[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Adobe pulls the plug on FrameMaker. Years ago, many of us were writing documents with a package called FrameMaker, produced by a company called Frame Technology. FrameMaker has a small but dedicated following; for certain sorts of tasks, such as the writing of large documents and books, it is one of the nicest tools available. The emacs-style key bindings were a nice feature as well. Frame Technology has long since been acquired by Adobe, but FrameMaker has remained one of the better Unix-based proprietary packages out there.

So many users were pleased to see that Adobe was finally making a FrameMaker beta available for Linux. Those users are less pleased now that Adobe has sent out this charming note saying that the beta period is over, the software is no longer available, and that beta copies will stop working at the end of the year. And, by the way, there will be no commercial release of FrameMaker to replace the beta. Linux users have one month to save their documents out in a different format.

Adobe is, presumably, pulling the plug because the results of the beta period indicated that the Linux market was not worth the trouble. That is surprising; FrameMaker has long been successful in the Unix world, and should have found a ready market on the Linux side. When surprises come along, it is worth considering for a moment what is going on.

In this case, part of the problem may have been, simply, lack of publicity. While vendors of other word processing systems have gone out of their way to insure that Linux users knew they were out there, Adobe has kept quiet about FrameMaker. No press releases, big color ads, or trade show booths. To hear about the FrameMaker beta, you just about had to be on one of Adobe's mailing lists or read LWN. Had Adobe worked harder to get the word out, it may well have been rewarded with more interest in the Linux port of its product.

Better publicity may well not have been enough, however. The sad fact is that people who want these proprietary packages on Linux have to be prepared to pay for them. Adobe evidently concluded that too few users had that willingness. Many Linux users will not be bothered if proprietary vendors decide to go elsewhere, of course, but let us remember that Linux is about choices. Proprietary packages are the preferred choice for many people, and their availability can only help to promote the use of Linux (and thus free software).

The other lesson to learn (again) from this episode, though, is that proprietary software has its price. Anybody who has invested in the use of FrameMaker on Linux is now out of luck. Those users must switch to another word processor or another operating system, or both. This is the sort of surprise that does not happen with free software. Development and support for an application can stop, but free software never simply picks up its marbles and goes home.

Linux users, of course, appreciate the benefits of free software and are busily making more of it. Could it be that the real reason for the withdrawal of FrameMaker is that we just don't need it? There is no free package which can replace Frame now, but it's less distant all the time. By the time the vendors of proprietary word processors figure out that they really do need to have a Linux product out there, they may find that they are too late and irrelevant.

Linux and viruses. Life may be hard for companies that are selling word processors for Linux, but they must have it easy compared to those who would sell us anti-virus systems. After all, the world has not yet been overwhelmed with reports of killer Linux viruses. Nonetheless, some people are trying.

Consider, for example, the folks at Kaspersky Labs. Their AVP for Linux Server package has been available for a while. It can perform some useful tasks, such as scanning for email-based viruses passing through to Windows victims. But it also claims to protect against native Linux viruses; as the product page says, "...new viruses for Linux appear every day."

That claim is clearly a bit over the top, as even Denis Zenkin, Kaspersky's head of corporate communications admitted to us. In fact, no "in the wild" Linux virus has ever been recorded by that company, leaving one to wonder exactly what AVP protects against. Kaspersky does maintain a list of known Linux viruses, which contains five entries. Again, none of them have ever been known to propagate and infect systems.

One can probably be justified in concluding that the threat is not all that great. After all, there are plenty of virus writers out there; there are also plenty of crackers looking for vulnerabilities in Linux systems. One would really expect to have seen at least one hostile Linux-based virus by now. Denis Zenkin disagrees; he told us:

I would add that as soon as this operating system will become a desktop standard or gain at least 50% of the Windows popularity there will be real 'wild' viruses... There is no absolutely secure environment and I believe as soon as Linux growing popularity will reach some limit malicious persons will turn their attention there.

Again, it is hard to believe that no malicious people have yet tried. For a lot of reasons, Linux systems are a difficult environment for viruses. A virus that runs on one system will have only limited access, and will have a hard time infecting files on even that one system. Propagation to another system requires getting over a whole new set of hurdles. Finally, free software writers are (usually) smart enough to avoid creating easy propagation mechanisms for viruses; in the case where they are not, others will close any holes quickly.

So Linux will probably never have the virus problems that certain other systems experience. That said, it would be foolish to assume that Linux is immune to such things. The Morris worm showed just how vulnerable we all can be, many years ago. Linux security holes do exist now. The drive to create bigger, fancier, component-oriented applications will certainly open up new vulnerabilities in unexpected ways. Sooner or later, somebody is going to figure out how to exploit a hole and create problems - at least for people who do not apply their security patches.

So, while we enjoy our relative immunity to viruses, it's probably wise not to be too smug. It's a hostile world out there.

Inside this week's Linux Weekly News:

  • Security: More modutils problems, BSD feedback, security advisories improving.
  • Kernel: Initializing to zero considered harmful; DProbes and LTT work together.
  • Distributions: Alpha support from SuSE, Red Hat, what about SPARC? Package management issues.
  • Development: Open Source Developer's Agreement, KDE League, Debian joins Gnome Foundation.
  • Commerce: Linus writes, shipping dates, and Europe votes down software patents.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


November 30, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

modutils issues remain. Back in our November 16th edition, we discussed security problems with modutils on both our Security and Kernel weekly pages. Modutils 2.3.20 was quickly released to try to resolve the problem, but the issues involved are not so simple.

This week, as part of the ongoing effort to resolve the issue properly, modutils 2.3.21 was released. It specifically fixes some side effects from the fixes applied in 2.3.20. Meanwhile, Adam Richter pointed out that even 2.3.21 only fixes half the problem.

Currently, querying a nonexistent network interface named, say, "eth0" results in a result_module call for "eth0". I want to change that to "if-eth0". This will make it impossible for users to pass things like "-C/my/bogus/modules.config", or to cause the loading of legitimate but buggy module to crash the system. The changes to modutils that Keith Owens posted address the former problem, but not the latter, which is a pretty real possibility given that our current builds install 786 modules.
Adam has requested feedback on his idea, so take a look and pass your comments back to him. While Adam's idea makes a lot of sense, it will also require every existing system to modify its modules.conf file. There are ways around that, but the potential for problems is very high.

BSD coverage feedback. We received twenty notes from readers regarding last week's editorial, Why Cover BSD?. The responses were uniformly positive, so you can rest assured our BSD coverage will continue. Four of those notes asked for more BSD coverage, including coverage outside the LWN Security page. We are taking those suggestion under consideration, but for now we'll move slowly. We've got friends over at Daemon News that are already doing a good job of global BSD coverage. As always, we prefer not to duplicate the work of others, but instead step in only when we think we can provide some unique perspective, value or service.

Still, in places like the Security page where a contrast of BSD information and Linux information provides a special value, you may indeed see increased coverage in the future.

Improved Security Advisories. We'd like to say that our November editorial, Credit Your Source, had a similar impressive response. However, we didn't see any unilateral change in advisories as a result.

So, since complaining apparently works poorly, we thought we'd take a different approach and use praise. Two distributions have improved their security advisories noticeably over the past two week, Debian and Immunix, and we pass them our grateful thanks.

Debian has standardized their header for security advisories, started numbering them and does a good job of crediting the person who originally reported the vulnerability. Many thanks! The addition of a URL or the forum in which that vulnerability was reported would also be useful, but let's not get picky. Their header also contains a new entry indicating whether or not the vulnerability is "Debian-specific". This is quite useful, something we've only previously enjoyed in FreeBSD advisories.

Immunix has also straightened up the look of their advisories, adding their own header, complete with numbering scheme and author. This week, they also included URLs to the relevant BugTraq postings. This is a noticeable improvement over the casual announcements they made previously.

Note we aren't holding the Debian and Immunix advisories up as examples of perfection, but their efforts to improve are much appreciated.

Signed code: Security or censorship? (ZDNet). ZDNet takes a look at Microsoft's plans for code signing. "Known as code signing, the technique links a software developer's name with a program or Internet applet using digital signatures. The code cannot be changed without destroying the signature, giving users a way to link a company with a program. If something goes wrong, the user will know whom to blame."

The article discusses concerns for possible misuse of code signatures (to punish a commercial rival, for example), its limitations in terms of providing real security and its impact on small developers. "Virus writers could still sign their code and cause it to execute as soon as someone installs another piece of software, he said. To the user, it would seem that the software he or she just installed caused the problem".

Security Reports

ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript this week, a symlink vulnerability and a shared library usage vulnerability. Both could potentially lead to elevated privileges. We don't know exactly who to credit for finding these problems; the distribution advisories were the first notice of them we saw and none of them either claim credit or offer it elsewhere.

This week's updates:

koules buffer overflow. Guido Bakker reported a buffer overflow in koules, an arcade-style game authored by Jan Hubicka, which could be exploited locally to gain root privileges.

This week's updates:

bash tmpfile vulnerability. Reports of ways in which the Unix /bin/sh could be exploited, via its use of temporary files, led to an examination of Linux' bash. That turned up very similar problems. The vulnerability can be used to overwrite arbitrary files, particularly a problem when root runs bash. This week's updates:

pine remote code execution. In October, FreeBSD released a report of a pine buffer overflow that can be exploited remotely to execute arbitrary code via a specially-crafted mail message. Unfortunately, we mixed up that report with an earlier pine problem reported in September, that was not as serious. Since then, we've been listing updates for both problems together, with an inaccurate description. Please accept our apologies for the confusion. The following packages prevent the remote exploit as well as fixing the earlier pine problem.

This week's updates:

Previous updates:

syslog-ng remote denial-of-service. Balazs Scheidler posted an advisory this week for a remote denial-of-service vulnerability in syslog-ng. Check the syslog-ng home page for syslog-ng news. All versions prior to and including syslog-ng 1.4.8 are vulnerable. syslog-ng 1.4.9 and higher are no longer vulnerable.

twig remote execution of arbitrary code. João Gouveia posted an advisory on BugTraq this week pointing out twig, a GPL'd "Web Information Gateway", can be used to execute arbitrary code on a server under the uid of the httpd server. Shaun Clowes followed up with a suggested workaround to use until a new version of twig has been released.

ed symlink vulnerability. Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.

This week's updates:

fsh temporary directory vulnerability. fsh, a "fast" rsh/ssh/lsh tool, uses a directory under /tmp to hold its sockets. Colin Phipps examined the program and reported how this could be exploited via a symlink. Patched versions of fsh have been made available for Debian.

This week's updates:

identd. A buffer overflow in identd was reported by Niels Heinen. He used the SuSE platform to demonstrate the vulnerability. The SuSE Security Team followed up the report and confirmed multiple problems in the code. Updates from SuSE, and other impacted distributions, should show up over the next week.

cons.saver file overwrite vulnerability. Maurycy Prodeus reported a problem in cons.saver which can be used to write a NUL character to the file given as its parameter. The problem has been fixed in version 4.5.42-11. New versions of mc are being distributed with this fix.

This week's updates:

elvis-tiny /tmp file vulnerability. Debian reported a problem in elvis-tiny caused by the creation of files in /tmp in an insecure manner, which was discovered by Topi Miettinen during an audit of the code. They have issued updated packages with a fix for the problem. Any distribution using elvis-tiny will also require an update.

Secure Locate buffer overflow. Michel Kaempf reported a buffer overflow in Secure Locate (slocate) this week. Secure Locate 2.3 should fix the problem. However, Olaf Kirch pointed out other potential problems that still remain.

xmcd untrustworthy privileged binaries. A Debian-specific vulnerability in xmcd was reported this week. The xmcd package installs helpers for accessing cddb databases and SCSI CDrom drives. Two of the helper binaries were installed setuid. The previously reported ncurses buffer overflow allowed these two binaries to be exploited. Check the ncurses update below for a link to Debian's just-released fix for ncurses as well.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • Watchguard Firebox II, denial of service vulnerability reported last week. Watchguard has released a fix, as promised.
  • Nokia IP440 Firewall-1/IDS, multiple vulnerabilities that can be used to cause the appliance to crash. The vendor has been notified, but no response has been posted.
  • WebMail attachment theft. The vendor is reported to have a fix for the problem.
  • Cisco 675 DSL router, a denial-of-service vulnerability was reported to Cisco eleven months ago. No fix is yet available.
  • Sonicwall SOHO firewall is vulnerable to a denial-of-service attack via its built-in webserver. The vendor has been notified and promises a fix in the next firmware release. In the meantime, disabling external access to the webserver is recommended.

Updates

ethereal buffer overflow. Check last week's Security Summary for the initial report of this problem. An update to ethereal 0.8.14 should fix this problem.

This week's updates:

Previous updates:

joe symlink vulnerability. Check last week's Security Summary for the original report.

This week's updates:

  • Red Hat, Alpha packages added for RH7
Previous updates:

Local root exploit problem in modutils. Check the November 16th Security Summary and Kernel Page for the original report and details. Note, however, that the updates listed below include either modutils 2.3.19 or modutils 2.3.20. As mentioned above, modutils 2.3.21 has been released with still more fixes.

This week's updates:

Previous updates:

Hostile server vulnerability in OpenSSH. Check the November 16th LWN Security Summary for details. Upgrading to 2.3.0 is recommended.

This week's updates:

Previous updates:

fetchmail AUTHENTICATE GSSAPI bug. Check the November 16th Security Summary for the original report.

This week's updates:

  • Red Hat, Alpha packages added for RH7
Previous updates:

Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.

This week's updates:

Previous updates:

nss_ldap race condition. Check the November 2nd LWN Security Summary for the original report and the November 9th LWN Security Summary for a correction to our original report.

This week's updates:

  • Red Hat, Alpha packages added for RH7
Previous updates:

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

Previous updates:

Red Hat cyrus-sasl authentication problem. Check the November 2nd Security Summary for the original report. Only Red Hat 7 is impacted.

This week's updates:

Previous updates:

curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported in October.

This week's updates:

  • Red Hat, Alpha packages added for RH7
Previous updates:

Format string vulnerabilities in PHP. Check the October 19th LWN Security Summary for the original report. PHP 3.0.17 and 4.0.3 contain the fixes for these problems.

This week's updates:

  • Red Hat, Alpha packages added for RH7
Previous updates:

ncurses buffer overflow. Check the October 12th LWN Security Summary for the initial report of this problem. Updates for this vulnerability continue to trickle in more slowly than usual.

This week's updates:

Previous updates:

usermode inherited environment variable vulnerability. Check the October 12th LWN Security Summary for details.

This week's updates:

  • Red Hat, Alpha packages added for RH7
Previous updates:
  • Red Hat (October 12th)
  • SuSE (not vulnerable) (October 12th)
  • Immunix (October 12th)
  • Linux-Mandrake (not vulnerable) (October 12th)
  • Kondara (October 19th)
  • Red Hat, updated advisory with fixes for an incorrect specification in the /usr/bin/shutdown wrapper and an additional security vulnerability in the userhelper binary. (November 16th)

gnorpm tmpfile link vulnerability. Check last week's LWN Security Summary for more details.

This week's updates:

  • Red Hat, Alpha packages added for RH7

Previous updates:

Resources

ICMP error message use in fingerprinting. Ofir Arkin posted a description of using ICMP error messages in fingerprinting.

Events

Upcoming security events.
Date Event Location
November 26-December 1, 2000 Computer Security 2000 and International Computer Security Day (DISC 2000) Mexico City, Mexico
December 3-7, 2000. Asiacrypt 2000 Kyoto, Japan.
December 3-8, 2000. LISA 2000 New Orleans, LA, USA.
December 10-13, 2000. INDOCRYPT 2000 Calcutta, India.
December 11-15, 2000. 16th Annual Computer Security Applications Conference New Orleans, LA, USA.
December 20-21, 2000. The Third International Workshop on Information Security University of Wollongong, NSW, Australia.
December 27-29, 2000. Chaos Communication Congress Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


November 30, 2000

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is still 2.4.0-test11. Some users are complaining about disk corruption problems with this release, so beware. With luck, that problem is fixed in the 2.4.0-test12-pre3 prepatch, which is the latest from Linus. The new arrival in Linus's house is having the expected effect; he has had a low profile on the mailing lists, and the rate of releases has slowed somewhat.

Alan Cox has been trying to take up some of the slack by putting out "ac" releases. The latest as of this writing, however, is 2.4.0-test11-ac4, which was released on November 25.

The current stable kernel release is 2.2.17. The current 2.2.18 prepatch is 2.2.18pre24. It appears that the remaining issues with this release are mostly solved, so a real 2.2.18 could perhaps come out before too long.

The great zero-initialization battle. It may well be that the code freeze is going on for too long. One of the big fights this week isn't over something interesting like reiserfs or capability models; instead, people are arguing over lines of code like:

    static int some_variable = 0;
There have been a few patches recently (like this one which have removed the = 0 part. The reasoning is that such variables are initialized to zero anyway, so the explicit initializer is redundant. Explicit initializers are also stored in the resulting executable, resulting in a larger kernel image. Without the initializer, the code is equally correct and smaller.

There are a couple of opposing viewpoints, of course. This is linux-kernel, after all. One of those says that it is unsafe to rely on the compiler to perform implicit initialization. That might be true, except that, in the kernel, the compiler has nothing to do with it. The zeroing of the BSS code is done by the kernel startup code itself, and is fully under the control of the kernel programmers.

A more interesting viewpoint comes from those who see an explicit initializer as information for the programmer as well as for the compiler. Initializing a variable to zero is a sort of comment that says that the variable's starting value is important, that some code somewhere depends on that initial value. If you see things this way, the removal of initializers makes the code harder to understand and, perhaps, more easily broken. See, for example, this note from Andries Brouwer on the role of initializers in his code.

The ultimate decision on such patches, of course, rests with Linus. He has not expressed a general opinion on removal of initializers, but has accepted such patches in the past.

Dynamic Probes and the Linux Trace Toolkit play together. IBM's Richard Moore announced this week that the Dynamic Probes patch would now work with the Linux Trace Toolkit by Karim Yaghmour. It has the look of a powerful combination. Dynamic Probes provides the ability to attach a software hook anywhere in a running system - be it in user space or in the kernel. The Linux Trace Toolkit, instead, is a facility for tracing and logging of system events. The combination of the two makes the tracing and logging universal, and monitoring any part of the system becomes easy. See Karim Yaghmour's followup note for one example of how the trace functionality can be used.

Low Latency in the Linux Kernel (O'Reilly Network). The O'Reilly Network is running an article by Dave Phillips on reducing latency on Linux systems. "I have some good news for users and programmers alike: A simple user-applied patch to the Linux kernel sources (and an uncomplicated disk tune-up) can reduce latency times to under 4 msec. Programmers can easily exploit this new low-latency condition by setting scheduler priority from within their applications, achieving performance with latency well within professionally acceptable limits. This article will show you what's involved and how you can do it yourself."

On elevators and I/O schedulers. Last week's discussion on the Linux elevator algorithm could benefit from a couple of additions. The first is the simple observation that the term "elevator" should, perhaps, be replaced with "I/O scheduler." As pointed out last week, the Linux algorithm is not a true elevator, and using that term can confuse the discussion.

Jens Axboe has a patch to the I/O scheduler (called blk-11 for the 2.4.0-test11 kernel) which addresses some of the problems that people have seen. It starts by adjusting the sequence numbers, as discussed last week. But it goes further by also taking into account the size of I/O requests (an operation that has to wait behind a very large request will get more credit) and applying a simple aging algorithm as well. The result should be fairer scheduling, with fewer starvation problems. (Of course, most users don't see such problems now). The patch also addresses some other problems in the block I/O queueing mechanism which can cause poor performance in very busy situations.

LWN reran its highly scientific tests from last week using the blk-11 patch; here's an updated table with the new results:

Test Read/Write
latency
Clock time
Kernel
compile
1M/2M3:58
500/10003:54
0/03:48
blk-113:46
Copy 1M/2M7:17
500/10007:15
0/07:37
blk-117:21
Compare 1M/2M10:00
500/100010:01
0/08:16
blk-119:44/7:29

The second number in the "compare" case is with the latency values set to zero (the rest used the defaults).

Other patches and updates released this week include:

Section Editor: Jonathan Corbet


November 30, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Red Hat Linux for SPARC?. A discussion this week on the sparc-list centered around the plans of some people to move either to OpenBSD, which has official support for SPARC, or to SuSE Linux, which, among others, also supports the SPARC platform. Vincent Cojot then pointed out that Red Hat's Rawhide distribution still contains SPARC support and pondered whether the lack of a Red Hat 7 on SPARC did not, in fact, preclude the possibility of a Red Hat 7.1 on SPARC.

Rather than just speculate, we called Red Hat and asked. Current policy is to continue to support SPARC in the Rawhide distribution, making it freely available for those willing to download and use this development snapshot. However, a shrink-wrapped version of 7.1 for SPARC will not be released unless there is "sufficient customer demand".

So options for SPARC users abound; use Red Hat's Rawhide development, bang on Red Hat for a stable SPARC release, or, as suggested on sparc-list, move to another distribution with a more solid commitment to the platform. Possibilities in the Linux arena include Debian, Linux-Mandrake, and SuSE.

It is understandable that Red Hat does not want to pay the cost of producing shrink-wrapped boxes that won't sell. On the other hand, there is another reason to support the SPARC architecture. To gain or hold onto the role of leader in the Linux business, it is necessary to be perceived as a "one place shop", e.g., people don't want to run Red Hat on Intel, Linux-Mandrake on SPARC and SuSE on the Alpha. Even as similar as Linux distributions are, there are minor quirks between them that mean sys admins will prefer to use only one primary Linux distribution. Red Hat, in choosing to make their support for the SPARC platform weak, has opened up a chink in their armor, in their market lead, that other distributors will be happy to exploit.

Linux Package Management Needs a Wakeup Call (LinuxToday Australia). LinuxToday in Australia took a look at the competing standards for package management, focusing on Red Hat's RPM and Debian's apt-get. "Unfortunately, if you're a developer, you have to supply your software in both .rpm and .deb if you really want to make a Good Impression on the Linux community. Some commercial developers actually do this, leaving Debian and Red Hat users happy, and users of other distributions grumbling. Are you running Slackware? Stampede? Sorry, you're out of luck. Even SuSE has problems installing many .rpm packages." (Thanks to Andre Pang)

Note that, in the long run, it is the distribution vendor who has an obligation and an incentive to support multiple package formats. SuSE, Caldera and other systems that use RPM, yet do not seamlessly install software distributed in RPM format, are paying a price. Right now, they each develop their own repository for rpms, an overhead cost that multiplies as applications continue to proliferate. In addition, it is a base principle for all operating systems that the more applications that work on your system, the more in demand your system will be. If commonly-distributed rpm files don't work on your distribution, consider it a bug and get the problem fixed.

Meanwhile, the true winner will likely be the first distribution that can handle both rpm and .deb files. We know that Debian is working on improvements to make this possible, but we haven't heard of similar work going on within the RPM-based distributors, at least so far. It's just a software format -- the solution should not be that hard to produce.

BSD to leapfrog Linux? (ZDNet). With an introduction obviously meant to fan BSD vs. Linux flames, this article from ZDNet is actually more about the growth of BSD through its five major distributions - FreeBSD, OpenBSD, NetBSD, BSDI and Darwin. "FreeBSD and OpenBSD have about 4,100 and 1,000 packages, respectively, in their "ports collections," while NetBSD has about 2,000 in its "package source collection." Coleman and openpackages.org hope to standardize on an effective admininstrative tool and packaging format for all the BSDs that could simplify BSD administration and make more software available to all BSD users."

New Distributions

The following distributions were spotted for the first time this week:
  • Astaro Security Linux, based on "a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities" and providing firewall, packet filtering, VPN with IPSec and other services.
  • Circle MUD Linux, a three disk mini-distribution for running the Circle MUD Server.
  • Floppy ISDN, a single-floppy distribution that provides the functionality of an ISDN router.

Distribution Reviews

Linux bundle group test (IT Reviews UK). Last week IT Reviews did a side by side comparison of the five leading Linux distributions - Corel, Mandrake, Red Hat, SuSE, and TurboLinux. "Corel is a desktop operating system at heart, with few server features, but would fit in well with existing Microsoft machines on a network. But for us, the clear winner for use on workstations was Mandrake. This new version delivers even greater ease of use than the renowned version 7.1. It offers a well thought-out graphical installer, DrakX, with good features, excellent hardware detection and support, well thought-out default configuration of the desktop environments, and a broad range of software packages."

General-Purpose Distributions

Best Linux News. A review of Best Linux was published this week. The Duke of URL took a look at Best Linux 2000 R2. "BestLinux brings two main things to the table, extensive language support and a beautiful new installation program - both of which are top notch."

Eridani News. Eridani Linux 6.3 was released this week. Eridani is a Red Hat-based distribution out of of the U.K. This latest version is built on both Eridani 6.2 and Red Hat 7. "As before, we have all the updates and security fixes that have been released by Red Hat, we have this time attempted to steer a mid-way path of providing up-to-date components while using a known stable base (and a compiler that can compile the kernel ;-)".

Nedit, licq, gnapster, KDE2 and other additional packages are also included. For more information on Eridani, please check out their Distributions Survey, which they were kind enough to fill out and return to us today.

Debian News. Debian joins GNOME Foundation. An official announcement from the Debian Project has been released stating that project's recent acceptance of an invitation to join the GNOME Foundation's Advisory Board.

Due to our early publishing schedule last week, we have two editions of the Debian Weekly News available for your reading pleasure this week: November 22nd and November 29th. The latest news is the implementation of package pools for Debian's non-US archive. The process seems to be going well.

Embedded Debian got a boost this week when the Information and Communication Theory Group of the Delft University of Technology announced they had Debian GNU/Linux 2.2 running on their LART embedded system. The LART is based on the Intel SA-1100 StrongARM processor, and produces around 250 MIPS of performance on less than 1 Watt of power.

The original driver to get the system going the first time was from the ARM Linux project, but then Debian was chosen to complete the project, because it is supported by more applications.

Red Hat News. Red Hat Linux 7 is now available for the Alpha platform. Red Hat, Inc. announced this release in conjunction with Compaq. In addition, the press release notes that Red Hat Linux 7 is now bundled and pre-loaded on selected Compaq ProLiant Servers and selected Compaq Deskpro models.

Along with the announcement, Red Hat also released four bug-fix announcements and fourteen updated security announcements, in order to provide updates for the new Alpha version. We asked them about the large amount of updates to a brand-new product. Erik Troan commented, "We included all of the security fixes which were available when we cut the gold master. As the gold master was cut many weeks ago to allow time for production, recent fixes weren't yet available for inclusion".

Check this week's Security Summary for links to the related security updates and descriptions of the security problems they fix. Below are the four recommended bug fixes that should be applied after installation.

  1. glibc
  2. mod_perl
  3. mod_roaming
  4. nmapfe

With Red Hat's stock near its lowest point since its IPO, Upside decided now was a good time to check with Red Hat CEO Matthew Szulik about where the company is and where it can go. "We're a sheer open source play. That's purely the business that we're in. During the road show, somebody asked me when we're going to give up this open source gimmick, which couldn't be farther from the truth. We are deeply committed to open technology deployment, as well as the licensing model and the viability of our offerings."

Red Hat Center, a non-profit foundation, announced a gift in the amount of $100,000 to Cornell University's Legal Information Institute (LII) to fund improvements to LII's web site. The grant enables LII to write software that will let web users read any portion of the U.S. Code as it was in effect at particular points in time.

SuSE News. SuSE Linux 7.0 for Alpha is now available. SuSE released version 7.0 of their distribution for the Alpha processor today. SuSE Linux also supports Intel and PowerPC as well as the SPARC and S/390 architectures.

Special-purpose boot floppies have been made available for SuSE users to help with a couple of different problems. If you're having difficulty installing SuSE on a system with an ASUS A7V motherboard, take a look at this boot disk for the ASUS A7V. If you're trying to support the latest ServeRAID controllers, this ServeRAID boot floppy should be of assistance.

In both cases, instructions for updating the kernel or drivers after installation are also provided, so that your system will continue to support this hardware correctly.

Embedded Distributions

Hard Hat Linux News. Hard Hat Linux from Montavista won the Penguin Playoff Awards for for "Best Embedded Solution" this week. The Penguin Playoff awards are jointly sponsored by Linux Journal and the Linux Business Expo. Hard Hat's extensive development tools, which are Free Software, were mentioned as a key factor in the award.

Montavista's commitment to Open Source and its choice to make its tools Open Source, rather than proprietary, sets it apart from several of the other key players in the Linux embedded market.

Mini/Special Purpose Distributions

The following mini/special purpose distributions released updates this week:

Section Editor: Liz Coolbaugh


November 30, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


News and Editorials

The System Administrator's Guild of Australia, SAGE-AU has written a document titled the The Open Source Developer's Agreement that addresses some of the issues that developers will face when writing open software while working for commercial entities. (Thanks to Andrew van der Stock, SAGE-AU President). It's an interesting issue that concerns anyone with an employment contract that gives their company rights to employee software developments. Corporate lawyers can have a rather quick, freezing effect on employees who want to work on open-source projects, and could possibly bring a halt to the project itself. SAGE-AU has provided several suggested clauses for insertion into new employment contracts. Current employees may have a tougher time changing existing agreements. Forward-thinking companies will surely see the benefits of having open-source project contributors on the payroll, and could adopt the necessary contract changes for current employees.

Browsers

Galeon 0.8.1 available. Version 0.8.1 of the lightweight Galeon browser is available from SourceForge, rpms are available on the Galeon Download page.

Beonex, a Mozilla variation. Ben Bucksch has announced Beonex, a web browser based on Mozilla. "Mozilla.org is chartered to produce source code only, enabling distributors (or "vendors") to create applications based on Mozilla code. While fulfilling this role, it also creates binaries, but officially, they are only intended for testing, not end-users." The aim of the Beonex project is to make Mozilla more accessible to corporate and non-technical users.

Education

Seul Report 33 (SEUL.org). The November 20 issue of the Simple End User Linux/edu report is out. This issue discusses desktop publishing under Linux, and mentions several new open-source educational programs.

Electronics

gEDA tool updates. The gEDA site has announced new versions of Icarus PAL, the gEDA PAL programming software, gwave, a waveform viewer program, and Icarus Verilog, a Verilog compiler.

Games

Open Game Source: Bt Builder. A review of Bard's Tale Construction Set, the package designed to aid in developing single-player role playing games, gives rise to an alternative open source implementation by the author of the review.

Embedded Systems

Embedding Linux in a DiskOnChip (LinuxDevices.com). Adapted from John Lombardo's upcoming book, Embedded Linux, which will be published by New Rider's press in 2001, this article from Linux Devices.com talks about putting together a kernel image targeted at an M-Systems DiskOnAChip flash device. "This article guides you through the process of building a custom Linux image and installing it on the DiskOnChip in such a way that you will not violate the GPL. The image will be bootable and you will be able to distribute the hardware without any sort of spinning media; hard drive, floppy drive or CD-ROM."

Embedded Linux Newsletter - November 23rd, 2000 (LinuxDevices.com. The weekly Embedded Linux Newsletter is out. Topics include an GUI/Windowing Quick Reference Guide and an interview with the CEO of Esfia.

Interoperability

Wine Weekly News #70 and #71. The November 21, 2000 issue of the Wine Weekly News is out, the quest for clean DLL separation is the main topic in this issue. The November 27, 2000 issue is also out, there is some discussion on the state of Corel and rumors of Wine code being used by Microsoft.

Network Management

OpenNMS Update - Volume 1, Issue 36. The latest issue of OpenNMS Update has been published. Topics include the scheduled code freeze, hints of Sun's Java Shared Data Toolkit (JSDT) going open source, and an updated time-line for OpenNMS.

Office Applications

AbiWord Weekly News - November 24, 2000. The latest edition of the AbiWord Weekly News has been published. News this week includes CJK support, improvements to the Word import capabilities, and a new release schedule.

On the Desktop

The KDE League, Explained. For those who haven't seen it, here's a discussion of the reasoning behind the KDE League by core developer Chris Schlaeger. "So promoting KDE is almost as important as working on KDE. Recent studies show that KDE is used on more the 70% of all Linux desktops. We could fight for those remaining 30% but given that Linux has less than 5% of the overall desktop market we should rather target the 95% of desktop users than compete with our friends from the GNOME project. Just converting 5% of Windows users will get us more KDE users than converting all GNOME users. But those users know little about Open Source, Linux or KDE and posting to some mailing lists won't change this. To address those users we have to communicate through other channels that we have little experience with." Worth a read.

The People Behind KDE: Chris Schlaeger and Lars Knoll (KDE.org). KDE.org has run a few more articles in the series on the People Behind KDE, this week features Chris Schlaeger. Also see the article on Lars Knoll, which was published last week after LWN went online.

AudioCD KIOSlave Debut. Here's a bleeding edge tool that allows you to browse audio CDs in Konqueror. Hooks for CDDB support have been included, but the actual code has yet to be written.

KDE 2.0.1 and 2.1 beta (KDE Dot News). According to KDE Dot News, the 2.0.1 bugfix release of KDE is due out on December 4th. A 2.1 beta release is scheduled for release a few weeks later.

Debian joins GNOME Foundation. An official announcement from the Debian Project has been released stating that project's recent acceptance of an invitation to join the GNOME Foundation's Advisory Board.

First preview release of GNOME Metatheme. The first preview release of GNOME Metatheme, a system that allows easy creation, updating and saving of GNOME themes, has been released. Metatheme development is being sponsored by Helix Code.

Simple ASP support in GNOME Basic. Version 0.0.16 of GNOME Basic, aka GB, has been announced. "There is now simple support for Active Server Pages(ASP) in GB which takes us one step further in getting Apache feeling more like that webserver from Redmond." We hope that they proceed cautiously with that goal.

Science

Free and Open Source Basics (Linux Med News). Linux Med News has published an article that explains open source basics to the uninitiated. This is a good summary of the differences between open-source and closed-source software and can clear things up for people who are new to this world. A good read and worth forwarding.

Web-site Development

Midgard Weekly Summary. Here's the Midgard Weekly Summary for November 23. It covers a new demo site that will be packaged with Midgard, and the upcoming 2.0 release.

Zope 2.2.4 released. Version 2.2.4 of the Zope web publishing system has been released. This version fixes a permissions error that showed up in version 2.2.3, and includes a few more bug fixes as well.

Section Editor: Forrest Cook


November 30, 2000


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


C

DISLIN Data Plotting Software. Version 7.4 of the DISLIN Data plotting package has been released. "DISLIN is a high-level and easy to use plotting library for displaying data as curves, bar graphs, pie charts, 3D-colour plots, surfaces, contours and maps. Several output formats are supported such as X11, VGA, PostScript, CGM, HPGL, TIFF, PNG and Prescribe." Sounds useful.

Java

Jython 2.0a1 released. Version 2.0a1 of Jython, the Java based Python compiler, has been released. This version includes numerous bug fixes and better compatibility with CPython 2.0.

Java Language Essentials tutorial (IBM DeveloperWorks). IBM's DeveloperWorks has an online tutorial available that gives an introduction to the Java language. "This tutorial introduces the Java programming language. It includes examples that demonstrate the syntax of the language in an object-oriented framework, along with standard programming practices such as defining instance methods, working with the built-in data types, creating user-defined data types, and working with reference variables." Registration is required.

Java Media Framework 2.1.1 b2 released. Blackdown has released JMF version 2.1.1 b2 for Linux/i386. "The Java Media Framework (JMF) is an API for incorporating audio, video and other time-based media into Java applications and applets. It is an optional package that extends the multimedia capabilities on the Java2 platform."

Perl

Cultured Perl: Debugging Perl with ease (IBM DeveloperWorks). In an IBM DeveloperWorks article, Teodor Zlatanov writes about debugging perl programs. Generic code debugging is described as well as the use of the built-in Perl debugger and the CPAN Devel::ptkdb package.

PHP

PHP Weekly News for November 27, 2000. Issue 13 of the PHP Weekly News is available. Topics include passing by reference, compressed output buffering, and work on the official PHP language specification.

Python

Dr. Dobb's Python-URL! - November 28th, 2000. The weekly edition of Dr. Dobb's Python-URL! has been published. Topics include a beta release of weak reference extensions and ALPY, a Python wrapper for Loki's OpenAL audio interface.

Python.Scripting.Com, new web site. Python programmers may want to take a look at Python.Scripting.com, a web site produced by UserLand Software, Inc. who intend to publish scripts on XML-RPC and SOAP. The site has lots of useful information on Python.

PyXML version 0.6.2 released. Version 0.6.2 of PyXML, the Python XML toolkit is out. PyXML consists of various Python XML tools such as XML parsers, DOM and 4DOM interfaces, and more.

Smalltalk

Smalltalk Industry Council directions. Phil Hartley, executive director of the Smalltalk Industry Council (STIC) discusses the role of STIC in bringing Smalltalk advocates together.

Tcl/tk

Dr. Dobb's Tcl-URL! (November 27th, 2000). The weekly edition of Dr. Dobb's Tcl-URL! has been published. Topics include the release of TclPro as open source software and scripting examples using round() and int().

Emulators

Daisy: an open-source JIT compiler for large machines (IBM DeveloperWorks). In an article on IBM's DeveloperWorks, Maya Stodte discusses the DAISY project. "Emulation projects like DAISY are born when binary translation and just-in-time compilers meet together with a set of core architectural features. Although Transmeta uses a similar approach, their proprietary product only runs on a much narrower underlying machine. (And it's not open source anyway!) With user-transparency, 64 general purpose registers, and program parallelism, DAISY can make translation to VLIW and EPIC a piece of cake. Well, almost."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


What should we expect from commercial distributions?. LinuxOrbit carried an article this week covering LinuxMandrake's release of their 7.2 distribution. In the article the author talks about Mandrake's decision to include the last KDE beta (version 1.99) in their latest box set instead of the official 2.0 release. This decision is said to have been made to meet Linux-Mandrake's shipping deadlines.

Did I say KDE 2.0? Oops, I meant to say KDE 1.99. See, MandrakeSoft had to have its new retail OS ready to ship to stores by a certain date, and in order to do so, they stuck KDE's final beta in the box, instead of waiting for the final release. That's not very good business practice in my book. Now, in MandrakeSoft's defense, they did put the version containing the full KDE 2.0 release in later boxed sets, and on their FTP site. There was also a notation on the packaging, stating that it contained the beta version of KDE 2.0, but those things can't help you when you when you are ordering off the web, or if you don't have fast web access

Not a good business practice? That seems a bit much. It will prove difficult for commercial distributions to arrange to have 3 or 4 thousand open source projects make their projects' public releases coincide with the distributions' own shipping schedules. Most projects don't have anyone in charge to set schedules, not to mention developers interested in actually adhering to them.

Of course distributors can't get the latest version of each package in every release. Linux projects don't follow each others' release cycles, much less those of individual distributors. Buyers of packaged distributions must expect that some distributions will come with beta versions of some popular software. In the long run many Linux distributions may begin to focus on key projects such as KDE and GNOME and base releases primarily around those projects. However, neither KDE or GNOME is ready to meet specific deadlines yet, so consumers will still see some rough edges in some of the most important pieces of the total package. Hard though it may be to swallow, it's the truth: open software is no better at releasing public versions than commercial software. At least not yet.

But expecting Linux distributions to be able to match the moving targets that are open source release dates is unreasonable. Who, for example, could have know it would take almost 2 years to make the final 1.2 release of the GIMP?

HarperBusiness Signs Book By Linux Creator. HarperBusiness, a division of HarperCollins, announced that it will publish a book by Linus Torvalds. Torvalds will give an inside account of how he came to write the Linux kernel in JUST FOR FUN: The Story of an Accidental Revolutionary, co-written with David Diamond, to be published by HarperBusiness in 2001.

Interwoven releases TclPro as open source. As had been hoped, Interwoven (the company that acquired Ajuba Solutions) has released TclPro under the BSD license. Source is available now on SourceForge.

Europe votes against software patents - for now. Here's a bulletin from the EuroLinux Alliance (also available in French) stating that most of the countries of the European Patent Convention have voted against extending patent protection to software. This is an important victory, but it's not yet the end of the story. Now the European Commission will continue its consultation on software patents, at which point the issue will be considered again.

IBM, Linux, and Structural Bioinformatics. Here is an announcement from IBM that it has made an (undisclosed) equity investment in a company called Structural Bioinformatics. Not coincidentally, said company has announced that its future developments will be done using IBM's DB2 on Linux. DB2 will be handling a substantial job - there's over two terabytes of protein structure data to be managed.

5NINE Announces WAPLinux.org. 5NINE announced the launch of WAPLinux.org, an open source development project for modifying the Linux kernel to fully support the Wireless Application (WAP) protocol and bearers such as the Short Message Service (SMS), Mobitex and third generation (3G) technologies such as the Universal Mobile Telecommunications System (UMTS).

EBIZ Announces 37% Revenue Increase for 1st Quarter. EBIZ Enterprises Inc., a vendor-neutral Linux solutions provider, announced a 37% increase in revenues, 46% increase in gross profit margin and a 60% decrease in losses for its fiscal first-quarter which ended Sept. 30, 2000 compared to the 4th quarter of fiscal 2000 which ended June 30, 1999.

SGI OpenGL Performer 2.4. SGI announced the OpenGL Performer 2.4 application programming interface (API) upgrade for both IRIX and Linux operating systems.

Oracle Gets Top Marks in Linux Database Survey. Zona Research, Inc. posted polling results that show Oracle8i(TM) is the Linux database of choice for e-business. A survey of 109 IT professionals found that Oracle8i ranked highest in Linux database deployments over nearest-rival IBM.

Open Motif ported to IA64 TurboLinux. ICS has ported Open Motif to run on Intel's IA64 (Itanium) architecture running TurboLinux. (Thanks to Mark Hatch)

Oracle pushes NIC for Christmas. "In time for holiday shopping" The New Internet Computer Company has put out this press release on what a great deal the (Linux-based) NIC Internet Computer is. Linux is now being pushed as a Christmas present...

Press Releases:

Commercial Products for Linux

  • Micro Firmware, Inc. (NORMAN, Okla.) announced the availability of its ATA PRO UDMA card, a 32-bit PCI Personal Computer add-in card with two UDMA-100/Ultra ATA-100 IDE interfaces. Driver support for Linux is freely available.

  • The Random Factory released the first in their series of Linux for Biotechnology CD sets.

  • Sangoma announced support for RFC compliant ethernet bridging over Frame Relay.

Products and Services Using Linux

  • Forlink Software Corp. (BEIJING, China) has become the number one local mail system provider in China, according to the results of CCID Consulting's most recent market survey on enterprise-scale mail systems.

  • Performance Technologies, Inc. and Motorola Computer Group (ROCHESTER, N.Y. and TEMPE, Ariz.) announced they are working on high availability SS7/IP- signaling gateway solutions for Motorola's Aspira systems. PTI will integrate its MicroLegend SS7/IP distributed software architecture stack and CompactPCI CPC380 network I/O access modules with MCG's high-availability, Linux-based, CompactPCI CPX8216 hardware platform for use in wireless systems being built for Motorola's Aspira architecture.

  • Trustix AS (TRONDHEIM, Norway) announced the release of XSentry Firewall 1.5, a network security administration firewall.

Products with Linux Versions

  • Artificial Life (BOSTON) announced the release of a new data mining product: ALife-Logator. The product is designed to help companies analyze the natural language conversation log files of their client discourses with the Artificial Life software robots, such as ALife Webguide.

  • Evans & Sutherland (SALT LAKE CITY) announced that the company's PC-based image generator, simFUSION, now has the capability to run SGI's IRIS Performer software.

  • T3 Software Builders, Inc. (ROCKVILLE, Md.) announced the release of SiteMaestro which is used monitor computer systems and networks using a web browser.

Books and Training

  • Hungry Minds (NEW YORK), formerly IDG Books Worldwide, published Red Hat Linux 7 Bible, Unlimited Edition. The first in a series of Unlimited Editions, this 900 page book will be updated on the web on a continuing basis.

Partnerships

  • Axis Communications (LUND, Sweden) announced three technology partnerships in which Axis' technology platform is to be sold for use in safety and security services via broadband, in industrial applications based on Bluetooth, and for mobile positioning. The customers are Trygghetsbolaget, Free2move and Translogic Consulting & Service.

  • GraphOn Corp. (MORGAN HILL, Calif.) announced it has signed an OEM licensing agreement with Caelus Inc. to web enable the Caelus Management System suite of software products using GraphOn's Bridges software.

  • iMimic Networking Inc. (HOUSTON) announced a license agreement for the Web Caching software with Cintel Co., Ltd, a Korean company.

  • Metro Link (FORT LAUDERDALE, Fla.) announced it has been selected to become a premiere partner in ATI Technologies, Inc. Technology Access Program (TAP).

  • Multi-User Solutions (ATLANTA), a subsidiary of Computone Corporation, announced that its has finalized an agreement with UnionBuiltBox to provide on-site services to customers of UnionBuiltBox's Linux based Athlon computers throughout North America.

  • RedWire (London, UK) RedWire Limited anounced it has signed a Distribution / Partnership agreement with Pyramid Computer Systems of Germany.

  • SGI (MOUNTAIN VIEW, Calif.) and AEA Technology announced that they are cooperating to provide solutions for fluid flow analysis compatible with the 64-bit Itanium processors.

  • StorNet, Inc. and Legato Systems, Inc. (ENGLEWOOD, Colo. and MOUNTAIN VIEW, Calif.) announced that they have extended their relationship under Legato's Premier Enterprise Solution Partnership program to add new networked storage services and products designed for SAN and NAS environments.

Investments and Acquisitions

  • EnReach Technology, Inc. (LOS ANGELES) announced today an investment from Sojecci Ltee, the former majority shareholder of Le Groupe Videotron Ltee (Videotron), a Canadian cable operator.

Personnel

  • ArsDigita Corporation (CAMBRIDGE, Mass.) announced it has named Richard McNulty its Chief People Officer. In this newly created position, Richard McNulty will ensure that ArsDigita continues to attract, develop and retain personnel throughout its organization.

  • Caldera Systems announed that Samba project co-founder and ex-TurboLinux executive John Terpstra has joined Caldera as technology vice president and OEM strategist.

  • CollabNet (BRISBANE, Calif.) announced that it has named Ken Comee Vice President of Worldwide Sales for the company.

  • VA Linux Systems (FREMONT, Calif.) announced that it has named Gary Green as vice president of strategic sales.

Other

  • Linbox is working together with DemoBox, a an organization that produces CD-ROMs that enable users to run Linux without installing it, to produce a turnkey LNA solution for business, based on a DemoLinux's bootable CD-ROM, that automatically installs a server-centric network architecture.

  • Linux2Order (PROVO, UT) announced it is on target to surpass 9,000 titles by the end of the year.

  • Open Country has launched a web site targeted at providing rewards for home/small office users of Linux that have written programs that they might want to share with fellow users.

  • Red Hat (RESEARCH TRIANGLE PARK, N.C.) announced that new economy companies are using Red Hat Linux Enterprise Edition for Oracle 8i.

  • Xybernaut (FAIRFAX, Va.) Chairman and CEO Edward Newman was invited by the Peoples Republic of China's (PRC) intellectual property body, its media and press to speak on the future of world technology and the importance of intellectual property policies and procedures.

Section Editor: Michael J. Hammel.


November 30, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

IBPhoenix president gets past the politics (Upside). Upside reports on IBPhoenix, a company formed to work with the open source version of InterBase. "Compared with its two largest proprietary competitors, Microsoft's (MSFT) SQL Server and Oracle's (ORCL) 8i, InterBase is the one database management system that sticks closest to industry SQL standards. Compared with the low-cost open source databases such as MySQL and Postgres, InterBase's strengths include easier installation, better multi-user support and a 15-year track record in the commercial development world."

Companies

Interview with the CEO of Esfia, an Embedded Linux startup (LinuxDevices.com). Eric Lee, President and CEO of Esfia, a Taiwan-based Embedded Linux startup company, is interviewed by LinuxDevices.com. `Esfia will target the Internet Appliance market, with wireless and multimedia applications. "ESFIA" stands for: Embedded Solutions For Internet Appliances.'

Linux fiesta in the Lone Star state (ZDNet). ZDNet reports on the third IBM Linux summit. "Top IBM officials, including Irving Wladawsky-Berger, vice president of technology and strategy for IBM's server group, will provide pep talks. And Michael Tiemann, chief technology officer at Red Hat also will address the troops."

Serves You Right... (LinuxToday Australia). The Australian LinuxToday is running another Bennett piece, this time looking at Compaq's push into Linux. "Compaq is on a real roll, but the really interesting part of Compaq's current market expansion is the bit no corporate public relations spokesperson dares mention - Linux appears to be fuelling Compaq's server surge. Last year the company had a 25% share of all Linux server OS shipments and that was before the company had trained its sales focus on the open source operating system."

Development projects

Happy to Stay in Beta (LinuxNews.com). LinuxNews.com looks at the phpGroupWare project. " The phpGroupWare project has hovered in the upper ranks of SourceForge's most active projects for the last few weeks. It has gone through eight developer releases in the last five months, steadily closing in on the final 1.0 release, which is scheduled for... whenever it's ready."

Linux factions battle over desktop platforms (ZDNet). ZDNet still wants to see a big fight between KDE and GNOME. "But such divisions appear unavoidable, according to such observers as Ransom Love, the CEO of Caldera Systems Inc., who dubbed the budding rivalry a 'holy war.'"

Time for an open-source rumble? (ZDNet). Here's a ZDNet opinion piece with a fairly strong view on the formation of the KDE league. "This time significant names such as IBM, Compaq, TurboLinux, HP and Borland are trying to play Switzerland by putting their names behind both the GNOME and KDE efforts. Such a play makes no sense; each camp seeks to make its project the definitive Linux desktop, and an organisation that supports both would-be standards appears more ignorant than one that stays out of the fray. This divided support is akin to sending arms to both sides of a war; it may be a neutral action, but it intensifies the confrontation and makes coexistence that much harder to achieve."

Reviews

The Newbie testdrives GnuCash (LinuxOrbit). LinuxOrbit takes a look at GnuCash from a new user perspective. "I know that I can do all the functions of GnuCash plus all the other functions I've mentioned, within a spreadsheet. I have done all of these using Lotus 123 and I must assume that the spreadsheet software available "free" on Linux is just as capable, so why GnuCash?"

Interviews

The future of Linux (America-iNvest.com). Financial web site America-iNvest.com carried an interview of Richard Stallman earlier this month where he talked about free software and making money from it. "I believe that it is good that companies can make money while respecting the freedom of computers users, and thus can pay programmers to develop free software. However the two companies that you mention [Red Hat and VA Linux] also distribute programs that are not free software. That is the only thing they do with which I do not agree."

Interview with Michael Tiemann (FreeOS.com). FreeOS.com interviews Red Hat CTO Michael Tiemann. "At the same time it's also important to note that we do have many of the guys who are doing a lot of the key kernel infrastructure that allows companies like Mandrake to write these things. If the Linux kernel did not support the API's that are needed by ReiserFS or it didn't support the capabilities needed by these other tools then the whole open source eco-system would collapse. So we think it's great that other people are doing open source development also."

Miscellaneous

It's a Beautiful Libre Software School Day (LinuxNews). LinuxNews is carrying a story on the Libre Software School Day, a group dedicated to assist Linux user groups and non-governmental organizations in enlightening school administrators about free software. `The group's members consist of "teachers (often sciences, mathematics) that want libre [re: free] software to spread in the schools; computer people that have an interest for the schools, and militants that perceive the good synergy between libre software and education," Calvelli explains.'

PCMCIA and GNU/Linux, it's a snap (LinuxOrbit). The PCMCIA project is an example of how individual projects make Linux the complete system it actually is. LinuxOrbit looks at this project and what it meant to one recent user. "In the past two months, I've converted two laptops to Linux for use on our local area network, and without the use of the documentation and patches offered at the Linux PCMCIA Card Services project, I would have been lost."

This Time Next Year.... (LinuxToday Australia). Bill Bennett looks at why he thinks Linux is on the brink of mass acceptance. "Between Gnome Helixcode, KDE2.0, Applixware and Wine I can do almost everything I did in Windows without ever booting my PC's other partition. However a recent writing job required me to spend more time in Windows 98 than my usual practice. They say that one has to suffer to reach enlightenment -- it worked for me."

Section Editor: Rebecca Sobol


November 30, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

Shell Prompt Customization (LinuxLookup). LinuxLookup is carrying a couple of customization tips this week. The first is an article on configuring your bash shell prompt with colors, hostnames and more. The second is a look at setting a title in your xterm title bar.

Events

Open source conference in Pisa, Italy. A conference entitled "Open Source Software: lo sviluppo delle tecnologie e dei mercati" (Open Source Software: technology and market development) will be held at the Scuola Superiore Sant'Anna in Pisa, Italy, on December 5. Attendance is free. The detailed agenda may be found in the announcement, which is in Italian (English available via Babelfish).

U. of Kentucky wins two SC2000 awards for Beowulf clusters. The University of Kentucky has announced that it won two awards at SuperComputing 2000. Both of them were for Linux-based clusters. The announcement includes some nice pictures as well - check out the Cray-shaped KRAA Z-MP cluster.

November/December/January events.
Date Event Location
November 28 - December 2, 2000. IEEE International Conference on Cluster Computing Technische Universität Chemnitz, Saxony, Germany.
December 2 - December 3, 2000. LinuxCertified's Linux for beginners Cupertino, CA.
December 3 - December 5, 2000. Wireless DevCon 2000 San Jose Doubletree Hotel, San Jose, CA.
December 3 - December 8, 2000. LISA 2000 New Orleans, LA.
December 5 - December 6, 2000. LinuxUser 2000 Conference Chelsea Village, London, England.
December 15 - December 17, 2000. LinuxFEST Belgrade, Yugoslavia.
January 17 - January 20, 2001. linux.conf.au University of New South Wales, Sydney, Australia.
January 30 - February 2, 2001. LinuxWorld Conference & Expo Jacob Javits Convention Center, New York, NY.
January 31 - February 2, 2001. Linux Expo Paris Paris, France.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

Hazelwood (Missouri) Linux User Group. The Hazelwood Linux User Group in Hazelwood, Missouri (HZLUG) held its first meeting on Tuesday November 28, 2000. This is a new group which will be oriented to the needs of the new Linux user (the newbie) and will be geared to providing introductory level information and one on one assistance. All meetings are free and open to the public. Meetings on December 19, 2000 and January 30, 2001 have also been announced.

LUG Events: November 22 - December 31, 2000.
Date Event Location
November 28, 2000. Hazelwood Linux User Group Prairie Commons Branch Library, Hazelwood, Missouri.
December 4, 2000. Rice University Linux Users Group Rice University, Houston, TX.
December 5, 2000. Linux Users' Group of Davis Z-World, Davis, CA.
December 6, 2000. Kansas City Linux Users Group Kansas City Public Library, Kansas City, MO.
December 6, 2000. Southeastern Indiana Linux Users Group Madison/Jefferson County Public Library, Madison, IN.
December 6, 2000. Silicon Valley Linux Users Group Cisco Building 9, San Jose, CA.
December 7, 2000. Edinburgh Linux Users Group Holyrood Tavern, Edinburgh, Scotland.
December 9, 2000. Route 66 Linux Users Group La Verne, California.
December 12, 2000. Long Island Linux Users Group SUNY Farmingdale, NY.
December 13, 2000. Columbia Area Linux Users Group Capita Technologies Training Center, Columbia, MD.
December 13, 2000. Toledo Area Linux Users Group Toledo, OH.
December 14, 2000. Linux, Running Applications Delfzijl, Netherlands.
December 14, 2000. Phoenix Linux Users Group Sequoia Charter School, Mesa, AZ.
December 14, 2000. Boulder Linux Users Group NIST Radio Building, Boulder, CO.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


November 30, 2000

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


If ever needed to look for something that was posted to a mailing list somewhere, you'll likely appreciate the mailing list archive at The AIMS Group. It is a searchable, long-term archive of an unbelievable number of Linux-oriented mailing lists. Next time you need to search something out of, say, samba-vms or snort-devel, you'll know where to look.

Industrial Linux is aimed at administrators of Linux servers. It will be a portal with news and how-to information; there is also an Industrial Linux distribution in the works.

Section Editor: Jon Corbet


November 30, 2000

   

 

This week in history


Two years ago (December 3, 1998 LWN): Digital Creations opened up the source code for Principa, its object-based web development platform, and integrated it with Bobo, its open-source web toolkit. The two projects were combined and renamed Zope, the rest is history.

There was some haggling over just who owned the trademark for the term "Open Source". The Open Source Initiative (OSI) and Software in the Public Interest (SPI) both claimed ownership of the term. Since then the term turned out not to be trademarkable, and SPI appears to have gone dormant (its last news item is from June, 1999).

The current development kernel was version 2.1.130, the basted turkey release.

Novell was investing in Caldera and had rumored plans to open up some of the Novell NDS source tree. IBM, by way of Transarc, made AFS available for Linux.

Some things never change:

"linux isnt secure and it isnt stable," my informant writes, with is usual bracing disdain for grammar and punctuation. "its a moving target that never really gets out of beta. sure people run production sites on linux. i know alot of these people. they dont get much sleep and have grown opaque from the lack of sunlight."
-- Fred Moody, ABC News

One year ago (December 2, 1999 LWN): Corporate acquisitions of Linux companies were busily happening, partly due to the high value of Linux stocks. SCO and Sun were both looking to buy a Linux distributor, possibly Caldera. Turnaround is fair play, Caldera is currently finishing the details of the purchase of SCO. Sun ended up buying a Linux hardware vendor, Cobalt. Red Hat was rumored to be considering the purchase of "anything that moves" and had recently acquired Cygnus.

Still, to some observers, the question of copyright and licensing -- the question, ultimately, of who controls the GNU software developers -- is the single most important question in the world of free software. Red Hat now bestrides that world, more than ever before, like a colossus. Even if most individual free-software developers appear unconcerned with the implications of the Red Hat-Cygnus merger, corporate competitors to Red Hat might have reason to be nervous.
-- Andrew Leonard, Salon.

Linux made a big splash at Comdex with the Linux Business Expo. One year later, the Linux Business Expo was even bigger and was still going strong. Network appliances were big at Comdex but the Embedded Linux boom was in its infancy.

The XFree86 project joined X.org, a fitting move since XFree86 has been the real center of X11 development for some time...

VA Linux Systems headed quickly toward its IPO, and announced a directed share program for Linux hackers. Participants in the program did very well...assuming, of course, they are not still holding on to the stock... VA also announced the hiring of Samba hacker Jeremy Allison as part of its new Professional Services Division.

Lynx Realtime Systems (now LynuxWorks) launched its "BlueCat Linux" embedded distribution.

And, don't forget the LWN Raccoon incident: just as we were about to celebrate a year of server uptime, a warmth-seeking Raccoon found its way into a nearby power distribution point and brought down our server (and much of a city block with it). One year later, the LWN server has, well, one year of uptime. Just in time to be powered down in favor of the new server...

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Wed, 22 Nov 2000 00:17:30 -0800 (PST)
From: "Robert A. Knop Jr." <rknop@pobox.com>
To: letters@lwn.net
Subject: Fingerprint scans & the "end" of passwords

As I write letters to LWN, frothing at the mouth as I express alarm at
various trends in modern society, I can't leave out biometrics.  This is
the use of your fingerprint (as mentioned in the "Security" section of LWN
on November 23), retinal pattern, voice print, or even DNA as a way of
authenticating yourself.  They are widely touted as being superior to
passwords for several reasons.  First, nobody else can guess them.  
Second, they really do authenticate *you*.  Thrid, you can't forget them.

However, they suffer from one really huge flaw in comparison to
passwords.  If your password is stolen, you can change it.  You can't
change your fingerprint.

Sure, stealing a fingerprint may be technically quite a bit harder than
stealing a password-- but eventually it will be done.  Maybe not to you,
but the determined will find a way to do it to some.  It is naive to
assume otherwise.  And, when it is, you're hosed.  You can always get a
new password, or a new card and PIN number, but if everything
authenticates you on your fingerprint, you can never be secure again once
your fingerprint has been stolen.

Indeed, in certain circumstances, stealing a fingerprint may not be that
hard.  Most passwords are stolen today by network sniffers, grabbing
unencrypted network traffic as it traverses the internet.  To "steal" a
fingerprint, you wouldn't have to spoof the fingerprint reader.  You would
only have to spoof the information that the fingerprint reader reports.  
This reduces it to exactly the same problem as stealing a password.  Of
course, a well-designed system could use a challenge-response protocol
analogous to public key cryptography, which would make this sort of
spoofing very difficult (just as ssh protects you from having your
password sniffed).  However, do you really trust the people creating the
infrastructure of the ineternet to do this right?  All they have to do is
goof once, and huge amounts of unchangeable fingerprint data can be
stolen.  Look at the track record of companies like, say, Microsoft, when
it comes to good security.  In the dark day of laws like the DMCA and the
UCITA, it will be easier for companies to sue people who complain about
their security than it is for them to create a truly good security system.

I think biometrics are a good idea for authentication-- *if* they are
coupled with passwords or their equivalent.  But biometrics by themselves
are a startlingly bad idea.  I like having different passwords for all of
my sundery different accounts.  I like being able to change them when I
think one has been broken.  I gladly accept the inconvenience of having to
remember and type these passwords each time, in exchange for having an
authentication system that can still work even after an individual
authentication key is stolen.

I find it alarming that so much of the popular media and the population
seem to believe that biometrics will be a panacea for network security and
authentication, and that passwords will go the way of the dinosaur.  The
only real drawback ever mentioned is cost, and that is going away.  
Doesn't anybody understand the utility of being able to change a password?

-Rob Knop
rknop@pobox.com

   
Date: Thu, 23 Nov 2000 16:55:51 +0100
To: Linux Weekly News <lwn@lwn.net>
Subject: The European Software Patent Horror Gallery

Hello,

You wrote on the European Software Patent Horror Gallery and those
stupid patents which have been granted in Europe.

Although I still think that all software patents, not only these stupid
ones, should be abandoned I would like to let you know that these
patents are not defendable in European Courts as these patents are
invalid in most European countries. Yes, indeed, it's strange perhaps
for you to think on it. But the patent treaty denies in article 32 the
European Patent Organisation (EPO) to grand patents on computer
software. The EPO -as many greedy patent lawyers- is still trying to get
the right to grant patents on software. It might make them rich.

Best regards,

Fred
-- 
Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976
   
From: Julio Cesar Gazquez <jgazquez@dld.net>
Date: Sat, 25 Nov 2000 00:40:31 -0300
To: letters@lwn.net
Subject: Office consortium

I think this is a very special, important moment, if the people involved 
takes advantage of it.

StarOffice becomes open source. KOffice is being rapidly improved, and I 
guess that happen to other office apps, like Abiword, Gnumeric, etc. However, 
all these projects suffer a severe, even well-known problem. Even the best 
attempt to exchange data with MS-Office applications is very troublesome. 

There is no chance to share files of reasonable complexity back and forth 
between a MS-Office and StarOffice, even when StarOffice has the best filters 
out there.

Of course, a brief analysis shows the reasons behind this:
1. Most people use MS-Office, so you should support its file format if you 
want some success.
2. The Office file formats are closed, so filters are created through 
reverse-engineering process.
3. Microsoft does its best effort to difficult filter creation, doing weird 
changes in each Office release.

However, despite MS wishes and similar market share of Internet Explorer, we 
are still surfing the web with no much trouble. The key is, of course, HTML 
is open, and it was there long before Microsoft get into browser business. 
Unfortunately, the world never knew an open, well defined, free word 
processor nor spreadsheet file format.

But now, we have at least three free word processors and three free 
spreadsheets. Star Office is free, and the other projects are probably mature 
enough to keep a stable architecture for a while, with well known technical 
needs.

They should join to define common open formats for word processor and 
spreadsheet files. These formats should be able to include all the features 
their parent apps need, and allow a seamless interoperability between apps.

A properly defined standard format can attract the interest of governments 
and corporations, as they are suffering the problem as any of us, and this 
Office consortium should encourage this, as this situation could force MS to 
adopt those formats as well.

Anyway, common formats should give to the free office apps a combined market 
place that allows them to empower their individual chances to grow.

-- 
Saludos

Julio César Gázquez
   
Date: Wed, 22 Nov 2000 18:12:18 -0800 (PST)
From: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca>
To: letters@lwn.net
Subject: Re: I'm alarmed about LinDVD

I agree with much of what Robert A Knop said in his LWN back page piece.

In particular:

"If the stupid laws like the DMCA are going to stand despite how contrary
they are to the concepts of freedom on which the USA was putatively
founded, Linux users really have only two choices.  Admit defeat and
surrender to the proprietary commercial forces that many in the
community have been resisting for so long, or boycott DVDs altogether."

My wife and I feel so strongly about this that we boycott all Hollywood
products.  We encourage others to do the same since Hollywood companies are
directly attacking the freedom that is so important to the Linux community.

In the same paragraph Robert Knop goes on to say:

"The latter will be difficult, because the format is the only game out
there in its performance class, and because DVDs are becoming hugely
popular.  But the MPAA stranglehold on the *format*, which seems to
prevent even the possibility of free drivers, is unacceptable."

Personally, I don't feel quite so pessimistic about this. Hollywood may well
have ruined the DVD format forever.  But will they be able to control all
data storage formats for the indefinite future?  For example, there has been
some recent news about FMD devices which potentially can store 140GB in a
CD-sized disk with a recordable version planned for the end of 2001
(http://www.wirednews.com/news/technology/0,1282,40053,00.html).  There may
also be other large data storage formats/devices in development which are
driven by the urgent need for viable backup solutions for today's large
cheap hard disks.  In summary, I don't believe Hollywood's narrow, selfish
interests can ultimately stop technological development in an area where
there is such a wide market-driven interest in finding a good solution for
long-term storage of data.  Help Hollywood to do The Right Thing by boycotting
*all* their current products.

Alan W. Irwin

email: irwin@beluga.phys.uvic.ca
phone: 250-727-2902	FAX: 250-721-7715
snail-mail:
Dr. Alan W. Irwin
Department of Physics and Astronomy,
University of Victoria, P.O. Box 3055,
Victoria, British Columbia, Canada, V8W 3P6 
__________________________

Linux-powered astrophysics
__________________________

   
Date: Tue, 28 Nov 2000 11:27:42 -0500
From: "Jay R. Ashworth" <jra@baylink.com>
To: letters@lwn.net
Subject: How the Grinch stole Linux?

In this week's edition, you quote Michael Tiemann, CTO of RedHat as saying:

  "At the same time it's also important to note that we do have many of
  the guys who are doing a lot of the key kernel infrastructure that
  allows companies like Mandrake to write these things. If the Linux
  kernel did not support the API's that are needed by ReiserFS or it
  didn't support the capabilities needed by these other tools then the
  whole open source eco-system would collapse. So we think it's great
  that other people are doing open source development also."

That's a fairly disingenuous comment, I think.  Either that, or Mike forgets
that there was a Time Before RedHat.  How does he think that it came to be
that there *was* a kernel to plug those API's into? 

"...we do have many..."  Yeah?  So what.  So do VA, and Penguin, and for that
matter SuSE, Turbo, and Mandrake.  Let's face it, in the current environment,
it's unlikely these guys would be begging.  Perhaps RH got to the "employ
kernel hackers to hack" well first, but that doesn't mean they own the well.

"If the ... kernel didn't support the APIs..."  Does *Linus* havea new job,
and I missed it?  I didn't think anyone else was unilaterally installing
API's in the kernel.

And as far as "So we think it's great..."  Well, Mike?  I'm glad to hear
that.  Us dahkies gonna go sing spirituals in the corner now.

You might consider this letter in somewhat the same light as the interview
that Tampa Bay Buc defenseman Warren Sapp gave to the St Pete Times last
Saturday.  You know: the one where he told the reporter how much he thought
the Bucs offense was sucking lately?

I think it's perhaps time for a slight reevaluation of mission -- as it regards
interacting with the open-source/free-software/and, indeed, Linux-specific
community -- on the part of the executive staff at RedHat.

We made them.

And we can *break* them, just as easily.

The stockholders would, if they knew about it, probably find this lack of
faith disturbing.

Yo, Bob?  Mike?  Eric?  You guys listening?

Cheers,
-- jra 
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida     http://baylink.pitas.com                +1 727 804 5015

-----------------------------

   
Date: Wed, 29 Nov 2000 04:11:40 +0000
From: Dafydd Harries <dafydd.harries@which.net>
To: letters@lwn.net
Subject: Re: Art vs. Craft


Please excuse the length of this letter! In LWN on the 16th of November, in
your development section, it was said:

> But while these projects were formatted badly, they all seemed to work fine
> (mostly).  What coding standards bring isn't more stable code, just the
> ability to more easily maintain projects.  Coding standards work well for
> larger organizations, especially spread across multiple development sites,
> because you never know who will end up maintaining the code at some given
> point in the future.

In my opininon, good formatting and code standards (or lack of them) can make
(or break) a project, simply for the reason that it makes it easier (or harder)
to contribute. I myself have had itches with software that I use regularly,
and have correspondingly tried to go through the source code of the program to
work out how I could make changes. When I encountered masses of cryptic,
unreadable code, however, I gave up.

> Open source projects often start with someone with an itch and a spare
> minute.  Design isn't the goal - results are.  Interestingly enough, that's
> often true of successful proprietary projects as well.  The need for
> processes and standards comes with project maturity.  Software is like
> humanity - we like change less and less with age.  But any change we do
> accept needs definitive rules and order.  Code needs to be clean to provide
> extension and maintenance.  But seldom is it that way from day one.

A "spare minute" is more or less what I had - I didn't have the hours (or the
patience) to work out how the program worked. Although writing messy code
quickly will tend to have good short-term results, it will discourage
participation in the project. On the other hand, if the source code of the
program is clearly written - it doesn't even have to be to a coding standard -
then people with itches will find it easier and quicker to scratch their itches
and improve the software for everybody. Unfortunately, I can imagine that
willing and able hackers are being prevented from contributing only too often
when projects raise the bar of contributing too high.

Apart from this, a clear, simple layout makes the overall structure of a
program easier for everybody to understand, even the original author(s). This
can be detrimental in deciding whether bugs are spotted - the "many eyes,
shallow bugs" concept does not work so well if people cannot understand clearly
how a program works.

If Free software is to triumph over proprietary, projects must actively spend
time to make it easier for people to hack them. Copious technical documentation
(this is sadly an oxymoron, in my experience) and clear code are the way to a
better future for everybody. A project which few people can contribute to is
sure to undergo much less improvement than one that allows more people to help.
Spaghetti projects are harder to debug than clear ones. This is important for
new projects as well as mature ones - a project may never become mature unless
it is easy for people to move it forward. As for the original title - "Art vs.
Craft" - I believe the best programming is a mixture of both.

Dafydd Harries

   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds