[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Will the real GNOME office suite stand up? When the release of the StarOffice code was announced last August, the word went around that it would become the GNOME office suite. Since then, however, the story has gotten rather less clear. In fact, the GNOME project has made no decision on what its officially blessed office suite will look like. It would appear that the GNOME Foundation, which is currently electing members, will have a rather difficult decision as one of its first orders of business.

Things seem clear enough if you look at Sun's GNOME page:

As part of its formation, the GNOME Foundation has announced that it is adopting OpenOffice.org -- the StarOffice productivity suite that Sun is making available to the open source community -- as the core of the office productivity software for GNOME Office.

Interestingly, the announcement of the GNOME Foundation says nothing about picking a new office suite.

Announcements of this type, of course, are interesting to the people who thought they had been creating the GNOME office suite over the last year or two. Projects like AbiWord and Gnumeric have been making great strides; is all that work now to be thrown away? The situation, confused as it is, is probably best summarized by this message from Havoc Pennington, which appeared on the gnome-office list. According to Havoc, no decision has been made, and none can be made until the GNOME Foundation is in place and the issue has been thought over. He also suggests that developers for both OpenOffice and AbiWord should prepare for a future with a single office suite development project. In the meantime, however, both projects should push forward a little longer. OpenOffice should create a truly working release, and AbiWord should still get to version 1.0. Then a decision can made, and some sort of friendly merger can be performed.

That would be a nice, happy ending, but the real world will probably be more complicated. Both projects are likely to push forward independently for a long time, for the simple reason that there are many obstacles to the integration of the two. The usual issues of code compatibility and developer ego are present, but there is a lot more than that going on.

  • AbiWord does not really see itself as a GNOME project - they want to produce "the world's word processor." Thus, AbiWord runs on platforms not supported by GNOME - things like BeOS and, yes, Windows. There is little or no desire on their part to narrow their focus at this point.

  • OpenOffice has some interesting constraints due to the way it is licensed. Any code which is to become part of OpenOffice must (1) be dual-licensed under both the GPL and Sun's SISSL, and (2) have its copyright ownership transferred (in writing) to Sun. Some AbiWord developers have expressed a lack of interest in working under those terms, and getting permission from all of the AbiWord developers to relicense (and reassign) AbiWord code would be a difficult exercise. Simply finding all those developers would be hard.

  • Sun has its own plans for future StarOffice releases, and is likely to want to retain control of the OpenOffice project. The company will probably not want to fold it into some larger effort under GNOME's control.

  • There is also a difference of opinion on how an office suite should behave. StarOffice's "do everything in one place" approach does not sit well with many users of other systems.

The licensing issue may, as it often is, be the biggest roadblock of all. If GNOME decides to adopt OpenOffice as its office suite, it will have to convince a lot of developers to agree to the dual licensing of their code and the transfer of their copyright to Sun. The alternative is to fork OpenOffice and create a GPL-only version that is developed independently of Sun (and without the benefit of all those developers).

The idea of a fork actually leads to a way in which the two projects could, in a way, be merged. Since OpenOffice code can be used under the GPL, AbiWord is free to grab and use any pieces of it that might be useful. OpenOffice, instead, can take no such liberties with AbiWord's code. In a couple of years, there may well be a GNOME office suite with many components from OpenOffice, but which is named AbiWord.

FreeDevelopers.net - the way forward? A rather widely distributed message made the rounds this week, proclaiming that Richard Stallman and the GNU Project support FreeDevelopers.net. Many people had not heard of this organization previously, and were naturally curious about what's going on. It is, in fact, an interesting initiative which seeks to change the way software is developed worldwide.

So what is FreeDevelopers? An overview can be had from the group's web site:

FreeDevelopers is a democratic entity for the development of free software. The free company, probably the first of its kind in the world, will be owned and run by developers worldwide on a democratic basis in a sacred trust for the benefit and protection of the world's citizens. It will pay all developers to work on free software, and all developers will receive company shares and stock options

The company will be bound to developing software under the GPL only - no other free software licenses need apply. It is a highly international effort, with members from over a dozen countries - including a number of "developing" countries.

The membership of FreeDevelopers shares an intense distaste for proprietary software - they seriously hope to drive it off the planet. They are also uncomfortable with the current crowd of free software companies, which they see as unfairly profiting from the work of others. Consider, for example, this message from FreeDevelopers founder Tony Stanco:

I don't think there is distributional justice in taking the work of others without compensation and having the insiders reap billion dollar rewards from it. What I found especially disturbing is, at the time, they were saying that open source is a "gift" community. So why did they get most of the gifts? Why didn't they give multi-billion dollar gifts back? I don't see why there can't be a more equitable distribution of ownership in those companies. If there was, more developers would be compensated and more free software would be written.

The purpose of FreeDevelopers is to spread the "gifts" more broadly.

To get there, FreeDevelopers intends to make a truly developer-owned company. All developers will be paid for their work, in cash and stock both. Details on how that will work are still somewhat vague; but, according to a conversation we had with "Radi," a founding member of the group, the plan is to pay all developers equally. "But obviously, then you would have to adjust for experience, contributed effort and productivity."

The governance of the company is supposed to be modeled on the U.S. constitution. Given this week's events, one can only hope that they dispense with the Electoral College. There will some sort of representative body which will engage in decision making - "a sober Senate of CS professors and project leaders, and a younger, more adventurous House of CS students and developers." But much will also be settled by direct vote.

All that leaves open a very interesting question, though - where, exactly, will the money come from to pay all those developers? The company has no business plan as such, but the idea seems to be to sell contract services, with the resulting software being released under the GPL. The core of the plan, though, would appear to be to seek government funding. From Radi again:

Software is a public good, like infrastructure and roads, so the government is the correct entity to fund most of it. That does not mean that government should do it, but government should pay for it. Just like it does for road projects, where private road crews actually go out and do the work.

Ages ago, Richard Stallman published the GNU Manifesto, describing what he was about; one of the more controversial ideas within was the imposition of a software tax. Almost two decades later, the idea lives on.

FreeDevelopers may see through the implementation of that idea and thrive, but it will have to face a great many challenges on the way there. Finding a way to distribute "gifts" fairly will not be a straightforward task - even if you don't try to compensate the authors of all the existing free software that FreeDevelopers will certainly use. Running an international operation of the scale foreseen will be a challenge on its own. Paying developers in stock will be gratifying only if there is a market for that stock, which is a whole other can of worms. Once there is a market, there will be non-developer owners with an agenda of their own. FreeDevelopers is also currently resource-starved, to the point that it has to use Topica to host its mailing lists.

In summary, the business world is going to have its say in how FreeDevelopers does, and that world has little interest in morally correct software and equitable distribution of rewards. Wish them luck, they are going to need it.

Penguin Gallery updated. [Tuxture] The LWN Linux Penguin Gallery has been updated with 16 new Tux variants. Have a look and see what the penguin artists have been up to recently. Thanks to all of you who have been sending in your penguin sightings.

Inside this week's Linux Weekly News:

  • Security: Credit your Source, Netscape 4.76, top, quake and nap vulnerabilities.
  • Kernel: Persistent storage in modules; compiling the kernel without gcc; where are the IrDA updates?
  • Distributions: REDICE from REDSonic, Flying Linux for wireless, Monkey Linux and more.
  • Development: gnulpr and the evolution of printing, GT.M database goes open source (maybe), GIMP news flurry, and GNOME configuration.
  • Commerce: LWN stock page updated; IBM continues its Linux support; European Commission study on software patents.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


November 9, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

Credit your Source. One small irritant that has caught our attention as we wade through postings and advisories, week after week, is the lack of information in say, an advisory from a Linux distributor, about how they found out about the problem for which they are issuing a fix. If they found it via their own bug reporting system or an internal audit, they will occasionally mention that, but they generally don't say, "Found via So-and-so's posting to BugTraq" or "Reported to us by So-and-so". What does that matter? Well, several benefits come about if the sources of information are clearly provided.

First of all, it allows people to check the multiple sources of information, to potentially better understand the problem.

Second, it makes it much easier to determine whether two advisories, that use very different wording, are possibly talking about the exact same problem.

Third, it makes it much easier for the person who originally found to problem to be credited and gives them a higher profile. In a realm where enhanced reputation is the only coin, this matters.

Last though, and possibly most important, it allows people to share with each other their valuable sources. Sources that are referenced most frequently become easy to identify as highly valuable. The mention of a source that is new to many people helps educate everyone.

Of course, none of this is intended to require disclosure in cases where a source prefers to be unidentified. However, the value of the Internet is derived from our ability to link information together. For those of you providing advisories, think of the possibilities behind the addition of one extra line: "Source:".

System Fingerprinting With Nmap (Network Magazine). Network Magazine.com has an in depth look at system identification through the use of network protocols, specifically with the use of nmap. "The easiest way to identify operating systems is to run nmap. Nmap started off as a very functional network and port scanner, but in 1998 Fyodor added operating system fingerprinting techniques."

Security Reports

Netscape 4.75 buffer overflow. According to this FreeBSD advisory, a client-side exploit is enabled in Netscape 4.75 via a buffer overflow. Netscape 4.76, which was released on October 24th, apparently fixes this problem, though finding confirmation of why Netscape 4.76 was released and what problems it has fixed has proven a bit difficult.

format vulnerability in top. This FreeBSD advisory warns of a format string vulnerability in the "top" utility, a popular binary that displays per process cpu and memory usage. Top can be exploited to gain "kmem" privileges, which, in turn, allow access to kernel memory, network traffic, disk buffers and terminal activity. Higher level privileges may also be obtainable. Other BSD and Linux systems should also be impacted.

getnameinfo denial-of-service. The FreeBSD team put out an advisory warning of a denial-of-service vulnerability associated with the getnameinfo function. A patch to fix the problem is included. This problem presumably impacts other BSD versions, as well as Linux.

quake server denial-of-service. An easy method of taking down a remote quake server was publicized on BugTraq this week. Check BugTraq ID 1900 for more information.

nap format string vulnerabilities. Numerous format string vulnerabilities were reported in nap, a terminal-based napster client for Linux. The use of an alternate napster client might be advisable, until an updated version of nap has been made available.

vlock vulnerability. A vulnerability has been reported in vlock, a program that locks a virtual console or all consoles. Under this vulnerability, when vlock is used on Red Hat 7.0 by an unprivileged user to lock all consoles, the console lock can be broken without a password. This vulnerability has not yet been confirmed, nor do we know if it affects distributions other than Red Hat. It does not work on Red Hat 6.x.

