Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Eazel shuts down. It's official, Eazel has shut down. The company ceased operations on May 11, after the last attempts at raising money failed. This is an unfortunate development, but it is not particularly surprising.

After all, Eazel never really has presented a convincing story on just how it was going to make money. It has been big on flash and hype - a year or so ago the press was full of stories on how the original Macintosh developers were going to save the Linux desktop. Back when Eazel was being founded, an interesting idea and the name "Linux" were enough to get a pile of investment money and get a company started. Those were fun times.

But those times are over. Now a business has to come up with ways of separating customers from their money to survive. Eazel's plans along those lines seem to include:

• The Eazel Software Catalog, which is another service providing easy software downloads and installation.

• Eazel Online Storage, making 25MB of disk space available (via Nautilus) over the net.

The online storage service seems an unlikely money maker - 25MB of space (almost enough to hold a set of RPMs for Nautilus and its support code) isn't worth a whole lot. And people like to keep their files close at hand, so that, say, if the company goes out of business, they can still get their data.

The software catalog idea has drawn more interest, to the point that a number of companies are trying to make it work. Consider the Red Hat Network, Acrylis WhatIfLinux (see below), Aduva Manager, Ximian Red Carpet, and, yes, the Eazel Software Catalog. It is not surprising that the GNOME-oriented companies are providing this kind of service: anybody who tries to track a bleeding-edge GNOME application tends to end up in a maze of twistly little shared library updates, all interdependent. So an update service may make it easier for people to play with Nautilus or Evolution, but it is a hard business proposition for a few reasons:

• A great many users don't want to update their software frequently. Surprisingly enough, people tend to be happy when they make their systems work, and are uninclined to mess with them thereafter.

• Those who do want to upgrade their software tend to learn, early on, that they can do so without having to pay for the privilege.

• Those who are inclined to pay anyway will probably go to the source of the distribution they are using - that's where the bulk of the updates come from, anyway. So, for example, the Red Hat Network has an inherent advantage over third-party services in selling to Red Hat users.

Eazel has also worked some deals with companies like Red Hat, but it is hard to see them amounting to much. A couple of years ago, a company like Eazel could count on a new round of funding to keep it going while it figured something out (...someday...), but those days are gone.

Eazel the company may have failed, but the company has left behind a legacy: the Nautilus code, which is licensed under the GPL. The code will remain free and will grow without Eazel. That is one of the benefits of using free software: you are not marooned just because the company you have been dealing with goes out of business.

On the other hand, what if you are using proprietary software? The word also went out this week that Enhanced Software Technologies (EST) has been shut down. The word, in fact, is a bit premature: EST still is operational, it has just lost most of its staff. Its future is still being worked out, and the fate of the BRU product is currently unclear. This is bad news for a company that was an early supporter of Linux, and for the users of its products as well.

EST is the maker of the well-respected BRU (Backup & Restore Utility). Work started on the Unix version of BRU back in 1985, and the first Linux version was made available in 1994, when there was very little commercial software for Linux. EST was acquired by Atipa in February, 2000.

Atipa at that time looked very much like it was trying to follow the path blazed by VA Linux Systems. It was expanding its hardware business with software utilities like BRU, and a series of web sites under the "Linsight" name. Then, of course, the bubble burst. Atipa's CEO left abruptly (and has disappeared from the Linux community without a trace), and most of Linsight was shut down - only LinTraining and LinEvents remain, and they are not operated by Atipa. The Atipa logo was literally everywhere at the 2000 New York LinuxWorld conference; it would be a lot harder to find now.

In fact, Atipa does not make hardware anymore; that business was sold to Microtech Computers back in March. The company has now decided to make its bet in the network management arena, with the OpenNMS package (see this week's Development page) as its centerpiece. But Atipa enterprise backup software is evidently not considered to be a network management issue; thus, the decision to gut EST and try to sell it off.

The ultimate fate of EST and BRU is yet to be worked out; according to Atipa Director of Corporate Communications Darrek Porter, negotiations are currently in progress and should be completed shortly. It is possible (and rumored) that it will be purchased by a competitor, who will simply remove it from the market. Mr. Porter, of course, would not comment on that possibility. But the fact that the company was gutted before a deal was worked out gives a clue of where Atipa thinks things will go.

This move leaves a lot of BRU users in an interesting position. The software they depend on for their system backups could simply vanish. Changing backup systems on a large network is a painful (and expensive) experience. There is also the issue of being able to read old backup tapes when the software is no longer supported.

Here we see the legacy of proprietary software. Companies that depend on such software can find the systems that support their business pulled out from under them at any time. Depending on the good will and longevity of a software business is a risky endeavor. A few incidents like this one, and the corporate world may begin to really understand the risks it is taking.

That said, it is worth pointing out that, as far as we know, there is still not a free, top-quality large network backup and restore system available for Linux. Numerous commercial alternatives are out there, but the available free systems just do not have the same level of features and scalability. This could be a good project for somebody...

Caldera buys WhatIfLinux. Caldera International has announced the acquisition of the WhatIfLinux system from Acrylis. WhatIfLinux is one of the package management and update services mentioned above. It can track the software on your systems, point out those that could benefit from upgrading, handle dependencies, and make it all happen.

WhatIfLinux as part of Acrylis' business raised all of the concerns mentioned above - it looked like a difficult path to take. Evidently Acrylis thought so as well, and decided to sell. This service (now "Volution Online") as part of Caldera's offerings makes a lot more sense. As Caldera tries to hang on to all of those SCO enterprise customers, it will have another management service to sell them. This is a move that may actually make sense.

SGI sets the TPC-H benchmark record on Linux. SGI has put out a press release describing a database benchmark it ran recently. The system was an SGI 1450 server with four nodes, each of which has four processors, running a 2.4.3 kernel and IBM's DB2 database. The resulting performance set a new world record: yes, Linux is now at the top of the database performance chart.

This result is important - it shows that Linux can play in the "enterprise database" arena, in a language that companies can understand. It should help pave the way for more high-profile corporate deployments. Certainly it's not for household deployments - the system that ran this benchmark lists for just under $1 million.

Of course, the really nice thing will be when a Linux system running a free database management system takes that top spot. It may happen sooner than many people think...

Inside this week's Linux Weekly News:

• Security: A worm to fix cracked hosts, new vulnerabilities in CUPS and sendfile, lots of distribution patches.
• Kernel: The device number moratorium; A Linux kernel fork?; the shape of device naming in the future.
• Distributions: HP and Debian, Linux-Mandrake ISO image policy, Linux in Argentina, Openwall GNU/Linux.
• On the Desktop: KDE runs fast, Konqueror runs clean and Eazel runs away.
• Development: OpenNMS review, new GNU Ada, Omni printer driver questions answered, Lisa first beta, Perl Exegesis 2.
• Commerce: New websites from IBM, Caldera and Nokia/CollabNet, the last word on Mundie.
• History: How to fund open source software development, the future of Linux distributions.
• Letters: RMS on PriorArt.org; ESR on back doors; bloatware; Dell.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

Good Worm, Bad Worm. The Cheese Worm is the latest Linux-based worm to make noise on the Internet. This is a worm with a difference, though. It looks for symptoms of systems that have been previously compromised, enters the system, closes the hole and then uses the host to search for other compromised hosts.

Many security experts were quick to point out that this does not make the worm a "good idea". After all, the worm is still illegally entering, altering and using resources on systems that don't belong to the worm writer. Besides, any "expert" that advocated the use of such worms would soon find themselves in hot water.

Meanwhile, though, the computer security community is still struggling with the issue of how to deal with the mass of unpatched, vulnerable computer systems on the Internet. In general, security issues are seen as the business of the owner of the computer; if they care about security, they'll be pro-active about security, if they don't care, they'll get cracked, end of story.

However, Internet worms and distributed denial-of-service attacks both clearly demonstrate that one person's cracked system is a piece of a larger problem that affects all of us. That system could be used to launch an attack on our own systems. Alternately, the worm that cracks that system can generate tremendous traffic, impairing the performance of the network for many or all of us.

Although the actions of the new Cheese Worm are equally illegal, it is interesting to note that this is the first effective measure being taken to counteract this problem. Essentially the hackers involved are acting as vigilantes, imposing their own "justice" on systems that pose a threat to the community as a whole. It is fortunate that this justice is in the form of repairs to the system, rather than lynchings.

Vigilantes are a common development in new communities with rapid growth, where the rule of law and official law enforcement has not developed quickly enough to match the growing need. They, in turn, quickly become their own problem because they are generally anonymous and outside the law themselves, making it difficult to impossible to make them accountable for their actions (much like crackers).

Nonetheless, their existence is a symptom of a void that needs to be filled. Given this, the technique they have used, that of a pro-active worm that repairs insecure systems, may end up under heavy scrutiny, in order to brain-storm a way in which it could be ethically and morally turned to good use.

CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for May is out. It examines the use of active defenses and counterattacks for computer security, security standards, safe personal computing; there is also a strong essay on the futility of digital copy prevention. "Digital files cannot be made uncopyable, any more than water can be made not wet. The entertainment industry's two-pronged offensive will have far-reaching effects -- its enlistment of the legal system erodes fair use and necessitates increased surveillance, and its attempt to turn computers into an Internet Entertainment Platform destroys the very thing that makes computers so useful -- but will fail in its intent"

Cylant 'victim' hack update. LinuxSecurity.com did an interview recently with Cylant (see May 3rd for our coverage), which contains an update on their "Hack This Box and Own It" contest. The box was successfully hacked. "Victim was hacked by some of my old co-workers at EarthLink/Mindspring. They succeeded in part because of a bug we found today in CylantSecure. We have fixed the bug and issued round two of the challenge".

Openwall GNU/Linux. Openwall GNU/Linux, also known as "Owl", has announced their first pre-release. Owl is a security-enhanced Linux distribution, with its primary focus being pro-active source code review, plus some security-hardening kernel patches (presumably including the Openwall patch, for example).

The system is designed to be rebuilt easily entirely from source code and supports both the Intel and Sparc platforms. It uses the RPM package manager and tries to be compatible with multiple other Linux distributions, particularly Red Hat.

Security Reports

Common Unix Printing System 1.1.7 (CUPS). The latest version of the Common Unix Printing Systems (CUPS), version 1.1.7, includes some new directives to prevent denial-of-service attacks and IP spoofing. As a result, an upgrade to the latest version would be recommended for security-conscious sites.

• Linux-Mandrake

man -S heap overflow. A heap overflow is reportedly triggerable via the man command on some Linux distributions. The problem was originally reported on Red Hat Linux 7.0; Caldera has unofficially reported that it is not vulnerable. Red Hat Linux 7.0 and 6.2 and Debian are confirmed to be vulnerable; no official advisories have been sent out so far.

The exploitability of the vulnerability has been questioned and is definitely dependent on whether or not the man command is installed setgid group man.

sendfile vulnerabilities. Exploits for two sendfile vulnerabilities were published this week. One exploits the SAFT/sendfile broken privileges vulnerability originally reported the week of April 26th and the other addresses a "serialization error combined with a lack of error checking". Both problems can be fixed by downloading the current source from the author's website and compiling it manually or, for Debian users, by applying the patch for sendfile_2.1-25 in debian-unstable.

web scripts. The following web scripts were reported to contain vulnerabilities:

• PHPProjekt 2.1 and earlier have been reported to contain a directory transversal vulnerability. Patches are available. Version 2.1a is not affected.

• PHPSlash, a PHP-based Slash clone, has been reported to be vulnerable to a directory transversal vulnerability. A patch to fix the problem is provided.

• DCForum 2000 1.0 and DCForum Version 6.0 have been reported to be vulnerable to a password file manipulation vulnerability. The vendor has issued an advisory and patches to fix the problem.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Hughes Technologies DSL_Vdns 1.0 has been reported vulnerable to a denial-of-service attack. Version 2.0 is not vulnerable, so an upgrade is recommended.

• Allied Telesyn combined DSL/Cable-Router, when configured with the Virtual-Server-Feature enabled, may leave open access to its mapped services. The vendor has been informed.

• iPlanet's Netscape Enterprise Web Publisher has been reported to be vulnerable to a buffer overflow. iPlanet has made available a patch to fix the problem.

Updates

Ramen and Adore. The Ramen and Adore worms both exploit multiple vulnerabilities. They are most widely known for attacking Red Hat machines, but they can also possibly affect other distributions that have a Red Hat base. TurboLinux is one such distribution. They have released two advisories to provide information on securing Turbolinux systems against these worms.

Note that any leading Linux distribution to which all relevant patches have been applied should not be vulnerable to either of these worms.

• Turbolinux advisory for Ramen
• Turbolinux advisory for Adore

Minicom XModem Format String Vulnerabilities. Check the May 10th LWN Security Summary for the original report or BugTraq ID 2681.

This week's updates:

• Linux-Mandrake
• Red Hat

• Caldera (May 10th)

vixie-cron crontab permissions lowering failure. Check the May 10th LWN Security Summary for the original report. Paul Vixie Vixie Cron 3.0pl1 fixes this latest problem.

This week's updates:

• Linux-Mandrake
• SuSE
• SuSE, updated URL for SuSE-7.1 Intel i386 package

• Debian (May 10th)
• Progeny (May 10th)

Zope Zclass security update. Check the May 3rd LWN Security Summary for the original report. Sites running Zope should upgrade as soon as possible.

This week's updates:

• Linux-Mandrake
• Red Hat
• Progeny

• Debian (May 10th)

Samba local disk corruption vulnerability. Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.8 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.8, of course). BugTraq ID 2617.

Note that last week, Andrew Tridgell has released Samba 2.0.9, stating that the fix in 2.0.8 did not really resolve the problem. So expect another wave of distribution updates dated May 10th or later for this problem as the fix from 2.0.9 gets distributed. Samba 2.2.0 users are not affected by this problem.

This week's updates:

• Progeny
• Red Hat

• Trustix (April 19th)
• Debian (April 19th)
• Immunix (April 19th)
• Caldera (April 19th)
• Progeny (April 26th)
• Conectiva (April 26th)
• Debian, updated advisory with corrected Sparc packages (April 26th)
• Linux-Mandrake (April 26th)
• FreeBSD (April 26th)
• Slackware (from the changelogs)
• Immunix (May 10th)
• Debian (May 10th)
• Conectiva (May 10th)

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19th LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found.

This week's updates:

• Progeny

pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

This week's update:

• Linux-Mandrake, minor package corrections

• Red Hat (April 19th)
• Immunix (April 19th)
• Linux-Mandrake (May 10th)

Resources

Events

Upcoming Security Events.

Date	Event	Location
May 21 - 22, 2001	Computer Privacy, Policy, and Security Institute conference	(Rocky Mountain College)Billings, Montana
May 29, 2001	Security of Mobile Multiagent Systems (SEMAS - 2001)	Montreal, Canada
May 31 - June 1, 2001	The first European Electronic Signatures Summit	London, England, UK
June 1 - 3, 2001	Summercon 2001	Amsterdam, Netherlands
June 4 - 8, 2001	TISC 2001	Los Angeles, CA, USA
June 5 - 6, 2001	2nd Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop	United States Military Academy, Westpoint, New York, USA
June 11 - 13, 2001	7th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and Risk	Orlando, FL, USA.
June 17 - 22, 2001	13th Annual Computer Security Incident Handling Conference (FIRST 2001)	Toulouse, France
June 18 - 20, 2001	NetSec Network Security Conference(NetSec '01)	New Orleans, Louisiana, USA.
June 19 - 20, 2001	The Biometrics Symposium	Chicago, Illinois, USA.
July 11 - 12, 2001	Black Hat Briefings USA '01	Las Vegas, Nevada, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Alan Cox has released 2.4.4ac9, with a rather longer set of fixes. Included therein is a set of user-mode Linux patches, presumably a result of the wider exposure that UML is getting as part of the "ac" series.

Andrea Arcangeli has also gotten in the act with 2.4.5pre2aa1, which has a number of performance and bugfix patches. Mr. Arcangeli is also working with the 2.2 series, and has released 2.2.20pre2aa1 with a number of additions to that kernel.

A moratorium on device number assignments. It all started with this note from the "Linux Assigned Names and Numbers Authority," otherwise known as H. Peter Anvin:

Linus Torvalds has requested a moratorium on new device number assignments. His hope is that a new and better method for device space handing will emerge as a result.

Major numbers, of course, are part of the device files that Unix has implemented since the beginning. The major number encoded within any particular device file serves as an index into an array within the kernel; it is used to find the device driver which is responsible for managing that device.

These numbers have traditionally been assigned in a static manner. For example, block major number 3 (among others) belongs to IDE disks. Given the static assignment, distributors can set up their systems with a full set of /dev/hd* files, knowing that they will work with all systems. People (and, especially, vendors) who add new drivers to the kernel like to get static device numbers for the same reason - it is easier to make things work everywhere.

There are some problems, however. The kernel is running out of available major numbers (see the March 29 LWN kernel page), and an expansion will be required. Management of the /dev directory is increasingly difficult; a quick check on your author's system shows over 6000 entries there. And devices are increasingly dynamic - many can be attached and removed while the system is running, making static naming difficult.

Linus has evidently decided that it is time to deal with the device numbering problems, and is trying to force the issue by making it hurt. There are two very different aspects of this development that are worth a look. The next item examines the effect of Linus' tactics on kernel development; then we'll take a more technical look at what shape a solution might have.

A fork of the kernel? Not everybody is pleased with the device number moratorium. Those who wish to support new devices under the 2.4 kernel will now have to manage without static numbers. Working with dynamic major numbers is not all that hard, but it does require some work and some boot-time support. Not everybody believes that the static numbering scheme is a problem, but even those who do see a problem would, in general, have preferred that Linus wait until 2.5 to impose his moratorium. Stopping number registration before the stable series is truly stable changes the rules at an inconvenient time, and seems rather heavy-handed.

In response, Alan Cox has stated that he will still accept static device number registrations in his "ac" series of kernels:

And on that issue I'm so convinced you are wrong I'm prepared to maintain sensible Unix device behaviour in the -ac pretty much indefinitely.

H. Peter Anvin will continue to maintain a device number registry for the "ac" kernels. Given Alan's position, it is almost certain that future kernels distributed by Red Hat will follow this behavior and honor any new device numbers. It is also quite likely that other distributors will take a similar approach.

In other words, Linus has made an unpopular decision and the kernel has been forked as a result. The behavior that most users will see in future 2.4 kernels from distributors will probably not be what Linus has decreed.

This is an interesting development, to say the least, but it is also not quite as big a deal as one might think, for a couple of reasons. The first is that Alan still does not plan to go his own way with his kernels:

One thing I absolutely refuse to do is to let a disagreement over some specific device implementation turn into an excuse for a wider difference in the trees. So yes -ac might have static majors but the rest of it I intend to keep merging with Linus and tracking closely to his tree.

The other important reason has to do with how kernel development is done. The Linux kernel is often pointed out as being the unifying factor that keeps Linux systems roughly in sync. But the fact of the matter is that the kernel is probably the most heavily forked free software package in existence. Consider:

• The "ac" series has always been a fork - it is more than just a staging area for patches on their way to the Linus kernel. Alan's approach is to get the fixes in more quickly, while simultaneously being more pragmatic about what users of the kernel really need.

• No distributor ships a standard Linus kernel - all apply patches. For example, the 2.4.2 kernel shipped with Red Hat Linux 7.1 includes over 200 patches, including 2.4.2ac3, numerous performance and bugfix patches, zero-copy networking, TUX, and much more. See the 2.4 kernel spec file for the gory details. Not all distributors patch this heavily, but they all ship kernels which differ significantly from the Linus standard.

• Every port to a different processor is a fork of the kernel which is only resynchronized occasionally. There is currently quite a bit of divergence between the port development trees and the official 2.4.4 kernel.

• Projects like RTLinux, RTAI, etc. are also forks.

The thing that makes all this work is that all of these forks sync up with the official Linus kernel occasionally. Thus, while a only small percentage of Linux users are actually running a Linus kernel, that kernel serves as the Linux "standard" which charts the course for all the others. As long as the forked kernels follow Linus's flagship, the differences between them will remain relatively small.

So this particular disagreement is not all that significant in the long run, and this particular fork will probably go away in 2.5, when the device naming issue gets figured out. But it does indicate a possible series of events in the future. Linus will, one day, no longer be the benevolent dictator of the kernel. But his departure may not be via the feared "hit by a bus" scenario, or via a high-profile passing of the scepter to an anointed successor. Instead, users may wake up one morning and realize that they have been using somebody else's kernel for quite some time, since it better suits their needs. What that Linus guy is doing just won't seem so important anymore. That day won't be here anytime soon, but, in the distant future, it might just happen.

So...now what? Now that The Word has come down that static device numbering is going away, it's time to figure out what will replace it. There are no obvious, front-runner solutions waiting in the wings; instead, a fair amount of discussion will likely be required. Actually, a tiresome, sometimes acrimonious debate extending well into the 2.5 development series seems likely. It looks a lot like a repeat of the devfs wars.

The ultimate shape of the solution is far from clear at this point, but some themes are already apparent.

• Things are going to change, and static major-number assignments are going to go away. Major numbers and device types will not be tied to each other anymore. Linus sees the current situation as an administrative nightmare, and is impatient with those who would defend it, even in the 2.4 "stable" series. Thus the intemperate, widely-quoted No more SHIT! posting.

• A system's device configuration, as seen in user space, will become simpler. Installed disks, for example, will show up as /dev/disk1, /dev/disk2, and so on, regardless of where the drives are physically installed, and regardless of whether some are SCSI and others are IDE, or just about any other concern.

  Consider, for example, this Linus posting on the naming of network interfaces. They are simply named: eth0, eth1, and so on. It does not matter where they are installed in the system, whether they are 10M or 100M cards, etc. Linus believes all devices should be named this way.

• Dynamic devices will predominate, to the point that even nailed-down devices will be treated as dynamic. Truly static devices are getting rarer, and Linus, at least, sees no point in maintaining "artificial" distinctions between static and dynamic devices.

• Device naming will get more dynamic and kernel-driven, but there is great resistance to encoding device naming policy in the kernel. There is also the issue of access control - what permissions these dynamic device files should have. If this problem can be solved to everybody's satisfaction, the rest should seem relatively easy.

As an example of how interesting device naming could get, consider the issue of ioctl calls. Some applications now actually look at major numbers to decide which ioctl commands are safe to apply to a given device. If the device numbers become dynamic, this technique no longer works. A complicating factor is that fact that, despite some effort by the kernel developers, the numbers of the ioctl commands are not all distinct. So one device's "rewind" command could potentially be another's "halt and catch fire" operation. One clearly does not want to mix these things up.

Various ideas have gone around on how to address this problem, including setting up a way to query devices to see which ioctl interface(s) they support. But Linus has proposed another idea: why not treat the device names as directories and export much of the ioctl functionality that way? Thus, /dev/fd0 might still be a diskette drive, but an access to /dev/fd0/eject would eject the disk. Many of the ioctl issues would be simplified, and it would also make it easier to do things in scripts.

And, of course, this approach would help to preserve backward compatibility by preserving the older interface for applications that have not been changed. To quote Linus one more time:

It should be a case of "Just plug in a new kernel, and suddenly your existing filesystem just allows you to do more! 20% more for the same price! AND we'll throw in this useful ginzu knife for just 4.95 for shipping and handling. Absolutely free!"

As was pointed out, sometimes it appears that Linus has been in the U.S. for a little too long already...

Other patches and updates released this week include:

• Jeff Garzik has a new Tulip Ethernet driver, and is looking for testers to find any remaining problems.

• A new single-copy pipe patch was posted by Manfred Spraul.

• James Bottomley has posted a new driver for the NCR Dual 700 SCSI card.

• CML2 1.4.3 was released by Eric Raymond.

• Heinz J. Mauelshagen has announced that write access to the CVS repository for the logical volume manager project is now enabled. This step is being taken as part of an effort to open up LVM development and to better integrate it with the rest of the kernel process.

• A document describing the use of global spinlocks has been posted on the Linux Scalability Effort site. It tries to cover all of the global locks used with the kernel, and document just what they protect.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Is Early Release Good for MandrakeSoft?. Displaying how much Linux-Mandrake users tend to care about their distribution and the health of MandrakeSoft, the company that produces it, this thread appeared on MandrakeForum to discuss whether or not MandrakeSoft's provision of free ISO downloads for upcoming releases is a good idea or not, from a financial standpoint.

For example, the Linux-Mandrake 8.0 boxed just became available for purchase this week, but the ISO version of the two CD set was made available three weeks ago. For those three weeks, the only way to get a hold of the new distribution was either by downloading it for free or buying it from a reseller like CheapBytes. Neither option generates revenue for MandrakeSoft. A lot of arguments were made in favor of schemes to encourage, reward or require people to buy the official boxed sets instead.

The official comment in return was that MandrakeSoft is confident that wide distribution of Linux-Mandrake, no matter in what manner, will boost the popularity of the distribution and eventually boost sales. In the meantime, customers that want to make sure MandrakeSoft benefits when they download the software can do that by making a direct donation.

At the current time, three of the leading Linux distributors, MandrakeSoft, SuSE and Red Hat, are each choosing very different approaches to the problem. SuSE has placed a restrictive license on their installer and, as a result, prohibits the redistribution of their ISO images by resellers like CheapBytes. Red Hat makes beta versions of their upcoming distributions available, but the final version is held back so that it can be released at the same time the boxed sets become available.

In the next couple of years, we'll get the chance to see exactly which of these business models appears to work the best, another example of competition at work.

HP selects Debian as prime distribution. HP voice for Open Source, Bruce Perens, has announced that HP is making Debian its prime target for Linux support, though the company has no plans on abandoning other distributions. "HP has already started vending Debian to customers, and will be offering Debian support and training. This does _not_ mean that HP will de-support other Linux distributions. HP certifies its hardware with several distributions. In our software production process, we will handle differences between Linux package formats and the package dependency tree. As LSB continues to develop, we hope to get out of certifying for individual distributions and producing variant packages. Thus, supporting LSB is now a priority for HP."

As with Corel's decision to base Corel Linux on Debian, HP's decision is rooted in the non-commercial nature of Debian development. Although Debian is the base for commercial distributions like Progeny GNU/Linux and LibraNet, Debian itself is not in the business of making money. That means that monetary issues will not pollute the development stream. It means that HP's engineers can earn their status as Debian developers and receive the same privileges as any other Debian developer.

In addition, HP also cited the Debian Free Software Guidelines as part of their reason for choosing the distribution. The careful (some might call obsessed) work done to separate out software whose licenses are not fully Free guarantees redistribution of Debian without restriction or fear of legal repercussions.

Perhaps most of all, this reflects HP's status as an engineering company. They have chosen the distribution that, for them, is best for their purposes. They are not worried about having a distribution that has been enhanced to appeal to novice users; they are concerned about one that their own engineers can work with and collaborate on freely.

In fact, one might speculate that if Debian GNU/Linux did not exist, HP would have felt compelled to develop their own distribution, in order to guarantee that their own developers would have full access and privileges in the development process. Given the number of distributions we already track, it is nice to see multiple companies able to support a single distribution with confidence.

Argentina Embraces the Penguin (Wired). Wired News covers the influx of a penguin (Tux) in Argentina. "... the penguin named Tux is starting to draw a lot of attention, because a professor at the Universidad Nacional de Salta (UNSa) is distributing the Linux OS -- whose mascot is Tux -- throughout this region. The distribution is called Ututo, named for a fidgety local lizard that pokes its nose into every hole and is never at rest."

Check the February 8th LWN Distributions Summary for our coverage of Ututo. It is designed to run directly off of a CD, in order to eliminate the installation hurdle for new and inexperienced computer users.

New Distributions

Openwall GNU/Linux. Openwall GNU/Linux, also known as "Owl", has announced their first pre-release. Owl is a security-enhanced Linux distribution, with its primary focus being pro-active source code review, plus some security-hardening kernel patches. The system is designed to be rebuilt easily entirely from source code and supports both the Intel and Sparc platforms. It uses the RPM package manager and tries to be compatible with multiple other Linux distributions, particularly Red Hat.

Distribution News

Debian News. The Debian project has announced it will be attending two shows in Germany this month: Internet World Berlin and Magdeburger Linuxtage.

Meanwhile, this week's Debian Weekly News is out, with more news on plans for the upcoming release of Woody. In addition, a first mention is made of plans for the release after Woody. A whole new design is planned for the Debian-installer.

Bill Bennet has written an article on using rsync to get a Debian CD image file. The goal is to spread the load among all the Debian mirror sites instead of hammering just the Debian ISO mirrors.

The May 15th Kernel Cousin Debian Hurd is out and available, displaying fairly strong development activity.

Linux-Mandrake News. MandrakeSoft announced the immediate availability of boxed sets of Linux-Mandrake Version 8.0 (Standard, PowerPack and ProSuite Editions) in retail outlets.

SuSE News. SuSE announced this week that SuSE Linux is ready to run on the IBM iSeries, the hardware series previously known as AS/400. According to their press release, SuSE is the first Linux distribution to run on this platform, which is aimed at enterprise-level ecommerce customers.

Slackware News. The version of mc in slackware-current has been downgraded due to complaints about the latest version combined with a belief that the problems were not likely to get fixed any time soon.

Other upgrades include WindowMaker, proftpd (including a fix for the globbing security vulnerability), Samba, OpenSSH, mysql and a number of other minor updates.

The Sparc port was also upgraded to Linux 2.2.19.

Yellow Dog News. TerraSoft put out a press release announcing their development freeze for the upcoming Yellow Dog Linux 2.0 release. As a result, Yellow Dog Linux should be available on-line and via resellers within roughly two weeks.

SuperRescue CD News. SuperRescue CD 2.0.0 was released on Friday, May 11th. The new release is based on Red Hat 7.1.

Hard Hat News. MontaVista Software announced this week Hard Hat Linux support for the IBM NP4GS3 network processor. "IBM's PowerNP reference platform is an integrated hardware, software and services platform, featuring a packet routing switch module along with a PowerPC control point microprocessor. It allows equipment manufacturers to configure a 'real world' network switch or router environment to conduct thorough development, integration and testing before building their products".

MSC.Linux News. MSC has announced the release of a new version of its MSC.Linux distribution, which is oriented toward cluster deployments.

DSPLinux News. DSPLinux is an interesting distribution from a marketing perspective. Their press releases sometimes almost miss our screen for distribution news because they market DSPLinux as a software development kit (SDK) rather than an operating system or distribution. Nonetheless, it comes complete with kernel, so it is a Linux distribution.

This week, RidgeRun, the company behind DSPLinux, announced DSPLinux SDK Release 1.0. It uses the Linux 2.4 kernel, standard GNU development tools and their Appliance Simulator. "The Appliance Simulator allows developers to run the DSPLinux OS within a simulation environment that models a real embedded device. Developers can create, debug, and fully simulate a host of embedded appliances, all before target hardware development systems are required".

The Appliance Simulator is one of four proprietary products that are included with DSPLinux. The resulting bundle is sold for $5,000 per developer seat, a wee bit more than the cost of the average Linux distribution.

Minor Distribution updates

• Linux From Scratch 3.0-pre3 (Development), minor bug-fixes.

• Minimalist Linux-My-Way 0.24, minor feature enhancements.

Distribution Reviews

Progeny Debian (ZDNet). ZDNet Reviews examines the Progeny GNU/Linux distribution. "Progeny's installer isn't perfect, but it gives Red Hat's a run for its money, offering both text and graphical modes. The installer works equally well when booted from a floppy or a CD, and it supports network installations. Hardware detection was passable; mouse, video, and USB detection was good; but sound and PCMCIA devices were problematic."

Progeny Debian 1.0 Linux (LinuxLookup). LinuxLookup reviews Progeny Debian 1.0. "Progeny did a great job on their distribution. They take pride in their quote 'Leading edge, not bleeding edge'. Basically they chose not to package all of the latest program versions. Instead they used the 'tried and true' method and created a very stable Linux distribution, one that beginners can install with little trouble."

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

Eazel closes its doors. Although we talked about this on the Front Page this week, I can't help but mention it here. Eazel had all of the right things going for it - a strong team, a good product, and excellent exposure. Everything except income. The closure came after the official announcement from Bart Decrem on the GNOME Hackers mailing list. While I hate to see the company go, Miguel de Icaza says not to fret about the future of Eazel's main product, Nautilus.

Nautilus is licensed under the terms of the GNU GPL, which means that the code base will be forever free (Open Source). Some of the programmers at Eazel involved in Nautilus will continue to work on it even without the company.

As for Ximian and Nautilus: Nautilus is an integral part of GNOME, we will contribute to maintain, improve, enhance and extend the code. We will not be picking up the product completely, but we will continue to contribute to it, as we did in the past. Besides, Nautilus and its related modules and plug-ins have over a hundred contributors at different capacities, most of them not working for Eazel.

In summary: open source saved the product, even when the company couldn't continue.

KDE: Runs fast, updates slow. Since returning from my honeymoon (thanks to Forrest Cook for filling in for me for the past two weeks) I've done two things to become more KDE aware in this column: I subscribed to a number of KDE mailing lists and set up a KDE user on a test machine so I can whack away at the environment without fear of trouncing my beloved FVWM layout on my production systems. These actions are due in no small part to the numerous emails claiming my apparent stock position in Ximian - which is untrue, by the way.

The first thing I should let KDE readers know is that, like it or not, Ximian and the GNOME project do a good job keeping me up to date on new releases and features. KDE Dot News is my primary source for such things about KDE, but if you have news on KDE products and projects, primarily information that would be of value to ordinary users (although I'll certainly look at developers releases as well), please do send them my way. I do keep tabs on the following sites as well:

• KOffice
• Apps.KDE.com
• Konqueror
• KIllustrator

Also, while anti-aliased font support in KDE is terrific, without an installation mechanism as simple as Red Carpet (Ximian's automated update facility) or Red Hat's Network, KDE won't get as far on the average user's desk. That doesn't mean that more sophisticated users won't use KDE, but upgrading using Red Carpet, as I discovered this week, is absolutely fantastic.

All that aside, I did start to dig into the environment this past week. While Forrest mentioned some issues with KDE and Gnome slowness last week, I found KDE to work rather well in 64MB of RAM on a 200MHz K6-2 box. Granted, the video card is a bit newer than that - it's an ATI RAGE XL. Though initial startup is a little slow, applications seem to start rather briskly. My first look (after digging around for ways to automatically keep the environment up to date) was at Konqueror, the integrated Web browser for KDE.

Konqueror. Looking at Konqueror in comparison to both Netscape 4.77 and Opera 5.0, I found that the interfaces on all three programs were about the same: navigation, bookmarks, pretty much what you would expect. The rest of the Opera interface is rather complex in comparison, due to how it embeds secondary browser windows. But Konqueror works like Netscape by opening multiple top level windows for each new browser instance. Konqueror offers zoom features, but zooming in only appears to increase the size of some fonts. I assume that user defined fonts should override site specific fonts in order to zoom all text in a page but I couldn't find where to change this particular setting. Images are unaffected by the zoom operation.

The nicest thing about Konqueror is that the display is very crisp. It handles fonts better than Netscape. I'm not sure if anti-aliasing is embedded in the browser - I know I don't have anti-aliasing enabled in my XFree86 server or in the version of the KDE libraries I'm running. Still, the display of fonts appears much cleaner than the Netscape display.

That's the good side. Now for the bad. I've found, mostly by accident, that the best test site for browsers is my own Graphics Muse site. While I haven't updated the site in about a year (priorities - feed the family, then play on the net), it was built as a training exercise to learn both Perl and CSS/DHTML. I don't pretend to think the site is compliant with the latter, but Netscape certainly renders it correctly. Opera comes close. Konqueror doesn't. In fact, in Konqueror the site is unusable. Since Netscape is the standard bearer on Linux systems (until the 1.0 Mozilla comes around and/or KDE has a wider audience) I'll continue to expect browsers to work with the sites I visit at least as well as Netscape currently does.

One other note for both GNOME and KDE: would someone please explain to me how to remove those icons on the root windows for both KDE and GNOME! Those silly things were introduced by Microsoft years ago and are, in the humble opinion of one old timer, an abomination.

Desktop Environments

KDE taskbar grouping feature added to CVS. A new feature has been added to the CVS (i.e. developer versions) of KDE - grouping of windows to a single taskbar button. The example shows a set of GIMP Canvas windows all connected to a single taskbar button (which pops up what appears to be a menu from which to select a particular window). This feature won't show up in public releases until the first 2.2 beta for KDE is released later this month.

How to configure your Anti-Aliased desktop (KDE Dot News). KDE Dot News posted a brief Howto-style article with a Q&A section on configuring the Xft extension that provides, among other things, for the use of anti-aliased fonts.

Q: Why do my KDE programs start now soooo slow?
A: Currently, the Xft mechanism in XFree 4.0.3 has to parse the XftConfig file each time a program is started. And the info of all these fonts has to be read. Newer versions (in CVS) will use a cache and are much faster.

Bonobo 1.0.4. GNOME's Bonobo got another minor update this week, primarily to fix window manager focus issues, but also to address a number of other problems.

Ximian Setup Tools 0.4. A new release of the Ximian Setup Tools package has been announced. This tool package is a replacement for LinuxConf that provides an administrative interface to user and NFS administration, network management, and swap partitioning.

GNUStep Weekly Update. The GNUStep Weekly Update came out on time, as usual. Because GNUStep is still in moderately early stages, these updates are more for software developers than end users.

Office Applications

KOffice. The KOffice 1.1 feature freeze went into effect on May 10th. The Beta 2 release goes out Wednesday, May 16 with a public announcement due on May 21st.

Evolution 0.10. Another minor update came for Evolution, GNOME's mail, calendar, and adressbook application. Ximian has made version 0.10 available through their Red Carpet installation program.

Desktop Applications

Opera releases version 5.0 of Linux browser. Opera Software announced the official release of their Linux browser. This release marks the end of the beta cycles for this product. The Opera Linux browser has been tested on 9 different distributions : Corel 1.0, Caldera 2.2, Debian Potato 2.2, Mandrake (6.0, 7.1 and 7.2), NetBSD 1.5_BETA/i386, RedHat (6.1, 6.2 and 7.0), Slackware 7, SuSE 7.0 and YellowDog 2.2.

Sketch 0.6.10. A new stable release of Sketch was released this past week. This version adds some language and SVG support along with various bug fixes.

Gabber 0.8.3. A new developer's version of Gabber, the open source Jabber client for GNOME was released this week. Version 0.8.3 is primarily a bugfix release that includes numerous user interface changes.

Pan 0.9.7pre, a GNOME newsreader, released. While not a stable product, it's interesting to note when I run across a package I hadn't heard about previously. Pan is a newsreader for the GNOME environment. This release is a developer's release, but stable pre1.0 releases are available for end users.

SolarWolf, a Python-based game. The first game to be produced with the new pygame Python interface to the SDL libraries, Solar Wolf 1.0, has been released.

PDA News

Review: Agenda VR3 Linux powered PDA(LinuxMedNews). LinuxMedNews posted a review of the new Agenda VR3 Linux based handheld. "The most exciting thing for me is that Tcl/Tk is ported already to it, as is a version of PERL, PYTHON, and RUBY. You can also use the FLTK - fast light toolkit when programming in C or C++.Over 100 Linux applications are already ported to it by the Agenda community."

Linux on Your PDA (O'Reilly Network). In part 1 of a 4 part series, the O'Reilly Network compares 3 Linux-based PDA offerings: the Agenda VR3, the Compaq iPAQ, and the G. Mate Yopy.

And In Other News...

4 questions to Sven Neuman (en) (LinuxGraphic.org). LinuxGraphic.org has posted an interview with Gimp hacker Sven Nuemann. "The problem with the current Gimp codebase is that most parts of it originate back to a time when Gimp was based on Motif and the GTK object system did not exist. Since then only parts of the core have been rewritten to make use of the benefits the object-oriented approach gives. Also, user interface and core functionality is totally mixed up. When trying to add new features to the Gimp-1.2 codebase, it is very easy to get lost and very likely that you break things."

Kernel Cousin KDE #9. This week's Kernel Cousin KDE #9 looks at the need for adding system configuration tools to KDE, the need for a Quality Assurance Team, and the recent problems associated with Kivio.

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

According to Mr. O'Donnell, maintenance of proprietary network management software is considered to be a thorn in the side by many of the larger hardware vendors who provide such code. Much effort has to go into keeping the code current and it tends to get passed to different programmers over time, which results in the production of a lot of spaghetti code.

Hardware vendors often support network management code only because it is a purchasing requirement put in place by larger organizations who buy networking hardware. Network management software is typically a loss-leader product that does not make money on its own.

Much proprietary network management code also runs only on expensive, proprietary hardware, making it out of reach for medium-sized shops.

This situation provides a fertile environment for open-source projects such as OpenNMS to grow in. The open-source world has many advantages for such a project including the ability to track quickly evolving technology, short times to market, high quality code, the ability to run on inexpensive hardware, and an all-inclusive hardware perspective.

Some of the problems facing older open-source network monitoring tools include a lack of professional support, scalability problems, performance problems, distribution problems, and open source project management problems. The people who are working on OpenNMS intend to address all of these issues. A problem facing open-source networking tools is that many big shops don't currently want to get into non-standard platforms such as a system running Linux, although that is changing as Linux matures and becomes more widely accepted.

OpenNMS is being touted as a next generation network management tool, building upon the success of older, more focused tools such as MRTG, RRDTool, Cricket, GxSNMP, Cheops, Mon, Net Saint, and Big Sister to name a few. Other open-source network tools tend to have a narrow focus and provide a sub-set of monitoring capabilities compared to commercial network monitoring systems. The OpenNMS project is positioning itself as a tool for enterprise-wide use with monitoring, notification, statistics, and report generation capabilities.

OpenNMS aims to bring a nice feature set to the table including:

• A packaged system that is easy to install and upgrade
• Extensibility through integration with other tools
• A built in trouble-ticket system
• Email and pager based notification for detected fault conditions
• Full commercial support with the 1.0 release

Current features of OpenNMS include:

• Adaptive configuration
• Service based polling
• Configurable device grouping or views
• Automatic SNMP ID and optimized date collection
• Performance data reporting and graphing based on RRDtool
• Web based and command line interfaces
• PDF report generation for high quality summary output

• Java2 based code with native thread support
• XML based configuration files for manual and GUI configuration
• A PostgreSQL/JDBC database
• SNMP for discovery and event receipt
• Apache Jakarta's Tomcat JSP servelet engine
• An ICMPD process to solve some of the thread limitations of Java

One of the more important concepts used by OpenNMS is that of Synthetic Transactions which, for example, replace the simple pinging of a machine to test its connectivity with more functional tests such as successfully loading a web page or a conversation with a mail agent. Synthetic transactions will solve the blue screen of death syndrome where a machine may respond to ICMP (ping) packets, yet is not functioning at a higher level. Release 1 of OpenNMS is scheduled to include synthetic translation software that supports the following protocols: FTP, HTTP, SMTP, DNS, ICMP, TCP, SNMP, and Routing via SNMP. Three layers of synthetic translations are planned, the currently working Discovery layer and the future predefined poller and custom poller and XML layers.

Configuration of OpenNMS looks to be fairly easy with the nearly complete Java based GUI software. The majority of system functionality can be controlled with the GUI, but importantly, experts can also get to the real guts of the configuration information by hand-editing XML based files.

The 1.0 release is currently scheduled for release in September of 2001, the recent 0.7.3 release is functional, but not all of the features are fully implemented. The latest OpenNMS Update includes an announcement for a brand new release, version 0.7.5, which features graphical PDF report generation, better filtering capabilities, bug fixes, a new event calendar, and new availability calculations.

Hopefully, the project leaders will take the time to observe the installation and configuration process as performed by novice users and perform any necessary modifications to the code and documentation to ease the process. This step is often neglected in open-source development projects, careful attention to this detail will help to build a wide user base.

Audio

Alsa driver 0.5.11 released. Version 0.5.11 of the Alsa Sound System has been released. This version features IA64 support, and updated drivers for a number of sound cards.

Databases

From DTDs to Databases (O'Reilly's xml.com). O'Reilly's xml.com site features an article by Ronald Bourret on mapping DTDs to databases. "A common question in the XML community is how to map XML to databases. This article discusses two mappings: a table-based mapping and an object-relational (object-based) mapping. Both mappings model the data in XML documents rather than the documents themselves. This makes the mappings a good choice for data-centric documents and a poor choice for document-centric documents. The table-based mapping can't handle mixed content at all, and the object-relational mapping of mixed content is extremely inefficient."

Documentation

Linux Documentation Project Weekly Updates. This week's updates to the Linux Documentation Project include an update to the Linux Hardware Compatibility HOWTO, as well as a brief discussion on the use of a document tracking database at the LDP based on PostgreSQL.

Education

SEUL report for May 14, 2001. The May 14, 2001 edition of the SEUL/Edu report is out. Topics include new projects for putting Linux into schools in Britain and Thailand, discussions on Squeak, a Smalltalk derived language from some folks at Disney, and a list of new educational applications for Linux.

Electronics

Mentor Graphics commits to Linux for PLD front ends (semiconbay). Semiconbay covers the Mentor Graphics move to support PLD design front end tools for Linux. "Mentor's HDL Design Division will provide the initial set of design tools to support Linux. In addition to MicroSim, Mentor will offer on Linux LeonardoSpectrum for high-performance synthesis, HDL Pilot for design management, HDL Detective for analysis and documentation, HDL Author for text and graphical creation, and FPGA Advantage for a complete programmable logic environment." While this is not an open-source project, it is encouraging to see companies working on development tools that run under Linux. (Thanks to Conrad Sanderson)

Embedded Systems

Embedded Linux Newsletter for May 10, 2001. This week's Embedded Linux Newsletter has been published. Topics include Memora's Servio Personal Server, Hard Hat's China venture, a ready to use Java stack for embedded Linux devices, and the free vs patented software debate.

Interoperability

Wine 20010510 available. The flow of information from the Wine Weekly News has stopped due to the need for a new WWN editor, however, development continues on the Wine project. Wine Version 20010510 has been released and is available for download. The release announcement states that this version contains improvements to printer support, graphic driver restructuring, and bug fixes.

Printing Systems

Version 0.2.0 of the Omni Print driver released. A new version of the Omni printer driver has been released. Omni developer Mark Hamzy was kind enough to answer some of our questions about Omni.

Standards

IEEE releases 802 standards. The IEEE has started the "Get IEEE 802" program to make the IEEE Local and Metropolitan Area Network (802) networking standards available for download to the public for free. (Thanks to Theo de Raadt)

Web-site Development

Zope Weekly News for May 12th. The Zope Weekly News for May 12, 2001 is available. The coming of Zope 2.4, Core Session Tracking, ZShell for the CLI lover and other topics are covered this week.

Bug-fix version of PHP Review. A bug-fix release of the PHP Review book reviewing software has been announced. Work has also started on a PHP Review manual.

Window Systems

This week's GNOME Summary. The GNOME Summary for May 12, 2001 is out. Topics covered include the Nautilus 1.0.3 release, the addition of SOAP to GNOME, Galeon 0.10.6, and a small note to the effect that Eazel will shortly be closing its doors.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Ada

New version of GNU Ada. A new version of GNU Ada has been released, along with a a new project package RPM called GNADE (GNu Ada Database Environment). (Thanks to Juergen Pfeifer.)

Caml

Caml Weekly News for May 8-15, 2001. The May 15, 2001 edition of the Caml Weekly News is available. This week's edition discusses Caml on MacOS X and a new Caml book.

Java

The historical collection classes -- Arrays (IBM developerWorks). In an IBM developerWorks article that features an excerpt from the book Java Collections, John Zukowski writes about Java Arrays "Arrays are the only collection support defined within the Java programming language. They are objects that store a set of elements in an order accessible by index, or position. They are a subclass of Object and implement both the Serializable and Cloneable interfaces. However, there is no .java source file for you to see how the internals work. Basically, you create an array with a specific size and type of element, then fill it up."

Lisp

Lisa first Beta released. A preliminary version of the first Beta release of LISA, the Lisp-based Intelligent Software Agents, version 0.9, has been announced. "The main new feature of this version is support for running multiple inference engines, or for making multiple threads interact with a single inference engine, on multithreaded Lisp implementations."

ILISP version 5.11 released. Version 5.11 of ILISP has been announced. "ILISP is an Emacs major mode for interacting with Lisp listeners running as inferior processes. It provides commands for editing forms, compiling and executing Lisp code, getting documentation, etc."

Perl

Exegesis 2 (use Perl). Damian Conway is writing a series of Exegesis articles on Perl 6 to parallel Larry Wall's Apocalypse series. The first Exegesis article, number 2, starts off with a quick example of some Perl 6 code.

Perl articles on Dr. Dobbs' (use Perl). Dr. Dobbs' has a few new Perl tutorial articles by Brian d Foy. Included are articles on Creating Perl Code Graphs, profiling in Perl, and more.

PHP

PHP Weekly Summary for May 14, 2001. The May 14, 2001 edition of the PHP Weekly Summary is out. Topics this week include PHP on OS390 Unix, an upcoming expat upgrade, logging Apache peak memory use, and more.

Python

python-dev summary April 26 through May 10, 2001. The summary of traffic on the python-dev mailing list has been posted for the period of April 26 through May 10, 2001. Topics include the Smalltalk metaclass system, decoding string objects, and the move of MacPython to Sourceforge.

Dr. Dobb's Python-URL! (May 14). Dr. Dobb's has posted their Python-URL! summary for this week. Topics include an interview with Mark Lutz, the first game based on Pygame, and the inevitable discussion on what happens to Python if Guido meets an unfriendly bus.

Python 2.0 Quick Reference. A new version of the Python 2.0 Quick Reference has been made available.

Python Imaging Library 1.1.2 announced. Version 1.1.2 of the Python Imaging Library has been announced. "Version 1.1.2 is a maintenance release, which fixes a couple of problems caused by incompatible changes in Python 2.1. It also fixes some other bugs."

Tcl/Tk

Dr. Dobb's Tcl-URL! - weekly Tcl news and links. The May 14, 2001 weekly summary of the Tcl world has been posted from Dr. Dobbs. Topics include a discussion on interfacing Tcl/Tk to custom electronic hardware and support for 3D graphics.

Miscellaneous

Otters with rocks (ZDNet). Old timers know the struggle well - to learn a new programming language and decide if it really makes life more productive. In this ZDNet opinion piece, the author looks at a plethora of languages and tries to decide if any makes his life any better. "Moore's Law and clever developers have bestowed upon us high-level languages that allow us to concentrate on the problems we need to solve, rather than spending the effort to sure we've initialized all the necessary subsystems of the OS appropriately before we even begin. With the abundance of compute power, the overhead involved in interpreted languages has shrunk down to negligibility for many tasks, and the amount of time gained by being able to use these languages instead of lower-level ones is huge."

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

New websites from IBM, Caldera and Nokia/CollabNet. IBM's new Linux Web portal provides an easy way to get to all of the company's Linux products and services, and find out all the latest IBM/Linux news.

Caldera launched the Caldera Developer Network, a web site for Caldera developers, including Independent Software Vendors (ISVs), Independent Hardware Vendors (IHVs), corporate in-house developers and members of the Open Source developer community. Members will have early access to UNIX and Linux technologies.

Nokia teamed up with CollabNet to launch ostdev.net. The site will support developers in the open source community and help to promote the collaborative development of the Open Standards Terminal (OST). The OST is a platform for home entertainment applications. It is based on Open Source technologies, such as Linux, XFree86 and Mozilla, and provides a platform for developing applications for a variety of electronic devices including: broadcast and digital TV, digital video recording, web browsing, gaming etc.

Nokia, Loki in Agreement to Distribute Linux Games with Nokia Media Terminal. Nokia and Loki Software announced an agreement to make Linux games from Loki available on the Nokia Media Terminal. As part of the agreement, Linux-based games from Loki will be pre-installed on the Media Terminal.

Free Software Leaders Stand Together. Bruce Perens has written what he (and probably everyone else) hopes is the final response to the recent ramblings of Craig Mundie from Microsoft. "If you do choose to incorporate GPL code into a program, you will be required to make the entire program Free Software. This is a fair exchange of our code for yours, and one that will continue as you reap the benefit of improvements contributed by the community. However, the legal requirements of the GPL apply only to programs which incorporate some of the GPL-covered code - not to other programs on the same system, and not to the data files that the programs operate upon."

It's signed by many of the biggest names in the Free Software and Open Source world.

MSC.Software installs cluster at Boeing. MSC Software has announced the installation of a Linux cluster at Boeing. It does fluid dynamic computations, was up and running in three hours, and, they say, has already saved Boeing a bunch of money.

American Megatrends Inc. Introduces PC Diagnostic Solution for Linux. American Megatrends Inc. (AMI) announced the development of AMIDiag for Linux. AMIDiag for Linux supports all major Linux distributions including those from Red Hat, SuSE and Mandrake.

FileMaker adds Linux platform support. FileMaker has announced support for Linux for their FileMaker Server 5.5 database server package in a company press release. The package will be Red Hat Certified, though no other distributions are specifically mentioned.

Nevrax Unveils Free Software-Based Persistent World. This press release notes the release of the NeL, the Free-Software-based platform for massively multi-user online persistent worlds. Perhaps even more interesting though is that Michel Teyssedre, vice president, Worldwide Telecom Server Sales, IBM Enterprise Server Group and Richard Stallman will join the Nevrax board of directors.

SuSE announces support for IBM iSeries. SuSE has put out a press release regarding their planned support for the upcoming rerelease of the IBM iSeries (aka the old AS/400 line).

EBIZ Releases Earnings Statement. EBIZ, the company which absorbed LinuxMall last year, reported an increase in revenue from $2.2 million to $8.4 million.

Covalent Named to Upside Magazine's 'Hot 100'. Apache product and service vendor Covalent has been named to Upside Magazine's Hot 100 Private Companies for 2001.

Ransom Love responds to license issues.. Ransom Love, CEO of Caldera, posted a note late Friday to the Caldera announcement list stating his company's commitment to the open source model through the use of multiple licenses.

Borland announces expansion into China. Borland announced plans to expand its presence in the People's Republic of China with the opening of representative offices in Beijing and Shanghai.

Linux Stock Index for May 10 to May 16, 2001.

LSI at closing on May 10, 2001 ... 32.55
LSI at closing on May 16, 2001 ... 32.49

The high for the week was 32.55
The low for the week was 31.64

Press Releases:

Open source products

• Evidian (BILLERICA, Mass.): Evidian Expands Online Support Based on Growing Popularity of its Open Source Application Server Software Implementation.

• Nevrax (LOS ANGELES): Nevrax Unveils Platform for First Commercial Free Software-Based Persistent World; IBM, Universal Interactive Studios and Free Software Foundation Execs Join Advisory Board.

Distributions and bundled products

• Lineo, Inc. (LINDON, Utah): Lineo RTXC Quadros Begins Shipping.

• Network Computing (RESEARCH TRIANGLE PARK, N.C.): Red Hat Linux Named a 2001 Finalist by Network Computing for Well-Connected Award.

Proprietary Products for Linux

• Blue Wave Systems Inc. (CARROLLTON, Texas): Powerful New ComStruct VoIP Software Speeds Time-To-Market; FACT-MG Integrates World-Leading VoIP Software to Leverage ComStruct Packet Voice Hardware Platforms. FACT-MG will initially be available for HA Linux based host platforms.

• CodeWeavers, Inc. (ST. PAUL, Minn.): CrossOver Plugin Puts Any Windows-based Plug-in into the Hands of Programmers Creating for Small Footprint Linux Devices.

• RidgeRun, Inc. (BOISE, Idaho): RidgeRun Announces DSPLinux SDK Release 1.0; Appliance Simulator Greatly Reduces Embedded Linux Developers Time-To-Market.

• Tarantella, Inc. (SANTA CRUZ, Calif.): Tarantella Plus Linux Equals Groundbreaking Savings in Departmental IT Cost And Complexity.

• TUXIA (BLOOMFIELD, N.J.): TUXIA Releases Toolkit for Its Embedded Linux Software for Internet Appliances.

Servers and bundled products

• Acucorp, Inc. (San Diego, CA): Acucorp to Support Linux for IBM eServer z900 and S/390.

• EBIZ Enterprises Incorporated (HOUSTON): EBIZ Enterprises Announces New Pentium 4 Linux Workstation; Terian TS454 High-Performance Workstation Doubles as a Departmental or Small Office Server.

• Lineo, Inc. (LAS VEGAS, Networld+Interop): Lineo Opens SecureEdge to Third Party Software Vendors; OEMs to Gain Access to InterNetShare and Other Third Party Software Products.

• LOGIX and MandrakeSoft (Pasadena, Paris): MandrakeSoft and LOGIX team up to offer Linux solutions to French and Belgian SMEs on IBM's eServer platform.

Products and Services Using Linux

• AMIRIX Systems Inc. (HALIFAX, NOVA SCOTIA, CANADA): AMIRIX ports Linux to Lexra board.

• frontpath, inc. (SANTA CLARA, Calif.): SONICblue's frontpath(TM) Ships ProGear(TM) - the First High Performance, Linux-Based Portable Information Appliance.

• Motorola (Mansfield, Mass.): Motorola SPD Receives Red Hat Certification Logo.

• Nokia (HELSINKI, Finland): Nokia and RealNetworks to Deploy RealPlayer on Media Terminal; Media Terminal Users Will Have Access to RealPlayer & Vast Array of Content Available On the Internet.

• Tarantella, Inc. (SANTA CRUZ, Calif.): Tarantella Releases Embedded Linux Client Solution for Internet Appliances And Terminal Devices.

• WireX (PORTLAND, Ore.): WireX Software Available for Intel's Communications Appliance Reference Designs.

• Zendex Corporation (DUBLIN, Calif.): Zendex and ZF Micro Devices Join Forces to Market the ZXE-x86 FailSafe Embedded Control Board; Targets Gaming, Security, Information Kiosk, Industrial Control.

Products With Linux Versions

• Advanced Digital Information Corporation (ADIC) (REDMOND, Wash.): ADIC'S New CentraVision CDN Software Delivers Industry's Leading Internet Streaming Media Performance.

• BindView Corporation (BALTIMORE): BindView Announces Availability of bv-Control for UNIX and bv-Control for Internet Security.

• BMC Software Inc. (HOUSTON): BMC Software's Award-Winning SQL-Programmer Now Available For IBM's DB2 Universal Database; SQL-Programmer Boosts Productivity for Database Developers and Administrators.

• CarbonWave (CINCINNATI): Masterpiece Technology Group, Inc. Approves Electronic Medical Records Software Architecture for its Masterpiece Millennium - Concept Developed by CarbonWave.

• Casio, Inc. (DOVER, N.J.): Casio Announces U.S. Launch of Powerful 2.1 Pound CASSIOPEIA FIVA MPC-206E Sub-Notebook With Transmeta's Crusoe(TM) Processor.

• DataMirror Corporation (TORONTO): DataMirror Wins Midrange Technology SHOWCASE 2001 Product Excellence Award.

• Filemaker, Inc. (SANTA CLARA, Calif.): New FileMaker Software Adds 5 New Platforms and Improved Fit With IT Requirements.

• IONA (WALTHAM, Mass.): IONA Announces Availability of ORBacus/E 1.1 C++ and Java for Embedded Systems.

• Motorola (TEMPE, Ariz.): Motorola to Ship Advanced High Availability Software Suite Version 2.0: Choice of Linux, LynxOS, Windows 2000 Operating Systems.

• NVIDIA (SANTA CLARA, Calif.): NVIDIA Quadro2 EX Selected For IntelliStation E-Pro Workstations; Quadro2 EX to Power IBM Professional Workstations.

• PlugSys International LLC (SAN LEANDRO, CA): Free Web Development Engine Available For Download Max Server Pages Supports Same Applications On Linux and Windows Web Servers.

• PlugSys International LLC (SAN LEANDRO, CA): New Free Xbase Compiler for Linux and Windows: Max 2.0.

• Tarantella, Inc. (SANTA CRUZ, Calif.): Regain Control of Your IT Environment Globally With Tarantella.

• Tech Soft America (Oakland, CA): HOOPS Net Server - vanguard component technology for rapid development of collaborative applications.

• Tech Soft America (Oakland, CA): HOOPS Stream Toolkit 6.0 raises the bar for intelligent streaming.

• TouchSystems (ROUND ROCK, Texas): TouchSystems Introduces the Latest Breakthrough in Touchscreen Technology; Turbo T6 Has Twice the Lifespan of Today's 5-Wire Technology.

• Viagenie (OTTAWA): Viagenie's Freenet6 Delivers Billions of Free IPv6 Addresses.

• Ziatech (SAN LUIS OBISPO, Calif.): Ziatech, an Intel Company, Introduces New 4U High-Density CompactPCI System; ZT 5087 Addresses the Growing Need for Density in Today's Expanding Communications Infrastructure.

Java Products

• Borland Software Corporation (SCOTTS VALLEY, Calif.): Borland Unveils JBuilder(TM) 5.

• Servigistics (MARIETTA, Ga.): Servigistics Announces PartsPlan Version 6.0; Web-Based Parts Planning and Forecasting Extended to UNIX Platforms While Adding Key Functionality Enhancements.

• Sun Microsystems, Inc. (PALO ALTO, Calif.): Sun Microsystems Announces Improved Performance and Features With New Java(TM) Advanced Imaging 1.1 Software.

Books & Training

• Lineo, Inc. (Lindon, UT): Lineo and Motorola join forces to bring embedded Linux training to professionals.

• No Starch Press (San Francisco, CA): The Opera 5.x Book.

Partnerships

• Computer Associates International, Inc. (ISLANDIA, N.Y. and OREM, Utah): Computer Associates and Caldera Extend Partnership to Include Management Support for SCO Operating Systems.

• IBM (EAST FISHKILL, N.Y.): IBM Set-Top-Box Chip Expands Use of Linux in Consumer Applications.

• LinuxCertified and GirlGeeks (San Francisco, CA): GirlGeeks partners with LinuxCertified.

• Metro Link (Ft. Lauderdale, FL): Lineo and Metro Link to Provide New Micro-X Graphics Solution for Embedix SDK.

• MontaVista Software Inc. (Sunnyvale, Calif.): MontaVista Supports IBM PowerNP NP4GS3 Network Processor with Hard Hat Linux Hard Hat Linux.

• MontaVista Software Inc. (Sunnyvale, Calif.): MontaVista and Diversified Technology Partner for CompactPCI Communications.

• Opera Software (OSLO): IBM Goes for Opera.

• Red Hat, Inc. and IBM (): IBM and Red Hat team up to deliver Linux solutions.

• SGI (MOUNTAIN VIEW, Calif.): SGI and Phoenix Integration Announce Alliance for High-Performance Computing Solutions.

• SuSE Linux (OAKLAND, Calif.): SuSE Linux and intraDAT Partner To Offer Linux e-commerce Solutions For The Enterprise.

• Tarantella, Inc. (SANTA CRUZ, Calif. and LAS VEGAS): Tarantella Plays 'TAG' With Server and Thin Client Vendors.

• Thomcast Communications, Inc. (NEUILLY-SUR-SEINE, France): Netgem and Thomcast Announce Partnership for Interactive Digital Television. Thomcast will distribute interactive data through open receiver solutions capitalizing on a performance core treating HTML data using Linux.

Personnel & New Offices

• Coventive Technologies (SAN JOSE, Calif.): Coventive Technologies Names VP and GM of Americas Operations; Asia's Largest Embedded Linux Software Company Selects Former Motorola Executive to Lead its US-Based Team.

• Lineo, Inc. (Lindon, UT): Lineo appoints WindRiver Executive as senior director of customer service.

• Merlin Software Technologies International Inc. (BURNABY, British Columbia): Merlin Software Expands Sales and Marketing Team.

• Penguin Computing Inc. (SAN FRANCISCO): Penguin Computing Names Steve McDowell and Pat Patla to Senior Management Team.

Financial Results

• Magic Software Enterprises, Ltd. (OR YEHUDA, ISRAEL): Magic Software Enterprises Announces First Quarter 2001 Results.

• Stratabase.com Inc. (ABBOTSFORD, BC): Stratabase Announces Positive Net Income for Q1 2001.

Linux At Work

• MontaVista Software Inc. (Sunnyvale, Calif.): MontaVista Software and STMicroelectronicsAlly to Put Linux-on-a-ChipLeading Embedded Linux Supplier and Global Semiconductor VendorTeam Up to Target System-On-a-Chip Market.

• NeTraverse Inc. (AUSTIN, Texas): NeTraverse To Provide Reliable, Secure, Cost-Effective Software Solutions to Federal Government.

• Penguin Computing (SAN FRANCISCO): VeriSign Selects Penguin Computing to Power DNS Hosting Services; Internet Pioneer Cites Technological Excellence and High Quality Service As Winning Combination.

Other

• Sendmail, Inc. (EMERYVILLE, Calif.): Sendmail, Inc. Named as Finalist for Computerworld Honors 21st Century Achievement Award; Sendmail to Be Honored On June 4th in Washington D.C..

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Census site makes quick work of stats (GCN.com). The Census Bureau is using Perl and Linux to generate statistical information, according to this Government Computer News story. "The bureau started developing QuickFacts based on users requests for a one-stop site with easy-to-decipher statistics about a particular state or county. Now, QuickFacts is becoming one of the chief pathways into the rest of Census data, Zeisset said."

Torvalds: Software subscriptions doomed (News.com). Linus Torvalds says software subscriptions are doomed according to this News.com article. "The subscription debate will likely emerge as one of the major flash points in the software industry. Although the exact terms vary, in most of these programs customers sign multiyear contracts that commit them to pay for new software on an ongoing basis."

Upside asks Did Torvalds dis Microsoft -- or Eazel? in reaction to the previous story. "At first brush, the comment seemed like a swipe at Microsoft (MSFT), which on Thursday began offering its Office productivity suite and Windows operating system via subscription. But it was also a perhaps unintended slight at Eazel, a company with an impressive technical pedigree that has poured $15 million into a crash program to develop an easy-to-use graphical shell for Linux."

In Search of a Sniffer (Linux Journal). Linux Journal discusses the ins and outs of network sniffers. "A sniffer is usually passive, it only collects data. Hence, it becomes extremely difficult to detect sniffers. When installed on a computer, a sniffer will generate some small amount of traffic, though, and is therefore detectable."

Worldwide Copyrights a Quagmire? (Wired). Wired reports on Richard Stallman's objection at a U.S. Copyright Office roundtable. "The treaty in question is a heretofore obscure proposal known as the Hague Convention, which European nations generally support, but the U.S. State Department has criticized. If countries agree to the convention, they'd be required to enforce judgments in certain type of civil lawsuits brought in another jurisdiction."

Linux scores benchmark victory over Microsoft (ZDNet). ZDNet covers the SGI benchmark results (see next item, below). "Linux has finally made it onto the business map in the area of database benchmarks, helping take the wind out of Microsoft Corp.'s continued contention that open-source operating systems don't make good business sense."

Runs great, sucks less (ZDNet). ZDNet talks about why you might want to use Linux as your desktop system. "Why bother making the switch and mustering up all that extra brain activity? For me, the most compelling thing about Linux is the pace of innovation."

Ulterior Motives (ZDNet). Coding simply to aid the human race may not be the only goal of open source programmers. "Just giving someone a copy of the source code isn't enough. Open source, to [Kevin] Burton, [Co-founder and primary developer, OpenPrivacy], is a process of sharing the source code with users in order to make them full partners. The open source projects he works on come with well-developed tools for knitting the community together and coordinating its moves. This infrastructure pays off."

Open Options (ZDNet). Linux and Apache aren't the only open source success stories, says this ZDnet analysis piece, though the article does use two Apache spinoffs in its listing of four other open source projects. "The Velocity template engine is another Apache Jakarta project that casts the services of JavaServer Pages, which are used primarily by skilled Java programmers, into a simpler template language for Web site designers and content authors."

Does Openness Help Or Hurt? (ZDNet). Peer review is beneficial, but not everyone thinks entire systems should be open to review, according to this ZDNet article. "'If you're talking about other administrative tools, such as authorization tables and procedures, then you wouldn't want an attacker to see it, and there is likely little benefit to source review,' said Jim Bidzos, chairman at VeriSign and vice chairman at RSA Security."

Gracenote under pressure (News.com). Gracenote is an online music database, which fell under fire when it threatened to sue an open source competitor, Roxio. "Most irksome for open-sourcers: Gracenote's efforts to put a fence around a database of CD songs and album titles, which were largely entered by the public, not the company's employees."

Is the GPL the weakest link? (ZDNet). The debate on which open source license makes more practical sense continues. This ZDNet article attempts to explain how a BSD license might be better for ISV's. "Besides, servicing insurance agents may not be that big of a profit stream, so I would like to make some money from charging for my binaries. For me, working off a BSD license makes more sense. The core of my code will be public, but the changes that give it added value will still be mine."

Companies

Opera finds footing in browser war (News.com). C|Net examines Opera's newly announced relationship with IBM and how it affects the company's browser battle plans. "The IBM contract to use Opera in its NetVista Internet Appliance and another device not yet disclosed 'is certainly something that the AOL folks would have liked to have,' said David Smith, an analyst with research firm Gartner. 'It sounds like Opera is muscling in.'"

Plug and Crunch: WhiteCross' Linux Story (Linux Journal). Doc Searls looks at WhiteCross, a company using Linux as the backbone of customized data analysis. "People usually hear about Linux as a file, print or web server. We're asking it to do a similar thing. Swapping memory, moving data on and off disk, parsing an SQL statement and a ton of computation. The OS does everything in the box. But the key advantage with Linux is that we can expand just by adding more racks. Plug and crunch."

Nokia to adopt Linux for the Media Terminal. In another report on the Nokia adoption of Linux for their Media Terminal home entertainment system, the BBC reports that the cell phone giant will use the linux software language (yes, lowercase "L") for their new consumer device. (Thanks to Douglas Gilbert)

Is Microsoft Engaged in an Information War Against Open Source or IBM? (Consulting Times). According to this Consulting Times piece, recent reports of Microsoft's attack against open source miss the real target of the Redmond giant's focus: IBM. "IBM's Linux initiative allows companies to retire their large server farms and use a single, smaller and more powerful zSeries system. Instead of a 40,000-foot data center, companies could replace those NT boxes with a single computer smaller than the company refrigerator. The .Net strategy becomes suspect as fewer Application Service Providers deploy NT and/or consolidate under IBM and Linux." (Thanks to Trey Tabner)

Transmeta branches out with Web tablet (News.com). SonicGear's Transmeta-based ProGear tablet is set for release this week, according to this C|Net report. "The company initially hoped to launch a consumer version of the Linux-based tablet but is instead pitching the machine at hospitals and other niche markets. Cost is a big reason. The unit, which resembles an Etch-A-Sketch, will be priced in the neighborhood of $1,500 depending on the configuration."

H-P Takes Middle Path In Linux World (ZDNet). This story from Reuters looks at HP's middle of the road approach to Linux adoption. "The total market for server computers running Linux grew 132 percent, to $1.7 billion last year, International Data Corp. reported. Hewlett shipped $180 million of Linux servers, the company quoted the research firm as saying."

HP settles on Debian Linux (News.com). C|Net's News.com covers HP's plans to focus on the Debian distribution of Linux. "While many companies have avoided Debian because it limits their ability to claim intellectual property, HP believes having a single official version that customers can use without licensing is good, Bruce Perens, a well-known Debian developer and HP's Linux advocate, said in an e-mail."

Opera set to unleash Linux browser (ZDNet). According to this ZDNet report, Opera is getting ready to make its Linux browser publicly available, ending the long beta cycle for this release. "Oslo, Norway-based Opera has been testing its Linux release for more than a year. Von Tetzchner said Opera has tested the Linux version with as many Linux distributions as possible and is confident the browser will support all of the main distributions, including Red Hat, Caldera, SuSE and Mandrake."

Love Your Enemy (ZDNet). ZDNet looks at Uprizer, Freenet founder Ian Clarke's new venture. "Clarke, 24, created Freenet in 1999 at The University of Edinburgh in Scotland. He got a B, he says, because he was unable to point to any prior research on which his work was based. The software got a more enthusiastic reception when Clarke released it online, turning it into an open source project."

Red Hat to go solely with Mozilla browser (ZDNet). ZDNet reports on Red Hat's intended switch from Netscape to Mozilla. "Mozilla has the exact same look and feel of the current Netscape browser, but officials said that the reason to go strictly with Mozilla is that its open-source development model has a better fit with Red Hat's philosophy."

Is Caldera the world's biggest Linux company? (ZDNet). ZDNet looks at the Caldera/SCO deal. "And the world's biggest Linux company is...Caldera Systems. While Red Hat would disagree and you could argue for IBM, with its broad Linux support, Caldera has its own case. Caldera's purchase of the Santa Cruz Operation's (SCO) Server Software and Professional Services Divisions gives it a combined Unix/Linux and reseller presence far greater than its pure Linux play competitors."

Caldera to introduce modified open-source license (ZDNet). ZDNet reports that Caldera does not like the GPL. "[Caldera CEO Ransom] Love said he thinks Microsoft was right in its claim that the GPL doesn't make much business sense. Consequently, Caldera is likely to add a non-GPL licensing mechanism -- most likely one based on the BSD license -- to its repertoire in the coming months."

Business

Finding Profit In Partnership (ZDNet). According to this Interactive Week article, finding a business model for open source relies on finding a partnership between the community and the customers. "'The top line for desktop machines and the top line for server machines is going to be relatively flat for the next five years,' said Michael Tiemann, Red Hat's chief technical officer. 'I think that the data shows that the biggest growth is going to be in the post-PC market space.'"

Open source Zope creator Digital Creations says they work both ends of the market. "Digital Creations splits the work in every contract into two parts. Contributions to the core Zope code used by everyone may be shared, but new solutions developed for a customer are kept proprietary."

Open Source Code: A Corporate Building Block (ZDNet). ZDNet provides some real world experiences on switching from Microsoft to open source solutions. "In Eugene, Ore., a 15-year-old bicycle manufacturer, Bike Friday, ran into trouble getting its Microsoft Access database systems to scale up to its business needs. Instead of migrating to SQL Server and becoming dependent on proprietary Microsoft products, it decided to base its business on open source code."

Reviews

A Book for KDE Enthusiasts (Linux Journal). Linux Journal reviews Programming KDE 2.0: Creating Linux Desktop Applications. "If you have a lot of RAM, like C++ and like creating desktop applications, Programming KDE 2.0 is quite an acceptable guide."

All Aboard! First Laptop Ships Out with Windows and Linux (NewsFactor Network). Here's a look at the new Casio sub-notebook which comes pre-loaded as a Windows/Linux dual-boot system. Casio wants to see if there is a market for Linux laptops. We at LWN have observed that the Linux laptop market is a tough place to be. Also the demand for a good Linux laptop cannot be easily gauged by sales of a dual-boot system. Still, this little machine could help turn a few Windows users into Linux converts.

Interviews

Rob Savoye (ZDNet). The community nature of open source is what holds some programmers, according to this interview with Rob Savoye of Interact-TV. Savoye said he was attracted to open source because ". . . people were giving me stuff. They were helping me make my deadlines. I was paying them back by writing other software and giving that away for free. I kind of liked the community, we're-all-in-this-together kind of thing."

An Interview with Mark Lutz (O'Reilly). Here's an interview with Mark Lutz, author of Programming Python, on the O'Reilly site. "In fact, most of the people in the classes I teach these days are there because they've been told that they have to use Python at their job, not because they'd like to experiment with something new. That's a fairly radical user-base shift and it speaks volumes about how far Python has come."

Miscellaneous

Mac: Ripe for a Hack? (Wired). With the new OS based on a Unix core, is Apple's OS X more open to attacks than earlier versions? According to this Wired story, it depends on who you talk to. "But the security benefits of open-source software will apply to Mac users only if Apple works closely with the open-source development groups, something that few corporations have been able to do successfully."

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

Linux 2.4 stateful firewall design tutorial (IBM developerWorks). This tutorial shows you how to use netfilter to set up a powerful Linux stateful firewall.

Core dump files and what to do about them (Linuxnewbie.org). Ever wondered what with those large files named 'core' that appear in your directory? Linuxnewbie.org has the answers.

News in brief from IBM's Linux Technology Center . Here's the biweekly news in brief from the Linux Technology Center -- where all the Linux-related technologies happening inside IBM are tracked.

Tip of the Week: Code Cleanup with indent. LinuxLookup cleans up some ugly code with indent. "indent is another of those commands with a mile long set of options, so you really need to read the man page and experiment to see how it all works. But with the right set of options you can do things like fix indenting, standardize brace usage, comment formatting, line length, and much more."

Events

Is Open Source Software THREATENING INTELLECTUAL PROPERTY?. Two of the Linux@work series of events will hold an open panel exploring the topic. Join panelists Jon 'maddog' Hall and representatives from Borland, Compaq, Intel,Quadratec, SGI, SuSE and Xybernaut at Linux@work Paris, June 13 and Linux@work Brussels, June 14, 2001.

XML Information Days. LogOn Technology Transfer GmbH is organizing XML Information Days in cities throughout Europe during September and October 2001.

Events: May 17 - July 12, 2001.

Date	Event	Location
May 17 - 18, 2001	Linux Expo	Shanghai, China
May 17, 2001	Linux@work	Milan
May 17, 2001	Spring 2001 Enterprise Linux Implementation Conference	San Jose, CA
May 17, 2001	The 2001 Applied Computing Conference	Santa Clara, CA
May 18 - 19, 2001	2nd Magdeburger Linuxtag	Magdeburg, Germany
May 18, 2001	IST programme actions on free / open source software development	Brussels
May 19 - 20, 2001	LinuxCertified.com Linux Fundamentals	Cupertino, California
May 20 - 23, 2001	eXtreme Programming(XP2001)	Sardinia, Italy
May 22 - 23, 2001	Linux 2001 congress	Ede, the Netherlands
May 24 - 26, 2001	LinuxWorld	Korea
May 24, 2001	MontaVista seminar	(Santa Clara Hilton)Santa Clara, Calif.
May 29 - 31, 2001	II Forum Internacional do Software Livre	Brazil
May 31, 2001	The Unix Users Group the Netherlands Spring Conference	(De Reehorst)Ede, the Netherlands
May 31, 2001	MontaVista seminar	(Irvine Hilton)Irvine, Calif.
June 5, 2001	MontaVista seminar	Chicago.
June 6 - 7, 2001	Linux Expo	Milan, Italy
June 7 - 8, 2001	Second European Tcl/Tk User Meeting	Germany
June 7, 2001	MontaVista seminar	Toronto.
June 11 - 14, 2001	Hot Springs Educational Technology Institute conference	(Hot Springs High School)Hot Springs, Arkansas
June 13, 2001	Linux@work	Paris
June 14, 2001	Linux@work	Brussels
June 15, 2001	Linux@work	Amsterdam
June 20 - 21, 2001	Linuxdays 2001	St. Pölten, Austria
June 25 - 30, 2001	USENIX Annual Technical Conference	Boston, Massachusetts
June 25 - 27, 2001	NCSA Linux users' and system administrators' conference	(University of Illinois)Urbana, IL
June 29 - July 1, 2001	Linux 2001 Developers'' Conference	Manchester, UK
July 3 - 5, 2001	Enterprise Linux Institute Conference	Olympia, London
July 4 - 9, 2001	Libre Software Meeting	Bordeaux, France
July 4 - 5, 2001	Linux Expo Exhibition	Olympia, London
July 5 - 8, 2001	LinuxTag 2001 - Stuttgart,	Germany
July 9 - 12, 2001	Embedded Systems Conference	(Navy Pier Festival Hall)Chicago, Ill.
July 9 - 13, 2001	SAGE - AU 2001	(Grosvenor Vista Hotel)South Australia

User Group News

LUG Events: May 17 - May 31, 2001.

Date	Event	Location
May 17, 2001	St. Louis LUG(SLLUG)	(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
May 17, 2001	Omaha LUG(OLUG)	Omaha, Nebraska
May 17, 2001	South Mississippi LUG(SMLUG)	(Barnes & Noble)Gulfport, Mississippi
May 17, 2001	SSLUG: Kerneprogrammering for begyndere	Denmark
May 17, 2001	FLUG: FLUG foredrag	Denmark
May 18, 2001	Rock River LUG(RRLUG)	(Rockford College)Rockford, Illinois
May 19, 2001	SVLUG Installfest	Silicon Valley, CA
May 19, 2001	North Texas Linux Users Group(NTLUG)	(Nokia Centre)Irving, Texas
May 19, 2001	Eugene Unix and GNU/Linux User Group(EUGLUG)	Eugene, Oregon
May 20, 2001	Beachside LUG	Conway, South Carolina
May 20, 2001	LUGOD / UC Davis Installfest(LUG of Davis)	Davis, CA.
May 21, 2001	Haifa Linux Club	(Technion CS dept. bldg.)Haifa, Israel
May 22, 2001	Hazelwood LUG	(Prairie Commons Branch Library)Hazelwood, Missouri
May 23, 2001	Linux User Group in Assen	Netherlands
May 23, 2001	The Nashua Chapter of the Greater New Hampshire LUG(GNHLUG)	(Martha's Exchange)Nashua, NH.
May 25 - 27, 2001	LUG-Camps 2001	Nördlinger Ries
May 26, 2001	Consortium of All Bay Area Linux(CABAL)	Menlo Park, CA
May 26, 2001	Central Ohio LUG(COLUG)	Columbus, Ohio
May 29, 2001	Phoenix Linux Users Group(PLUG)	(Glendale Community College)Glendale, AZ
May 31, 2001	Bergen Linux User Group(BLUG)	Bergen, Norway
May 31, 2001	The Unix Users Group the Netherlands Spring Conference	(De Reehorst)Ede, the Netherlands

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Linux History page.

This week in Linux history

... people need to eat. Programmers need their supplies of soda and chips. Many of us would produce a lot more free software if we didn't burn ourselves out on our day jobs first. Unfortunately, we have to keep said day jobs, lest we become another one of those people out there with "will write visual basic modules for food" signs.

Three years later...well...we're still working on that one. Nonetheless, an awful lot more people are paid to write free software now than were back then.

As a sign of where the general understanding of free software was three years ago, consider this introductory article in the Ottawa Citizen:

The spread of the Linux operating system is governed by a constitution called the GPL, which stands for "GNU Public License." The GPL states that anyone can become a distributor of Linux, as long as it's not sold for profit. It must always be redistributed for free. In short, the capitalists of the software world are not welcome in programming circles where the GPL is the holy word.

The first Questions not to ask on linux-kernel FAQ was released.

Two years ago (May 20, 1999 LWN): LinuxHQ, once a central point for kernel development information, was abruptly yanked off the net by the domain's original owner. The site made a quick jump to kernelnotes.org, where it stayed for almost two years. Kernelnotes appears to have vanished off the net as of a month or so ago however.

Both CoSource.com and the SourceXchange launched. Two years later, the SourceXchange has been recently shut down, and CoSource appears to be headed in that direction.

The current stable kernel release was 2.2.9, which was put out in a bit of a hurry after some ill-advised buffering changes made 2.2.8 into a rather dangerous thing to run. Not quite what people had been expecting in a stable kernel release.

The Open Source Who's Who site was announced. This is a reference site for finding out who is associated with what project and to commemorate people who have given their time and resources to enrich the Open Source community. Two years ago there were over 900 in the database, now there are closer to 1250.

Linus Torvalds was granted a Doctor of Honors from the School of Mathematics and Science, Stockholm University. The press release from the University (in Swedish) is still available. Unofficial interpreter Tim Lundstrom pointed out that the press release mentions that Linus is one of the youngest people ever to receive this recognition and that Linux, for which he is responsible, is praised by scientists around the world.

One year ago (May 18, 2000 LWN): The Open Group announced the Open Motif toolkit had been released under a public license. With an odd twist to a roughly GPLish license, the X toolkit would be open source when used with open source operating systems, and proprietary when used with a proprietary OS. Though there was talk of making Open Motif more compatible with the GPL, this has not happened. However there is still LessTif which is licensed under the GNU LGPL.

A W. R. Hambrecht analyst on open source companies predicted the future of Linux distributions in a position paper run in Red Herring. They said:

Approximately 140 distribution companies exist across the globe. We believe all but the top five will be bought, will go out of business, or will be relegated to insignificance. Market-share leaders are currently defined around geographic boundaries. Red Hat has the largest global brand recognition and leading North American market share, SuSE leads in Europe, TurboLinux leads in Asia, and Conectiva leads in South America.

One year later, the situation has changed very little - and the list of distributions certainly has not gotten shorter.

The Corel/Inprise merger was canceled. This paragraph from Corel's press release summed it up:

Because of significant changes since the merger was agreed to more than three months ago, Corel has concluded that it is in its best interest to terminate the agreement at this time. Corel and Inprise/Borland are parting on amicable terms and will continue to pursue opportunities for ongoing partnerships.

The CBC wondered if Corel would survive, or go into a "death spiral". The merger was originally to be an exchange of stock. But Corel's stock price had fallen from $64.65 Cdn on the Toronto Stock Exchange, down to $8.90 (which looks pretty good at this point).

SuSE announced support for its distribution on the IBM S/390 server. Turbolinux, too, announced support for the S/390 architecture.

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

See also: last week's Letters page.

Letters to the editor

From:	 Richard Stallman <rms@gnu.org>
To:	 Bernard.Lang@inria.fr
Subject: Re: [Freesw] priorart.org
Date:	 Fri, 11 May 2001 23:42:05 -0600 (MDT)
Cc:	 kmself@ix.netcom.com, fsb@crynwr.com, freesw@conecta.it

There are major problems with priorart.org.  Actually, two
problems--one tactical, and one strategic.

In the US patent system, if the PTO looked at certain prior art and
decided to issue the patent anyway, the court is supposed to presume
the PTO was right to regard that prior art as insufficient.
But if the PTO was unaware of the prior art, then the court can look
at it with an unbiased eye.

As a result, prior art is more effective against patents if the PTO
does not know about it.  For potential patent victims to inform the
PTO about prior art is a self-defeating project.

The effect of this is worse than you might think, because of the way
the PTO uses prior art.  The question they are suppose is, "Is this
idea unobvious given the known prior art?"  But their threshold of
"unobvious" is so low, that in practice the tiniest difference from
the known prior art is enough excuse for them to issue a patent.  The
courts are much more likely to apply a sensible definition of
"unobvious", if they are not blocked by a prior PTO decision about the
same prior art.

Then there is the strategic problem.  I have seen publicity associated
with this activity, and it serves as an excuse to whitewash the system
of software patents.  The publicity suggests that we could live with
software patents, if only we "work to make the system function" in
this way.  It encourages people to think that the only problem in
software patents is when non-novel ideas are patented, and that
software patents on new ideas (some brilliant, most pedestrian) are
ok.  And that will undermine the efforts now under way in Europe to
prevent software patents there.

Organized efforts to collect prior art could be useful if they avoid
these two problems.  But if they have these problems, they can easily
do more harm than good.

From:	 "Eric S. Raymond" <esr@thyrsus.com>
To:	 wire-service@thyrsus.com
Subject: Reliance on closed source for security considered harmful
Date:	 Mon, 14 May 2001 17:43:21 -0400

Today, Yahoo is carrying the news that Microsoft has admitted the
existence of a back door in its IIS webserver that could affect
hundreds of thousands of websites worldwide [1].  This comes barely
two weeks after the revelation [2] that another, unrelated bug in IIS
permitted crackers to gain root access to sites running IIS 5.0 and
Windows 2000 -- the latest, greatest versions of Microsoft's flagship
OS and web server.

It's not exactly news that Microsoft's products are hideously
insecure; these really serious incidents are taking place against a
background that includes almost weekly announcements of some new macro
virus or attachment trojan propagated through Microsoft Outlook.  One
might almost be tempted to yawn if these bugs weren't annually costing
computer users worldwide billions of dollars worth of downtime, lost
opportunities, and skilled man-hours.

But there is something about this incident that deserves special
attention.  This most recent security hole was *not* a bug -- it was a
deliberate back door inserted by Microsoft engineers.

When Microsoft spokespeople said that the back door was "absolutely against
our policy," they were doubtless intending to be reassuring.  But on second
thought, that statement should strike fear into the heart of any MIS manager
relying on Microsoft products.  Because the inevitable next question is this:
if backdoors can find their way into Microsoft's production releases against
Microsoft's own policy, *how many more undiscovered ones are there*?

Microsoft doesn't know.  Nor does anyone else.  The only people who
could tell us are other rogue Microsoft employees like the unnamed
culprits behind today's backdoor.  And they aren't talking.

Back doors and security bugs, like cockroaches, flee the sunlight.
There is only one way for software consumers to have reasonable assurance
that they will not become victims of a back door -- open source code.
The Apache web server that IIS competes against has never had a back door,
because its code is routinely reviewed and inspected by a worldwide 
developer community alert to the possibility.  Any developer tempted
to insert one knows that it would be discovered and traced to him in
short other -- thus, it's never even been tried.

Ths illustrates a larger point.  When you use closed source for a security-
critical application, you must blindly trust *everyone* in the chain of
transmission -- the developers who wrote it, the company that marketed it,
and the people who made and shipped the physical media.  Bad actors or simple 
mistakes at *any* of these stages can leave you with a computer begging to be
owned by the first script kiddie who wanders along.

With open source, you have a check on the system.  You can see inside;
you know what's going on.  This changes the behavior of everyone
upstream of you; the higher probability that a bug or backdoor will be
exposed keeps them honest even *before* the code is reviewed.  If
Microsoft's IIS had been open, whoever was responsible for todaty's
back door would never have dared to insert it.

The few MIS managers who aren't alreedy evaluating open-source
software need to wake up and smell the coffee.  Today's backdoor
demonstrates that Microsoft can't control its own employees well
enough to be trusted with your critical data.  More fundamentally than
that, though, it reveals how deeply foolish and dangerous it is to
rely on closed-source software for any security-critical use.

As the security advantages of open source become clearer, managers who
persist in this mistake may find they are putting their own jobs at
risk.  And deserving to lose them...

[1] <http://smallbusiness.yahoo.com/entrepreneur.html?s=smallbiz/articles/20010514/microsoft_ackno>

[2] <http://www.eeye.com/html/Research/Advisories/AD20010501.html>

(Re-distribute and publish freely.)
-- 
		<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>

"The bearing of arms is the essential medium through which the
individual asserts both his social power and his participation in
politics as a responsible moral being..."
        -- J.G.A. Pocock, describing the beliefs of the founders of the U.S.

From:	 Bohn Christopher <cbohn@computer.org>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: Regarding the Caldera/SCO deal
Date:	 Thu, 10 May 2001 07:33:46 -0400


I find it just a little amusing, now that Caldera International owns
UnixWare and OpenServer, that software with a direct lineage to a Microsoft
product (XENIX) is now owned by a Linux company.

Christopher A. Bohn

From:	 jerry <jerry@pc-intouch.com>
To:	 letters@lwn.net
Subject: 
Date:	 Thu, 10 May 2001 12:13:29 -0700 (PDT)
Cc:	 wa6cvl@qsl.net

	Caldera's Mr Love just announced that the GPL is a Linux weakness.
and several others have agreed. 
	BSD advogates have long been stressing the better copyright that
they have... Linux is NOT necessarily superior to FreeBSD, but it has a few 
advantages,of which the GPL IS THE MAJOR ADVANTAGE. 
	If Mr. Love wants the BSD style license, why not use FreeBSD. I
would not have a problem with that. BSD is a competent and useful OS. I 
use it myself. 
	This is not a very complicated issue, if you want the BSD-style 
license, USE FreeBSD.
	Leave Linux alone. From a Microsoft users point of view, the Linux
and FreeBSD operate the same. The same software packages run on both. The 
charm of Linux is TIED to the GPL. The sparkling differences in the Linux
attitudes, the early adoption of interfaces, the freewheeling diverse 
packageing, the 180 different distributions, ARE ALL A RESULT OF GPL..
VIVA GPL...
 de Jerry Sharp

From:	 "Jonathan Day" <jd9812@my-deja.com>
To:	 letters@lwn.net
Subject: Thoughts about the GPL, ZDNet, et al
Date:	 Fri, 11 May 2001 06:12:13 -0700

Hi,

The first thing that ZDNet forgets are the basic rules of selling ANY
product or idea:

1) A foot in the door is worth two in the mouth.
2) You can't sell mindshare. But, without mindshare, you can't sell anything.
3) Profit is a function of actual gains versus actual expense.

The only one I need to explain is the third.

Profit = What you get - What you give to get it.

In other words, doubling what you get (eg: by selling a distribution under
a non-GPL licence) is of no value if you've also doubled what you have to
give (better promotion, better packaging, better sales department, better
tech support, etc).

If your costs increase at the same rate as your profits, you've gained
NOTHING. You're NO better off than if you'd sold a GPLed Linux for $5 in
every market stand in the country. (In fact, you'd probably end up much
richer doing that!)

Trying to sponge customers reduces your audience, and increases the amount
of effort it'd take to reach them. There IS an optimum. That optimum is
what Linux already uses. The GPL.

ZDNet is used to "classical" thinking. Thinking that brought us the wonders
of the recent energy crisis. Thinking that spawned global recession in the
80's and 90's. Thinking that brought on the Great Depression in the
30's. It's thinking that the rest of humanity doesn't need.

Jonathan Day




------------------------------------------------------------
--== Sent via Deja.com ==--
http://www.deja.com/

From:	 John Morris <jmorris@beau.lib.la.us>
To:	 <letters@lwn.net>
Subject: The "free flow of cryptographic information"
Date:	 Fri, 11 May 2001 14:47:46 -0500 (CDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I certainly hope that was sarcasm in this weeks's LWN history page,
because I can't see how things have changed a whit.  Three years ago all
the crypto was kept on an overseas server and had to be manually patched
into the system. This week I added crypto to my laptop. Yup, I did it by
downloading the International Crypto Patch from www.kerneli.org and
rebuilding the kernel and several of the user space tools.

Even if we can't get the actual crypto code included in mainstream
distros' kernels, I'd be real interested in knowing what reasons the
various distribution packagers give for not including the patches in the
user space tools like mount and losetup.  Those tools only need to be
built with the ability to convert the names of the cyphers into numbers
for the crypto api so there shouldn't be any export issues, especially in
this environment of a "free flow of cryptographic information".

- -- 
John M.      http://www.beau.org/~jmorris        This post is 100% M$ Free!
Geek code 3.0:GCS C+++ UL++++$ P++ L+++ W++ N++ w--- Y+ 5+++ R tv- b++ e* r
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iEYEARECAAYFAjr8QekACgkQqME6bvnsqA/XTQCeIoY0nQk43OBpB7UZpu/ci+/0
314AoK92QWgABqrlqpn7CV9a3jxdgqbs
=eEJT
-----END PGP SIGNATURE-----

From:	 <mschwarz@alienmystery.planetmercury.net>
To:	 letters@lwn.net
Subject: Wrong way to look at it
Date:	 Fri, 11 May 2001 15:52:19 -0500 (CDT)

In you "On The Desktop" section this week you said "Older hardware tends
to amplify the effects of slowness."

I think this is the wrong way to look at it.  Rather say "newer hardware
tends to mask the effects of poor design and excessive cruft."

I cut my programming teeth on 8-bit embedded applications; much of what I
wrote had to fit into 2716 and 2732 EPROMs (2k and 4k respectively).  You
learn not to waste there.

One of the most amazing feats of software design was Visicalc.  The 6502
was an incredibly limited processor.  And yet the whole class of
"spreadsheet" applications was created within those limits.  Look at how
much memory, disk, and CPU cycles Visicalc consumes, then compare it to MS
Excel and ask yourself if Excel really does three orders of magnitude more
for its users than Visicalc did.

I hate feeling like Abraham Simpson (I'm only 34 years old for goodness'
sake), but too many people are too addicted to big memory, big disk, and
big clock speeds.

I use a Z80 and CP/M emulator to maintain an embedded application for a
local ham radio group.  That emulator runs eight times fater than any real
Z80!  Can you imagine how fast software would be if the same rigor were
applied to today's software as was applied then?  Of course, there are
whole classes of aplpication that you couldn't write without the faster
speeds.  I'd hate to do 3d rendering on 1MHz 6502!  But such programs are
not the bloatware.  They are still constrained, so their authors still
strive for every cycle and every byte.

My overwhelming reaction to the most recent KDE release was "My God, they
really slowed this down!"  The advantage is, with Free Software, you can
find the bottlenecks that really bug you, and do something about it.

Anyways, my point is that at least some though should be put into size and
speed efficiency.  I think peiople make a big mistake when they buy
powerful machines for software development.  I do most of my programming
on a 200MHz machine.  If it runs well there, It'll blind people on 1G
Athlons!

--
Michael A. Schwarz
mschwarz@sherbtel.net

From:	 James Dixon <jdixon@mail.westco.net>
To:	 letters@lwn.net
Subject: Dell and Linux
Date:	 Sat, 12 May 2001 13:23:52 -0400 (EDT)


Quoting from your "Three years ago.." section:

>   Dell claimed that none of their customers wanted Linux in this ZDNet
>   article. LWN received an open letter from Jim Dennis to Dell telling
>   them that their customers were already using Linux on Dell computers.
>   Dell still isn't completely convinced. To this day the main Dell site
>   does not mention Linux and won't even point you to the Dell Linux
>   site.

Oh, I think Dell is convinced.  See this quote from Michael Dell's
keynote speech at the Linux World Expo last year:

 "Linux has grown from about four percent of all Dell servers
  sold in the first quarter of 1999 to almost ten percent of all
  servers sold in the first quarter of this year."

Assuming normal Linux growth rates, we can guess that Linux accounts
for roughly 15-20% of Dell server sales at this time.

However, they have a problem.  Microsoft based systems still account
for the remaining 80-95% of server sales and 95% of personal computer
sales.  If they highlight they're Linux systems, they alienate
Microsoft.  Michael Dell is not about to take that risk.  He knows
how vindictive Microsoft can be, and he has employees and shareholders
to worry about.  Aggravating Microsoft is not in their best interest.
For this simple reason, it will still be a few years till Dell can
safely highlight their Linux systems.  Expect them to remain low
profile in the meantime.

James Dixon
jdixon@pobox.com