial-of-service vulnerability in XFree86-3.3.5 where a malformed packet sent to port 6000 TCP causes the Xserver to lock up the system. This has been confirmed on Red Hat 6.2 and OpenLinux 2.3 and 2.4. For more information, check the SecurityFocus database entry. Note that the problem also occurs with XFree86-3.3.6 and XFree86-4.0, though the behavior is slightly different.

• Caldera

qpopper 2.53. Both the FreeBSD and Linux versions of qpopper 2.53 are reportedly exploitable and can be made to provide a remote attacker with shell access (uid=mail). An upgrade to qpopper 3.1 is recommended. Note that not everyone is comfortable with the security of 3.1 which is still in beta.

fdmount. Arend-Jan Wijtzes reported an exploitable buffer overflow in fdmount. The potential exploit requires that fdmount be installed suid root and is only exploitable by someone in the "floppy" group. An exploit has been published. Slackware 4.0 and 7.0 and Linux-Mandrake 7.0 were reported vulnerable. Slackware 3.5 and Debian 2.X were reported not vulnerable.

• Linux-Mandrake

PGP 5.0. A security flaw has been reported in the Linux and some BSD implementations of the PGP 5.0 protocol. PGP 2.X and 6.5 are reported not to share this problem.

MDBMS. A remote exploit for MDBMS has been published on the BugTraq mailing list, along with an unverified patch to fix the problem.

gdm. A buffer overflow vulnerability has been reported in Gnome gdm. No distributions have been found vulnerable so far because they are shipped with "Enable=0" in the gdm configuration file. You may be impacted if you compiled Gnome from source. Modifying the configuration file will resolve the problem. Check the SecurityFocus vulnerability database entry for more details.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• NAI's Gauntlet firewall
• FrontPage on Cobalt RaQ2/RaQ3
• HP Web JetAdmin Version 5.6 and Version 6.0
• Cayman 3220H DSL Router, software update and new exploit
• NetProwler 3.0, a commercial network intrusion detection system

Updates

mailman. The mailman mailing list manager, as shipped with Red Hat Secure Web Server 3.0, 3.1 and 3.2, is reported to contain several security vulnerabilities (no details provided). An upgrade to mailman-2.0beta2 is recommended to close these holes.

• Red Hat Secure Web Server

dump. Security-related buffer overflows in dump were reported originally in the March 2nd, 2000 LWN Security Summary. For more details, check the SecurityFocus database entry.

• TurboLinux (old)
• Linux-Mandrake

Kerberos. We mentioned that multiple, exploitable buffer-overruns had been reported in the MIT and Cygnus Kerberos implementations in last week's Security Summary. This week, an additional Kerberos patchwas provided. This will only be needed if you are compiling krb5-1.1.1 from source with the "--without-krb4" option. If you are, be sure to apply the patch. The results without it are reported to be "disastrous".

CERT has also issued an advisoryregarding the Kerberos vulnerabilities. It contains additional information about the NetBSD and OpenBSD Kerberos implementations, which are based on the KTH implementation and therefore believed to not be vulnerable. Chris Evans also posted a followup, with information on other potential problems with Kerberos that he provided a few weeks ago.

• Red Hat

Netscape SSL. Problems in the manner that Netscape handled invalid SSL certificates have been fixed in Netscape 4.73. Check last week's Security Summary for details.

• Red Hat

lynx. After a series of reported security problems with the lynx text-based web browser dating back to September of 1999, the code has at last undergone a thorough audit. The latest version, lynx-2.8.3pre.5, is believed to close all major holes.

• FreeBSD
• Slackware

xemacs. A couple of problems in xemacs have been fixed, including the insecure creation of temporary files and snooping of other users' keystrokes. Although not confirmed, these may be related to similar problems reported with emacs in April.

• Caldera
• Linux-Mandrake

gnapster/knapster. For more information, check out the security report in last week's Security Summary.

• knapster (source) (old)
• gnapster (source) (old)
• FreeBSD (updated advisory)

openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.

This week's reports:

• TurboLinux

• Red Hat (April 27th)
• Linux-Mandrake (April 27th)
• Caldera (May 11th)
• Yellow Dog (May 11th)
• Independence (May 11th)

Resources

OpenSSH Linux port. A new version of the Linux port of OpenSSH has been released. It includes a large number of bugfixes.

checkps. Development on checkps, a Linux rootkit detector, has recommenced. A new version is now available via CVS, containing a fix for a non-exploitable buffer overrun, in addition to other small fixes and features.

Events

June security events.

June 12-14, 2000. NetSec 2000, San Francisco, California, USA.

June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA.

June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
Linux Security Audit Project
LinuxSecurity.com
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

2.3.99-pre9 also contains the results of continued work on the memory management problems that have afflicted recent kernels. Progress has been made - 2.3.99-pre9 is far more responsive than 2.3.99-pre8 was. There are still complaints about poor I/O behavior, however; some work remains to be done.

A 2.3.99-pre10 preprepatch is available, in its third revision as of this writing. It contains a pair of drivers from H. Peter Anvin that provide access to the x86 "model specific registers" and CPUID information, a SiS 300/630/540 frame buffer driver, and some Sparc tweaks.

Alan Cox posted a new 2.4 jobs list on May 25.

The current stable kernel release is 2.2.15. The 2.2.16 prepatch is at 2.2.16pre4. There is currently no word on when the official 2.2.16 release might come out - it will probably be a while yet.

Eric Raymond hacks up a new kernel configuration scheme. The Linux kernel is a complicated beast, with a great many different ways in which it can be built. Anybody who has ever built their own kernel has had to deal with the kernel configuration mechanism (kbuild), which deals with all of these options. This mechanism selects which capabilities are to be built into the kernel, handles dependencies (i.e. no ethernet cards if the kernel isn't built with networking), and presents three different interfaces (command line, curses, and X) to the user. Kbuild, in handling all these tasks, has evolved into a complicated piece of code in its own right.

It's also a twisted mess of shell scripts, Tcl/Tk scripts, awk scripts, perl, and C code. It's hard to maintain, hard to understand, and unable to be adapted to meet the user interface needs of a large number of Linux users. Not everybody really wants to plow through many hundreds of individual, detailed configuration options, after all. Eric Raymond tried to do some of this interface work back in March, and finally posted a frustrated message to the linux-kbuild list in which he said:

I've been examining the existing kernel configuration system, and I have about concluded that the best favor we could do everybody involved with it is to take it out behind the barn and shoot it through the head.

Eric, of course, is well equipped to do exactly that.

The very same day, long-time kbuild maintainer Michael Elizabeth Chastain posted a note saying that he could no longer keep up with maintaining the system; a new maintainer was requested.

Quite a bit of discussion followed, but absolutely nobody spoke in favor of retaining the existing code. So Eric went off to start hacking on a new kbuild system. On May 24, he released the new implementation, which he calls "CML2." CML2 is a new "mini-language" which is designed for the specific task of configuring kernels. A "ruleset" is written in CML2 which describes all of the available kernel options and their dependencies; a compiler is then run on the ruleset to create the "rulebase." Any of a number of configuration front ends can then read this rulebase and use it to configure a kernel.

The CML2 language has a number of advantages, not the least of which is that it was designed as a coherent whole, rather than slowly growing into a big mess. It is claimed to be more expressive; the 7000+ lines of old configuration code are reduced to 2400 lines of CML2, though one should also probably count the almost 2000 lines of CML symbol definitions which define the various options.

The new scheme also makes a clear distinction between the configuration language and the user interface, allowing the two to be developed independently.

Eric's hope is to get people playing with the new system now, with an eye toward inclusion in the 2.5 development series. It can coexist with the current kbuild system, and, as has been noted, the current scheme has few defenders. Thus, if CML2 works, one might anticipate that it would be adopted with little trouble. The one sticking point may be that it's written in Python; not everybody wants to have to keep a Python system around.

Thinking toward the future. A number of people posted articles on possible future developments this week. They include:

• Guus Sliepen proposed the creation of a suite of kernel benchmarking tools. The need is clear: much work, such as recent efforts with memory management, has been hampered by the lack of a way to objectively measure the results.

• Jeff Garzik would like to see an organized set of changelogs for the kernel, so that people actually know what is going in with the patches. The idea makes sense, but it would essentially require that Linus maintain the log on top of everything else that he does; he has not been enthusiastic about that idea in the past.

• Rik van Riel has come up with a new memory balancing scheme which, he hopes, is the path forward to better memory performance in the future.

• Neil Brown's posting from last week on the devfs issue drew a number of responses. James Feeney wrote about how he would like to see a dynamic device file system work. Jason McMullan chimed in with a call for a strong push toward the "everything is a file" view of the system; Ted Ts'o responded with reasons why some things should not be files.

Other patches and updates released this week include:

• Rick van Rein updated his "BadRAM" patch, which enables the kernel to use defective memory by avoiding the bad parts.

• A patch which provides directory notification (sending a message to interested processes when a directory changes) was posted. See also Ted Ts'o's response on the limitations that apply to notification.

• Ted Ts'o posted a serial driver update that fixes a number of issues and supports some new hardware.

• Trond Myklebust posted a new version of the NFSv3 client code for the 2.2.15 kernel.

• Version 1.2 of the performance monitoring counters driver was released by Mikael Pettersson.

• Alan Cox has released a set of Red Hat kernels with USB and ext3 support built in.

• Brad Hards has announced the availability of version 1.0.9 of the Linux USB Guide.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• Linux 2.5.x Porting help

Other resources:

• Kernel Source Reference
• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

Embedded Distributions

• TimeSys joins the real-time drag race (Upside).
  
• MontaVista announces free embedded Linux seminars (May 31st and June 5th, California).
  
• MontaVista ports to Intel's PICA in less than 90 minutes.
• MontaVista hires Gregory Haerr, the leader of the open source Microwindows project.
• deepLinux 1.0 is announced, a new embedded distribution from Rick Collette

New distributions

Cafe Linux. A new distribution, called Cafe Linux, has been announced. Cafe Linux is a Spanish-language distribution produced in Colombia. A quick look at the FTP site shows the signs of a Red Hat-derived distribution. More information (in Spanish) may be found on the Cafe Linux web site.

Bastille Linux

Bastille Linux 1.1.0.pre5. A typographical error in the source code for Bastille 1.1.0.pre4 caused the text user interface to break. This has been fixed in the new version.

Caldera OpenLinux

Caldera Systems reports second quarter results. Caldera Systems has announced its second quarter results - the first such announcement since the company went public. For the quarter ending April 30, they brought in $1.4 million - up from $544,000 a year ago. They managed to lose $9.2 million during the quarter.

The analysts seemed pleased with the results, as exemplified by the increased Caldera estimate in Robertson Stephens Daily Growth Stock Update. "We believe Caldera is first to market with its strategy to expand past the standardized desktop Linux into Linux for eBusiness, specifically servers and eCommerce. As companies require the most scalable and robust systems for their eCommerce activities and server needs, Linux becomes an important option, in our view."

Debian GNU/Linux

Debian Weekly News (May 24). This week's Debian Weekly News reports the end of the first test cycle and what they learned from it. Packages with release-critical bugs will be removed on the 25th and 26th and the next test cycle will begin on May 29th. This will allow them to get a full release kernel in place, rather than a pre-release kernel, and fix some problems with the boot-floppies.

Other news touched on the upcoming Debian Conference in France (planned to be a roving annual event), the ftp.debian.org server, which has been connected to an International backbone in preparation for the next release, and more.

Elfstone Linux

Elfstone Linux ISO image available.

LinuxPPC

Expanded RPM archive. LinuxPPC has announced the update and expansion of their RPM archive at ftp.linuxppc.org.

LuteLinux

Training and Certification. LuteLinux put out two press releases this week, one on their training and certification and another one their trainer certification. It appears that they are setting up yet a third certification authority, not in coordination with either the Linux Professional Institute (LPI) or Red Hat.

Red Hat Linux

Survey.com study reports Red Hat lead. Survey.com has released a study, aimed at IT decision-makers, which reports 64.2% of them name Red Hat as the primary "open source Unix distribution" they use. The study also indicates that, among companies not currently using an "open source Unix distribution", 80% of them are considering Red Hat. The 600 study participants were only in the United States and generally represented large companies, some of them in the Fortune 500.

Bill Gates files to sell some Red Hat shares (Reuters). According to this Reuters article, Cascade Investment LLC has filed to sell $450,000 worth of Red Hat shares. Cascade is evidently controlled by none other than Bill Gates.

Slackware Linux

SlackReiser 2. New disk images to support the installation of Slackware 7 on a Reiserfs partition have been announced.

Updates to current. Gdb 5.0 and OpenMotif 2.1.30 were added to the Slackware current tree this week, among other actions.

SuSE Linux

SuSE now distributing Loki's Heavy Gear II. Loki and SuSE happily announced that SuSE is now distributing Loki's most recent release for Linux, Heavy Gear II, which uses the LGPL'd OpenAL library. "Linux games play a significant role in the success of the desktop market. Through the common efforts of the Linux community, most recently with OpenAL and the XFree86 version 4.0, ensuring enhanced 3D graphics card support, decisive steps forward have been taken."

TurboLinux

TurboLinux and RSA Security announce deal. TurboLinux has announced a deal with RSA security wherein TurboLinux will offer RSA's "BSAFE SS-C" software with its server distribution.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

Netscape and ActiveState sign deal. Netscape and ActiveState have announced a deal where they will cooperate on their development projects. ActiveState gets Javascript, while ActiveState will donate its Python and Perl work to the Mozilla project. Soon you'll be able to script your browser in Python.

Add to that ActiveState's choice of Mozilla as a cross platform development framework for Komodo, its Perl and Python integrated development environment (IDE). This endorsement has made a lot of Mozilla supporters happy. The benefits that led ActiveState to choose Mozilla were the facts that it is open source, cross platform , standards compliant and exemplifies a next generation, component architecture.

MDC-XSL version 0.1. Minoru Development Corporation has announced the release of MDC-XSL, an XML to HTML converter, under the GPL v2. "MDC-XSL is written in C++ making it highly portable and easily linked directly into other applications. It is the first implementation of XSL technology to be designed specifically as an add-in to other applications."

O'Reilly to open source X books?. Bruce Perens reports on a conversation with Tim O'Reilly wherein Tim says that he would be willing to open-source the classic series of X Window System books. What's needed is somebody to put some effort into updating and preparing them for distribution. "Suppose some knowledgeable author wrote a grant proposal to pay enough to maintain the documents for another 5 or 10 years and keep them online?"

Browsers

Creating a Mozilla Skin, Pt. 1 (MozillaZine ChromeZone). Chris Nelson, MozillaZine editor, has published the first installment of a nine-part series on building your own Mozilla skin.

O'Reilly's Mozilla DevCenter. O'Reilly opened their Mozilla DevCenter on May 19th.

Databases

Interbase 6.0beta news. Interbase is keeping an active list of development tidbits for its upcoming 6.0beta release (under an open source license).

Education

SEUL/edu Linux in Education Report. This week's SEUL/edu Linux in Education Report is out. It includes a quick report from LinuxCanada and a bunch of other education-related stuff.

Games

Installation test of Linux games. zocks.de has an article (in German) on installing Linux games. Here's a Babelfish translation.

Merchant Empires beta test. Merchant Empires is setting up a beta test for June 10th and is looking for players. Contact Bryan Willett if you are interested.

Interoperability

Kernel Cousin: Samba (May 18th). The latest Kernel Cousin: Samba is out. It discusses the Microsoft Kerberos issue and its impact on Samba development, finishing up with this editor note: "[If any of you are like us and a lot of that was a bit over your heads, just nod quietly and agree with Chris Hertel: "What pleases me most about this conversation is that we seem to have some very knowledgeable folks on the list and that there is progress being made. Time for me to go into learn mode. Thanks everyone!"]"

Wine Weekly News (May 23). This week's Wine Weekly News reports on the latest Wine development and discussions on the Wine mailing list, including OpenGL optimization and MFC compilation (and license change).

Networking

OpenNMS Update (May 23). The latest update from the OpenNMS network management project is now available. It seems they've finally decided to work with a relational database system (RDBMS).

Bind 9.0 b3 released. Developers working with IPv6 or DNSSEC may want to check out the latest beta release of bind. At least one more beta release is expected before a release candidate for bind 9.0 is seen.

OpenNMS and North Carolina State University announce collaboration. On May 2nd, OpenNMS and North Carolina State University (NCSU) announced a collaboration. NCSU will be deploying the OpenNMS open source network management software on their campus network across several different platforms. "'We have spent months configuring our legacy management systems -- and we still are unable to generate many of the reports we need to satisfy our service level agreements. With OpenNMS, we can get customizable shareware and focus our limited resources on providing the responsiveness and service that our customers want,' said Emer."

Office Applications

AbiWord Weekly News. This week's AbiWord Weekly News is out.

Siag Office 3.3.6. Colour printing for European users and updated German and Danish translations are the major points in this minor release.

On the Desktop

Helix GNOME packages for Debian. The long wait is over: a set of Helix GNOME packages for the Debian distribution has been released.

Writing Gnome Panel Applets (LinuxDev.Net). Part I and Part II of the LinuxDev.net series on writing GNOME panel applets are now available.

Web site Development

Midgard Weekly Summary (#39). The Midgard Weekly Summary provides news and information from the Midgard web development platform project. Midgard is a PHP-based open source project. This week, CodeSnippet has been added to the CVS archive, mail archives have been added to the web site and the two-day Midgard Developers Meeting has been scheduled for June 18-19th, 2000 in Karlskrona, Sweden.

Zope Weekly News (May 23). This week's Zope Weekly Newscovers the new Zope 2.2 alpha release and links to discussions about Zope and Law Office information, Pyro and security issues.

DocBook V4.0 released. DocBook V4.0 and DocBook XML 4.0 have been released. "DocBook is an SGML DTD maintained by the DocBook Technical Committee of OASIS. It is particularly well suited to books and papers about computer hardware and software (though it is by no means limited to these applications)." For more information on DocBook, check their description page, which also contains a brief history of DocBook.

May Netcraft Survey. According to the May Netcraft survey, Apache is still the predominant web server at 60.4% of the market, but has lost approximately 1% of its lead. Microsoft was also down, but only slightly. (Thanks to Fabian Wauthier).

Section Editor: Liz Coolbaugh

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

C

GDB 5.0 and Insight 5.0 released. GDB 5.0, a new release of the GNU debugger, and Insight 5.0, a graphical interface to GDB, have been announced. C++ support has been enhanced in the new GDB and new configurations have been added for the ARM and PowerPC platforms.

[Editor note: the link to the Insight announcement on Appwatch is unstable. In case it does not work when you try it, here is the Insight homepage].

Java

Java 2 Platform Enterprise Edition is Linux Ready. Java 2 Platform Enterprise Edition is Linux Ready, announces this java.sun.com article. "'In reality, it was very easy to make the port,' says Ken Saks, a member of Sun's J2EE technology team. 'It was surprising just how trivial it was to get J2EE technology-based applications to run in the Linux environment.'"

Perl

perl5-porters (15-21 May 2000). The latest summary from the perl5-porters mailing list is now available. Check it out for hints as to future perl development directions, including a couple of slightly different efforts to support perl on the Palm Pilot.

The Perl Journal Vol. 5, No. 1. Perl News reports on the latest issue of The Perl Journal.

PHP

PHP 4.0 released. Here is the announcement for the long-awaited PHP 4.0 release. Source for PHP 4 for Linux is now available from the PHP web-site. For more information on this release, check our front page coverage.

Python

This week's Python-URL. Here is this week's Dr. Dobb's Python-URL, with the latest from the Python development world. Among other things, Python has now moved to SourceForge.

What They're Saying About...The Python Open-Source Language (Software Development). Software Development has collected together opinions from authors, developers and the media on Python and put them together in this short feature article. "'Python is almost bearable (in comparison to either C++ or Java).' -Kent Beck, Smalltalk enthusiast, quoted by Larry Constantine at SD 2000." (From Daily Python-URL).

Phil Thompson puts Python and Qt together (SunWorld). Cameron Laird and Boudewijn Rempt profile Phil Thompson, author of PyQt, in this article. "Perhaps it wasn't so surprising. Thompson's career suggests he's comfortable taking technologies to places neither he nor they have been before. In that earlier case, his original intent was to freshen a small application he wrote to manage his household finances. Having written it in C for GEM and DOS, by the late '90s he wanted a Qt-based graphical user interface (GUI) for it. "

Tcl/tk

Dr Dobbs' Tcl-URL (May 23). This week's edition addresses nesting instincts and who should take out the garbage.

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

The change in name goes along with a change in the company's focus. Tcl/Tk is no longer a primary focus, now it's XML. Where once the company focused on tying together disparate programs within an organization, now the focus is on business-to-business integration. The company has also renamed its flagship product from Scriptics Connect to Ajuba2.

John Ousterhout, Founder and Chief Technology Officer, is quoted in the press release. "This is a natural evolution for a company that was founded on the vision of enabling organizations to integrate complex business processes, technology and devices. The acceptance of Internet and XML technologies provides the springboard to move beyond expensive, proprietary solutions to an open, standards-based platform for business-to-business integration solutions." Ajuba2 is, however, a proprietary product. (Found in Portalux News).

Collab.Net and Opendesk.com sponsor project management specification. Collab.net and Opendesk.com have announced that they are sponsoring the development of an open source project management system - at least through the specification stage.

Three announcements from SGI.

• This one says that IBM's WebSphere application server will be available for SGI's Linux-based servers.
• This one is on the availability of a new, Linux-based "Internet server" system. It comes with MessagingDirect's "M-Store" mail hosting software.
• This one is about the new 1450 server, which is available in a Linux configuration. Also included is the "SGI ProPack for Linux," containing a number of SGI's Linux enhancements which are not currently part of the mainline system.

MontaVista's Moves. MontaVista Software has announced the hiring of Gregory Haerr as "Chief Strategist, GUI Technologies." Mr. Haerr is the leader of the open source Microwindows project, which provides both the X11 and Win32 (subset) APIs in a small package.

MontaVista also announced a port of its Hard Hat Linux embedded distribution to the "Programmable Intel Compute Appliance." They claim the port took less than 90 minutes.

Mission Critical Linux announces Palm-based monitoring package. Mission Critical Linux has announced a new support mechanism which allows system administrators to monitor their networks with a wireless Palm system.

Red Hat. Red Hat has announced the expansion of its support program to include a new per-server pricing scheme.

The Red Hat Center has announced the awarding of its first set of grants. In keeping with the times, the grants are relatively political in nature: they went to the Electronic Frontier Foundation, probono.net, and the Center for Media Education.

VA Linux Systems. VA Linux Systems has announced its revenues for the quarter ending April 28. Their revenue was $34.6 million for the quarter. Services revenue was up to $1.5 million - still a small piece of the total at just over 4%, but growing quickly.

On a lighter note, VA Linux Systems announced that its servers ran the "static web page content" behind the Victoria's Secret Fashion Show Cannes 2000 Fashion Show Webcast on May 18.

Intrinsyc unveils Linux-based platform . Intrinsyc has announced its "CerfBoard" - a small, StrongArm-based single-board computer that comes with Linux installed.

Cobalt Networks announces 'StaQware'. Cobalt Networks has announced its "StaQware" product - a high-availability clustering setup for web serving applications.

Caldera to bundle Legato NetWorker. Legato Systems has announced that Caldera Systems will be bundling the NetWorker and Cluster products with the eServer distribution.

Press Releases:

Open Source Products (License will be mentioned here if known)
• GoAhead Software (BELLEVUE, Wash.) announced the release of GoAhead WebServer 2.1, the latest version of its open source, royalty free, standards-based embedded Web server.

• OpenSales, Inc. (SAN MATEO, Calif.) announced that it has released its e-commerce software suite which supports WAP-enabled devices. The suite is comprised of the OpenSales AllCommerce platform and the OpenSales Retailer application.

• Tripp Lite (CHICAGO) announced that Linuxcare has certified that Tripp Lite UPS Systems and PowerAlert Software are compatible and fully supported under the Linux Red Hat distribution. The press release also says the open source code for Tripp Lite's PowerAlert Software is available free of charge as a download from its website at http://www.tripplite.com/linux.

  Commercial Products for Linux

• CorelPRESS and Osborne/McGraw-Hill (BERKELEY, CA) announced the publication of Corel LINUX OS Starter Kit: The Official Guide, by Joe Merlino and Kate Wrightson. A CD-ROM is included.

• I-Logix Inc. (ANDOVER, Mass.) announced Rhapsody Modeler, a free edition of the Rhapsody application development environment.

• Knox Software (CARLSBAD, Calif.) announced that it has shipped Arkeia for Oracle8i Recovery Manager (RMAN), a network backup solution for enterprise-class Oracle8i databases running on the Linux platform.

• LynuxWorks, Inc. (SAN JOSE, Calif.) announced that the GoAhead Software, Inc. suite of off-the-shelf service availability software for Internet infrastructure devices supports both the LynuxWorks' LynxOS real-time operating system (RTOS) and the BlueCat Linux operating system.

• NETmachines, Inc. (ORLANDO, Fla.) announced a new and free software upgrade for their RedRak Web server appliances.

• NetManage (CUPERTINO, Calif.) announced the support of the Linux operating system for its major product lines including Web Integration and Host Access.

• QUALCOMM Incorporated (SAN DIEGO) announced it has released a new version of its free Qpopper Server 3.0 for Linux/Unix environments.

• theKompany.com (RANCHO SANTA MARGARITA, Calif.) announced the release of PowerPlant, a suite of developer tools and software for producing top-quality, integrated Linux software.

• Tux Games announced the game Terminus from Vicarious Visions, will be available soon, and can be pre-ordered now.

  Products Using Linux

• Computer I/O Corporation (SANTA CLARA, Calif.) announced the Linux-based Easy I/O T1/E1 Streaming Server, a high-performance communications server specifically designed for data insertion, capture and analysis applications.

• UnionBuiltBox is selling Athlon workstations equipped with Red Hat Linux 6.2.

  Products with Linux Versions

• Ariel Corp. (ORLANDO, Fla.) announced a $1000 rebate for new purchases of Ariel's RS4200 56K/ISDN remote access card set.

• BakBone Software Inc. (SAN DIEGO) announced that NOX Co., Ltd., a Japanese storage distributor, has selected BakBone's NetVault as the foundation for its Strategic Storage Products Suite (SSPS) data recovery solution for the UNIX, Linux, and Windows NT markets.

• Dirig Software, Inc. (ORLANDO, Fla.) announced xSPress, an application performance management solution specifically designed for the rapidly growing service provider market.

• IBM (SOMERS, N.Y.) introduced 2 new servers. The Intel-based 64-processor NUMA-Q E410 server on the high end, and the Netfinity 3500 M20 on the low end.

• Image Power (VANCOUVER) announced a focused initiative that extends its Web-based FaxPC universal messaging services to wireless devices equipped with Wireless Application Protocol (WAP)-compliant microbrowsers. Its Linux FaxPC viewer will provide access by various portable and wireless devices using the Linux operating system.

• Intel Corporation (SANTA CLARA, Calif.) introduced the Intel Pentium III processor at 933 MHz.

• InterLan Technologies (RESEARCH TRIANGLE PARK, NC) introduced QuickStart, a program that allows companies worldwide to jumpstart their e-commerce programs the same day an order is placed.

• Intrusion.com, Inc. (RICHARDSON, Texas) announced support for Check Point Software Technologies' Meta IP software on the Securecom 8001 appliance.

• Macromedia, Inc. (SAN FRANCISCO) announced Macromedia Generator 2 Enterprise Edition.

• Novell, Inc. (ORLANDO, Fla.) announced availability of the Novell Internet Messaging System 2.5.

• ParaSoft (MONROVIA, Calif.) announced the release of WebKing 2.0, a comprehensive solution for developing and testing dynamic Web sites.

• Quantex Microsystems, Inc, (SOMERSET, N.J.) announced the IS1000 and IS2000 servers a pair of powerful small footprint Internet servers. The servers can come bundled with Red Hat Linux 6.1 with the Apache Web server.

• Quantum Corporation's DLT & Storage Systems Group (MILPITAS, Calif.) announced the launch of its solid state storage product, the Rushmore eSystem Accelerator (eSA).

• Research Systems, Inc. (BOULDER, Colo.) announced the release of VIP 1.3, a visual programming environment for data analysis and visualization.

• SAGA SOFTWARE, Inc. announced its plans for support of the Linux environment within its Sagavista product suite.

• SOCHRYS.COM INC. (GENEVA, Switzerland) announced the availability of SOCHRYS UNIVERSAL BANKING.

• Solsoft, Inc. (MOUNTAIN VIEW, Calif.) announced a major new release of Solsoft NP 4.0, a solution for organizations that need to manage security for their intranet, remote sites, branch offices, or their extranet business relationships.

• StarBox Netsystems (ORLANDO, Fla.) unveiled the StarBox iBox/SBC, a 1U ultrathin server for ASPs capable of supporting dual high-performance Pentium III CPUs. It can be ordered with Linux installed.

• Synopsys, Inc. (MOUNTAIN VIEW, Calif.) released VERA System Verifier version 4.4, a comprehensive testbench automation solution. This version includes support for Red Hat Linux 6.2 on x86.

• Xybernaut Corporation (FAIRFAX, Va.) and Wearix Software GmbH, Munich, Germany, announced a suite of software products standardized for wearable computers.

• XYZFind Corp. (SEATTLE) announced the beta release of XYZFind, a search engine specifically designed to search database and XML data with greater precision than any other search technology.

  Java Products

• eOne Group, LLC (OMAHA, Neb.) announced the second release of jCommerce, its new 100% pure Java web development tool.

• Flashline.com (CLEVELAND) announced the Flashline Component Manager, which offers an interactive Web-based approach to component-based development.

• Xybridge Technologies Inc. (RICHARDSON, Texas) announced its Universal Services Suite is fully integrated with Portal Software's next-generation business infrastructure software.

  Training

• Linuxcare, Inc. and SmartForce (SAN FRANCISCO and REDWOOD CITY, Calif.) announced that they will collaborate on the delivery of Linux seminars for business and technology managers beginning May 25, 2000 at http://www.smartforce.com.

  Partnerships

• AMIRIX Systems Inc. (HALIFAX, Nova Scotia) launched its Embedded Linux Strategic Alliance (ELSA) program geared towards bringing the benefits of Linux to the embedded systems market.

• Corel Corporation (OTTAWA) announced a licensing agreement with C Me Run Corporation, an Application Service Provider Engine, enabling consumers to access Corel's software through an Internet Service Provider (ISP) or telco.

• e-Business Express (CLEVELAND) joined forces with Planet Intra to offer an instant Intranet solution for business customers. Planet Intra comes in a Linux version.

• Integrated Software & Devices Corporation (SAN JOSE, Calif.) announced a strategic relationship with LinkUp Systems Corporation. ISDCorp will provide Royal Linux to LinkUp Systems in addition to offering systems integration services, software drivers and Linux support for LinkUp customers.

• Linuxcare has announced the signing of a deal with Resonate, a provider of "Internet Services Management solutions." Linuxcare will be providing support to Resonate's internal staff and customers.

• Linuxcare Inc. (SAN FRANCISCO) announced it has become the first service-only focused company to join the Technical Support Alliance Network (TSANet), a multivendor alliance that facilitates enterprise class support.

• Linux NetworX, Inc. (SANDY, UTAH) announced that its products will now be available with Gaussian 98, the latest in the Gaussian series of electronic structure applications.

• LynuxWorks, Inc. (SAN JOSE, Calif) announced that it has joined the Intel Applied Computing Platform Provider (ACPP) program and will work with program members to integrate the LynuxWorks product family into the Intel applied computing platform.

• OpenAvenue Inc. (SCOTTS VALLEY, Calif.) announced its strategic partnership with Miradi Inc., a provider of turnkey and custom Web-based project management services.

• Red Hat, Inc. announced that it has partnered with DigitalThink to deliver Red Hat's Linux training and certification over the Web.

• RSA Security Inc. (BEDFORD, Mass.) announced that Sendmail, Inc. has licensed RSA BSAFE SSL-C encryption software.

• SED International, Inc. (ATLANTA) announced that it has entered into an agreement with Corel Corporation to distribute its full line of software products in Latin America and the Caribbean.

• SteelEye Technology Inc. (MOUNTAIN VIEW, Calif.), provider of Linux high-availability solutions, announced its participation in the redhat.com Marketplace.

• SYNNEX Information Technologies, Inc. (FREMONT, Calif.) announced an agreement with IBM and Red Hat to provide customized business solutions for Internet Solution Providers (ISPs), Application Service providers (ASPs) and Value-Added Resellers (VARs).

• VideoPropulsion, Inc. and Zapex Technologies, Inc. (SLINGER, Wis.) announced that they have forged a partnership to market and sell complete Linux-based solutions to the operators and providers of cable/TV.

  Investments and Acquisitions

• VMWare has announced that it has received $20 million in investments, including a big chunk from Dell.

  Financial Results

• eOn Communications Corporation (MEMPHIS, Tenn.) reported third fiscal quarter revenues of $11,959,000.

• NETsilicon, Inc. (WALTHAM, Mass.) reported that revenue for the first quarter of fiscal 2001, which ended April 29, 2000, increased 55 percent.

  Personnel

• Alpha Processor, Inc. (CONCORD, Mass.) announced the appointment of industry veteran Miles Chesney to the position of vice president of Business Development and vice president of Sales.

• Alpha Processor, Inc. (CONCORD, Mass.) announced the appointment of David Rich, former vice president of Business Development of Fujitsu System Technologies, to the position of vice president of Marketing.

• Alpha Processor, Inc. (CONCORD, Mass.) announced the appointment of API Chief Technology Officer Gerry Talbot to the position of president of API and API Networks.

• Inprise/Borland (SCOTTS VALLEY, Calif.) announced the appointment of Ted Shelton to senior vice president, business development.

• Inprise/Borland (SCOTTS VALLEY, Calif.) announced the appointment of Doug Barre as chief operating officer.

• NETmachines, Inc. (SAN JOSE, Calif.) announced that Citrix Systems, Inc. iBusiness Director, Josh Drachman, and Morgan Keegan Vice President of Investment Banking, Technology/Telecommunication, Dipak Shah have agreed to join the NETmachines board of directors.

• Rackspace.com (SAN ANTONIO) announced that Lanham Napier has joined the company as chief financial officer and Lew Moorman has joined the company as vice president of product development and strategic planning. Quincy Lee, who held the position of chief financial officer, is assuming new responsibilities as vice president of finance for the company.

  Other

• Alpha Processor, Inc. (CONCORD, Mass.) launched a new strategic business unit, API Networks.

• Enlighten Software Solutions, Inc. (SAN MATEO, Calif.) announced that it supports five of the top Linux distributions (Red Hat, SuSE, Mandrake-Linux, Caldera and TurboLinux).

• Enlighten Software Solutions, Inc. (SAN MATEO, Calif.) announced that Linux Magazine has awarded Enlighten its Emperor Award for the EnlightenDSM product.

• EVSX Inc. (AUSTIN, Texas) announced it has changed its name to Intrinsity Inc. The company also provided more details about its technology for ultra-fast microprocessors, developed in the company's own Linux-based EDA environment.

• IDG Books Worldwide, Inc. (FOSTER CITY, Calif.) announced the availability of Bob Metcalfe's new book Internet Collapses And Other InfoWorld Punditry.

• The NewsFactor Network has announced the launch of LinuxInsider.com, another real-time Linux news site.

• The E-Commerce Times announced (LOS ANGELES) that it has joined the NewsFactor Network.

• Penguin Computing Inc. (SAN FRANCISCO) announced that it has established a presence in the eastern United States, based out of the new Atlanta sales office. This announcement names Howard Johnston, a veteran IT sales and marketing executive, as the company's eastern region sales director.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Here's a Washington Post article on Gnutella. "At a time when the general assumption is that the World Wide Web's destiny will be guided by international conglomerates such as AOL, Amazon.com Inc., Yahoo Inc. and Microsoft Corp., Gnutella is the unexpected variable. Its very existence is a statement about the wild nature of the Web and how difficult it will be for anyone to tame it. It is also a dramatic display of how easily the Internet can be transformed or at least shaken by smart computer programmers who are barely old enough to drink or drive."

Just for contrast, it's worth including a second quote from later in the article: "As Gnutella's popularity grows, its corporate parent has taken notice. In a recent interview, Time Warner's Levin and AOL President Bob Pittman suggested the technology could be harnessed, given time. Pittman said the interest in the project simply represents 'consumer demand before the launch of a product,' meaning a controlled system for distributing copyrighted information." No comment.

GNULinux.com posted this interview with Richard Stallman. "You see, companies could engage in kinds of business that respect our freedom and promote our freedom. And they could also engage in kinds of business that take away our freedom. It's the people who might be their customers who control which direction the companies actually choose. This means it's all the more important for the software users, in their millions, to be thinking about issues of freedom and not just of short term convenience."

LinuxMall/EBIZ Merger

Forbes reports on the LinuxMall/EBIZ merger. "Jeffrey Rassas, founder and CEO of eBiz, will become president of the combined company. He says the merger came together after investment banker Chase Hambrecht & Quist, convinced that LinuxMall could not mount an IPO anytime soon, suggested the companies talk to each other. In other words, the lousy market drove LinuxMall into the waiting arms of eBiz."

The Rocky Mountain News also covered the LinuxMall/EBIZ merger. "The deal combines two companies that own some of the most visited Linux sites on the World Wide Web. LinuxMall.com records about 20 million page visits per month at its online shopping site and affiliated sites. eBiz, out of Scottsdale, Ariz., owns TheLinuxStore.com and LinuxLabs.com, among others."

Lineo

Here's a lengthy Upside article about Lineo's IPO filing. "Still, the parallels between Linuxcare and Lineo are there. While some might consider it bad luck to bring up the comparison, investors who still buy into the notion that Linux and the open source development model are changing the software world forever should feel comfortable with the similarities."

Of probable interest to any of you following the Lineo IPO, Rick Lehrbaum has published an interview with Lineo CEO, Bryan Sparks. "Bryan: We believe a royalty-based business model is the Linux model that will have the greatest long term revenue potential, while still respecting and supporting open-source and the rules of GPL."

The Salt Lake Tribune reports on Lineo's IPO filing. "Lineo, based in Lindon, has hired more than 140 people since September and now employs about 160. It also has been on a bit of a buying spree, acquiring six Linux companies so far this year. Including those acquisitions, the company would have lost $9.9 million on sales of $4.6 million in its last fiscal year."

VA Linux

Here's a News.com article about the latest from VA Linux Systems. "The company today will introduce model 2130, a single-processor, 3.5-inch thick rack-mounted machine with starting prices less than $1,400, said Brian Biles, director of marketing at VA. In the longer term, VA has ambitions to steal market share for more expensive systems away from Sun Microsystems. 'I don't think (Sun) can sell effectively anymore' to companies setting up large numbers of computers for high-traffic Web sites, said Biles, who in his last job plugged Sun network software. 'They're turning into a mainframe company.'"

Upside looks at VA's latest quarterly results. "After weeks of serving as the poster child for disappointing market performance, VA Linux (LNUX), the same company that epitomized last year's Linux frenzy, finally had some financial numbers to throw back in critics' faces Tuesday."

Here's a brief article about VA Linux hosting the Victoria's Secret online fashion show. "In the world of Open Source software and Linux, these two do not have to be restricted to the back of the enterprise. Linux can be as sexy as the next pretty girl walking down the catwalk."

Business

According to this News.com article, Alpha Processor Inc. plans to move into the Linux systems business, with an emphasis on clusters. "Alpha Processor's new machine will consist of a collection of smaller, two-processor Alpha computers, each running its own copy of Linux but the whole system acting essentially as a single large server, [Alpha CTO Gerry] Talbot said. The machines will have from 16 to 30 two-processor systems, though the design will work for machines with hundreds, he said."

News.com reports on the IA-64-related announcements from HP, SGI, and Red Hat. "The three announcements illustrate the cooperative nature of the Linux movement: All the companies involved, as well as others, can take advantage of the software its competitors are releasing. By comparison, Microsoft and Sun are working separately to develop Itanium versions of their own operating systems."

ZDNet has put up a lengthy report on the trouble at Linuxcare. "What went wrong at Linuxcare? Just about everything, as this exhaustive investigative report by Sm@rt Reseller reveals. Interviews with more than one dozen current and former Linuxcare employees--most of whom spoke under the condition of anonymity--paint a dramatic picture of a company that was doomed from the moment it left port."

Here's a ZDNet article on IBM's support of Linux on the S/390. "IBM said it was providing more input to the open-source development effort than its rivals. UK senior consultant Clive Druett said IBM has already had several enhancements -- to performance tools, file system journaling and file serving -- accepted by the committee that controls Linux."

Upside looks at Linux for the S/390. "Linux on mainframes? Crazier things have happened. Still, for an operating system that has built its reputation in the low-cost server market, the jump to big iron offers interesting evidence of market forces at play." The same article also has reports on the Slashdot/Microsoft confrontation and the death of the Corel/Inprise merger.

Here's a story in the Montreal Gazette about Corel's problems. "Of course, the desktop Linux market might come alive, at which point Corel will be exceptionally well positioned. The question is, will it be too late?"

The Ottawa Citizen looks at Corel's problems. "The latest Corel silver bullet is Linux, the alternative open-source computer language that is finding markets in products ranging from the big server computers that run corporate Web pages and electronic commerce operations to a promising new generation of cheap hand-held and table-top computer appliances."

Newsbytes reports that Corel could run out of money within days. "A report in the Toronto-based Financial Post newspaper today said Corel employees are flooding local technology companies with resumes as the financial prospects of their employer appear to be worsening."

Napster and other Intellectual Property issues

Alan Cox has added his voice to the ongoing debate about napster. He points out that the same technology could be used to legally distribute free software. "Cox is not impressed by the way Napster is being targeted by the music industry. 'Those attacking Napster are trying to set a very dangerous precedent. Instead of attacking pirates they are attacking the technology. Imagine if it had been five years earlier, they would have been trying to shut down the Internet.'"

The New Republic looks at the Microsoft vs. Slashdot affair and the freedom issues behind it. "If a website somewhere on the Internet is violating Microsoft's copyright by handing out free copies of Microsoft Word, Gates's team of natty attorneys would be justified in suing to pull the plug. But claiming that hyperlinks to potentially illegal materials are themselves illegal? That's contrary to the openness upon which the World Wide Web was built."

Microsoft's claim to trademark status for their Kerberos extensions is under fire by Clifford Neuman, the principal author of the original MIT version of Kerberos. "Far from regarding Microsoft's protected code as a "trade secret," Neuman, who is also a senior research scientist at the University of Southern California, considers it to be wholly derivative. Neuman said he personally described its essentials in a 1993 scientific paper. "

Here's a BBC article looking at the security ramifications of the UCITA "remote shutdown" provision. "Thomas Olafson, chief technology officer for ethical hacking group Defcom, said hackers would take it as a challenge if they knew that programs had backdoors built in. 'What hackers do best is spend time finding security weaknesses and a backdoor is a weakness,' he said." (Thanks to Dan York).

Scotty Orr wrote in about this Advogato discussion on free software and business. Worth a read. "Free software is best done on a personal scale. It's really an artistic, literary pursuit, done person to person. It isn't easily formulized and it definitely isn't easy to scale it to an industrial size. Big companies don't do 'art'. Real musicians have day jobs."

Here is an osOpinion article on intellectual property. "Open Source advocates are usually careful to make a distinction between the types of freedom ("free speech" or "free beer"), but they are less careful with the concepts of ownership, and it is here that the fulcrum of our future rests. Free and open code is not of interest only to programmers and engineers; it is vital to everyone, from middle-class Americans to struggling families in Africa and China. When I proclaim that a piece of software I have created is "Open Source", I am not saying that I own it; I am proclaiming that *all of us* own it."

Reviews and other Resources

GNULinux.com has run a review of Corel Linux 1.1. "Where Corel Linux really shines is the KDE desktop. Corel has taken KDE and extended it with their own enhancements. If you work in an environment with lots of windows machines Corel may be your distribution of choice."

LinuxPapers talks about Linux command documentation. "Most commands come with online help, manual pages or documentation files in various formats. In this article, we will learn how to read manual pages using the man command."

O'Reilly is taking an interesting approach to marketing some of their Windows books (Windows 95 in a Nutshell and Windows 98 in a Nutshell). They took a look at their statistics and realized how many Linux people also have to use Windows and figured that this was the audience that would care about what they are offering in their books. "I was recently looking over the shoulder of a very well-known perl hacker as he picked his way through the cascading Windows Start Menu to find a program he wanted to run. He didn't realize that if you have an Address Toolbar running as part of your Taskbar, and know the name of the program, it's as quick to run a program as it is from a UNIX shell."

Stepping back to look again at the Red Hat piranha security report of a few weeks ago, ZDnet UK reports on the process that produced the problem. "Lead developer Philip Copeland complained in an online diary that 'the Piranha package was literally nailed together a day before the CD had to be finalised, so there was less than 24 hours for other people to review the code.'"

This interview with Joachim Kempin, a Microsoft Senior Vice President in their OEM Division, is primarily about Microsoft's plans but includes some interesting tidbits on their view of Linux, including this quote, likely to become a favorite: "And naturally, we know it's [Linux] there on the server."

Finally

Take a look at the success of Linux, from a lot of angles. This article builds an impressive list. Nonetheless, the final comment in the article summed it up for us: "...in the end, fun may well be what ensures Linux's success, precisely because fun, the ultimate carrot on a stick for hard-core programmers, cannot be bought and sold." (From WideOpenNews).

Here's an article on LinuxPlanet about the Marblehead Inn in Marblehead, Ohio. "I know what she was thinking too. She thought to herself, 'Here's a place at least, where this guy can relax and forget about Linux and work for a while.' Little did she realize that I would get a hardware review out of the deal. You see it turns out that unknown to her, and to my incredible delight--the Marblehead Inn runs Linux." (Thanks to Jay R. Ashworth)

Fred Mobach wrote and told us about another Linux Hotel. This one is in Germany.

LinuxMall.com has this article about a Detroit area law firm that switched to Linux. "Unique Systems, Inc., a programming and network design firm based in Holland, Ohio, installed a thin-client system running on a Linux server for the law practice of Cummings, McClorey, Davis and Acho (CMDA). CMDA latched onto the Linux scheme, afraid that proprietary software would keep them locked into an unsupported platform and the need for an on-site IT staff. "

The Irish Times ran this article raising the familiar "fragmentation" fears. "Will success spoil Linux? After a spectacular rise from a little known, hobbyist operating system to the fastest growing operating system in the computing market, Linux is at the centre of some collective soul-searching."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Events

Embedded Processor Forum. Cahners MicroDesign Resources (MDR) announced its Embedded Processor Forum, June 12 through 16 at the Fairmont Hotel in downtown San Jose. This year features a panel of experts assembled by the Embedded Linux Consortium who will entertain questions from users, analysts, and members of the press in a no-holds-barred Embedded Linux Affinity Session.

Linux track at Inprise/Borland. This year's 11th Annual Inprise/Borland conference will be featuring an entire track devoted to the Linux platform, according to their latest announcement. It will be held July 8th through the 12th in San Diego, California.

ApacheCon Europe 2000. The Apache Software Foundation has announced a new conference entitled "ApacheCon Europe 2000," which will be held October 23-25 in London.

Pictures from the DMCA protest. LWN is happy to mirror a set of pictures from the Digital Millennium Copyright Act protest held at the Stanford Law School on May 18. These pictures were originally posted by protest organizer Don Marti - all credit goes to him.

User Group News

Employment Opportunities

bivio. bivio is seeking software designers skilled in building robust, secure, high-performance transaction processing systems using Linux, Apache, mod_perl, and Oracle.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

Tired of that boring old "top" display? Have a look at LavaPS as an alternative way of displaying the status of your system. A Linux box becomes a lava lamp, with processes becoming the floating blobs. The size of a blob corresponds to the amount of memory being used; its speed to the CPU utilization. The display shown here was taken as this was being written; the largest blob, fittingly, belongs to netscape.

For those looking for more security information than LWN provides, have a look at LinuxLock.org. There you'll find a news stream restricted to security items related to our favorite operating system.

Section Editor: Jon Corbet

Letters to the editor

Date: Mon, 22 May 2000 21:38:47 +0000
From: Chris Waters <cwaters@cp.net>
To: letters@lwn.net
Subject: OpenMotif and freedom

On the front page of this week's LWN, I see the following quote: 

"Chances are, anyway, that the license will prove good enough to get
Open Motif onto the CDs of most or all of the major distributions."  

Maybe most, but never all!  As long as the license fails to meet the
requirements of the Debian Free Software Guidelines (sometimes known as
the "Open Source Definition"), it will not be included with Debian
GNU/Linux (or Debian GNU/Hurd, or any other Debian OSes that may
appear).  And I suspect most people would consider Debian to be a "major
distribution."

This all also raises some interesting questions with respect to the
(in)famous "system libraries" clause of the GPL.  It seems likely that
any GPL'd software that depends on Motif will still be unable to link
legally with OpenMotif in most cases, which will continue to limit the
usefulness of OpenMotif.  I just hope it doesn't create licensing
flamewars like in the early days of KDE.  Moreover, I hope it doesn't
lead to widespread attempts to subvert or violate free software licenses
-- too many distributors already seem to have a cavalier attitude about
such things.

cheers
-- 
Chris Waters, Programmer, Madman-at-large  |  cwaters@cp.net or
xtifr@debian.org

Date: Thu, 18 May 2000 09:23:42 -0400
To: ckuskie@cadence.com
Cc: letters@lwn.net
Subject: Re: Programs that run random code
From: Jody Goldberg <jgoldberg@home.com>

On May 11 Colin wrote :
> - Macro capabilities inside the open-source spreadsheets and word
>  processors are just as dangerous.  Imagine if you could get root
>  to run a Gnumeric spreadsheet with Scheme/Python/Perl bindings.

This is not the first time someone has raised the spectre Gnumeric's scripting
being a security problem.  Hopefully this rumour will die out as the authors
start to use Gnumeric.

All scripting support is fully under user control.  A user can add new
spreadsheet functions to Gnumeric using a scripting language, but they must be
installed and loaded explicitly by the user.  We have _intentionally_ not
enabled support for Gnumeric to run scripts embedded in spreadsheets files.
The capability will only be made available when it can be done securely.

Date: Thu, 18 May 2000 00:15:17 -0700
From: Joey Hess <joey@kitenet.net>
To: letters@lwn.net
Subject: perl is not dead

There's a reason Larry Wall became so interested in unicode a few years
ago.

There's a reason perl now supports unicode throughout, including unicode
variable names. 

;-)

-- 
see shy jo, just another perl hacker

Date: Thu, 18 May 2000 14:30:18 -0700 (PDT)
From: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca>
To: letters@lwn.net
Subject: When will KDE and Debian get together?

After several years experience with Slackware and Redhat I have recently
installed Debian, and I like it a lot except for the lack of *official*
Debian support for KDE.  You can get Debianized packages for KDE from
ftp://debian.tdyc.com/ and related sites, but these are not officially
supported or even referred to by the Debian site.

As far as I know this is the only major open-source package that is not
officially supported by Debian.  I suspect this bad situation is a leftover
from the old flame wars that used to erupt between GNOME and KDE supporters.
It was alleged at the time of those flamewares that although KDE itself was
GPLed, the package could not really be considered free since it depended on
the Qt-1 library which was not.  What is ironic about the exclustion of
KDE from Debian now, is that the Qt-1 library is actually officially supported
by Debian!

I personally think this whole situation is rather petty, but I was willing
to give Debian some slack so they could gracefully back down from their
impossible position especially now that both Qt-2 and KDE-2 are coming out
under free licenses.  Thus, I was very disappointed by the interview with
Martin Schulze pointed to in your 18 May issue which in Babelfish
translation seemed to indicate that KDE-2 would not be officially supported
under potato, but it might be under woody.  The reasons might be legitimate
ones but they were obscured in translation.  I would appreciate LWN looking
further into this mess to see if reason will prevail.

By the way, I am a fairly lukewarm KDE supporter.  I like some aspects of
fwvm a lot more.  But in the interests of fairness, I don't see why this
official Debian discrimination against KDE continues.

Alan W. Irwin

email: irwin@beluga.phys.uvic.ca
phone: 250-727-2902	FAX: 250-721-7715
snail-mail:
Dr. Alan W. Irwin
Department of Physics and Astronomy,
University of Victoria, P.O. Box 3055,
Victoria, British Columbia, Canada, V8W 3P6 
__________________________

Linux-powered astrophysics
__________________________

Date: Thu, 18 May 2000 02:59:16 -0700
From: Nathan Myers <ncm@nospam.cantrip.org>
To: letters@lwn.net
Subject: Re: proprietary distros?

To the Editor,

Kevin Lyda wrote:
> Nathan Myers wrote:
> > Perhaps once Potato is out, Debian will just take over the world;
> > then all those people working on proprietary distros can go home 
> > and do something productive instead. :-)
>
> ...
> redhat for one has done a great deal to increase the amount of gpl'd
> code available, including but not limited to their own distribution.
> to call mandrake and redhat [proprietary] is a disservice to the
> entire free software community by watering down the true meaning of
> proprietary.

I'm not sure why I'm replying to a complaint about an obvious joke...
probably because the complaint appeared in LWN.  Or maybe I thought 
it offered an opportunity to explain something.

Despite their pretty-good behavior, Red Hat and other commercial
distributions are strictly "proprietary" by every dictionary 
definition. They are _owned_. All their decisions are made to 
please their owners first, their paying customers second, and 
anybody else last. Any other behavior is _against_the_law_, and 
would open them to lawsuits and prosecution.

The Debian Project, and its host Software in the Public Interest, 
Inc., by contrast, are not beholden to absentee owners, shareholders,
or the quarterly balance sheet.  They are governed by their charter, 
and the charter gives control directly to the developers.  If you 
want to change the way the Debian project is going, you can become 
a developer by a well-defined public process, and then make the 
change directly by coding it, or indirectly by persuading the 
other developers on the public mailing lists.

If you want Red Hat or Mandrake to change their distribution or 
behavior, you have no choice but to go to them, hat in hand, and 
beg (or buy) their cooperation.  They must weigh your request, 
if they pay it any attention, not by benefit to the community 
of Linux (or even of Red Hat) users, but against the immediate 
benefit to the owners.  At the moment the two happen to coincide 
to an unusual degree, but if Red Hat comes to dominate the 
operating system marketplace, that must (by law!) change.  The 
more successful Red Hat becomes in establishing market share, 
the more quickly that change will occur.

Software licensing can be a powerful tool or a weapon.  It can be 
used in the public interest or as a bludgeon against competitors.  
Free Software licenses are no less useful as corporate bludgeons 
than "proprietary" licenses.  Thus, a corporation can release 
Free Software for purely selfish reasons.  In the case at hand, 
Red Hat is using the GPL to reduce the marketplace value of 
operating system licenses, thus attacking a major source of 
Microsoft's revenue.  While we may cheer them on, we should 
remember that it's not being done particularly for _our_
benefit.

Thus, it is correct in every sense to call these commercial 
distributions "proprietary", even if their parent companies 
release lots of their code under the GPL and pay salaries to
famous developers.  We should laud them for doing it without 
becoming confused about their true corporate motivations.  
(The motivations of their employees is another matter entirely.  
Whose personal goals ever exactly match their employer's?)

Many of us prefer to devote our attention and efforts to projects
that are explicitly in the public interest, and that seem likely 
to thrive.  The Debian Project is one such choice.  If Corel and 
Stormix use Debian's better reliability and outstanding package 
management as a bludgeon against Red Hat, that is their right under 
the GPL.  It doesn't affect the value to the community of our work 
on Debian itself. 

Nathan Myers
ncm@nospam.cantrip.org

Date: Fri, 19 May 2000 19:11:36 -0700
From: Eric B <ewbish@theriver.com>
To: letters@lwn.net
Subject: Nessus Security Scanner 1.0 Release

A while back you made a reference to the Nessus security tool.  I went
to the web site and downloaded/compiled it.  I just wanted to say that
this is one of the finest security tools ever made.  I think LWN and
Open Source users everywhere owe the Nessus team a standing ovation.  It
is applications as solid, well put together, and robust as this that
exemplify the superiority of Open Source over shrink wrap.  Good job
guys!!!!
Eric Bueschel