BIND 8.2.2-P5 denial-of-service. A potential denial-of-service vulnerability in BIND 8.2.2-P5 was reported this week. Compiled by default without ZXFR support, the server will die if a Zone Transfer request is received, unless the server has been configured to deny Zone Transfer requests. No confirmation of this vulnerability has been seen as of yet.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • VolanoChatPro, a Java-based chat "solution" apparently stores passwords in plain-text, in a readable file. Here is the vendor response and a followup from the original reporter.

  • Lotus Domino SMTP server contains an exploitable buffer-overflow which can result either in a denial-of-service attack or the execution of code under the uid of the server. An upgrade to Lotus Notes/Domino 5.05 will fix this problem, as well as, apparently, some additional security issues.

  • Lotus Notes R5 clients are reported to fail to give a warning if they receive a clear signed S/MIME e-mail with a broken signature. No confirmation or vendor response has been seen as of yet.

Updates

dump-0.4b15 local root access. Check last week's LWN Security Summary for the original report. This exploit only affects dump/restore if they are installed setuid root. As of dump-0.4b18, dump and restore no longer require setuid root. dump-0.4b19-4 is the latest available version.

This week's updates:

nss_ldap race condition. Check last week's LWN Security Summary for the original report. Note that last week, we mentioned that we couldn't find an update for this problem on PADL Software website. Michael Shuey dropped us a note to set the record straight. "I proved that this race condition was a problem a few weeks ago, then notified PADL Software. Shortly thereafter lukeh@padl.com produced nss_ldap-121, which fixed the problem. He then contacted RedHat, who incorporated the newest version (122 by then) into their update. This race condition has been fixed by the upstream maintainer for the past two or three weeks."

This week's updates:

Previous updates:

curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported in October.

This week's updates:

Previous updates:

gnorpm tmpfile link vulnerability. Check last week's LWN Security Summary for more details.

This week's updates:

Previous updates:

Apache mod_rewrite vulnerabilty. Files outside of the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.

This week's updates:

Previous updates:

Pine buffer overflow vulnerability. An exploitable buffer overflow in Pine was reported to BugTraq in early October. The problem involves Pine's handling of incoming mail during an open session. Check the October 5th LWN Security Summary for the initial report. Note that the FreeBSD update below is the first one we've seen for this problem.

Also announced this week was pine 4.30, which, judging by the Changes, fixes this problem.

This week's updates:

Previous updates:

xfce startup script vulnerability. Check the October 5th LWN Security Summary for the original report of this problem. Xfce 3.5.2 was released on October 1st, with a fix.

This week's updates:

esound tmpfile link vulnerability. Check the September 7th LWN Security Summary for the original report of this problem from FreeBSD.

This week's updates:

Previous updates:

Multiple buffer overflows in tcpdump. Last week, FreeBSD reported multiple buffer overflows in tcpdump 3.5, found during an internal audit. This week, they re-released their advisory, to include a corrected version of their original patch for the problem.

Resources

Installing Snort 1.6.3 on SuSE 6.x-7.x . This LinuxNewbie article describes how to install snort, a light-weight network intrusion detection system, from source. Although the example system was running SuSE Linux, most of the instructions should carry over to any Linux system.

Software Releases.

Events

Upcoming security events.
Date Event Location
November 13-15, 2000. CSI 27th Annual Computer Security Conference and Exhibition Chicago, IL, USA.
November 19-21, 2000. Privacy by Design Le Chateau Montebello, Quebec, Canada.
November 26-December 1, 2000 Computer Security 2000 and International Computer Security Day (DISC 2000) Mexico City, Mexico
December 3-7, 2000. Asiacrypt 2000 Kyoto, Japan.
December 3-8, 2000. LISA 2000 New Orleans, LA, USA.
December 10-13, 2000. INDOCRYPT 2000 Calcutta, India.
December 11-15, 2000. 16th Annual Computer Security Applications Conference New Orleans, LA, USA.
December 20-21, 2000. The Third International Workshop on Information Security University of Wollongong, NSW, Australia.
December 27-29, 2000. Chaos Communication Congress Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


November 9, 2000

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.4.0-test10. Linus took over a week off before releasing 2.4.0-test11-pre1 which consists of, mostly, driver updates. It also contains a new inter-module communication mechanism by Keith Owens which attempts to clean up the way loadable modules pass data between each other. Even at this late date, a new API can go into the 2.4 kernel...

And, as if that weren't enough, Alan Cox has gotten back into the 2.4 business with 2.4.0-test11-pre1-ac1. This patch contains a number of fixes that haven't made their way to Linus yet.

The current stable kernel release is 2.2.17. The 2.2.18pre20 prepatch claims to be the "last call for 2.2.18," assuming that all goes well.

Do loadable modules need persistent storage? Loadable modules, of course, are pieces of kernel code which can be inserted (and removed) at run time; they generally are device drivers, filesystems, and other bits of peripheral code. When a module is removed from the system, all of its data goes with it; if that module is later reloaded, it's just like the first time. No traces of the previous invocation (should) remain in the kernel.

It turns out that quite a few people would like to see a way for modules to leave some information behind; this "persistent storage" would help the module to reconfigure itself properly on subsequent loads. The dominant example seems to be sound card drivers. Currently, unloading then reloading a sound card driver will cause the mixer settings to be lost. If the driver could save those settings in the kernel, they could then be preserved across reloads.

There are two answers to the mixer problem which do not require persistent storage. The first is a simple "don't do that!" If the sound driver remains in the kernel, the mixer will not be reset. Some people, however, are fierce in the defense of their right to pull the driver out of the kernel; if they are not actively using it, they don't want it around. The driver can also be unloaded automatically in some configurations, whether the user wants it or not (though that happens much less since 2.2 was released and kerneld went away).

The other answer is to run a user-space program which saves the mixer settings to a file, then restores them after the sound module is reloaded. A number of distributions work that way now, at least at boot and shutdown time. The objection with this approach is that there is a delay between when the new driver gets loaded and the settings are restored. During that delay the user may be treated to a "deeply unpleasant scream" (so put by Alan Cox) if the default mixer settings create a feedback loop, or to silence during a really good part of that new MP3.

There are other uses for persistent data beyond sound cards; another common example is USB devices that may come and go. It would be nice to be able to unplug, then replug a USB device and have it work the way it did before. So persistence is likely to be supported in the future. Keith Owens has come up with a scheme which uses the existing module parameter scheme and works almost entirely in user space. If a module marks some of its parameters as persistent, the [cw]rmmod[/] utility will save their values to disk when it removes the module from the kernel. They can then be restored on the next module load. Since parameters are passed to the module at load time, there is no delay before they take effect. The scheme seems simple and elegant, and requires only an upgrade to modutils to work.

Why only gcc? Tim Riker stirred things up this week with an inquiry as to why only gcc was able to compile the kernel. Wouldn't it be better if it were possible to use other compilers as well? In fact, there would be some advantages to being more portable. Some compilers produce much better code than gcc on some processors, and moving to a new compiler can flush out bugs that just happened to work with the original one.

The problem, of course, is that the Linux kernel code is loaded with gcc-specific extensions. These extensions are used for a number of reasons, from simple code readability and maintainability, to performance, to the need to specify exactly what's going on in certain situations. Some of those extensions will eventually be superseded by C99 equivalents, but others are unique to gcc. Making them all portable while not impacting the quality or performance of the kernel code would be a long, difficult, and seriously unpleasant task.

Which leads to the obvious question...why bother? Most kernel developers show a lack of enthusiasm for this task, which is not helped by the fact that most of the possible target compilers are not free software. Thrashing up the kernel code to make it satisfy a proprietary compiler is not a very inspiring job. The one exception is SGI's "Pro64" compiler, which is said to produce far better code on the IA-64 than gcc does. Pro64, however, is derived from gcc, and is thus both free and able to handle gcc's extensions.

Somebody may yet dig into the task of porting the kernel to another compiler, but one should not expect it to happen soon.

What's up with the IrDA code? Part of the "getting close to release time" ritual seems to be a last-minute query as to why some particular subsystem is out of date and working poorly. The ISDN subsystem has filled that role in the past, but this time around we have a new player. This rant was posted this week asking why the IrDA (infrared) subsystem was so far out of date. The version in the mainline kernel not only does not work, it can crash your system as well.

IrDA, however, is not unmaintained; the problem is just that the patches are not getting into the kernel. Once again, we are seeing a situation where the IrDA developers are not working with Linus in the way he wants. Linus likes to see small, clear patches that he can understand and decide upon. Developers who send large chunks of code at long intervals tend to get ignored. Linus's response to the IrDA query was very clear:

I'm not fed patches. I'm force-fed big changes every once in a while. I don't like it. I like it even less when the very first screen of a patch is basically a stupid change that implies that somebody calls ioctl's from interrupts.

When I get a big patch like that, where the very first screen is bletcherous, what the hell am I supposed to do? I'm not going to waste my time on people who cannot send multiple small and well-defined patches, and who send be big, ugly, "non-maintained" (as far as I'm concerned) patches.

If the usual script is followed, the IrDA people will figure out how to package patches in a way that Linus wants to deal with. With luck, 2.4 will have a working IrDA implementation, perhaps after a one-time exemption to get the current big patch in.

More on the LynuxWorks patent. Thanks to an anonymous reader, we now have the text of the patent held by LynuxWorks that would appear to cover loadable kernel modules. This patent is a difficult read, even by the standards of such things ("The operating system of claim 1 wherein said core component includes a plurality of export functions, wherein the export functions of said core component and said first processing component are identified by export symbols, wherein said set of import symbols identify a corresponding set of kernel function calls issuable in the execution of said first component, and wherein said component switch includes a data table supporting execution time call redirection of said kernel function calls to export functions determined by a correspondence between respective import and export symbols.").

But the basic claim is "A computer operating system that can be flexibly constructed by inclusion of any of a plurality of processing components." That, of course, would describe many of the operating systems created over the last twenty years. This patent is not so old, however - it was granted last June. One can only assume that the company will not attempt to enforce it.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet


November 9, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

REDICE-Linux from REDSonic. REDICE-Linux is not actually a Linux distribution; it is, instead, another entrant into the field of real-time Linux kernels. REDICE-Linux is based on the RED Linux project, an academic project out of the University of California at Irvine. Professor Kwei-Jay Lin brought his work out of academia and joined with Dr. Kwei-Jay Lin to form REDSonic in July of this year. As you might expect, REDSonic is based in Orange County, California.

REDSonic is clearly a new entrant into the ranks of embedded Linux providers, such as Lineo, MontaVista, etc. From their website, likely sources of revenue will be programming services, support and training. They currently have classes listed as available for real-time development, Linux device drivers, REDICE-Linux internals and, of course, building embedded applications with REDICE-Linux. Given their origins in academia, their ability to provide quality classes after such a short time in business is understandable.

REDICE-Linux 1.0 provided real-time services on the user level. However, REDICE-Linux 2.0 was introduced in September and has integrated RTAI to provide both user-level and kernel-level real-time support. A small amount of additional information on REDICE-Linux can be found in these LinuxDevices.com articles:

There are no plans to expand REDICE-Linux from a kernel to a full distribution. "We didn't want to duplicate the work of other distributors. REDICE is designed to make sure you can still run your standard Linux applications on top of it", commented REDSonic's Chief Technology Officer, Andrew Chen.

By the way, in case you're curious about another "Red" distribution, the use of "RED" in the names is actually derived from "Real-time Embedded".

FlyingLinux. What fun! Thanks to Gerhard Fiedler, we got a chance to take a look at Flying Linux, a new Linux distribution that was built as part of a project to support DHCP-based wireless services for the student labs at the IT-University in Kista, Sweden. (The IT-University KTH-Kista was established by the Royal Institute of Technology, Stockholm, Sweden in 1999).

The Flying Linux distribution uses MobileIP for IPv4, Kerberos, Arla (an AFS-clone), OpenSSH and the Wireless Extensions for Linux to support the Flying Linux environment, a well-organized and flexible structure containing public, private and mobile networks.

The Flying Linux distribution takes its core from another distribution new to our list, Bambi Linux. Bambi, in turn, is based on Red Hat, but includes Kerberos, IPv6, MobileIP and native support for WaveLAN cards from the startup.

Monkey business. Monkey Linux is another small Linux distribution with DOS/FAT32 installation support. The site hasn't been updated since 1997, so when they claim to use the "latest Linux kernel", take that information in context. Nonetheless, the distribution is still available for download and was recently recommended for use on old 486 machines on the BLUG mailing list (Boulder, Colorado, USA) by Dana J. Hall.

General-Purpose Distributions

Caldera OpenLinux News. Caldera has now licensed Java technology from Sun to include in their OpenLinux distribution. They announced this week that their developer preview now ships with Java HotSpot. It also ships with a 2.4beta kernel (though it doesn't say which one), glibc 2.1.91, and a developer snapshot of KDE 2.0 (hopefully replaced with the real thing, soon!). Again, "developer preview" means just that -- don't pick this thing up to play with unless you know what to do when it breaks on you.

Meanwhile, those of you wanting to learn more about Caldera and OpenLinux may want to look for the Linux/UNIX Power Solutions Tour [Fall 2000], starting in Canada and then winging its way south.

Debian News. The Debian project announced that it has been invited and will be part of the LinuxPark at Systems 2000, November 5th through the 11th in Munich, Germany. Of course, that conference is mostly over now, but if you're in the area, you may want to stop by to catch the last few days.

Recent additions to Debian's "unstable" development tree are discussed in this week's Debian Weekly News. They include XFree86 4.0.1 (thanks to the work of Branden Robinson), perl 5.6 and dpkg 1.7.0. As a result, "unstable" is living up to its name -- definitely intended only for the brave and adventurous.

DWN also talks a bit more about Progeny Linux, a relatively new commercial version of Debian from Ian Murdock's new company. It released its first beta last week and more details on the beta were discussed on debian-devel this week. It uses many packages from Debian's "unstable" tree, more hardware auto-detection and boot support via GRUB instead of LILO, among other features. Work done by Progeny will be made available back to maintainers in Debian for consideration for inclusion into Debian.

On a more administrative note, Debian's votes on a couple of proposed amendments to the Debian constitution dealing with how to handle "non-free" software have expired. Apparently, discussion raged for a few weeks, then died out without the vote being moved forward. There was also concern about the ballot wording, which seemed to be causing a lot of confusion. Now they'll all been thrown out. We'll have to wait to see if the proposals get revived. For more information on the issue, check the October 12th Distributions Summary.

Still want more Debian News? Check out the November 2nd issue of Debian Kernel Cousin, more news from the debian-devel mailing list.

Slackware News. A version of Qt not linked with Mesa has been made available, due to conflicts seen by people using the NVidia OpenGL libraries. For security reasons, pine has also been upgraded, along with IMAP. Check the Slackware Current Changelog for more details.

Storm Linux News. LinuxOrbit has run this review of Storm Linux 2000. "Storm Linux being based on Debian, comes with full and complete Debian compatibility (current version 2.20 Potato). All packages can be installed through the apt-get (console based Debian package retrieval system) or the Storm Linux Package Manager (stormpkg). "

SuSE Linux News. SuSE 7.0 has a "clean installation" and "upgrades smoothly" according to this review in FreeOS. "Since I was already running SuSE 6.4 on my system I first tried the upgrade. That went off smoothly enough and I was soon running SuSE 7. All packages were detected and upgraded. Next, I tried a clean installation which went off smoothly as well. I chose the default with office install which is just the default installation with StarOffice on top. No problems here either."

Section Editor: Liz Coolbaugh


November 9, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


News and Editorials

Gnulpr and the evolution of printing on Linux. News reached LWN this week of the release of drivers for Lexmark printers coming directly from Lexmark, apparently shipped with their printers. On the heels of that announcement came word of a new project (or should we say GNU project) for handling printing on Unix systems: gnulpr. The design document for this system has been posted to SourceForge. The question that begs asking is - with the advent of CUPS and LPRng, is gnulpr necessary?

Printing on Linux systems has always been a bit of a black art. Configuration has been a fairly manual task and printer drivers have come primarily from the sufficient but incomplete Ghostscript package. LPR itself, derivatives of which come from the original Berkeley LPR, is not actually a printing system. It's a queue manager that provides for the submission and processing of print jobs. All of the real work is handed off to filter programs and utilities.

As much as it hurts to admit it, configuration and printing on Windows systems is a much simpler task, at least for the most simple scenario of a single printer connected directly to the PC in use. Linux developers have been striving in a number of ways to provide better interfaces to the print subsystem as well as provide a better subsystem for handling driver interaction and installation. LPRng is one such system. Its design aims at extending the original LPR implementation while providing features seen in variations of LPR like Unix SVR4's lp and lpstat.

But LPRng is still LPR. The basic subsystem of filter interaction with printers remains. It still relies on Ghostscript to deal with most printers. An alternative to this system is CUPS. CUPS provides a portable printing layer for UNIX-based operating systems. Licensed under the GPL and LGPL, it has been developed by Easy Software Products to promote a standard printing solution for UNIX systems in general, including Linux. System V and Berkeley command-line interfaces are provided. CUPS uses the Internet Printing Protocol ("IPP" - defined in RFC2565, RFC2566 and RFC2567) as the basis for managing print jobs and queues. The Line Printer Daemon ("LPD"), Server Message Block ("SMB"), and AppSocket (a.k.a. JetDirect) protocols are also supported with reduced functionality. CUPS adds network printer browsing and PostScript Printer Description ("PPD") based printing options to support real-world printing under UNIX. In other words, CUPS covers a lot of ground internally while using a common interface for users.

What separates CUPS from LPRng is the commercial front end for configuration and the wide supply of back-end drivers - Easy Software's ESP PrintPro package. While not free software, it does provide an easy to use configuration tool and a huge set of printer drivers. And that driver set is current with many popular desktop printers. But CUPS isn't designed to work only with ESP Print Pro. The author of both products, Mike Sweet, also wrote the original Print plug-in for the GIMP. And now that tool has been extended into yet another printing system - known as Gimp-Print (or stp to some developers) - which hooks into any back-end, including CUPS, LPD and Ghostscript drivers. And it integrates with Foomatic, yet another printing subsystem.

So what about Ghostscript itself, the workhorse solution to printer drivers under free Unix distributions? Recently this project was picked up by long time Linux (and GIMP) hacker Raph Levien, who posted an open letter to the open source community outlining his view for the future of Ghostscript. He also opened a new web site for Ghostscript, which has an Advogato-like style.

And this leads us back to gnulpr. Unsatisfied that the original design of LPR had not evolved since it's early days and various implementation had become only marginally interoperable, Grant Taylor decided to look at ways to replace it. And Grant was not alone in his dissatisfaction. The Free Software Foundation has noticed that LPR had forked into a number of poorly-maintained or proprietary versions. Since the GNU project lacks a printing system, Richard Stallman approached Ben Woodard about taking over maintaining LPR for project GNU. From both of these events was born gnulpr.

Confused? You should be. As stated previously, printing on Linux is a black art. Standards exist but we also have a wealth of implementations. Many work together and their interoperability is getting better. Even so, each system has its limitations and users really only care about two things - can I configure my new printer quickly and will it work with all my applications? The answer to the latter is "probably". The answer to the former is "maybe". Bad though that sounds, it's better than last year when the answers were "not likely" and "you've got to be kidding", respectively.

But back for a moment to gnulpr. Will this new system meet the needs of modern graphical software? According to Nick Moffitt, it can:

Yes, even in version 1.0! Part of the anthology release is an application called gpr, which is a drop-in replacement for the lpr client binary. One can simply replace "lpr" with "gpr" in Netscape's printing dialog, and up it comes. The gpr client uses PPD files to provide a GUI for selecting printer options (such as duplex, tray selection, watermarks, etc.). It then uses the selections to generate an lpr command-line with all of the necessary parameters. Our version of lpd has support to pass these options into the ppdfilt program, which is part of our printfilters set. This functionality is actually the first thing we really did with LPR. It was the difficulty of assembling all of the pieces that lead us to the anthology release concept. Gpr was actually a third-party application developed by Thomas Hubbell of Compumetric Labs.

There has been a fair amount of discussion about the release of both gnulpr and the Lexmark drivers, the most interesting of which may have come from LinuxPrinting.org, the site which evolved from the Linux Printing HOWTO, under the General Forum.

While not complete, this information should give you an idea of what's been going on and where it has been happening. All you need to do is wait. At least until all the various implementation come together and a common printing system works its way onto the Linux desktop.

More Printing News: HP's response to Eric Raymond. HP has published a response to Eric Raymond's open letter. In it, they detail what they have done for open source in the printing arena.

Browsers

Galeon Release 0.8. Release 0.8 of the Galeon Web Browser has been released. New features include more context menu options, a clear cache feature, Netscape import/export tools, and bug fixes.

Mozilla Status Report for November 2, 2000. The November 2, 2000 Mozilla Status Report is out. News includes lots of bug fixes in the Translator, MailNews, Necko/Imglib, and XPtoolkit sections of Mozilla.

Databases

Sanchez releases GT.M database as open source. Sanchez Computer Associates Inc. announced this past week that the company's Greystone Group, a technology division of Sanchez, has made its M database technology available to GNU/Linux-based users as open source software. The code is available from Sourceforge and is licensed under the GPL. This announcement raised a few questions at LWN. In particular, the statement that "The release of GT.M as open source freeware applies only to the x86 GNU/Linux platform" caught our attention, so we sent the company a query. K.S. Bhaskar, Vice President of the Greystone Group, responded.

LWN: Is this the "mumps" executable in the distribution? If so, could you give me a hint as to where the source might be found?

Bhaskar: Yes, the mumps executable includes and invokes the M compiler. As noted in the press release, the source code has not actually been released yet (it's in our work pipeline, and will happen soon -- mostly technical packaging issues that we are working on while scrambling to make a release that clients are working for, so we're not as focussed and as efficient as we could be).

GT.M includes a compiler for the M language. There is a code generator for each target architecture, and (at least at this time) we are only releasing the x86 code generator under the GPL. If someone is able to retarget the code generator (probably not a massive task, but certainly harder than falling off a log), s/he could certainly run it on other platforms. (I'm personally rather hoping someone will port GT.M to a PDA...)

The high performance transaction processing database part is reasonable portable across UNIXen. So, someone could easily hook it up to C, Java, etc. without a lot of work.

What makes the release of this software interesting is its potential in the medical software arena, as was discussed on LinuxMedNews.

MySQL. A couple of notes on MySQL this week. This first is that for the third Year in a row MySQL won the Readers Choice Award in Linux Journal. MySQL earlier this fall won the Linux Magazine Editors Choice Award.

On another front, MySQL founder Michael "Monty" Widenius predicted a substantial Open source database impact on the markets today dominated by proprietary database companies. Monty's speech at the OSDN-summit in San Jose was quoted by CBS Marketwatch.

Education

Linux in education report #32 for November 6. The latest issue of the Linux in education report has been posted to the SEUL website. There are some first hand reports of the Red Escolar project along with the Manhattan Virtual Classroom, a system that "allows you to go online with your courses - without creating a single web page." (Thanks to Doug Loss)

Embedded Systems

Report from the 2nd Embedded Linux Expo. LinuxDevices' Rick Lehrbaum reports on the second Embedded Linux Expo & Conference (ELEC), held October 27, 2000 in Westborough, MA. "As in the case of last June's ELEC, the event was well attended from both the attendee and exhibitor perspective, and the day was permeated by a clear sense that Embedded Linux is truly 'a market on fire.'"

Interoperability

Wine Weekly News. We missed last weeks news, and so here are two weeks worth of news from the WINE project.

  • Issue 67 - This issue includes a link to unofficial screenshots of MS Word and Excel 2000 running under WINE.
  • Issue 68 - The latest issue includes discussions on configuration and thoughts on porting to MacOS X.

Office Applications

GIMP News. A few announcements from the GIMP News front. First, Miles O'Neal went one-on-one with LinuxNews.com to talk about the future of GIMP. Next, a new GIMP web site, MacGIMP, was launched this week. The web site aims to help Macintosh users, particularly Mac OS X users, run the X window system, GTK, and the GIMP. In conference news, GIMP has a booth in the Linux-Park (Hall A3) at the Systems 2000 show in Munich, which runs from November 6th through 10th. The booth will be manned by GIMP developers Simon Buddig and Marc Lehman. Finally, an article about GIMP configuration on any X11 capable OS, including some info about TrueType fonts and Wacom tablets, was posted to diff.org. The article is in Italian - English text is available via Babelfish.

On the Desktop

GNOME Configuration Made Easy (Linux Planet). In the first edition of a new weekly column on GNOME, Linux Planet looks at GNOME configuration issues. "The GNOME mail notification applet (found under Programs/Applets/Network/Mailcheck) has six different notification graphics. You can also run more than one of these at a time, and you can select which mailbox each monitors. If you're using procmail and have multiple mbox files, or have multiple POP accounts, this is a great way to keep track of which box has mail."

GNOME Icon Project Needs Manager. Matthias Warkus is stepping down from his position as manager of the Gnome Icon Project. As a result, the project needs a new leader. This sounds like a fun job for someone who is graphically inspired and can manage input from a wide variety of people.

The People Behind KDE: Rik Hemsley. Continuing in the series on KDE developers, this article introduces Rik Hemsley, a developer known mostly for his work on empath, a groupware project for the KDE PIM project similar to Outlook. "Day-to-day I look hard at KDE in general and try to find ways we can improve it. I usually investigate problems first, talking to those who are responsible or have good knowledge of a subject area. I then try to work with people to find solutions. This yields better results than simply filing bug reports."

2nd Public Beta of Kivio announced. The 2nd public beta release of Kivio, the KDE flowchart tool, is now available for download. Most popular Linux distribution formats are provided for binary versions of the package, as well as the source distribution.

QextMDI 1.0.0 released. The 1.0 version of QextMDI, a C++ library extension to Qt that allows for multiple views of a document, has been released.

Science

MUMPS Compiler/Interpreters are now GPL. In August we reported on the release of a Mumps Compiler for Linux. While that release was described as not truly free software, a recent announcement on the LinuxMedNews site notes that the license has been changed to the GPL. This announcement, coupled with the release of the GT.M database software, takes the idea of an open source VistA package (used by the VA Administration) a step closer to reality.

Web-site Development

Zope Weekly News. The Zope Weekly News for November 8 is out. Zope documentation appears to be the theme of the week.

Section Editor: Michael J. Hammel


November 9, 2000


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


C/C++

Utilizing Callbacks in GTK+ (LinuxProgramming). Donna S. Martin's latest article in her series on GTK+ programming takes a look at using callbacks: "The point of all this is that any information our buttons need to perform their duties must be available when the function is invoked. Some information can be retrieved from GTK+, some could be queried from the user, and some (such as the id of the label widget to update) needs to be supplied from the main program."

Java

Incremental development with Ant and JUnit. Testing your code is a necessary evil. IBM's developerWorks looks at Ant and JUnit, two tools used in conjunction with testing Java programs.

The change bug has bitten every developer. During the modification of code, a bug might be introduced, which is not found until after compilation when the code might be manually tested via a user interface. Then, you spend days tracking down an error introduced by the change.

Perl

This week on perl5-porters (31 Oct -- 07 Nov 2000). Perl5 Porters posted their latest newsletter. Some of the topics covered include error number parsing, the (f)crypt of mystery, and the regex stack problem .

Days 1.4 and 1.5 of University of Perl. Nathan Torkington has concluded his daily journal of the University of Perl this week with entries for Day 1.4 and Day 1.5.

Beginner's Introduction to Perl. We didn't see this reference yet - Perl.com has an introduction to using Perl that covers everything from variables to functions to programmed loops.

PHP

PHP Weekly Summary for November 6th, 2000. The November 6th, 2000 edition of the PHP Weekly Summary is out. News includes information on stack traces in error messages, methods for displaying references in var_dump(), and an imlib2 extension update.

Python

This Week's Python-URL. The November 6, 2000 edition of the Dr. Dobb's Python-URL is out. Included are some overviews of Python based graphics packages and a pointer to a Python library listing utility.

Tcl/tk

This week's Tcl-URL. Here is the Dr. Dobb's Tcl-URL for November 6 with the latest from the Tcl/Tk camp. Among other things, it points out the new SourceForge page for TclPro, a Tcl tool set with a graphical debugger, code checker, and compiler.

Rebol

A dW tutorial: Rebol scripting basics. IBM's developerWorks Web site carried an article on scripting with Rebol.

Rebol has a huge number of built-in datatypes, designed to represent values that you find in the "real world", like email addresses, URLs, dates, times, and monetary values.

Note that this article requires a free registration.

Software Development Tools

Jumpstart your Yacc...and Lex too! An introduction to Lex and Yacc. In another article from IBM's developerWorks, an introduction to the use and purpose of Lex and Yacc bring users up to speed on processing lexical patterns and grammars, respectively.

Section Editor: Michael J. Hammel

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


Stock page update. The LWN Linux Stock Index has been recently upgraded to include stocks traded in currencies other than US dollars. The first non-US stock to be added is Axis Communications, makers of a line of Linux-powered network cameras. Axis is traded on the Stockholms Fondbörs where shares are priced in Swedish Kronas. Shares are also traded on the Berlin and Munich exchanges. Values for non-US currency will be converted to US dollars using a recent currency exchange rate so they can be easily compared to other stocks in our table.

IBM continues its Linux support. IBM made several interesting announcements this week. First they announced one of the largest IBM Linux-based installations to date. Lawson, Inc., a Japanese convenience store chain, will be using IBM eServer xSeries systems to allow customers to download music, movies and other Web content from multimedia terminals throughout its stores. The systems are expected to be deployed next March.

Then IBM announced the release of the IBM Small Business Suite for Linux. This suite includes IBM's DB2 Universal Database, WebSphere Application Server and Lotus Domino and has a suggested retail price of $499 (US).

IBM is also working with Bluetooth specifications using Linux. The company announced it is making available commercial licenses for its Linux-based mobile middleware product, BlueDrekar. Look for BlueDrekar code on alphaWorks, IBM's online resource for emerging technology.

We all know by now that IBM's line of eServer systems will run most major Linux distributions. Now it seems that Sendmail will provide the mail routing software as the default mail software on the eServer.

European Commission study on software patents. Fred Mobach pointed out that the European Commission is looking at software patents, with an eye toward making such patents easier to get across Europe. Opinions are being requested; now is the time to let them know, in a well-reasoned manner, what you think on the issue - especially if you are European.

Along with the consultation is this study on the economic impact of software patents; it is very favorable toward these patents. "The open-source community considers patents a threat to the development of open-source software and aims to ensure that patents do not affect such development.... However this position on patents could well change. Developers of open source software may find it advantageous to file patents to obtain bargaining positions e.g. license money from owners of proprietary platforms."

HP's open letter to the open source community. HP has published a response to Eric Raymond's open letter. In it, they detail what they have done for open source in the printing arena and confirm their plans to continue supporting HP-UX for customers needing an operating system that scales to 64 processors and higher. "Going forward, some of our efforts will be open source, but not all. For example, portions of HP-UX are licensed from third parties, which makes it impossible to open source HP-UX completely. We will continue to identify and make available HP technologies that add to Linux's capabilities". (Thanks to David Paschal).

Eazel shows Nautilus, selects Linuxcare for support. Eazel unveiled its Network User Environment services offering along with an updated version of Nautilus. Termed the "Sneak Preview", the tools are available for download from Eazel's web site. The first two of these services are the Eazel Software Catalog and Eazel Online Storage. The Software Catalog provides users with easy, one-click installation of applications from a comprehensive Linux software library. Online Storage makes Web storage transparent to the user by integrating it with the user's local desktop allowing the user to safely back-up files online and access them from any computer with a browser. Eazel is offering each Nautilus user 25 MB of free online disk space. Nautilus is an open source project being developed under the GPL (GNU Public License) and is a core component of the GNOME desktop project. Eazel is a member of the GNOME Foundation.

In a related announcement, Linuxcare and Eazel announced a partnership to support Eazel's Network User Environment. Under the agreement, Linuxcare will provide email support services to customers of Eazel's Network User Environment which includes the Nautilus client for Linux systems. Linuxcare will also maintain a Linux knowledgebase support site at Eazel.com by capturing documentation and software updates, as well as managing and updating support FAQs.

Embedded Tracers. Two embedded code tracers were released this week. MontaVista Software released the Linux Trace Toolkit for PowerPC developers. MontaVista's version builds on Karim Yaghmour's- open source IA-32/x86 Linux Trace Toolkit by adding PowerPC support.

LynuxWorks released SpyKer. "SpyKer is the only commercial trace tool that traces kernel events without the need for instrumented kernel and library events and without a special instrumented version of the library. SpyKer can also trace user application events without modification to the application source code, which can save time and speed up time to market."

Indrema invites collaboration. Indrema Entertainment Systems is the creator of an open source game console and home entertainment platform. Its Indrema Developer Network, in collaboration with CollabNet, is covered on this week's Development page. Here are a couple more partnerships made by the company this week.

Indrema and Metro Link have announced they will collaborate on the development of key open source technologies behind the Indrema Entertainment System (IES). Part of Metro Link's job will be to bolster the IESDK feature set through their work on the Xtrema and OpenStream technologies.

Metrowerks will be working with Indrema to produce CodeWarrior for the Indrema Entertainment System (IES), which will be included for little or no cost in the Indrema Entertainment Software Development Kit (IESDK).

LynuxWorks completes merger. LynuxWorks has completed its merger with Integrated Software & Devices Corporation. LWN examined LynuxWorks' S1 filing in this feature article.

SHYM's PKEnable adds certificates to CVS. SHYM Technology has announced its "PKEnable" product, which adds digital certificate capability to the CVS source management system. "Recently publicized events have shown us once again that source code is a viable target for corporate hackers. Unsophisticated password technology built into CVS and other code management systems isn't enough to adequately protect a company's intellectual property."

Hasbro launches new .com edition of Monopoly. Hasbro has announced a ".com edition" of the venerable game Monopoly. The railroads have been replaced with telecom firms, which makes sense. Amusingly, the utilities have been replaced with Sun Microsystems and Linux. Perhaps Linux should have gone in as "Free Parking" instead?

Here's a picture of the .com Monopoly board with Tux in the Utility spot. (Thanks to Dave Whitinger).

Press Releases:

Open Source Products

Unless specified, license is unverified.

Commercial Products for Linux

  • Advanced Computer & Network Corporation (PITTSBURGH) announced that it has received SteelEye's LifeKeeper certification and is now included on SteelEye's Hardware Compatibility List for RAID storage systems. SteelEye's Hardware Compatibility Program provides customers with assurances of compatibility and integration when deploying LifeKeeper for Linux clustering solutions.

  • Halcyon Software, Inc. (San Jose, CA) announced that it is making its Instant ASP (iASP), available for free to users of Intel-based Linux systems.

  • Inetcam Inc. (SAN DIEGO) announced the release of new iVISTA personal webcasting software that will now run on a Linux-based PC.

  • JBSi (HOUSTON) announced that JBSi has become a nationwide distributor of Century's TinyTERM line of terminal emulation products. Century Software's TinyTERM suite of host-connectivity products delivers scalable, convenient access to UNIX and Linux systems.

  • Lexmark announced the availability of Linux drivers for their Lexmark Z52 Color Jetprinter and Lexmark Z32 Color Jetprinter. The drivers are currently available at no charge.

  • Linux2order.com (PROVO, UTAH) launched Priority Download, designed to provide users with access to all of its software, at download speeds up to 110Kbps.

  • Linux NetworX, Inc. (SANDY, Utah) announced the integration of BRU Backup & Restore Utility into its Evolocity cluster solutions. BRU is a backup software solution for Linux systems from Enhanced Software Technologies, Inc. (EST).

  • MSC.Software (COSTA MESA, Calif.) announced the release of MSC.Marc 2000 on the Linux platform and ISO 9000 certification from Underwriters Laboratory.

  • Prolific Inc. (NEWARK, Calif.) announces expanded support for Intel-based workstations running Linux.

  • SGI and Informix Software (MENLO PARK, Calif., and MOUNTAIN VIEW, Calif.) announced that the Informix database will be available on SGI servers based on the Intel Itanium processor and the Linux OS.

  • V3 Semiconductor Inc. (SANTA CLARA, Calif. & TORONTO) announced that it offers Linux operating system support for developers of MIPS processor based embedded PCI applications.

Products Using Linux

  • Alpha Processor, Inc. (API), Dolphin Interconnect and Scali, SA (Dallas) announced the availability of WulfKit for Alpha, enabling the creation of powerful and scalable Linux Beowulf systems.

  • API NetWorks, Inc. (DALLAS) introduced the UP2000+ dual-processor motherboard to its line of Ultimate Performance Series motherboards and the latest speed Alpha 833 MHz processor. API also introduced the CS20, a powerful server in a 1U package.

  • AXENT Technologies, Inc. (ROCKVILLE, Md. & MOUNTAIN VIEW, Calif.) and Cobalt Networks, Inc. unveiled the VelociRaptor firewall and virtual private network (VPN) appliance. AXENT's solutions run on a hardened Linux system, pre-configured and locked down within the hardware appliance.

  • Filanet Corporation (SUNNYVALE, Calif.) announced the InterJak 100 Internet service appliance enabling small and medium businesses to have the power of a big company network with one simple device.

  • SuSE Linux announced the general availability of SuSE Linux S/390.

Products with Linux Versions

  • CrossKeys Systems Corporation (SAN JOSE, Calif.) announced the release of CrossKeys Dyband software for the Linux operating system.

  • The iSpark Group (FORT WORTH, Texas) introduced BillMax Version 1.5.3. Not quite open source, "BillMax is one of the only turnkey billing applications that offers UNIX platforms (Linux, Solaris, FreeBSD, BSDI), 90% of the source code with a license purchase".

  • knowledgelinx Inc. (OTTAWA, ONTARIO) announced that knowledgelinx 2000, a Web-based knowledge-sharing and management software application, is available immediately.

  • Market Matrix, Inc. (SEATTLE) announced the release of ComUnion 2.0, a scalable ColdFusion Internet commerce engine designed in the Fusebox methodology for web application developers.

  • Novell, Inc. (SAN JOSE, Calif.) announced availability of the Novell Internet Messaging System 2.6, a wireless messaging system.

  • Omnis Software announced the release of Omnis Studio 3.0, the latest version of their 4GL rapid application development (RAD) program.

  • The MathWorks, Inc. (NATICK, Mass.) announced the availability of Release 12 to its product family. Release 12 includes MATLAB 6 and Simulink 4, new versions of The MathWorks flagship products, and upgrades of 60 application-specific companion products.

  • VCIX (NEW YORK) introduced ObjectXplorer, a graphical user interface (GUI) for its Cortra Site Studio software.

Java Products

  • Intuitive Systems, Inc. (CUPERTINO, Calif.) announced availability of Optimizeit 4.0 for Linux. Optimizeit is a Java-based language profiling tool.

  • NQL Inc. (SANTA ANA, Calif.) announced the full release of a Java Edition of its Network Query Language technology which it has qualified for the Linux operating system.

Books and Training

  • The Linux Professional Institute announced the completion of its level 1 tests, now featuring instant results. The beta period is finally over.

Partnerships

  • Cobalt Networks, Inc. (MOUNTAIN VIEW, Calif.) launched the True Blue 2.0 Partner Program, for its channel partners.

  • Lutris Technologies Inc. (SANTA CRUZ, Calif.) announced the formation of the Lutris Solution Partner Program.

  • PartnerAxis (OREM, Utah) announced it was selected by Appgen Business Software Inc. to serve as its channel market maker. In the newly created alliance and partnership, PartnerAxis will position Appgen's newly released personal finance manager "Moneydance", a product for Linux.

  • Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) announced the Certified Red Hat Service Provider Program (RHCSP), a comprehensive, integrated service offering for service providers and Web hosting providers.

  • SGI Global Services and ePeople (MOUNTAIN VIEW, Calif.) joined forces to bring a new online technical support marketplace to Linux users.

  • SteelEye Technology, Inc. (MOUNTAIN VIEW, Calif.) announced a strategic reseller agreement with CONNECT Computer Corp. in which CONNECT will resell and market SteelEye's high availability (HA) clustering software, LifeKeeper for Linux.

  • Tech Soft and Hewlett Packard(Alameda, CA) announced a program to freely distribute the HOOPS/3dAF libraries for personal use on all HP VISUALIZE Workstations running the Linux OS.

Investments and Acquisitions

  • CNET Networks, Inc. (SAN FRANCISCO) announced that it has acquired AppWatch (www.appwatch.com), a directory of thousands of the latest pre-tested Free Software and Open Source downloads, including Linux distributions, drivers, utilities and applications.

  • SONICblue (SANTA CLARA, Calif.) formerly known as S3 Incorporated, announced that it has completed its acquisition of U.K. digital audio equipment manufacturer, empeg, makers of the embedded Linux world's favorite toys: the empeg car audio player and the Diamond RIO.

Financial Results

  • Magic Software Enterprises (OR YEHUDA, ISRAEL) reported total revenues for the third quarter 2000 were $25.46 million as compared to $16.41 million for the comparable three-month period in 1999.

  • VA Linux Systems, Inc. (FREMONT, Calif.) announced that revenue for its first fiscal quarter, ended October 27, 2000, will be below the Company's expectations, primarily due to slower-than-expected sales growth from new customers in the "Dot-com" sector.

Personnel and New Offices

  • Caldera Systems Inc. (OREM, Utah) announced the appointment of Robert Bench to the position of chief financial officer (CFO).

  • Lineo (MUNICH, Germany) announced the establishment of Lineo GmbH in Munich and appointed Werner Hartwig and Ronan Gonidec as sales directors in the Lineo EMEA (Europe, Middle East, Africa) sales division.

  • Mission Critical Linux, Inc. (LOWELL, Mass.) announced that Robert Tumanic will join the organization as Chief Operating Officer. Mr. Tumanic will replace Steve Ofsthun, who will assume the new position of Senior Vice President of Engineering.

  • Turbolinux, Inc. (SAN FRANCISCO) announced that Jerry Greenberg has joined the company in the newly-created position of Senior Vice President of Marketing. Greenberg, most recently the senior director of marketing at Fujitsu's HAL Computer Systems subsidiary, is a 35-year veteran of the computing industry.

Other

  • SGI (DALLAS) demonstrated Linux-based Intel Itanium processor systems at SC2000. The systems ran with a version of Turbolinux using SGI Pro64 compilers, SGI Advanced Cluster Environment (ACE) and system administration tools.

  • TOP500 List released an independent study naming IBM the world leader in supercomputing. "Today's list also marks the first time that other IBM systems besides the SP have attained a TOP500 ranking. The company's "Blue Hammer" clusters featuring S80 UNIX systems and Intel-based Linux cluster systems emerged today in record numbers on the list, evidence that IBM's use of supercomputing technology in these new products is paying off."

  • Zona Research announced the availability of a research report on Linux deployment. "Though Microsoft Windows was the single OS replaced most often with Linux, nearly 2/3 of respondents who were replacing legacy applications with Linux indicated their organizations were replacing UNIX operating systems." Dig out the credit card if you want to see the whole thing, the "single user" version of the report is $895.

Section Editor: Rebecca Sobol.


November 9, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


IBM and Transmeta

IBM expands Linux offerings for e-commerce servers (News.com). IBM's drive into Linux continues with the announcement of its e-commerce WebSphere server that runs on Linux, continuing its effort to bring the operating system to more of its larger server systems.

Linux - a big take off (IT-Director). IT-Director.com looks at IBM's large Linux deployment in Japan. "This implementation simply demonstrates that Linux can be a feasible solution to real world business requirements. The applications here are very 'web centered' and as such fit into an idealised Linux profile almost perfectly. At the same time IBM are providing a concrete example of their support for Linux in business, following on from their well documented public announcements of backing."

Coop's Corner: Closing the Linux credibility gap (ZDNet). In the wake of the highly publicized deployment for a Japanese retail chain, ZDNet has taken a little deeper look at IBM's jump into Linux. "But while IBM's stamp of approval counts as an important public-relations victory, Linux is still playing catch up to more mature server operating systems and it's not at all clear when it might -- or ever will -- pull even."

IBM Preps Linux Server Suite (ZDNet). ZDNet looks at the IBM Small Business Suite for Linux. "Better still, IBM is providing the application programming interfaces (API) and other nuts and bolts for independent software vendors (ISV)s and integrators to add their own software applications to an installation. In practice, you should be able to install, say, your own custom medical services vertical application or a house-brew e-commerce package when you deploy the IBM suite."

IBM Uses Intel Chip Instead of Transmeta (Mobile Computing). It's been around for a day or so but we haven't pointed it out yet - here is one report on IBM's decision to drop the Crusoe chip. "IBM has decided not to use Transmeta Corp.'s energy saving Crusoe semiconductor in its Thinkpad notebook computers, instead keeping with dominant market Goliath Intel Corp.'s." (Thanks to Jay R. Ashworth)

Buzz, Doubts Surround Transmeta (SF Gate Tech). While not providing any new information, this article from SF Gate Tech does give one of the better overall pictures of who Transmeta is and why people will care. "The Crusoe's real selling point turns out to be another technology, one that wasn't even part of the company's original vision: a set of power-saving techniques Transmeta calls LongRun. The technology is based on the observation that PC processors rarely need to operate at full capacity to keep up with the work thrown at them. LongRun monitors the Crusoe's workload, then adjusts the chip -- reducing clock speed and, more important, lowering voltage -- so it can keep up with the work on only a fraction of the power it consumes at full bore." (Thanks to Michael J. Miller)

Transmeta's story still has a way to go (ZDNet). Is Transmeta a good IPO bet? ZDNet looks over the financials of the chip maker and examines the up and down sides to investing in this upstart Intel opponent.

Transmeta expected to boost IPO price range (News.com). Citing strong investor demand, Transmeta is expected to boost its IPO price to between $16 and $19. With 13 million shares available, that should raise between $208 million and $247 million. "Transmeta has had losses of $119.4 million to date, according to its IPO filing. The company had $358,000 of revenue from products in the first half of this year, almost five times its $74,000 of product revenue a year earlier. In the year-earlier period, it also received $5 million of one-time technology licensing fees from IBM and Toshiba, the filing said."

Companies

VA Linux issues earnings warning (ZDNet). VA Linux issued an earnings warning that first quarter results would not meet analysts expectations. "Citing slow sales growth from dot-com customers, VA Linux Systems Inc. warned investors Monday that first-quarter results would fall short of expectations. The company, which makes Linux operating system hardware, software, and services, said it expects to post a loss of 14 to 16 cents per share for the quarter. Wall Street was expecting the loss to be around 9 cents per share, according to First Call consensus."

Mission Critical Linux names new chief operating officer (News.com). Robert Tumanic has been named Chief Operating Officer at Mission Critical Linux, where he joins Moiz Kohari, President and CEO, in helping run the company. Tumanic will replace Steve Ofsthun who has moved to Senior Vice President of Engineering.

Linuxcare aims for redemption (Upside). Upside takes a closer look at Linuxcare resurgency under the guiding arm of new CEO Art Tyde, one of the original founders and the original CEO before Fernand Sarrat, and how things got to where they are now. "With all that money on the table, the folks at Kleiner Perkins were free to make little suggestions. Eventually those little suggestions blossomed into one big suggestion: Why not bring a professional management type to run the army, leaving Tyde and his merry band of brothers to focus on the back-end machinery?"

ZDNet acquires AppWatch. CNet / ZDNet has acquired AppWatch, a Linux applications and open source repository. Terms of the deal were not disclosed.

Superlog public domain debut delayed (EE Times). EE Times takes a look at the problems one vendor has had in taking a proprietary language into the public domain. "[Co-Design CEO Simon] Davidmann said that as Co-Design comes closer to completing the technical phase of its [Superlog] language work, the problems with releasing the language have started to loom large. 'You can't just publish it on your Web site,' he said. 'Preserving the standard and interoperability makes things complex.'"

Business

Penguins Unite (ZDNet). An introduction to Beowulf clusters - who has them, who makes them, and what they are - is the focus of this article from ZDNet. "One cluster, Computational Plant, or CPlant, at Sandia National Laboratories, is a 580-processor cluster that ranks 62nd on the Top 500 Supercomputing Sites list presented by the University of Mannheim and the University of Tennessee."

Netscape 6.0: Best ... or buggiest? (ZDNet). The war of words between AOL/Netscape and open source developers has heated up lately. O'Reilly author David Flanagan has raised serious issues regarding stability and standards compliance with Netscape 6.0 and asked that its release be delayed - prompting discussions and analysis.

Linux advances on several fronts (News.com). News.com has put up an article on various new ports of Linux. "With the addition of IDT's chips, which are based on a design from embedded chip company MIPS, Lineo's Linux products now run on 20 different embedded CPUs. These include Arm's Arm 7 and 9 chips; Hitachi's SH3 and SH4 chips; Intel's StrongArm 1100 and 1110 chips; Motorola's Coldfire, Dragonball, Mcore and PowerPC chips; and a variety of Intel-compatible chips, including the 386, the 486SX and DX, and Pentium."

Motorola, IBM brush up on Bluetooth (ZDNet). While the announcements expected from IBM and Motorola regarding Bluetooth in this article from ZDNet are interesting, they aren't quite as fun as the next to last paragraph: "Linux is such a pervasive programming language right now," said Daniel Jue, manager of IBM's Alphaworks division, in Cupertino, Calif.". Programming language? Assuming a proper quote by ZDNet, Mr. Jue might just deserve the Pointy Haired Boss award for the day with this line.

Thoughts on computers in voting (RISKS). Your editor happened to receive the latest copy of the RISKS Digest while waiting to see how the U.S. election went. Therein is a submission from the chair of the Iowa State Board of Examiners for Voting Machines and Electronic Voting Systems on the increasing use of proprietary software in voting systems, and on how that software could be subverted to distort elections. "The time has come for computer professionals to press for a change to the guidelines for voting machines, asking that all software included in such machines be either open source, available for public inspection, or at least open to inspection by a third party independent testing authority."

Fed agencies appeal to Linux vendors (ZDNet). Federal agencies asked Linux vendors at the Federal Linux Users conference to step up their efforts to promote the use of open-source software for government accounts. "The vendors responded by criticizing the onerous and outdated certification requirements imposed by the federal Defense Information Systems Agency, or DISA-which, they said, are far too financially demanding for the nascent Linux industry."

Setting Patents Free (ZDNet). Another look at patents in an open source world, this time using well known Linux hacker Raph Levien as a model.

Setting Patents Free. Raph Levien sent in some patches and corrections to the previous article. "The patent grant is for GPL software only. If you want to release software under a non-GPL open source license, I'd love to have a discussion with you about royalty payments."

Cybercrime treaty gets it wrong ... again (ZDNet). ZDNet has published an opinion column on the troubles with the proposed "CyberCrime" treaty. "To be certain a particular device can withstand a denial of service attack you need the tools to create that attack. To test to see whether old vulnerabilities are reintroduced in new versions of a program it is useful to regression test with old exploits. These are basic engineering practices that will be outlawed if 'only outlaws can have exploits.'"

SDC: Get An Open-Source Plan (ZDNet). Larry Augustin talked about convincing companies to get an open source plan in his Keynote speech at the Software Developers 2000 Conference in Washington, DC. "The open-source model is also more efficient, with direct communication between users and developers, Augustin said. What's inefficient, he added, is commercial software vendors' parallel development of features on different code bases."

That Tokyo glow (ZDNet). Evan Leibovitch looks at LPI's announcement of the release of LPI exams in the Japanese language. "Before I go any further, I will state up front my bias here. I played a part in the beginnings of LPI, and I'm still on its board. That's why I was sitting at the table at the press conference as a participant and not as a reporter, offering answers rather than asking the questions. The room was full -- more than 30 reporters were taking notes and/or shooting cameras."

Long live the OS wars (ZDNet). This ZDNet article takes another look at the Microsoft hack. "There are real differences between operating systems. Even though vendors try to one-up each other's claims of reliability, scalability, price/performance, there remain many price, feature and functionality differences. All OSes are not created equal. Choice is a good thing. Religious wars are seldom, if ever, won on facts. So, why should the OS wars be any different? "

Resources

Treasure Trove Looted: Digital Rights? (O'Reilly). The algorithmic paradise known as Treasure Trove has been shut down because a book publisher owns the copyright to the content on the site. Or so it seems. O'Reilly asks authors the question "Who owns your site" in this article on policy and legal issues in publishing. "A Web page is published dynamically, and it is made available to readers even while it continues to change. A book is published by printing the content on paper and binding it into what we know as a book. If the data changes, a different edition of the book is published."

Test version of new Linux kernel available (News.com). News.com looks at the 2.4.0-test10 development kernel release. "But just including the word 'final' in the latest test version of the kernel doesn't guarantee immediate results. In May, Torvalds released the first of the 2.4.0-test series of kernels, hoping that using the '2.4' nomenclature would focus programmers' attention on producing software usable by companies instead of just an interesting prototype."

Linux Power Tuning (Network Computing). Networking Computing takes a look at tuning the Linux kernel. "Also by using hdparm (specifically the -a option), you can alter the read-ahead buffering. Under the default setting, 8 KB of data in a file is read as soon as a process reads from a file, which is good on systems where files are read in their entirety. But on systems where random parts of a file may be read, such as in a database application reading records from different locations in a file, lowering this value may be helpful because such read aheads are counterproductive."

GNOME Configuration Made Easy (Linux Planet). In the first edition of a new weekly column on GNOME, Linux Planet looks at GNOME configuration issues. "The GNOME mail notification applet (found under Programs/Applets/Network/Mailcheck) has six different notification graphics. You can also run more than one of these at a time, and you can select which mailbox each monitors. If you're using procmail and have multiple mbox files, or have multiple POP accounts, this is a great way to keep track of which box has mail."

A Firewall for Linux with Ipchains (PC Quest). PC Quest has an introductory article on Ipchains, a packet-filtering firewall package. "Ipchains is so called because it deals with IP packets at the Network Layer, and the rules defined in it are based on three inbuilt chains called input chain, output chain and forward chain" (Thanks to Colin Frazer)

Unified Logons between Windows NT and UNIX (Linuxcare). Andrew Tridgell has written an in depth look at Winbind, a tool for integrating Unix and NT login identification schemes. "Integration of UNIX and Microsoft Windows NT through a unified logon has been considered a `holy grail' in heterogeneous computing environments for a long time. We present winbind, a component of the Samba suite of programs as a solution to the uni.ed logon problem. Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules, and the Name Service Switch to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine."

Dual Booting (ZDNet). Mixing Linux with Windows on the same PC isn't as hard as it used to be according to this article from ZDNet. "If your machine has sufficient resources, the best way to add Linux (or another version of Windows, for that matter) may be by using a product called VMWare. With VMWare, you don't have to repartition your hard drive, and you can run one or more versions of Linux in virtual machines under the host operating system."

Reviews

PhatNoise PhatBox car mp3 player (LinuxDevices.com). LinuxDevices.com gets to play with all the fun toys; this time they review the PhatNoise PhatBox. "The innovative device lets consumers take high quality audio files from their PCs, and play them using the existing sound system of their cars. It's basically an mp3 jukebox, powered by an internal computer running Embedded Linux, that emulates a car CD changer."

Square D embeds Linux in power control thinserver device (LinuxDevices). Linux is used as a flash-based embedded OS in this power system monitoring & control appliance from Square D, which is reviewed in LinuxDevices.com.

Sendmail Multi Switch 2.1 Gives Powerful Features a Simple Face (Network Computing). This review from Network Computing looks at Multi Switch 2.1, the commercial version of Sendmail. "Multi Switch 2.1 is essentially version 8.10 with a smart administration console, advanced security features and the multiple queues option... [that] lets you set up and maintain multiple mail-stream queues. This allows for parallelism, especially on SMP (symmetric multiprocessing) servers and clusters. Individual queues can have their own rule sets and configuration peculiarities."

Device profile: Filanet intelligent Internet service appliance (LinuxDevices). According to the latest LinuxDevices.com device profile, the Filanet InterJak 100 is an "intelligent Internet service appliance" that runs a version of uCLinux on an ARM CPU. The device is targeted as an email and file server with gateway and firewall services. "When it came time to selecting an operating system to embed within the device, the company examined a variety of embedded OS alternatives including Nucleus, VxWorks, pSOS, and QNX. James Goodwin, Finanet senior architect, explained that the development team rapidly concluded that Linux represented the best match to their requirements."

Interviews

FAQ Answer Man Talks About GIMP (LinuxNews.com). Miles O'Neal, maintainer of the GIMP FAQ, is interviewed one on one in this LinuxNews article. "I don't think it will replace Photoshop. I do think it will force Adobe to re-evaluate its approach to marketing and selling, if not designing, building and distributing, Photoshop."

Red Hat CEO still betting on the long shot (Upside). This Upside interview of Red Hat CEO Matthew Szulik reveals where he comes from, what he thinks of "the stock vs the journey" discussions, and whether Red Hat is poised to succeed in the market. "In addition, there is a buzz among open source watchers that insiders moved too quickly to dump the stock. While the SEC documents show plenty of selling, it isn't quite the sellout fest of yore. Oracle has filed plans to unload 1.2 million shares; key early investor Frank Batten has cashed out 6.5 million shares (although he still has 23.6 million left). Co-founder Marc Ewing, who no longer is active in daily management, has sold 2.4 million shares. He's got 13 million left. Szulik says this is routine portfolio trading. He points that he has sold just once: In February, he cashed in 38,826 of his 2 million shares at $90.73 a share for a net of $3.5 million."

Miscellaneous

More accolades for Torvalds. Upside has started to publish their list of who they consider to be the top 100 individuals in the high tech arena. Linus comes in at number 82, for whatever that might be worth.

Section Editor: Rebecca Sobol


November 9, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

A Quantitative Profile of a Community of Open Source Linux Developers. A paper has been posted on the ibiblio.org site which attempts to quantify some aspects of the open source development community. To that end, they looked over thousands of software map entries at the Metalab site. "Our results confirm a very broad participation at this level in the open source software associated with the Linux Archives. A strong bias towards European developers is revealed, reflecting the European roots of Linux perhaps, as well as a balance between .com and .edu contributors."

LinuxUser Issue 4 is available. The articles in LinuxUser Issue 4 can be downloaded at http://www.linuxuser.co.uk/articles/.

Events

ApacheCon Europe 2000. Here is a wrap up report about ApacheCon Europe 2000 which ran last October in London, England. The report also contains some information on upcoming conferences.

Toronto Linux Expo, Day 3. Stefane Fermigier has sent in his day 3 report from the first Toronto Linux Expo. This report covers clustering and high availability. An interesting statistic shows up from the talk by Jim Reese of Google: "6000 servers. 500 TB storage. 1 Google day = 16.5 years. 33 machines die on average every day."

Reports from the LINUX.org pavillion at IT.COM, Bangalore. Atul Chitnis has sent in a couple of reports on the Linux.org pavillion at the IT.COM event in Bangalore, India. "Meanwhile, the 'powered-by-Linux' stalls at the Linux.Org pavilion at the IT.COM have been drawing a wide range of curious computer professionals, students, engineers and users. Special volunteers are demonstrating the various capabilities of Linux in home, development, multimedia, educational and other settings."

Hispalinux Conference in Madrid. The Hispalinux Conference will be held in Madrid, Spain from November 10th through the 12th. Hispalinux is the Spanish Linux Users Group. Speakers include Richard Stallman and Miguel de Icaza. Note: the web site is in Spanish. English speakers can contact congreso@hispalinux.es for more information. (Thanks to Alfonso Baciero)

LinuxUser Conference - London. The program for the LinuxUser Conference in London, December 5-6, is now online. Speakers will include Larry Augustin of VA Linux and Dirk Hohndel of SuSE and XFree86.

Applied Computing Conference 2001 Call for Papers. The Applied Computing Conference and Expo announced a call for papers. The conference will be held May 14 - 17, 2001 in Santa Clara, California.

November/December events.
Date Event Location
November 4 - November 10, 2000. SC2000 - SuperComputing Dallas Convention Center, Dallas, TX.
November 5 - November 11, 2000. LinuxPark at Systems 2000 Munich, Germany.
November 7 - November 9, 2000. Embedded Systems Conference Europe Maastricht, Netherlands.
November 10 - 11, 2000. Linux Meeting 2000 Rome, Italy.
November 12 - November 15, 2000. XML DevCon Fall 2000 San Jose, California.
November 13 - November 17, 2000. LINUX Business Expo Sands Convention Center, Las Vegas, Nevada.
November 25, 2000. Australian Open Source Symposium Adelaide, Australia.
November 28 - December 1, 2000. IEEE International Conference on Cluster Computing Technische Universität Chemnitz, Saxony, Germany.
December 2 - December 3, 2000. LinuxCertified's Linux for beginners Cupertino, CA.
December 3 - December 5, 2000. Wireless DevCon 2000 San Jose Doubletree Hotel, San Jose, CA.
December 3 - December 8, 2000. LISA 2000 New Orleans, LA.
December 5 - December 6, 2000. LinuxUser 2000 Conference Chelsea Village, London, England.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

LUG Events: November 9 - November 23, 2000.
Date Event Location
November 9, 2000. Boulder Linux Users Group NIST Radio Building, Boulder, CO.
November 9, 2000. Phoenix Linux Users Group Sequoia Charter School, Mesa, AZ.
November 9, 2000. Linux Installation Delfzijl, Netherlands.
November 9, 2000. The autumn conference of the Unix User Group - the Netherlands "De Reehorst", Ede, Netherlands.
November 11, 2000. Route 66 Linux Users Group La Verne, California.
November 14, 2000. Long Island Linux Users Group SUNY Farmingdale, NY.
November 15, 2000. Arizona State University Linux Users Group Tempe, AZ.
November 15, 2000. Linux User Group of Groningen Groningen, Netherlands.
November 17, 2000. Rice University Linux Users Group Rice University, Houston, TX.
November 18, 2000. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
November 18, 2000. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
November 19, 2000. Beachside Linux User Group Conway, South Carolina.
November 20, 2000. Linux Users' Group of Davis Z-World, Davis, CA.
November 21, 2000. Bay Area Linux User Group Chinatown, San Francisco, California.
November 22, 2000. Linux User Group of Assen Assen, Netherlands.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


November 9, 2000

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


PHP hackers may want to have a look at PHP Builder, a news and how-to site oriented around the PHP language.

Kernel hangman. For those of you with too much free time... Jeff Dike has put up a Kernel Hangman game on the User-mode Linux site. See if you can guess some obscure kernel symbol before it's too late...

Section Editor: Jon Corbet


November 9, 2000

   

 

This week in history


Two years ago (November 12, 1998), Digital Creations released the source code for their Principia dynamic web content platform. The Principia project has since been renamed as Zope and it is being used widely. Two years later, Digital Creations believes that open-sourcing its product made good business sense.

A second internal Microsoft memo, now known as Halloween II, was brought to light. This followed close on the heels of the original Halloween Document. The second memo mentioned strategies for dealing with Linux and shed more light into some of the strategies that could be used against Linux.

What Microsoft justly fears is that open-source will expose the illusion on which its revenues depend. Along with Apache and Perl and sendmail and the innumerable other achievements of the open-source community, Linux demonstrates that no one need pay for excellent software. Ironically, many of Microsoft's loyal customers find this far too good to be true. They probably always will. This shouldn't be a problem; many Flat Earthers and Creationists lead happy and productive lives.
-- Feed Magazine on the Halloween memos

One year ago (November 11, 1999), RedHat and Oracle announced a collaborative distribution based on RedHat Linux that was intended to be aimed at high volume e-commerce sites.

U.S. District Judge Thomas Penfield Jackson's findings of fact revealed that Microsoft had a monopoly in the operating system business. In the ruling, Linux was written off as a viable alternative:

Fortunately for Microsoft, however, there are only so many developers in the world willing to devote their talents to writing, testing, and debugging software pro bono publico.... It is unlikely ... that a sufficient number of open-source developers will commit to developing and continually updating the large variety of applications that an operating system would need to attract in order to present a significant number of users with a viable alternative to Windows.

Publicly traded Linux stocks jumped up in price after the announcement. Cobalt Networks fortuitously chose this week to go public, and immediately jumped to $130/share - then the third biggest opening day "pop" ever.

Rumors circulated that Red Hat would buy Cygnus - these turned out to be true.

Journaling for ReiserFS was released by Hans Reiser. Another Journaling filesystem, Stephen Tweedie's ext3 version 0.0.2c filesystem was released.

The freeze of Debian 2.2 was pushed back - until January of 2000. That seemed like a long time away, but the eventual 2.2 release was even further away.

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Thu, 02 Nov 2000 07:29:58 -0700
From: Bruce Ide <nride@uswest.net>
To: letters@lwn.net
Subject: Playing Devil's Advocate

While the recent Microsoft network compromise was significant, we should
keep in mind that most security problems originate from people who are
not security conscious. Though a solid operating system helps, it's not
an end-all solution.

It doesn't take much browsing of the LWN Security Section to get a feel
for just how vulnerable a given distribution of Linux is out of the box.
Although it may not be particularly succeptable to remote attacks, local
users will typically find it to be pretty trivial to gain root access.
And of course the first thing Joe Random Newbie does once installing his
Linux box is to offer all his IRC friends accounts on his system. And it
blows his mind when he finds out later that his machine has been used to
trade live goat porn for the past year and a half.

Now using a system like Linux will help a bit, if for no other reason
than it keeps your servers from getting virusses. The security problems
we're seeing now will not go away until both programmers and users adopt
a "Security First" mind-set.

On a side note, the current anti-cracking legislation goes about this in
entirely the wrong way. It'll lull users and administrators into a false
sense of security and draw out the entire process. It's foolish at best
and dangerous at worst.

-- 
Bruce Ide                   nride@uswest.net
   
Date: Thu, 2 Nov 2000 09:44:38 -0600
From: Kevin Breit <battery841@mypad.com>
To: letters@lwn.net
Subject: Linux's security

Greetings,
	The Linux community is definatly interested in the situation that
Microsoft was cracked.  Most of our rebuttal is "Ah!  See, this is where Linux
shines."  While I agree that the open source model is much more secure than
the closed-source model, I don't feel that Linux shines in the security
category.
	Granted, Linux gets much more secure when not all services are installed
and set to go in init.d.  But do we really need to look at a simple find 
statement to find out that we have way too many suid applications that don't
need to be?
	What I feel needs to be done is that the distributions need to take
some time and take security seriously.  They need to look at all their suid
apps, and make them have the correct permissions.  Have default installs
have /tmp as its own partition and have noexec nosuid on that partition.  I
know that the Linus and Co. think it's nazi-admin, but enable wheel group on
Linux distributions by default.
	Linux is probably more secure than Microsoft's respective operating
systems are.  But Linux definatly doesn't touch OpenBSD's quality in regards
to security, and I feel it's arguable that it has some catchup to do with
FreeBSD.  Even if we may never hit OpenBSD's security standard, I feel it's a
goal we should all strive for.  This would allow us to say, without a doubt,
that Linux would do a better job than Windows.

Sincery,
Kevin Breit
   
Date: Thu, 02 Nov 2000 15:40:47 +0800
From: Frank Horowitz <frank@ned.dem.csiro.au>
To: letters@lwn.net
Subject: Time warp....

Dear editors,

In your "Two years ago" section of "This week in history..." in LWL of 2
November 2000, you state

	Supercomputing 1998 hosted Beowulf talks for the first time. 

Just to be pedantic, a full year earlier, I attended a daylong "Build
you own Beowulf" session in the short-courses preceeding the SC'97
meeting in San Jose. This was complete with a 130-odd node cluster on
the exhibition floor (which performed the first teraflop computation on
a Beowulf, IIRC), and Donald Becker debugging drivers for a new ethernet
chipset "on the fly".  

So, umm, I guess that should have been in its own "three years ago"
section. Off-by-one errors will never go away :-)

	Cheers,
		Frank Horowitz
--
Dr. Franklin G. Horowitz; Principal Research Scientist;
frank@ned.dem.csiro.au
CSIRO Exploration & Mining,  PO Box 437,  Nedlands,  WA  6009,      
AUSTRALIA
Tel.(08)9389-8421 (Int'l +61 8 9389 8421), FAX (08)9389-1909 (+61 8 9389
1906)
   
Date: Fri, 03 Nov 2000 16:32:11 -0600
From: James Crouchet <crouchet@sd.is.irs.gov>
To: letters@lwn.net
Subject: Advice on patents

This note concerns your story about LinuxWorks possibly patenting
loadable modules.

I think the writing is on the wall, and I encourage you to move
immediately to protect the intellectual property you yourselves so
often employ. Specifically:

---

1. The use of symbols which represent, either separately or in
combination, various sounds.

2. Combinations of such symbols to form complete modules. Each module
is represented by one or more series of sounds as drawn from it's
component symbols. Each module also possesses one or more definitions.

3. Combinations of the defined modules is used to express and record
ideas, concepts, queries commands and other sorts of communication.

The items described here are know as:

1. Letters
2. Words
3. Language

---

I would also encourage you to extend free usage rights for these
technologies to those who publish software, books, plays and other
communications using the open source model. Though you might want to
specifically restrict it's use by those who hold software patents. 

James Crouchet
   
Date: Tue, 07 Nov 2000 10:55:20 +1030
To: letters@lwn.net
Subject: Transmeta coverage


Hello folks at LWN,

I like LWN, a lot.  Your coverage of the Linux scene is excellent.

But what's this obsession with Transmeta, a hardware component
manufacturer?  It's not even an open source project: they are
yet to even publish the opcodes of their long instruction word
microcode.

The only link I can find it that it employs one Linus Torvalds
and lets him work on Linux.  But Transmeta is hardly the only
company that allows its staff to contribute to open source
projects.

Your current coverage is probably most unfair to developers of the
competing Alpha processor, who have been significant and continuous
contributors to the development of Linux.

I don't mind the occassional "Where is Linus now?" article but
breathless reporting of every Transmeta happening is too much.

Regards,
Glen

-- 
 Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 The revolution will not be televised, it will be digitised

   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds