[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Fun with the press. This last week has been a really remarkable one for awful Linux reporting. We're going to look at a few examples to show just how misrepresentations of Linux reflect a misunderstanding of what we are about, and how they can be damaging. Before we start, however, we'll put in the customary plea: if you choose to respond to the authors of any of these articles, please do so in a polite and factual manner. Flaming will just inspire more bad press in the future. See the Linux Advocacy HOWTO for practical suggestions on how to deal with the press.

We'll start with the "PROLIN" virus which has been circulating. PROLIN is not a Linux story - it is, after all, just another Windows virus. The fact that it tells its victims to run Linux was enough for some to try to make it into a Linux story, though. Consider this article in Wired News:

"The worm's pro-Linux message isn't a huge surprise," said Pirkka Palomaki, director of product marketing at F-Secure. "Most people who are capable of programming a virus are also Linux fans. Which is not to say that all Linux users are computer crackers."

It sure was nice of them to avoid implicating all Linux users. One could actually take this quote in a positive light: people who actually know what they are doing prefer Linux. But the real intent was clearly to associate Linux with Windows viruses, which is nonsensical. Linux users who can program have no lack of cool projects that would welcome their talents; they don't have the time to write stupid stuff.

Red Hat recently made it official that a Sparc version of Red Hat 7 is not forthcoming. Here's what CNet News.com had to say about that:

The move parallels the gradual decline in the number of CPUs that can run Windows NT. Initially, Microsoft's higher-end operating system was intended to run on PowerPC, MIPS, Alpha and Intel CPUs, but minimal interest led Microsoft to cut back just to Intel chips.

The problem here, of course, is that the number of CPUs that can run Linux is steadily increasing. Finding a distribution that supports the Sparc is not hard, even in the absence of Red Hat 7. This article is a classic example of the "Red Hat = Linux" fallacy. Linux is far bigger than any one Linux company, and it is important that people understand that.

Moving on: Dell is, of course, partnering with Eazel. There are a lot of interesting things one could say about that deal, but here's what ZDNet chose to report:

The deal extends the 'holy war' between GNOME and KDE (K Desktop Environment). Dell is clearly favoring the GNOME project, with Michael Massetti, Dell's software marketing director, admitting he hoped this deal would make Dell's Linux desktop offering more competitive with KDE.

Very few people in the Linux community are interested in wars, holy or otherwise. Competition there most certainly is, but that's a different story. Holy wars are the creation of media outlets searching for a more compelling story. These creations present a poor image of our community, to say the least.

This Upside article about Plan 9 reveals another common anti-Linux theme:

In an industry where microprocessors double and quadruple their speed regularly, software seems trapped in some sort of weird development cycle reserved for electric utilities and Mexican political parties. Take a dig through the source code of most popular operating systems, from Windows 2000 to the growing crop of open source reinterpretations of Unix, and chances are you'll find artifacts of architectural and design decisions dating back to the Tet Offensive.

The author is unlikely to have dug through the Linux source, much less that of Windows 2000; yet he feels qualified to pronounce on the quality of the code there. Much that is in Linux most certainly reflects a few decades of accumulated experience; it would be foolish to throw that away. Linux is also new where it counts - where better ways of doing things have been found. Those who would portray Linux as a relic of the past are showing ignorance of both the value of experience and the real nature of Linux.

Finally...ZDNet tells us Beware Linux vendors that don't get it. The author was looking for a kernel patch to help defend against SYN flood attacks:

My trip to the Mandrake Web site was, well, interesting. I was unable to determine if this patch is available for the Mandrake version of Linux. The site was filled with self-congratulatory rhetoric and an equal amount of anti-Microsoft propaganda, but very little in the way of technical support and not a single phone number.

The "anti-Microsoft propaganda" on the Linux-Mandrake web site is rather hard to find. And those who have actually contacted MandrakeSoft know that the company tends to be very highly responsive to its users. If you want free technical support, you can certainly join one of the mailing lists and probably get your question answered. Nonetheless, this particular piece is not entirely without merit. The Linux community should work at making it easier to solve problems. Many resources are there (see, for example, the Linuxcare support database), but many things are still harder than they should be.

The above is an impressive array of negative press. Such press, however, has been most notable by its absence. Windows, after all, probably sees more attacks than this on its best days. We can probably expect to see more negative press as Linux continues to gain users and mindshare. Consider it an opportunity to see and respond to the misunderstandings of Linux and free software in general.

Bruce Perens moves to HP. Bruce Perens has announced that he has a new job - with Hewlett-Packard. In itself, this move is just another Linux personality making a career move. It is interesting, though, in what it indicates for the Linux business environment in general.

Bruce's new job at HP will involve being an activist for Linux, both internally and externally. The internal job will be the harder one; he'll have to work to promote the spread of open source throughout the company, to get it to release more software, and in general to keep HP honest with respect to free software. HP is a huge company, and this task could keep Bruce busy for a long time.

Bruce, of course, has been part of the Linux community for many years. He was an early leader of the Debian project, a founding member of the Open Source Initiative, the first leader of the Linux Standard Base project, and also the author of packages such as busybox. His contributions over the years have been numerous, even if he has managed to step on a few toes in the process.

His most recent position was at the head of the Linux Capital Group, a venture firm which made investments in startup Linux companies. The Group got into the game a little late, however, and only managed to make investments in a couple of companies; the best known of those is Progeny Linux Systems. The climate in the stock market since last April has not been particularly friendly to Linux investors, and the Linux Capital Group has stopped funding new companies. With little to do there, Bruce concluded that it was time to move on to something a little more secure.

The shutdown of the Linux Capital Group highlights an already well-known fact: the capital markets are currently an overtly hostile place. Not long ago, a company with a decent idea for a free software business could be almost sure of obtaining funding. Even not-so-decent ideas often got a warm reception. Many new Linux companies popped up in that era, and many of them are still with us.

But it is now a much harder time to start a Linux business. Getting the money to grow beyond a handful of people is a difficult proposition. What that means is that, until the situation changes, the companies that exist now are it - don't expect to see too many new ones in the near future.

What we will see, clearly, is a lot more of large, established companies like HP. Some observers have said for years that the ultimate winners in the Linux business arena will be the established computing companies. Once they wake up to Linux, their resources and mindshare will prove hard to beat. HP, by hiring Bruce, has shown that it is waking up. Many others (IBM, SGI, Dell, Compaq, Oracle, etc.) are showing increasing interest.

As the Linux market develops, those companies (and others) are going to want a piece of it. Expect to see more of them trying to hire high-profile Linux hackers before too long. There is, increasingly, real money at stake. There will be real competition to go along with it.

Inside this week's Linux Weekly News:

  • Security: Carnivore reviewed, ptrace, Postaci, pam_localuser and ezmlm-cgi vulnerabilities, plus more updates.
  • Kernel: Network device configuration; the end of tq_scheduler; nullfs first release.
  • Distributions: Debian's new maintainer system; MandrakeSoft's second birthday party.
  • Development: Kascade project, Ken Manheimer, Dennis Ritchie
  • Commerce: Distribution market shares, Eazel and Dell, Sun's Java APIs and Solaris 8.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


December 7, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

Carnivore Reviewed and Re-Reviewed. On November 17th, a draft version of a review of Carnivore, the FBI tool for monitoring Internet traffic, was made available to the public. This review was performed by members of the ITT Research Institute in Lanham, Maryland and is 127 pages long. In the Executive Summary, the review makes several recommendations for ways in which Carnivore must be improved, in order to protect individual privacy and assuage concerns about the potential for unauthorized use. Their recommendations include:

  • Continue to use Carnivore rather than other possible techniques because it can be configured to reflect the limitations of a court order.
  • Provide separate versions of Carnivore for gathering email To/From information versus full content collection (currently, moving from limited to full collection can be done with a simple radio button selection).
  • Add full audit trails and logs in order to provide full accountability for all Carnivore actions.
  • Enhance the physical control of Carnivore, where deployed, to prevent tampering.
  • "Explicitly bind collected data to the collection configuration by recording the filter settings with each collected file and add a cyclic redundancy check (CRC) to the recorded file".
  • Employ a formal development process (current development appears to be fairly ad-hoc).
  • "Provide checks in the user interface software to ensure that settings are reasonable and consistent".
  • "Work towards public release of Carnivore source code by eliminating exploitable weaknesses. Until public release, continue independent evaluation to assess effectiveness and risks of over and under-collection".
In other words, they found a flawed product, which can currently be easily manipulated to gather information beyond that authorized in a court order. They believe the flaws are fixable and have made recommendations as to what needs to be done, including eventually releasing the source, but not until some glaring security problems have been fixed first.

They did, however, state that they were confident that Carnivore could not be used to disrupt network traffic, either by adding packets to the network, blocking traffic, removing information, seizing control of traffic or shutting down the communications of a person, website, company or ISP.

Another group of researchers, this time from several organizations, including AT&T Laboratories, the University of Pennsylvania and Purdue University CERIAS are less sanguine. "Although the IITRI study appears to represent a good-faith effort at independent review, the limited nature of the analysis described in the draft report simply cannot support a conclusion that Carnivore is correct, safe, or always consistent with legal limitations. Those who are concerned that the system produces correct evidence, represents no threat to the networks on which it is installed, or complies with the scope of court orders should not take much comfort from the analysis described in the report or its conclusions".

The security of the Carnivore code itself is one issue; the draft report does not include any actual auditing of the code itself for even basic security problems such as buffer overflows. The lack of accountability from non-modifiable audit trails or logs was mentioned in the draft report, but not, they feel, given enough emphasis. Most of all, they feel strongly that the current implementation could allow just about any file on the Carnivore server to be replaced, including audit logs and the software itself. This would certainly make the potential uses of Carnivore infinite; once installed, simply upload new capabilities, use them, delete them and move on.

Their concerns indicate that Carnivore, in its current form, is potentially subvertable both by law enforcement agents to use it beyond the scope of a court order and, potentially, by malicious attackers not associated with law enforcement. As a result, they push even more strongly for the release of the Carnivore code, so that its deficiencies can be addressed with the widest possible scrutiny.

Of course, given an atmosphere of distrust, which all of this publicity and review process validates, Carnivore will never be trustable. Even if the code is made available, even if all the recommendations of both the official review and this unofficial commentary are implemented, who will guarantee that the code installed on a particular Carnivore has not been modified? If you don't trust the watchers, who can you trust to watch them?

Perhaps the eventual consequences of Carnivore are best summed up by this suck.com article. "By demonizing the FBI (or by just sitting back and letting the FBI demonize itself), privacy advocates could go a long way towards stoking the public's interest in - and demand for - electronic privacy, including software to avoid the Bureau's prying eye". They perceive the existence of Carnivore as the necessary incentive to put easy-to-use cryptographic functionality in email and other Internet applications at the top of everyone's wish-list.

Interview with Kurt Seifried of SecurityPortal.com (LinuxSecurity Brazil). Kurt Seifried, author of the Linux Administrator's Security Guide, was interviewed by LinuxSecurity Brazil this week. "Security is a process, ongoing and never ends. If you choose shoddy software that is prone to problems then administering it will be that much more difficult. You need a solid foundation to build on, this is the OS and related software. Once you have this you need to keep it up to date, modify configuration info as needed and so forth. You are only as strong as the weakest link in your entire security chain."

A Portuguese language version of the interview is also available.

Security Reports

ptrace non-readable file vulnerability. ptrace, a system call which is used to analyze running processes, does not allow setuid or non-readable executables to be examined. Lamagra Argamal, however, pointed out that ptrace does not properly check the disk image for readability when tracing a child process. This could allow information that was assumed to be protected to be retrieved from the memory of a running process. Linux 2.2.17 through 2.2.10 is known to be vulnerable; earlier versions may also be impacted.

For more information, check BugTraq ID 2044.

Postaci Webmail password vulnerability. Postaci Webmail is a GPL'd software package that provides a database and platform independent web interface to mail. Michael R. Rudel pointed out that hostname, username and password variables for the MySQL database can be easily retrieved, under the default configuration. Configuration-based workarounds are available, described in both Michael's post and this followup from Stanislav Grozev.

There is no indication that the author of the package has been officially notified and no response or followup to this problem was found on the website.

For more information, check BugTraq ID 2029.

pam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module. This module is included with the Red Hat Linux distribution, though it is not used by default.

This week's updates:

ezmlm-cgi potential arbitrary command execution. ezmlm-idx is a mailing list manager designed to work under qmail. ezmlm-cgi is shipped with ezmlm-idx to allow for archiving and viewing lists via the web. Instructions for installing ezmlm-cgi recommend that it be installed setuid root. This week, vort-fu reported potential problems with ezmlm-cgi, if installed setuid to a user other than root. These are derived from the fact that the software will read its configuration file from the local directory if not installed setuid root. As a result, it can be manipulated to execute arbitrary code under the uid of the ezmlm-cgi owner.

Note that Frederik Lindberg, author of ezmlm-idx, posted this response contesting portions of the original report.

For more information, check BugTraq ID 2053.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

  • phpweblog, João Gouveia reported a vulnerability under which the administrator authentication can be bypassed. He also provided a patch to correct the problem. This patch has gone into the the development tree and will be incorporated in the next development snapshot (this is a beta product). Check the phpweblog home page for more details.
  • MoinMoin, a Python WikiClone (WikiWiki is a collaborative hypertext environment), has been upgraded to version 0.7 which uses __import__ instead of exec(), in order to improve its basic security. Anyone using MoinMoin 0.5 or 0.6 is strongly recommended to upgrade.

Commercial products. The following commercial products were reported to contain vulnerabilities:

Updates

bash tmpfile vulnerability. Check last week's LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.

This week's updates:

Previous updates:

ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript last week. Both could potentially lead to elevated privileges.

This week's updates:

Previous updates:

joe symlink vulnerability. Check the November 23rd LWN Security Summary for the original report.

This week's updates:

    Debian, the original update didn't work
Previous updates:

Two CUPS problems. Two problems were reported with CUPS, the Common Unix Printing System in our November 23rd LWN Security Summary.

This week's updates:

Previous updates:

Local root exploit problem in modutils. Check the November 16th Security Summary and Kernel Page for the original report and details. Note, however, that the updates listed below include either modutils 2.3.19 or modutils 2.3.20. As mentioned above, modutils 2.3.21 has been released with still more fixes.

This week's updates:

Previous updates:

Hostile server vulnerability in OpenSSH. Check the November 16th LWN Security Summary for details. Upgrading to 2.3.0 is recommended.

This week's updates:

Previous updates:

Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.

This week's updates:

Previous updates:

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

Previous updates:

ncurses buffer overflow. Check the October 12th LWN Security Summary for the initial report of this problem.

This week's updates:

Previous updates:

diskcheck 3.1.1 symlink vulnerability. Check the August 10th LWN Security Summary for the original report of this problem.

This week's updates:

Previous updates:

Resources

Argante project announcement. The Argante project was announced this week, with Michal Zalewski as project leader. Argante is a virtual operating system. It is designed to run on top of Linux, BSD and other Unix operating systems, but to provide an environment where security has not been compromised in order to provide functionality. "Argante is supposed to be a system with no compromises. That is why always when in the traditional system we would face choice "security or functionality", instead of choosing one variant we concluded the choice itself is bad and created its outline from scratch or changed the model in order to reconcile our requirements with expectations."

Check the Argante project website for more details.

Events

Upcoming security events.
Date Event Location
November 26-December 1, 2000 Computer Security 2000 and International Computer Security Day (DISC 2000) Mexico City, Mexico
December 3-7, 2000. Asiacrypt 2000 Kyoto, Japan.
December 3-8, 2000. LISA 2000 New Orleans, LA, USA.
December 10-13, 2000. INDOCRYPT 2000 Calcutta, India.
December 11-15, 2000. 16th Annual Computer Security Applications Conference New Orleans, LA, USA.
December 20-21, 2000. The Third International Workshop on Information Security University of Wollongong, NSW, Australia.
December 27-29, 2000. Chaos Communication Congress Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


December 7, 2000

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is still 2.4.0-test11. The 2.4.0-test12 prepatch is up to 2.4.0-test12-pre7. This release contains the beginning of the integration of support for the HP PA-RISC architecture; it's unlikely, however, that 2.4.0 will actually have the full PA-RISC support in it. Evidently some of the PA-RISC changes reach into the generic code, and that's a bit more than Linus wants to try to put in so late in the game. There's also the usual big pile of fixes, including some IRQ tweaks that should help people with laptop problems and some changes to how exec_usermodehelper() (used to run modprobe for dynamic module loading) works.

Also in the pre7 prepatch is a fix for an "embarrassing" USB error which will likely fix a lot of known USB problems and the removal of the tq_scheduler task queue (see below).

The current stable kernel release is still 2.2.17. No new 2.2.18 prepatches have been released this week.

The demise of tq_scheduler. The kernel is, in theory, in a code freeze preparatory to the release of 2.4.0. That does not mean, however, that fundamental changes will not happen. With 2.4.0-test11 came a new function called schedule_task. It works like the familiar task queue interface in that it allows the kernel code to "set aside" a task to be executed soon, at a time when nothing more pressing is going on.

In particular, schedule_task works like the tq_scheduler task queue, in that the tasks will always be run in process context. With tq_scheduler, however, the process context used is arbitrary - it is whatever process is being scheduled out of the CPU at the moment. Running code in the context of random processes was never, perhaps, the most elegant thing to do, even if it has worked for years. So, with schedule_task, comes a new kernel thread called "keventd." Its only job is to run the scheduled tasks, so that they all run in a well-known context.

2.4.0-test12 will finish the job by removing all references to the tq_scheduler task queue. It's a far-reaching change, touching 29 files in the source tree. As such changes go, it is relatively safe, but it may well create incompatibilities with drivers and other modules that are maintained outside of the mainline kernel. And it is a surprising change to see this late in the development process.

A standard interface for network interface configuration? Ivan Passos started off an interesting conversation with this posting pointing out that Linux has no standard interface for configuring many of the parameters relevant to synchronous network interfaces. These parameters include the media type (v.35, T1, whatever), link-level protocol (PPP, HDLC, ...), clock source, etc. He expressed an interest in helping to implement an interface which would make it possible to configure all interfaces in a consistent manner.

It was quickly pointed out that this problem is not just limited to synchronous interfaces. Consider the choices available for the "standard" Ethernet interface:

  • Media type: can be any of AUI, coaxial cable, twisted pair, or fiber. Many interface cards support more than one.

  • Speed: 10/100/1000, or "let the card figure it out."

  • Transceiver: some cards offer more than one.

  • Duplex: Ethernet is normally half duplex, but full duplex offers a very nice performance enhancement if the system is talking to a switch that can handle it.

Anybody who has had to configure more than one type of Ethernet interface in a situation where it didn't "just work" knows that there is very little consistency in how this configuration is done. Even the ifconfig media option is not implemented by all drivers. Often it comes down to a "use the source, Luke" approach to figure out just what the boot/load-time parameters for a particular driver are.

Of course, designing this interface is easier said than done. It's probably a matter of designing a set of ioctl calls around each networking technology, and trying hard to be sufficiently general to catch all of the important cases. Then there is the small matter of making all of the network drivers actually support this interface. It's a daunting task, but also an important one. Expect to see somebody take a shot at it sometime in the 2.5 development series.

Progeny releases nullfs. Progeny Linux Systems, as part of its NOW project, is creating a new network filesystem called "Pelican." As part of that process, the Progeny hackers have created a separate filesystem called "nullfs," which is intended to be used as a way of learning and understanding how filesystems interact with the Linux VFS layer. The first nullfs release is now available for download, and may well prove useful for others who would like to work with Linux filesystems.

Essentially, nullfs will allow a suitably privileged user to mount one directory on top of another, creating an active link between the two. Operations on the mounted filesystem generate a bunch of logging information, providing a window into how the VFS is calling the nullfs operations. Some more information, including a simple session log, can be found in the README file packaged with the nullfs release.

Other patches and updates released this week include:

  • Greg KH has announced the 1.0 release of usbview, a GTK program which graphically displays the topology of the USB bus(ses) on a system.

  • Scott Rhine at HP has announced a set of updates to the "Plug-in Scheduler Policies" patch, which allows a system administrator to change process scheduling policies on a running system without rebooting.

  • Putting a face behind a name: if you're curious about what kernel hacker Jeff Garzik looks like, here's a picture from the MandrakeSoft two-year party.

  • Stephen Tweedie has released a new set of kiobuf/raw I/O patches which "really should kill all known bugs, dead." If you are working with kernel I/O buffers or raw I/O, these are probably worth a look.

  • A user-space serial port driver was released by Patrick van de Lageweg. It is intended for use with remote ports, such as those provided by RAS servers.

  • Aaron Grothe has taken over leadership of the Linux Kernel Audit Project. As a start, he has posted a kernel audit manifesto describing how he thinks the project should succeed.

Section Editor: Jonathan Corbet


December 7, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

The Debian new maintainer process. The Debian Project drew attention for some time by virtue of having shut down its new maintainer process entirely - it simply was not possible to become a Debian developer. The process was restarted with much fanfare last April; since then, there has been little discussion of the new maintainer process outside of the project's mailing lists. Not everybody is happy with the process, however, and the volume of the debate has been increasing recently.

The process itself is anything but straightforward. As can be seen on the New Maintainers Corner page, there are several steps which must be executed before an aspiring developer can join the Debian brotherhood:

  1. The first step - application - is relatively straightforward. The would-be maintainer need only send in a note saying that they would like to be a developer.

  2. The applicant is then assigned an "application manager" (AM). The AM serves as a sort of tutor and examiner; getting through the process requires convincing the AM that the applicant should be admitted.

  3. The first thing the AM does is to carry out the identification step. The Debian project wants to be sure it really knows who you are. A GPG key signed by an existing Debian developer is sufficient; failing that, a copy of some sort of official identification document will be required.

  4. Following that is the Philosophy and Procedures step. The applicant must convince the AM that he/she understands and believes in the principles in the Debian Social Contract and the Debian Free Software Guidelines. The applicant must outline goals for participation in Debian and show how they fit in with those principles. The applicant must also show an understanding of the (voluminous) Debian policies and procedures, and agree to abide by them.

  5. Then comes the Tasks and Skills step. Here the applicant describes what tasks are of interest, and must demonstrate the skills required to do that job. The demonstration can include the creation of a Debian package, writing a man page, fixing bugs, etc.

  6. Finally, the AM sends a report and recommendation to the New Maintainers Committee, which makes a final decision.

The new maintainer statistics page shows how the process is working. Over 300 applicants are in the process currently, with (as of this writing) 54 waiting to have an AM assigned, 148 in the evaluation process, 42 waiting in the final approval process, and 54 "on hold" for some reason or another.

Getting through the process can take a very long time. The applicant in the processing stage for the longest time has been there for 250 days; the final approval candidate needing the most patience has been waiting for 171.

There has been some grumbling that the process takes such a long time, and requires so much of the applicants. The feeling among the established developers, however, seems to be that things are well as they are. The Debian Project needs developers who are committed, reliable, in agreement with Debian's philosophy, and in it for the long haul. The long process tests a lot of things, including the applicant's determination to join the project. Making the process easier will, it is said, just result in the admission of people who will not help Debian in the long term. There is also a quite frank desire among some to keep the number of developers to a minimum. More developers means more coordination problems and more time lost to administrative overhead.

The situation can probably be expected to remain much as it is, with lots of grumbling and little change. (See also: this note on how much harder things were in the early days of Debian, and this one from a current applicant who is satisfied with the process).

Should I stay or should I go? (ZDNet). Evan Leibovitch takes a critical look at Corel in this ZDNet opinion piece. "Corel also hasn't maintained its Linux very well. Its first release has been out for more than a year, and to date its Web site lists a total of just one security patch. While most other distribution vendors have been scrambling to ensure that they keep up with open source patches and updates, Corel users are left to fend for themselves."

BSD community learns to get along (Upside). Upside looks at the burgeoning BSD community and how it has learned to work together. "Officially, OS X would become the fifth official version of BSD, alongside FreeBSD, OpenBSD, NetBSD and BSDi. The number of versions shows the fractured nature of the community, though there are now signs that the community is learning to work together. For example, organizers of the 1999 FreeBSDcon decide to change the event's name to BSDcon giving other BSD developers, and Apple representatives, a chance to participate."

Distribution Reviews

iPAQ goes to Linux-land (Brighthand). Brighthand plays with PocketLinux on the iPAQ. "The Pocket Linux image we loaded was not really a shipping product but was created specifically to demonstrate the potential of Pocket Linux at the Comdex 2000 show. So there were a number of limitations to the image, including a lack of support for the hardware buttons, no screen brightness controls, and no file manager app. But it did have some interesting features, like themes and multimedia, and we were impressed by what we saw and are now anxious to see it used in a production implementation." There are a number of nice screenshots as well.

General-Purpose Distributions

Connectiva News. Conectiva has released version 6.0 of their Linux distribution. This release includes an RPM-capable apt-get, KDE 2.0 and XFree86 4.0.1.

Debian News. Debian 2.2r2, an update to the "potato" release with a number of security and important bug fixes, was released this week.

Dr. Dobb's Journal is carrying a story on Debian Hurd, including how its microkernel architecture differs from Linux's monolithic kernel. "A microkernel is one in which only the minimum necessary functionality is implemented in the kernel. This would include process creation and deletion, scheduling, memory management, and interrupt handling. Anything else, such as network protocol stacks and interprocess communication primitives, should be handled outside of the kernel in user space. Communication between the kernel and these extra kernel OS facilities is done by clean interfaces, unlike in a monolithic kernel, where components can see and manipulate each other in any ad hoc way they choose."

An interesting note was posted to the Debian News mailing list this week. It seems that Debian is being used to manage the Microship, a networked pair of amphibian canoe-scale pedal/solar/sail micro-trimarans.

Debian will be running a booth at the PLUTO meeting in Terni, Italy. The meeting is happening on December 9 to 11; Debian leader Wichert Akkerman will be there and will give a talk on the Debian package management system on December 10.

Linux-Mandrake News. Cooker (the Linux-Mandrake development version) has moved to the 2.4 kernel. This [Birthday cake] move suggests, of course, that MandrakeSoft intends to base its next release on this kernel.

MandrakeSoft turned two recently, and the company celebrated by hauling everybody up to Normandy for a big party. Two sets of pictures from the event have been posted: this set covers the party itself, while the other is a set of pictures of MandrakeSoft employees. The latter page is a good way to put faces with the names of people at MandrakeSoft.

Spiro Linux. The word we have gotten from our readers appears to be true: the Spiro Linux distribution is no more. It is a hard time to be trying to make money off a new distribution.

SuSE News. SuSE has released a set of rpm for packages containing strong cryptography. Strong cryptography is not shipped with their international package, so these rpms were left out of the international CD-set for SuSE's S/390 distribution. OpenSSH, GNU privacy guard, SSL support, etc., is included.

Trustix News. Trustix Secure Linux 1.2 has been released. It contains many new packages, and bundles some nice stuff like FreeS/Wan and iproute. As they say: "We think it is pretty stable, and would love for you to agree with us." There is also a separate announcement in press-release format available.

BSD News. Another major distribution release hit the streets this week, this time of the BSD variety. OpenBSD 2.8 comes with OpenSSH and support for Apple iMac, G3, G4, and G4 Cube machines.

With all the BSD news we've seen today, you'd think it was BSD day around the planet. The latest news comes from BSDi, who have announced the release of BSD/OS 4.2.

Section Editor: Liz Coolbaugh


December 7, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


News and Editorials

Mark Dufour sent a note to LWN announcing the Kascade project. Kascade is an Internet search engine that is based on the Open Directory principle. With Kascade, it is possible to build decentralized collections of information. "The distributed nature and lack of central control facilities make for a system immune to company or government control, much like Gnutella and the Internet itself." Kascade uses a a mini-browser to look at directories from the net and can transfer the item of interest to a web browser. The mini-browser has a built in chat feature so that users can communicate with other people who are browsing the directory. This looks to be an interesting project, the developers are seeking contributors to help build directory structures.

Education

SEUL/edu Linux In Education Report for December 4. Issue 34 of the SEUL/edu Linux In Education report has been released. Features include retrieving weather information for schools, the reappearance of KDE-EDU, and searching for the roots of words.

French translation of Freeduc FAC (Ofset). The Ofset Project has announced a French Translation of the Freeduc FAQ by Guillaume Allegre. The Freeduc project is a Free Education software database.

Games

Latest news from WorldForge games. The WorldForge project continues on its quest to make open-source "massively multi-player online roll playing games". The latest news from the site includes articles on collision research and rendering Variable Terrain Height in an isometric client.

Embedded Systems

Embedded Linux Newsletter - November 30th, 2000 (LinuxDevices.com). The Embedded Linux Newsletter is out for the week of November 30th. Topics include embedding Linux on the M-System DiskOnChip and a browser controlled MP3 player mini-howto.

AbsoluteX X Window System toolkit (LinuxDevices). AbsoluteX is an LGPL-licensed class library for use with the X window system that was introduced at the Atlanta Linux Showcase. Linux Devices has run an article that discusses AbsoluteX. The source code is now available for download.

The Embedded Linux Quick Reference Guide (LinuxDevices). LinuxDevices has published two new parts in the online series on Embedded Linux, see The Embedded Linux Overview Quick Reference Guide and The Embedded Linux Distributions Quick Reference Guide for lots of useful information on embedded Linux.

Interoperability

Wine Weekly News for December 4, 2000. The December 4, 2000 issue of the Wine Weekly News is out. News includes the release of Wine-20001202 which features a new winemaker script, new DLL import mechanism, and internationalization and portability bug fixes.

Mail Software

Mailman 2.0 released. The 2.0 release of the Mailman mailing list manager has been announced. "Mailman has most of the features that people want in a mailing list management system, including built-in archiving, mail-to-news gateways, spam filters, bounce detection, digest delivery, and so on."

Network Management

OpenNMS Update. The OpenNMS update for December 5 is out. It covers the new "Testdrive" release, which is apparently aimed at inclusion in a forthcoming release from "one of the major Linux distributions." If you're curious about what's inside OpenNMS, this update is a good place to start.

Office Applications

Free Photoshop for the people (Salon). Salon has run an article about the Berkeley eXperimental Computing Facility, where the GIMP was born. "'It's almost like it's our duty to create cool things for the world,' says Spencer Kimball, who co-wrote both the GIMP and the Unix versions of Gnutella." The article has lots of interesting trivia on the group.

On the Desktop

KDE 2.0.1 Available. The latest release of KDE, version 2.0.1, has hit the streets. This release is primarily a bug fix release with the goal of more complete documentation and language translations, so there were relatively few code updates. Some of those changes include:

  • Japanese language support added, Chinese language support improved.
  • KMail's compatibility problem with some POP3 servers has been fixed
  • lots of fixes for the KDE web browser, Konqueror

Alpha Blending (KDE Dot News). KDE Dot News posted some screenshots of alpha-blended icons on the KDE desktop and the Konqueror web browser. The Linux desktop just keeps looking better and better.

Keith Packard is also working on the addition of anti-aliased text to KDE, the code is not ready for prime time yet, but the screenshots look good.

The People Behind KDE: Matthias Elter. This week's "The People Behind KDE" features an interview with Matthias Elter.

Programming GNOME Applications with Perl, Part Two (Perl.com). The second part in the series on programming GNOME applications with Perl has been published on Perl.com. "When designing user interfaces, we need to consider what provides users with the most useful and intuitive view of their data, without overcrowding them. What do we need to be able to get at easily when we're using the application? There are two parts to this question: actions that we can perform, and data we can see."

The Evolution of Evolution: Steady Progress (LinuxPlanet). LinuxPlanet's Michael Hall writes about his experiences with Evolution. "The last time I looked at Evolution, the hackers at Helix Code were putting it in front of the public as an actual release for the very first time. As a functioning mock-up, it showed a lot of promise, but there was no way I was letting it near my mail. Since then, we're a few preview releases down the road and it's conceivable that if you're a GNOME fan who's curious about the project, and you can put up with the rough patches Evolution will still throw at you, you could probably start using it today on at least a limited basis."

Science

Journal of Open Source Medical Computing First Call (LinuxMedNews). Linux Med News announced the existence of the Journal of Open Source Medical Computing The Journal is "an electronic forum for disseminating information on free and open source medical computing. Scholarly work on any aspect of free and open source medical computing will be considered for peer-reviewed publication." The new journal has announced its first call for papers.

Web-site Development

new ZODB project on SourceForge. Andrew Kuchling has announced the creation of a new Zope Object Database project on SourceForge. He followed the announcement up with this note that describes some recent changes to the code.

Feasting on life with veteran programmer Ken Manheimer (NewsForge). NewsForge takes a look at Ken Manheimer, who is currently working for Digital Creations. "Like most, he started with BASIC and FORTRAN and since has: Worked with LISP, contributed to emacs (including incorporating icomplete.el and allout.el), studied Scheme, researched and developed Knowbot, resurrected Mailman after the original was decimated in a systems crash, contributed to and administered Python, enhanced ZWiki, a Zope-based Wiki clone, and so far, while at Digital Creations, has developed an issue tracking system for Zope which passed the first round at the Software Carpentry Competition (had to withdraw after that because of lack of time). "

Section Editor: Forrest Cook


December 7, 2000


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


C

The future according to Dennis Ritchie (LinuxWorld). LinuxWorld has run an interview of Dennis Ritchie, one of the creators of C and Unix. "What is changing is that higher-level languages are becoming much more important as the number of computer-involved people increases. Things that began as neat but small tools, like Perl or Python, say, are suddenly more central in the whole scheme of things. The kind of programming that C provides will probably remain similar absolutely or slowly decline in usage, but relatively, JavaScript or its variants, or XML, will continue to become more central."

ERLANG

Erlang patch release R7B-1 is out. Patch release R7B-1 of ERLANG has been released. See the readme for details, the source can be downloaded here.

Perl

Perl5-porters for December 4, 2000. The December 4, 2000 issue of Perl5-porters is out. This edition covers regression testing, regular expression bugs, PerlIO news, and Dodgy Function Names, as well as other topics.

Perl Module Advent Calendar. See the Perl Module Advent Calendar to get a new Perl module each day in December through Christmas day. Now we have proof that Perl hackers are truly religious about their favorite language.

Beginner's Introduction to Perl (perl.com). Doug Sheppard has published the second and third articles in his Beginner's Introduction to Perl series on perl.com. If you have not seen it yet, you may want to start with the first article in the series.

Python

Python-dev summary. Here is A.M. Kuchling's Python-dev summary for November 16-30. It covers the need (or lack thereof) for Python standards and a few other development topics.

Dr Dobb's Python-URL!. The December 4, 2000 issue of the Dr. Dobb's Python-URL! is out. Among other things, dealing with Linux sound in Python is discussed.

Wiki Python (Python News). O'Reilly's Python News has an article by Stephen Figgins on various Python Wiki programs. Wikis are web sites which are built up from user contributions. The article gives a good overview of the various Wiki projects that are being developed.

Smalltalk

Making Smalltalk (Linux Gazette). In a recent article on Linux Gazette, Jason Steffler discusses Smalltalk and object-oriented programming in general.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


MandrakeSoft up, Red Hat ... up too?. Here in the land of fuzzy math, we've noticed that both MandrakeSoft and Red Hat grew their respective market shares this week, albeit in different parts of the planet.

According to a BCN Market View survey of 316 outlets for computer retail sales companies in Japan, Red Hat Linux 7 sales represented 40% of all Linux sales in that country. The BCN survey is conducted yearly, but Red Hat Linux 7 has only been available in Japan since October. Does this mean, at this rate, that Red Hat would have nearly total market penetration after a full year of sales? Or is this representative of only a spike in sales for a specific product and that, over the year, that spike would level out and more realistic figures would show some other distribution (TurboLinux, perhaps) as the market leader in Japan?

In the US, according to a press release from MandrakeSoft, Linux-Mandrake has edged ahead of Red Hat in retail sales from January through September 2000:

  • Linux-Mandrake 28.8%
  • Red Hat (RHAT) 28.7%
  • Corel (CORL) 14.4%
  • SuSe 9%
  • Turbo Linux 6%
  • Caldera (CALD) 5.8%
  • Others 6.3%
The figures listed are attributed to PC Data, though it's not specified how the numbers were acquired.

While numbers like this are great for businesses, they do little for the consumer. Any set of numbers can be cooked to look just right, especially if taken out of context or applied without sufficient supporting information. Despite this apparent lack of meaning, these numbers do show us the one thing we really care about - no one distribution is in control of the Linux market place.

Sun releases Solaris 8 source. Sun Microsystems has released the source code for Solaris 8 for download. The license, of course, is not free software, and Sun will not let you near the source until you have faxed in a signed agreement. It is available free of charge, though, for those who agree to the terms.

It would be well to keep in mind the possible troubles that could arise from access to the Solaris source, since it can not be integrated into Linux. See The Solaris Trap for LWN's thoughts on that issue back in 1999.

Announcement of Eazel/Dell partnership. Here is the press release confirming the deal between Dell and Eazel. As expected, Dell will be shipping Eazel's environment on its desktop and notebook systems. Dell will also be including Eazel's software update ("Software Catalog") and "Online Storage" services. There is also an (undisclosed) equity investment in Eazel from Dell Ventures.

SuSE Linux Announces Strategic Partnership With SGI. SGI and SuSE have announced a strategic partnership. As part of the agreement, SGI has taken an equity investment in SuSE.

Lutris, Motorola in development deal for Java phones (ZDNet). ZDnet is reporting that Lutis and Motorola will sign a deal on Monday relating to Java-based phones. "The deal will integrate Lutris' Enhydra application server, which is open source, with Motorola's iDEN handsets, expected to be the first phones compliant with Sun Microsystems Inc.'s Java 2 Micro Edition."

Telia goes for Linux on the S/390. According to Reuters, Telia, the Swedish telecom and Internet service provider, is replacing 70 Sun Microsystems servers with one IBM mainframe computer running Linux.

Mountain View Data launches Intermezzo file system. Mountain View Data, the company started by Peter Braam and Turbolinux founders Cliff and Iris Miller, has announced the availability of the beta 1.0 release of the InterMezzo high availability filesystem.

VA Linux launches 'SourceForge OnSite'. VA Linux Systems has come up with a way of making money off SourceForge. Essentially, for an ongoing fee, the company will deploy a small SourceForge-like system at a customer's site, to be used for internal collaborative development. It's essentially a software development environment appliance. Agilent Technologies is an initial customer.

Terra Soft Ships Portable PowerPC Linux Cluster. Terra Soft has announced the availability of the "iDitarod," a portable, PowerPC-based cluster system. At 150 pounds, it's not quite in the laptop class, but a dedicated group of people could indeed move it around. We also have a picture of this cluster; it is a cute package.

CodeWeavers Launches Developer Web Site For Wine Project. CodeWeavers, a Windows-to-Linux software company, has introduced a new web site for Wine developers. This site is a development site providing tools, information, and other resources for programmers involved with the commercial-quality version of Wine.

VMware Announces Preferred Hardware Partner Program. VMWare announced its Preferred Hardware Partner Program this week. Founding partners in the program include Compaq, Dell, IBM and VA Linux.

VMWare also announced its Professional Services Organization (PSO), which includes customer support, education and consulting services.

Letter from the Chairman and the CEO of EBIZ. EBIZ has released a letter to its shareholders telling them about how things are going to be better in the future. It covers the LinuxMall and Jones Business Systems acquisitions, investments from Caldera, and more. "With the recent purchase of SCO UNIX by Caldera Systems Inc., a major Linux software company, many of those UNIX VARs see Linux as the natural migration path for their business. The EBIZ acquisition of JBSi turns that migration path into a superhighway and will dramatically increase the number of VARs providing Linux solutions."

China Netcom Makes Long Term Commitment to Adopt Bluepoint Linux. Bluepoint Linux Software Corp. announced the signing of an agreement with China Netcom, one of the largest telecommunications companies in China. China Netcom is owned by the Chinese Academy of Sciences, the State Administration of Radio, Film & TV, the China Ministry of Railroad, and the Shanghai City Government. According to the agreement, China Netcom will use Bluepoint Linux Operating System on its servers nationwide.

Sun Microsystems Announces Early Access To Java Technologies for XML. Sun Microsystems announced the early access availability of two Java technology API's for the Extensible Markup Language (XML): the Java API for XML Messaging (JAXM) and the Java API for XML Parsing (JAXP). Both APIs are downloadable free of charge through Sun's Java Developer Connection Connection at http://java.sun.com/jdc/.

Wing IDE For Python. Archaeopteryx Software, Inc. announced the release of version 1.0 of its integrated development environment, Wing IDE, for Python. The proprietary package includes a graphical debugger, code browser, source code editor, and a project manager.

Multicast Technologies Releases Multicast Player. Multicast Technologies, Inc., has released the MCT Player, a multicast MP3 player. The MCT Player is available for Linux as a free download from the company's audio station.

Press Releases:

Open Source Products

Unless specified, license is unverified.

  • IBM (ARMONK, N.Y.) and its subsidiary Tivoli announced a new technology initiative, code-named Storage Tank(TM), designed as a universal storage system capable of sharing data across any storage hardware, platform or operating system. Tivoli plans to provide an open source Linux version of the Storage Tank client technology.

  • Imperial Software Technology (PALO ALTO, Calif.) announced the launch of a new Web site, http://www.motifdeveloper.com, a free resource for programmers building graphical applications using the Motif(R) toolkit on the X Window System.

  • OpenNMS.org released version 0.4.0, the first public release of its network open source management softare. Features include a graphical "Drag and Drop" administration interface, event Management, TCP/IP-based discovery and monitoring, and a graphical rule builder.

  • Turbolinux, Inc. (SAN FRANCISCO) announced the release of UNICON 3.0 to the Open Source community.

Commercial Products for Linux

  • 3Com Corporation (SANTA CLARA, Calif.) announced the 3Com(R) EtherLink Server 10/100 PCI dual port network interface card. Linux 32 and 64 bit drivers are available.

  • AbriaSoft (FREMONT, CA) announced its release of Abria SQL Standard 2.1 for Redhat Linux and Microsoft Windows platforms. The product integrates a secure 'SSL' flavor of Apache, the world's leading web server with MySQL, the most popular open source database.

  • Dell (NEW YORK) announced the PowerEdge 1550, which comes with the option of factory installed with Red Hat 7.

  • Interphase Corporation (DALLAS) announced the availability of its 2 Gigabit Fibre Channel Host Bus Adapter (HBA) with advanced clustering capabilities, which includes Linux driver support.

  • Micromuse Inc. (SAN FRANCISCO) announced the availability of its Netcool/Internet Service Monitors (Netcool/ISMs) version 2.0 software suite for the RedHat Linux(R) operating system platforms.

Products and Services Using Linux

  • BakBone Software (TOKYO) announced that its NetVault software supports Miracle(TM) Linux.

  • Maxspeed (PALO ALTO, CA) announced the latest generation of its MaxStation ultra-thin client, the PGX 2000.

  • NetMAX, (ANN ARBOR, Mich.) a division of Cybernet Systems, announced the general availability of the NetMAX VPN Server Suite.

  • Strategic Concepts, Inc. (BENTONVILLE, Ark.) released its advanced vehicle monitoring system interface. This new interface allows Strategy5 users to download state line crossing odometer readings, driver and vehicle performance statistics and vehicle fault codes from tracking system providers including MOTIENT and QUALCOMM.

  • Turbolinux, Inc. (SAN FRANCISCO) announced that Mega Co., Ltd., an independent Internet service provider (ISP) based in Tokyo, has adopted Turbolinux Cluster Server for its clustered server system featuring total disk storage capacity of 1.5 terabytes and serving more than 100,000 corporate customers. The new clustered server system was designed and implemented by Hitachi Engineering Co., Ltd., a Turbolinux partner in clustering technology.

Products with Linux Versions

  • eVault, Inc. (WALNUT CREEK, Calif.) announced the release of VytalVault 3.1, the newest version of its Internet-based server backup solution. Support for Red Hat 6.2 is provided in this release.

  • InstallShield Software Corp. (SCHAUMBURG, Ill.) announced the availability of three new InstallShield(R) Multi-Platform Edition products: InstallShield Express(TM) -- Multi-Platform Edition, InstallShield Professional(TM) -- Multi-Platform Edition, and InstallShield Enterprise(TM) -- Multi-Platform Edition. Versions are available for Red Hat, Caldera OpenLinux, SuSE Linux, TurboLinux.

  • JetForm(R) Corporation (OTTAWA) introduced JetForm Output Pak(TM) for SAP(TM) R/3(TM) 5.3. Support for Linux has been added to this version.

  • Kinecta Corporation (WASHINGTON) announced plans to deliver its free content distribution tool, Kinecta Syndicator Lite. Kinecta Syndicator Lite, based on the ICE (Information and Content Exchange) standard, allows for automating ongoing business-to-business content delivery instead of relying on e-mail or FTP.

  • Novadigm, Inc. (EMERYVILLE, Calif.) announced the release and availability of Internet-based Radia(R) Inventory Manager. Versions are available for Red Hat and Debian Linux distributions.

  • Omegon Ltd. (LEBANON, N.J.) announced the addition of new web server and dial-up tests to its flagship product, the NetAlly(R) solution. The tests are currently available for NetAlly Traffic Agents running on a Linux platform.

  • Progress Software Corporation (BEDFORD, Mass.) announced it has begun shipping Progress SonicMQ(TM) Version 3.0, the next generation of its E-Business Messaging Server for scalable and secure transport of business-critical data over the Internet.

  • VMware, Inc. (PALO ALTO, Calif.) announced two new software products: VMware GSX Server and VMware ESX Server. VMware will ship a version of the GSX Server that runs on servers with Linux operating systems in January 2001. ESX Server does not require a host operating system.

Java Products

  • The Apache Software Foundation has released a beta version of Batik, the Scalable Vector Graphics toolkit for Java.

  • ParaSoft (MONROVIA, Calif.) announced the release of Jtest for Linux, a unit testing tool for Java.

Books and Training

  • Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C. & SAN FRANCISCO, Calif.) announced the availability of a complete e-learning curriculum for the Red Hat Certified Engineer certification (RHCE). The curriculum was built according to Red Hat specifications in partnership with DigitalThink.

  • Wave Technologies (ST. LOUIS) announced that the Japanese translation of its Linux Career Pack has been completed as part of a master distribution agreement with Information Quarry Systems (IQS), a custom software solution provider in Tokyo. In addition, translation of SAIR's instructor-led training and testing curricula is also nearing completion. Under terms of the agreement, IQS will deliver the vendor-neutral programs to a worldwide network of Japanese-speaking IT professionals.

Partnerships

  • Ariel Corp. (CRANBURY, N.J.) announced that it has signed a reseller agreement with RLM Group, a provider of build-to-order white box systems, computer components and peripherals.

  • MontaVista Software, Inc. (SUNNYVALE, Calif.) developer of the Hard Hat(TM) Linux operating system for embedded applications, announced the start of subscriptions and professional services for Hard Hat Linux in Korea. These subscriptions and services are being offered through Adelinux, Inc.

  • Lineo, Inc. (LINDON, Utah) announced they will form a strategic partnership and will sign a global distribution agreement. Under terms of the agreement, Lineo will be a preferred embedded Linux vendor for Espial TotalIA.

  • PartnerAxis (OREM, Utah) , a wholly owned subsidiary of EBIZ Enterprises Inc., announced its partnership with NeTraverse. In the newly created alliance, PartnerAxis will consult with NeTraverse on its recently released Win4Lin 2.0 Desktop solution to build awareness in the Linux channel.

  • V-ONE Corporation (GERMANTOWN, Md.) announced a distribution agreement with Tech Data Corporation, a provider of IT products and logistic management services.

  • Xybernaut Corporation (FAIRFAX, Va., and RIO DE JANEIRO, Brazil) announced the first of twelve foreign educational seminars on wearable computing.

Investments and Acquisitions

  • BSDi announced that the company has received an investment totaling $4 million from several Japanese strategic partners, including GLQ Entrepia Inc., the venture capital arm of Nissho Iwai American Corporation.

Financial Results, Stock News

  • Caldera Systems, Inc. finacial results for the year are in. The reported revenue of $1.2 million for the three months ended October 31, 2000, a 34% increase over the comparable three months of the previous fiscal year. For the year ended October 31, 2000, revenue was $4.3 million compared to $3.1 million for the previous year, an increase of 40%.

  • Eon Communications Corp. lost 9 cents a share the quarter ended Oct. 31, compared with net revenue of 4 cents a share in the same quarter of 1999. eOn also announced on Wednesday the addition of E-mail queuing capabilities to its Linux-based communications systems for remote customer contact agents.

  • LinuxWizardry Systems, Inc. (VANCOUVER, British Columbia) announced that the Board of Directors has approved a share dividend of its wholly owned subsidiary, LinuxWizardry, Inc.

  • Quintalinux Limited (KOWLOON BAY, Hong Kong) reported receiving favorable comments about the company's outlook from Stockprowler at www.stockprowler.com.

  • SSH Communications has filed for a listing on the Helsinki Exchanges in preparation for their IPO.

Personnel

  • Caldera Systems, Inc. (OREM, Utah) named Edgie E. Donakey to the position of vice president and chief of staff.

  • DevelopOnline Corp. (TEMPE, Ariz.) announced the appointments of additional executives. Joining the staff as chief technology officer (CTO) is David Mandala, who most recently was senior engineering director of Linuxcare.

  • Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) named Dr. James Neiser chief marketing officer.

  • VMware, Inc. (PALO ALTO, Calif.) announced that three new executives have joined the company in key management positions. Mike Everett is the company's new Chief Financial Officer, Bill Rudiak assumes the newly created position of Vice President, Professional Services, and Susan Thomas is the new Vice President of Marketing.

Linux At Work

  • Dirig Software (NASHUA, N.H.) announced that Cass Information Systems, Inc. has selected the Dirig Linux SMART Plug-in (SPI) for OpenView Express to manage their Linux systems used in the company's infrastructure. Dirig also announced the official certification by Hewlett Packard of the Dirig developed Linux SPI.

  • NetNation Communications, Inc. (VANCOUVER, B.C.) a web hosting, domain name registrar (DNR) and application service provider (ASP), and Stormix Technologies Inc. have been chosen by Tribal DDB Canada, a member of DDB Worldwide for its Intranet for internal and client communications.

Other

  • BSDi announced the release of BSD/OS 4.2.

  • Lineo, Inc. (LINDON, Utah) announced the shipment of the Lineo Embedix software development kit (SDK) for Windows(R), the software that allows Windows developers to develop embedded Linux solutions in their familiar Windows NT 4.0 or Windows 2000 hosted environments.

  • Linuxcare, Inc. (SAN FRANCISCO) added the following 10 companies to its customer base: Adaptec, Digital Island, Ecrix Corporation, Ivenue.com, Maxtor, SGI, Espial, 3ware, VERITAS Software and WSE/Honeywell.

  • LinuxWizardry Systems, Inc. (BOCA RATON, Fla.) announced that the company reached six million people during their activities at the Comdex Computer Expo in Las Vegas, NV during the week of November 13, 2000.

Section Editor: Michael J. Hammel.


December 7, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Researchers Say Independent Review Of Carnivore Flawed (Newsbytes). According to a Newsbytes story, a team of researchers and academicians has deconstructed the findings of an independent review team charged with evaluating the FBI's e-mail surveillance tool "Carnivore," saying the team's findings gloss over some serious legal and technical concerns.

Open source policy (Business 2.0). Business 2.0 asks whether a net-oriented company can run completely on open source software. "Most key enterprise-class components such as database software and transaction processing tools remain proprietary products. Even with the January release of Borland/ Inprise's InterBase database to the open source community, there has not been an open source kernel available for long enough-nor a developers' community large enough, such as the one Linux enjoys-to create a full-featured product to handle online business needs. Still, the March release of the Enhydra application server brings businesses one step closer."

Inside The KLAT2 Supercomputer (Ars Technica). Ars Technica is carrying a detailed article on the KLAT2 Beowulf cluster, with an emphasis on its networking design. "In the end, we didn't design KLAT2's Flat Network Neighborhood. Instead, we built a genetic search algorithm (GA) that does it for us. In fact, it not only finds solutions to the aforementioned interconnect problem, but it optimizes the solutions so that the additional bandwidth is placed where it will improve the most important communication patterns."

Linux Gazette issue #60. The December 2000 issue of the Linux Gazette has been posted. Articles of interesting include a report on the Super Computing 2000 show, a review of Heroes of Might and Magic III, and using GnuPG.

Copyright Act Faces Big Test (Wired). Wired News reports on the upcoming review of the Digital Millennium Copyright Act. "When music is streamed, webcasters are required to pay a performance royalty. In order to generate smooth playback of incoming streams, computers temporarily store some of the data in memory in a RAM buffer. Music publishers have stated that the data in this buffer should be considered a physical creation that would require webcasters to pay a mechanical royalty, similar to what they pay for downloads or CDs."

Companies

Startup unveils tiny `Linux-like' OS for Internet appliances (LinuxDevices.com). According to a LinuxDevices.com news story, DSPsoft Inc. (Sunnyvale, CA) has unveiled UnixCE, a small footprint `Linux-like' operating system for resource constrained Internet appliances and mobile devices.

Dell fumbles open source desktop gambit (The Register). The Register is not impressed with Dell's investment in Eazel. "Call us cynical, but the choice of Gnome/Nautilus is what you'd expect if you dragged a trainee PR intern off the street, and threatened to hit them with a rock until they came up with two leading open source names. This really is strategy dictated by short-haul in-flight magazines."

Linux looming large for Big Blue (ZDNet). ZDNet reports from IBM's internal Linux summit. "'Initiatives that allow (Linux) to effectively host 100 million mailboxes and run huge backbones for mail systems are exciting for us,' said Greg Olson, co-founder and chairman of Sendmail Inc., in Emeryville, Calif. Sendmail uses an IBM Linux mainframe for development and runs a host of Linux servers."

Commentary: Hewlett-Packard takes out Linux insurance (News.com). News.com is carrying a cynical pronouncement from the Meta Group on the hiring of Bruce Perens by HP. "Hewlett-Packard is taking out cheap insurance with its hiring of open-source advocate Bruce Perens, just in case Linux becomes more of a force in the marketplace than anyone expects. Users negotiating with HP can use this new commitment to Linux as a ploy in negotiations, but they should not expect HP to develop Linux into a replacement for HP-UX."

HP hires Linux luminary (News.com). Here is a News.com article, on Bruce Perens' new job at HP. "Perens took the job after deciding his previous endeavor, the Linux Venture Group, didn't have a future. 'The stock market is just not the place to be right now,' he said."

Red Hat closes trio of offices, lays off 20 (News.com). News.com covers the latest layoffs at Red Hat. "Red Hat laid off personnel doing duplicate work, said spokeswoman Melissa London. 'Nine acquisitions in the past year created a lot of redundancies,' she said. The company now has 550 employees, she said."

Red Hat Closing S.F. Office (Wired). Wired News reports on the closing of Red Hat's San Francisco office. "Although Red Hat continues to use the Web for distribution and support, several sources within the company say that management has continually changed plans or has badly bungled implementation of its online strategy."

Koreans claim world's first Linux-enabled cellphone (LinuxDevices.com). Two Korean companies, PalmPalm Technology and SK Telecom, along with the Seoul National University have put Linux into a CDMA phone system. "The device, which contains an Embedded Linux operating system, combines smart phone and PDA functionality within a compact handheld device, and offers multimedia capabilities that include animation, MP3, and video communication. Based on its built-in Bluetooth wireless interface, users can even play network games between devices."

Business

Did Netscape jump the gun with new browser? (News.com). C|Net News.com ponders whether Netscape released their 6.0 browser a bit too early. "Some supporters say problems with the release indicate that Netscape should have waited until its open-source group, Mozilla.org, released its own version 1.0 browser, which isn't due for another five months."

Cash Registers Are Ringing Up Sales With Linux (TechWeb). Linux deployments abound in this story from TechWeb. "But that's changing. In January, Musicland Stores Corp., the Minnetonka, Minn., company that owns Sam Goody, will start installing new Linux- and Java-based cash registers from IBM."

ReplayTV's downturn doesn't faze TiVo chief (News.com). The future of TiVo and its Linux-based recorders is questioned in this article from C|Net's News.com. "Eventually, Ramsay also sees TiVo taking on the roll of real estate broker for a hard drive that could provide numerous services throughout the living room. For example, TiVo could partner with video game or music companies that could use the extra disk space to distribute their content over TiVo's Linux-based platform."

No Safe Harbor for Microsoft (TechWeb). IBM has aimed its big guns directly at Microsoft, according to this Network Computing article. And it's using Linux for the bullets. "And as it happens, these dedicated servers are best configured with Linux. Actually, the servers priced at less than $1,000 don't include an OS, but IBM has stated it will charge the MSRP for an installation of either Linux or Windows 2000. Given the price-conscious nature of this sector, Linux would be the odds-on favorite, since it typically costs no more than a fifth the price of Windows 2000."

Pepperoni, Extra Cheese, And Linux (TechWeb). Information Week gives us this Linux success story, where pizza-related restaurants are now serving penguin. `Even more important, though, says Ken Hoogstraal, Donato's director of restaurant technology, was Linux' resiliency. Under the old system, a power outage that took out a store server often meant two to three hours of downtime to rebuild the system. "That's time we're not taking orders," Hoogstraal says. "If it happens on a Friday or Saturday night, it could really put the restaurant in a tailspin." The Linux systems seem to come back up much more reliably after an unplanned outage.'

Resources

Linux Power Tuning (TechWeb). Here's a how-to article on Linux performance tuning on TechWeb. "There is one value you should consider disabling: 'TCP Timestamps.' According to the TCP/IP specification, time-stamping is optional, so turning it off will not break interoperability. Time stamps are intended to provide round-trip timing of packets to enable congestion control algorithms. They aren't needed if the majority of your network connections come from high-speed, non-congested local networks."

Device Profile: VTech Helio PDA (LinuxDevices.com). LinuxDevices published its latest device profile this week: the VTech Helio PDA. "Not surprisingly, in light of intense competition from the growing number of PDAs that run PalmOS, Windows CE (Pocket PC), or Embedded Linux, VTech has lately begun to express a strong interest in supporting an alternative, more "open" OS. Accordingly, two variants of Embedded Linux are currently being brought up on the device."

DIY embedded Linux mp3 stereo (ZDNet). A mini-Howto for experienced developers from ZDNet shows how to build an mp3 player appliance on Embedded Linux. "Its embedded software (kernel, utilities, and application) image is small enough to fit on a floppy, so you could easily install it in a DiskOnChip Flash device within a compact, appliance-like system. You control the resulting MP3 player using a web browser on a separate computer."

Keep Tux Safe (ZDNet). Keeping Linux safe is mostly a matter of diligence, according to a ZDNet article on Linux security. "Until someone designs an operating system that reads minds, security will depend on diligent configuration and administration, no matter what OS software you use. Your Linux machine can be extremely secure, but it's not going to get there on its own."

Reviews

Linux 2.4 kernel (ZDNet). Here is a short take on what is in the upcoming 2.4 kernel, ZDNet style. "The Linux 2.4 kernel development process has focused on improving performance on larger machines and building in support for new hardware options such as Universal Serial Bus and architectures such as Intel Corp.'s 64-bit Itanium and IBM's S/390."

Caldera Edges Linux Closer To Enterprise With Volution (TechWeb). Network Computing takes Caldera's network management package, Volution, for a test drive. "If Volution reaches its natural conclusion, Linux systems will ship with Volution clients pre-installed. When systems reach their final destinations, they will simply need to be powered on to find a workstation-creation daemon to connect them with a data repository. However, this beta version of Volution shows it has a long way to go to reach the maturity of ZENworks and eDirectory, and it lags behind Active Directory policies and profiles as well."

Blender 2.0 - The gameBlender (LinuxLookup). A short review and not very detailed (for such a sophisticated application), LinuxLookup has posted a review of NaN's Blender 2.0, aka gameBlender. "For as great as Blender sounds, it also has its negative attributes. For instance there is definitely a steep learning curve that one has to overcome if the plan is doing anything more than rendering a ball on a plane. There is no free documentation to help you get by. You can purchase a users manual for about $40 US, and tutorial guides for about $20 US a pop."

Darwin Continues Open Source Evolution (LinuxNews.com). Another look at Mac OS X, aka Darwin, and its BSD roots, this time from LinuxNews.com. `According to Prabhakar, the BSD community has been a great asset to Apple in producing quality software throughout the history of their long partnership. "Having the BSD community welcome us, and having key people like [FreeBSD's] Jordan Hubbard, who's written articles that are extremely valuable, and the number of people who've spent ungodly amounts of time finding and fixing bugs in Darwin that were useful but not a top priority for us at Apple, is of enormous benefit to customers," Prabhakar said.'

Interviews

Greg Haerr on the past, present, and future of Microwindows (LinuxDevices.com). LinuxDevices.com interviews the founder of the Microwindows project and current CEO of Century Software, Greg Haerr. "especially in the graphical area in which I'm focused, software developers and systems architects want to leverage the tremendous success that has occurred on the desktop to more portable devices. There's no need to reinvent the wheel when so many applications that have propelled the desktop forward can now be used to enable wireless handheld computing."

Miscellaneous

.comment: Making Money on Free Software? (LinuxPlanet). Here's a wandering editorial on LinuxPlanet on whether it's possible to make money from free software. "But I think that the Linux companies, at least some of them, have a better than even chance of succeeding despite the potholes and barricades. Here's why: They're committed to making it work. They're hard-working. Though some of them were maybe a little profligate after the injections of money, either by venture capitalists or IPOs, I don't think any has an immutable corporate philosophy of reality denial. They'll adapt."

Linux in Polish parliament (Linux News Poland). The Polish Parliament has installed 100 Linux-based X-terminals in its offices. Marek Pokulniewicz, the main computer specialist in the Polish Parliament, has provided a write up and some pictures of the setup.

Mike Muuss, author of `ping', killed in car accident. According to stories in Salon.com and The Register, Mike Muuss, author of the standard Unix utility ping, was killed in a car accident last Monday night. "The Unix community is mourning its loss, and not just because by all accounts Mike Muuss was a real nice guy and the software he donated to the public was incredibly useful."

The Case For Open Source (TechWeb). President and CEO Bill Portelli of CollabNet gives his perspective on why open source is the right way in this Information Week editorial. "With open-source development, companies and users bypass these delays. Using the Internet to facilitate source-code release, companies such as Hewlett-Packard, IBM, Intel, and Sun Microsystems are gaining competitive advantages, generating long-term revenue and increasing market share."

Why I use OpenBSD (ZDNet). Security is the main reason behind one man's choice of OpenBSD for his network infrastructure in this ZDNet article. "OpenBSD's claim to fame is its focus on integrated security and cryptography. To this end, the OpenBSD developers spend a substantial amount of their time auditing the core OS source in an effort to find and fix bugs with security ramifications before they're actually exploited."

A platform of a different color (TechWeb). TechWeb reviews the Cobalt Qube3. "We won't say that it's the equal of NetWare, Unix or Windows platforms, but the Linux-based Qube 3 is turning into an attractive powerhouse of its own."

Section Editor: Rebecca Sobol


December 7, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

Tip Of The Week: Title Your Terminal (Part 2). If you have ever wanted to customize the title bar on your terminal windows, see the Tip Of the Week from LinuxLookup.

Events

December/January/February events.
Date Event Location
November 15 - December 15, 2000. UMeet2000 Virtual Meeting On the Internet
December 15 - December 17, 2000. LinuxFEST Belgrade, Yugoslavia.
January 17 - January 20, 2001. linux.conf.au University of New South Wales, Sydney, Australia.
January 30 - February 2, 2001. LinuxWorld Conference & Expo Jacob Javits Convention Center, New York, NY.
January 31 - February 2, 2001. Linux Expo Paris Paris, France.
February 3 - February 4, 2001. Open Source and Free Software Developer's Meeting Brussels Brussels, Belgium.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

deepLINUX is now PORTABLE!. The deepLINUX portal has announced a WAP enabled website that allows you to view the site with your cell phone or PDA.

User Group News

Lane Community College Open Source Computer Group. The LCC Open Source Computer Group has recently been formed at Lane Community College in Eugene, Oregon. The group's mission is to create an open source community at LCC.

LUG Events: December 6, 2000 - January 31, 2001.
Date Event Location
December 7, 2000. Edinburgh Linux Users Group Holyrood Tavern, Edinburgh, Scotland.
December 9, 2000. Route 66 Linux Users Group La Verne, California.
December 9, 2000. Greater London Linux User Group Eisai Lounge, University College, London, UK.
December 12, 2000. Long Island Linux Users Group SUNY Farmingdale, NY.
December 13, 2000. Columbia Area Linux Users Group Capita Technologies Training Center, Columbia, MD.
December 13, 2000. Toledo Area Linux Users Group Toledo, OH.
December 14, 2000. Linux, Running Applications Delfzijl, Netherlands.
December 14, 2000. Phoenix Linux Users Group Sequoia Charter School, Mesa, AZ.
December 14, 2000. Boulder Linux Users Group NIST Radio Building, Boulder, CO.
December 16, 2000. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
December 16, 2000. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
December 17, 2000. Omaha Linux User Group Omaha, Nebraska.
December 17, 2000. Beachside Linux User Group Conway, South Carolina.
December 18, 2000. Linux Users' Group of Davis Z-World, Davis, CA.
December 19, 2000. Hazelwood Linux User Group Prairie Commons Branch Library, Hazelwood, Missouri.
December 19, 2000. Kansas City Linux Users Group Installfest Kansas City Public Library, Kansas City, MO.
December 19, 2000. Bay Area Linux User Group Chinatown, San Francisco, California.
December 20, 2000. Arizona State University Linux Users Group Tempe, AZ.
December 20, 2000. Linux User Group of Groningen Groningen, Netherlands.
December 20, 2000. Central Iowa Linux Users Group West Des Moines, IA.
December 21, 2000. Rice University Linux Users Group Rice University, Houston, TX.
December 27, 2000. Linux User Group of Assen Assen, Netherlands.
December 30, 2000. Central Ohio Linux User Group Columbus, Ohio.
January 1, 2001. Rice University Linux Users Group Rice University, Houston, TX.
January 2, 2001. Linux Users' Group of Davis Z-World, Davis, CA.
January 3, 2001. Kansas City Linux Users Group Kansas City Public Library, Kansas City, MO.
January 3, 2001. Southeastern Indiana Linux Users Group Madison/Jefferson County Public Library, Madison, IN.
January 3, 2001. Silicon Valley Linux Users Group Cisco Building 9, San Jose, CA.
January 4, 2001. Edinburgh Linux Users Group Holyrood Tavern, Edinburgh, Scotland.
January 9, 2001. Long Island Linux Users Group SUNY Farmingdale, NY.
January 11, 2001. Boulder Linux Users Group NIST Radio Building, Boulder, CO.
January 13, 2001. Route 66 Linux Users Group La Verne, California.
January 15, 2001. Linux Users' Group of Davis Z-World, Davis, CA.
January 16, 2001. Kansas City Linux Users Group Kansas City Public Library, Kansas City, MO.
January 16, 2001. Bay Area Linux User Group Chinatown, San Francisco, California.
January 17, 2001. Central Iowa Linux Users Group West Des Moines, IA.
January 17, 2001. Arizona State University Linux Users Group Tempe, AZ.
January 18, 2001. Rice University Linux Users Group Rice University, Houston, TX.
January 20, 2001. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
January 18, 2001. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
January 21, 2001. Beachside Linux User Group Conway, South Carolina.
January 27, 2001. Central Ohio Linux User Group Columbus, Ohio.
January 30, 2001. Hazelwood Linux User Group Prairie Commons Branch Library, Hazelwood, Missouri.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


December 7, 2000

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


The Open Source Developers Exchange is meant to be a rallying point for open source developers and their projects. Projects can be registered with an indication of the sort of help they would like to have, and developers can link up with those that are appealing.

Still lacking a decent Linux implementation is IMPS - the Infinite Monkey Protocol Suite. Certainly we could make good use of it over here at LWN...

Section Editor: Jon Corbet


December 7, 2000

   

 

This week in history


Two years ago (December 10, 1998 LWN): IBM released its "Jikes" Java compiler under an almost-open-source license. The first DB2 beta was also put up for free download. Sun announced its support for Linux on the Sparc, SGI announced support for Samba, and joined Linux International as well.

Linus Torvalds was a guest of honor in the Finnish Presidential Palace for the Independence Day celebration. This photo of Linus and Tove is still available online.

ZDNet shows us that some things never change...

Linux is awesome in many ways, but no matter how you slice it, it's still basically an evolved port of a 20+ year-old operating system, and with that age comes a certain amount of baggage. Linux may be far more efficient than Windows, but it still carries the past on its shoulders, and (more importantly) lacks many of the futuristic technologies built into BeOS from the start.

One year ago (December 9, 1999 LWN): Andover.Net went public on December 8, at an initial price of $18 per share; it quickly rose to $63. When the December 9 LWN hit the press, the VA Linux Systems IPO was still looming; check this space next week if you don't know what happened.

Sometime later this week, another Linux-related company, called VA Linux Systems, will go public under the ticker symbol LNUX. It will probably double or triple in price while market pundits criticize it for being another overhyped IPO.
-- Business Week.

Both Cosource.com and SourceXchange officially launched. One year later, both are still at it.

Corel found itself at the center of a controversy again when it refused to allow minors to download its distribution.

Sun announced the release of Java 2 for Linux. The announcement contained no mention of the Blackdown Linux team, which actually did most of the work with this release.

KDevelop 1.0 was released. The XFree86 team announced that XFree86 4.0 would not be out before the end of the year.

Red Hat announced more deals with Dell, including one in which Dell systems would come with 90 days of Red Hat support - which replaced the Linuxcare support that Dell was offering before. O'Reilly, meanwhile, launched the O'Reilly Network.

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
To: letters@lwn.net
Subject: About FrameMaker
From: Damien WYART <wyart@iie.cnam.fr>
Date: 30 Nov 2000 11:04:10 +0100

Dear LWN editors,

First of all, thanks for your excellent job on Linux news.

Your column about FrameMaker for Linux is very interesting. But I think
you forgot to mention (La)TeX as an excellent tool to produce long
documents. Of course, there is no advertising on (La)TeX, so people who
use it have often heard of it by some friend or colleague. Many users
are to be found in universities or research labs.

There are nice Emacs and vim mode availables for editing (La)TeX
documents, and even the basic document styles give quite nice results.
And best of all, it is free software (except for some advanced 3rd party
packages). And ease of use and installation have been really improved
with Sebastian Rahtz's TeXLive distribution. Support for (La)TeX is
really good : many documents float around on the WWW, many books are
available, and newsgroups are very active and helpful.

(La)TeX is very reliable : TeX kernel is believed to have no remaining
bug, and has been existing for more than 20 years !

There is a third way between dead FrameMaker and traditional (often
proprietary) word processors. I think this is worth telling it. No,
using (La)TeX is not so hard ! Yes, using it to write other documents
than scientific articles is common ! Even letters are nicely formatted
by LaTeX.

Best regards, 
-- 
Damien WYART / wyart@iie.cnam.fr
   
Date: Sat, 02 Dec 2000 17:47:31 +0100
From: Fred Mobach <fred@mobach.nl>
To: lwn@lwn.net
Subject: Adobe and FrameMaker

Hello,

Surprising that this Linux Weekly News starts with a _not so_
interesting story on this closed source application ;-). Typesetting is
not my forth or interest and so my interest in FrameMaker is just zero.

Just two general remarks on this subject.

First, it might be possible that the interested GNU/Linux users
recognise the fact that there exists more powerful tools for this kind
of a job than just the expensive FrameMaker, although not really
expensive for those who are professionally working with this tool. They
might also have noticed that their preferred tools are Free Software.

Second, they might have noticed that their data is kept hostage because
of the not-open format in which their data is stored.

I do not object commercial software on my preferred platforms but I do
object the storage of my data in an undocumented format.

Regards,

Fred
-- 
Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976
/"\
\ /
 X  ASCII RIBBON CAMPAIGN
/ \ AGAINST HTML MAIL

   
Date: Tue, 05 Dec 2000 12:35:35 +0200
From: Michel Clasquin <clasqm@mweb.co.za>
Subject: Word processing formats
To: letters@lwn.net

on Sat, 25 Nov 2000, Julio Cesar Gazquez wrote:

"Unfortunately, the world never knew an open, well 
defined, free word processor ...file format."

If you have been around long enough, you might remember XyWrite and its 
offspring Nota Bene. The file format was in plain ASCII - you can hardly get 
more open than that - yet there was very little you couldn't do with it. The 
contemporary equivalent would probably be TeX/LaTeX or XML.

It's a pity that the XyWrite format didn't catch on: if necessary, you could write 
a fully formatted file with footnotes, indents, even graphics,, with nothing more 
than DOS's EDIT. You could even have used COPY CON if you felt the need to 
show off your manhood, and for the true masochist there was, may the gods 
help us, EDLIN. Of course most of us just used the XyWrite program itself: 
even its macros were saved in plain ole ASCII and could be hand-edited outside 
the program.

Unfortunately XyWrite jumped on the Windows/WYSIWYG bandwagon too late, 
and its file format died with it. But even today a lot of Windows wp apps can 
still read and write the XyWrite format. A "Save as XYW" function might not be 
a bad option to take for Linux wp programmers looking for cross-platform 
usability. In particular, translating between TeX or XML and a subset of XYW 
should be a fairly trivial exercise.

   
Date: Thu, 30 Nov 2000 02:19:51 -0600 (CST)
From: Mike Coleman <mcoleman2@kc.rr.com>
To: letters@lwn.net
Subject: Re: Linux and Viruses

Linux may be relatively immune from viruses of the sort now common on the
Windows platform, but as you say, it doesn't necessarily follow that we should
smugly assume that Linux is immune in general.  If you're not at least a
little worried about this problem, you might want to take a look at the
SUBTERFUGUE project motivation document at

		    http://subterfugue.org/motivation.html

for some thoughts on why you *should* be.

Mike Coleman
   
Date: Thu, 30 Nov 2000 10:05:58 -0500
From: "Jay R. Ashworth" <jra@baylink.com>
To: letters@lwn.net
Subject: Universal RPMs.

In last week's LWN, you editorialized a bit on the topic of whether
RPM packages could be installed on multiple distributions, and what
distribution maintainers ought to be doing to make that easier.

Cart?  That thing behind you is a 'horse'.

The problem is that the installation of a package is a point in
system administration that is *very* dependent on an undocumented
system API called the "installation interface"; that is, packages
which need to be installed need to know *a lot*, in many cases, about
the distribution on which they're being installed, in order to put
files in the expected places, set up boot-time start and cron
entries, and many other similar activities.

This is just another place in Unix where the API is loose, and this
particular one is where the Linux Standard Base people and the
Filesystem Standard project are trying to make things a bit easier.

The distro maintainers could make things a bit easier, too, by better
documenting what they *do* have, and there are other things which
could help, too; I'll pick one particular nail to hammer on.

The files on a Red hat distribution (among others) in the
/etc/rc.d/init.d directory constitute a sort of "service manager
interface", in conjunction with SysVinit, they're one of the few
ideas stolen from NT that I like.  But, while many Linux
distributions provide the "chkconfig" command for setting services in
this directory to be enabled or disabled in specific runlevels, that
command doesn't provide a user interface for turning something on or
off, or restarting it, *right now*.  I created my on, called svc:

/etc/rc.d/init.d/$1 $2

Real complicated, right?  People do that all the time, right?  So why
hasn't RH already added that to the distro?

In general, anytime that part of an installation involves "put this
file in the right place" or "change this [parameter in] this system
control file (inittab)", there should probably be a program that does
the work, the call to which can be standardized across systems, and
the underlying actions can be specific to a distribution.

The unifying of installation packages is a laudable goal indeed. 

But let's put the *effort* in the right place, shall we?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida     http://baylink.pitas.com                +1 727 804 5015
   
From: Richard Simpson <rsimpson@ewrcsdra.demon.co.uk>
To: letters@lwn.net
Subject: RPM compatibility across distributions
Date: Thu, 30 Nov 2000 12:06:19 +0000

In your last issue you discussed the problems of having multiple package
formats.  But it would be a good start if distributions could even agree on the
base names for packages.  IMHO SuSE is the main culprit here, although the
others could also get a grip.

As an example, the documentation for python:

RedHat 7.0	python-docs-1.5.2-27
Mandrake 7.2	python-docs-1.5.2-12mdk
OpenLinux	python-doc-1.5.2-1
SuSE 6.4	pyth_doc-1.5.2-118

Apart from 'docs' and 'doc', SuSE is seriously hampered by limiting RPM names
to 8 characters.  Why do they do this?  I tried SuSE for a while, but constant
rpm name conflicts finally drove me away.  They also don't append the version
number to the file name, so if I try to download several versions of a package
(e.g. to try and resolve a problem) they will all be called foo_bar.rpm (even
the Alpha ones!!).

I propose that distributions try to select a common base name (NOT limited to 8
characters, this isn't DOS) and append an abbreviation to the final release
number.  So we could have foo_bar-1.2.3-4mdk, foo_bar-1.2.3-4rh,
foo_bar-1.2.3-4suse etc.  There would be no danger of two different
distributions producing different files with the same name and package
dependency checks would work better.

I agree that this does not solve the rpm/deb/tgz/etc problem, but at least it
is an improvement on where we stand today.

Richard Simpson

-- 
----------------------------------------------------------------------------

Richard Simpson
Farnborough, Hants, Uk                 Fax: 01252 392976
rsimpson@ewrcsdra.demon.co.uk
   
Date: Fri, 1 Dec 2000 09:10:01 +0000
From: Philip Armstrong <phil@kantaka.co.uk>
To: letters@lwn.net
Subject: Re: Linux Package Management Needs a Wakeup Call, LWN 01Dec2000

You write:

"Meanwhile, the true winner will likely be the first distribution
 that can handle both rpm and .deb files."

This is already possible through the alien package under Debian.

However, I think your article (and the original that you reference)
misses the fundamental reason for the packaging incompatabilities, and
why they are never going to be resolved. This is because what counts
is not the packaging format itself, but the policies each distribution
decides on for things like the placement of configuration files,
dependency handling and so on.

It is the establishment of consistent packaging policies that defines
the quality of a given distribution, and it is the mismatch between
the different policies decided on by each of the distributions that
makes it difficult to install packages from 'alien' distributions
cleanly. For instance a RedHat vim package is never going to be aware
of the need to update the /etc/alternatives directory on a Debian
system if necessary.

Things like the LSB allow minimal compatability to be achieved in
regards things like the location of files, but no more.

In the end, the existence of an .rpm or .deb suffix on a package is
irrelevant. What matters is who has packaged it and for which
distribution.

Yours,

Phil Armstrong

-- 
http://www.kantaka.co.uk/ .oOo. public key: http://www.kantaka.co.uk/gpg.txt

   
From: Ronald Cole <ronald@forte-intl.com>
Date: Thu, 30 Nov 2000 14:40:55 -0800 (PST)
To: letters@lwn.net
Subject: static initializers

In my copy of K&&R2, section 4.9 says: "In the absence of explicit
initialization, external and static variables are guaranteed to be
initialized to zero".

So how about a compromise?  Since the redundancy just amounts to
documentation, why not do this:

	       static int some_variable /* = 0 */;

-- 
Forte International, P.O. Box 1412, Ridgecrest, CA  93556-1412
Ronald Cole <ronald@forte-intl.com>      Phone: (760) 499-9142
President, CEO                             Fax: (760) 499-9152
My GPG fingerprint: C3AF 4BE9 BEA6 F1C2 B084  4A88 8851 E6C8 69E3 B00B
   
Date: Fri, 01 Dec 2000 13:02:18 +0000
From: Thomas Sippel - Dau <t.sippel-dau@ic.ac.uk>
To: letters@lwn.net, t.sippel-dau@ic.ac.uk
Subject: Elevator algorithms

Hello,

I saw with interest your discussion of elevator algorithms, and the result
of your tests. My conclusion is that the notion of elevator algorithms 
deserves - well, a shot between the eyes, at least as far as operating 
system kernels are concerned.

There is nothing wrong with the original anlysis, of course. It is no good
wasitng time moving disk arms around and doing very little. What is not
appreciated, however, is that sorting is mostly a martingale:

   suppose s1 .. sn are sorting algorithms, X is a set of objects,
   and S1 .. Sn is the sequencing of the objects in X after they have
   been sorted by algorithm si, i = 1..n. Thus, for all i,

       (X, Si) = si ( X )

   Now a property of sorting is that for any choice of sorts i1 to im

       si1 ( si2 ( ... ( sim ( X ) ) ... ) ) = si1 ( X ) = (X, Si1)

Thus there is no point wasting time on sorting if the data is sorted 
again later on. This is for idealised sorting algorithms, which can
always establish a definite sequencing between two objects - no need 
for secondary keys etc.

However, this is exactly what is happening, whether the kernel sorts I/O
request by block number (or cylinder address) is mostly irrelevant,
the disk has a cache and will sort it again, using - yes, an elevator
algorithm.

Thus you could try to re-run your highly scientific tests with one of:

   o  disabling the cache on the disk (don't know how you would do 
      that, maybe using a 10 year old notebook drive with only 
      256 kb of cache approximates well)

   o  trying to overrun the cache on the disk drive by making every
      i/o request be 85% or so of the cache size, although with SCSI
      callbacks you would still have a problem

   o  scrambling the block numbers in the elevator algorithm before
      feeding them to the sorting alorithm, i.e. ensuring a random
      request sorting

My hunch is that scrambling them has little effect, and that the others
are very hard to get to show an effect.

I would say the best way to optimise the I/O would be to limit the I/O
request size to

              Size of embbedded cache
       sqrt ( ----------------------- )
                Size of disk sector 

i.e. if a disk has 8 Mb embeded cache and the sector size is 4096 bit,
then limit the size of a single request to 45 sectors. That leaves the
elevator algorithm on the disk enough space to do its thing, and even 
very small caches (like the 256 kb mentioned above) would still allow
8 sector (or 4 kilobyte "page size") transfers.  

                                Thomas

*   Why not use metric units and get it right first time, every time ?
*
*   email: cmaae47 @ imperial.ac.uk
*   voice: +4420-7594-6912 (day)
*   fax:   +4420-7594-6958
*   snail: Thomas Sippel - Dau
*          Linux Services Manager
*          Imperial College of Science, Technology and Medicine
*          The Center for Computing Services
*          Exhibition Road
*          Kensington SW7 2BX
*          Great Britain
   
Date: Tue, 5 Dec 2000 17:34:50 +1100
To: letters@lwn.net
Subject: More problems with biometrics
From: David Gibson <dgibson@linuxcare.com.au>

In the letters for the 30th of November LWN edition, Rob Knop
<rknop@pobox.com> makes an excellent point against the use of
biometrics for authentication:

	However, they suffer from one really huge flaw in comparison to
	passwords.  If your password is stolen, you can change it.
	You can't change your fingerprint.

Unfortunately, biometric systems have another inherent flaw which make
them essentially useless as a sole means of authentication.

Because measurements will vary slightly with conditions (and sensor
noise), to be useful if a biometric system accepts a certain input it
must also accept input which is close to it. This means that the
mathematical model underlying the system must be smooth (sufficiently
similar input gives similar output). This is unlike a traditional
password system: 'password' and 'passwore' (1 bit difference) have
completely different md5 hashes.

A standard calculus result (the implicit function theorem) implies
that a smooth function is (at least numerically) invertible. Which
means that if the model is known (and we all know how well security
through obscurity works) it is relatively straightforward to
synthesise input to satisfy it.

Synthesised input might not even look like it came from a human at all
(to another human), but nonetheless will convince the categorisation
model used in the system. So although many biometric systems are quite
reliable at correctly categorising the input from different people,
without a reliable means to check if the input is really coming from a
physically present person (which no-one has come up with) a system for
which a biometric test is sufficient to gain access cannot be
considered secure.

Biometric tests can be useful where they are usin in addition to
passwords or other conventional techniques (i.e. in order to gain
access you must both pass the biometric test, and provide the correct
password).

-- 
David Gibson, Technical Support Engineer, Linuxcare, Inc.
+61 2 6262 8990
dgibson@linuxcare.com, http://www.linuxcare.com/ 
Linuxcare. Support for the revolution.
   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds