[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


What distribution will your handheld system run? Palm Computing's dominance in the handheld personal digital assistant (PDA) market seems to be coming to an end. The new PDA systems provide far more power and functionality; they are full-strength computers in their own right. And Linux is the obvious system to run on them. But it will be interesting to see which Linux that will be.

At the moment, the company that most obviously appears to be making a determined effort to be the supplier of Linux for handheld systems is Lineo. Sharp's new Linux-based PDA uses Lineo's distribution and tools, of course; according to this announcement the next generation PDA (which will be sold in the U.S.) will also be developed with Lineo.

Lineo has also announced a deal with Insignia, Opera, and Trolltech to create "Embedix Plus for Smart Handheld Devices." The carefully-worded release describes the "open standards platform" which will be developed by these companies. It will doubtless be a well-designed system, but it will not be an "open source" platform. Don't expect to be able to download your copy anytime soon.

The other company that is making a try for handheld systems is Transvirtual, with its PocketLinux system. At a first glance, PocketLinux appears to be grinding to a halt - there has been no release since 1.0 in January, and mailing list traffic has slowed to a stop. One could be forgiven for thinking that things look grim for those wanting to run a 100% free system on their PDAs. Appearances can be deceptive, however.

Transvirtual has been quiet, evidently, due to a move into a new, larger office in San Francisco. There are also rumors about a new round of financing that is to be announced soon. But it does seem that there will be a major change with PocketLinux - new releases are going to be based on a different system, called Familiar.

Familiar is a bit of a stealth project; your editor must confess to having been ignorant of it until recently. A quick look, though, reveals that work on a free handheld distribution is proceeding nicely. Familiar is a new distribution being produced as part of the Handhelds.org project; it is currently oriented toward the Compaq iPAQ system, but, as it stabilizes, it will certainly be ported to other platforms as well.

Familiar is loosely based on the Debian ARM distribution, but it uses its own (smaller, simpler) package manager ("ipkg"). Much of the development work on handheld applications (the first appears to be a contact manager) is being done with Python, Gtk, and GDK. The 0.4 release came out on May 14.

The Familiar distribution looks like it will be the base for most other free handheld systems. As mentioned, PocketLinux will be using it; Transvirtual will undoubtedly add Kaffe and a bunch of other Java goodies as well. The Intimate distribution adds full Debian package management, at the cost of not fitting into a minimally-equipped iPAQ.

As the next generations of handheld systems arrive, the commercial distributors will doubtless come out with high-quality products that run on them. But the work on Familiar (and derivatives) is important - it is defining the shape, and providing much of the source, that future handheld distributions will have. Now if only those iPAQ systems were a little cheaper...

The empire strikes harder. For those who still haven't seen it, this interview with Microsoft CEO Steve Ballmer in the Chicago Sun Times is worth a look. Here are his comments on Linux:

Open source is not available to commercial companies. The way the license is written, if you use any open-source software, you have to make the rest of your software open source. If the government wants to put something in the public domain, it should. Linux is not in the public domain. Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. That's the way that the license works.

We are, of course, getting used to critical comments from Microsoft. As the company gets more worried, the attacks are becoming more frequent and more pointed. Even so, describing Linux as "a cancer" seems like a bit much. Even for Steve Ballmer. The only rational response is to laugh.

The worst part of those comments, however, is not the comparison between free software and deadly diseases. It is this line:

The way the license is written, if you use any open-source software, you have to make the rest of your software open source.

Anybody who has looked at free software licenses at all knows that the above is not true - even for the GPL, which is far from the only free license. The CEO of Microsoft can be reasonably expected to know what he is talking about when criticising the competition. Words like "unamerican" or "cancer" are value judgements. The above, instead, is a blatant, deliberate lie.

Microsoft, clearly, wants to scare companies away from Linux with this sort of untruth. It seems unlikely to work. Quite a few companies are working with free software, and there is a distinct lack of horror stories about those companies losing the rights to their own software. Even the most risk-averse of companies will eventually figure that one out. But we have seen how the opposition plans to play; it's going to be an interesting time.

For a longer analysis of Mr. Ballmer's comments, see this missive from Eric Raymond. "In the open-source community, we have a favorite quote from Mohandas Gandhi: 'First they ignore you. Then they laugh at you. Then they fight you. Then you win.' Evidently, we're getting close to winning."

Craig Mundie to speak at the O'Reilly Open Source Convention. When an opponent is spreading untruths, often the best thing to do is to shine a light on what they are saying. So O'Reilly is to be congratulated for its announcement that Microsoft VP Craig Mundie will be presenting the "shared source" program at the Open Source Convention, to be held in San Diego next month. Mr. Mundie will be followed by Michael Tiemann, who will take the "open source" side. There will then be a panel discussion.

This event is likely to draw some media attention. Given the setting, Mr. Mundie will not be able to get away with untruthful statements about free software, so he is likely to come off in a rather different light. Maybe he'll even learn something. We're looking forward to the event.

Another DMCA lawsuit - with a twist. Here's a press release from the EFF about a lawsuit launched by Professor Edward Felten and associates against the RIAA, the SDMI, Verance, and the U.S. Justice Department. Essentially, the suit is asking the court to rule that Prof. Felten may present his paper on the cracking of the SDMI watermarking system without fear of legal reprisal. The legal route is being taken because, among other things, a simple "permission note" from the SDMI would not be sufficient. The point, of course, is that researchers should not have to ask permission from corporate interests before publishing their findings.

More information on the action, including the full text of the legal filing, may be found on the EFF's 'Felten v. RIAA' page. We wish them luck.

Penguin Gallery update. [Penguin example] After far too much delay, the LWN.net Penguin Gallery has been updated by Dennis Tenney. There are now some 350 penguins on 13 pages; some of them are quite imaginative. Have a look to see what Tux has been up to...

Time for a thank-you note. Last week we posted a reader survey and a request for volunteers to fill it out for us. We have received thousands of responses over the last week, despite the fact that numerous people had difficulties with the Tucows survey form. We greatly appreciate all of you who have taken the time to fill out the survey and provide us with much-needed information. One of the best things about producing LWN is the quality of readers we have been able to attract. Thanks!

We're just beginning to look at the results of the survey; several hundred of you supplied additional comments, so it's going to take us a while. We'll get back to you with what we learned once the process is complete.

Inside this week's Linux Weekly News:

  • Security: Happy Birthday, PGP, Kaladix Linux, tcp_wrappers license, new vulnerabilities in OpenSSH, sendmail, man, xinetd, qpopper, ispell and more.
  • Kernel: Eliminating bounce buffers; swap problems again.
  • Distributions: Lots and lots of new distributions!
  • On the Desktop: Syncing feelings with Palm Pilots, DVD for Linux, KDE 2.2.
  • Development: XFree86 4.1.0, Writing FAQs, WorldForge update, g95, Perl module tracking, the state of XML.
  • Commerce: Sharp does Linux, the Zaurus way.
  • History: Tux turns 5, as does the 2.0 kernel. How Eazel looked last year.
  • Letters: In defense of the desktop page; auditing; licensing and marxism.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


June 7, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Kaladix Linux - Paranoid Security Linux Distribution. Kaladix Linux showed up on Freshmeat on June 1st, describing itself as a "Paranoid Security Linux Distribution". It is based on LinuxFromScratch (LFS) with mandatory access controls and access control lists enabled (RSBAC). Also to be included are Openwall, FormatGuard and other similar patches.

They have just barely gotten started, with a 0.3 release expected out soon. Note that the license for Kaladix is listed as "Free for non-commercial use". "I am aware that it is not possible to relicense GPL licensed software. Taking into respect that I do not like companies that make money from my work, I thought of licensing Kaladix Linux free for non-commercial use according to the following assumption: Every single piece of software that is included in Kaladix Linux is still licensed under GPL and may be used by whomsoever for whatsoever. However, the creation of configuration files, the compilation of software packages, my worktime and other various aspects of Kaladix Linux is my service (work) so that I can choose whatever license I wish and can thus assume to be able to distribute Kaladix Linux under a free for non-commercial use license".

Interview with Wietse Venema about his tcp_wrappers license (BSD Today). Fun with licensing continued this week with a look at the license for tcp_wrappers. BSD Today interviewed Wietse Venema, tcp_wrappers author, about its license, which original read, "If someone wants to redistribute the TCP Wrapper code in a manner that is not covered by the Copyright notice, then they are expected to contact me. I am a nice person and I haven't refused permission to anyone yet."

After discussion with many different people, Wietse has updated the license to read, "Redistribution and use in source and binary forms, with or without modification, are permitted provided that this entire copyright notice is duplicated in all such copies".

A nice, simple answer to a licensing problem. Would that all of them could be resolved so quickly and cleanly!

Happy Birthday, PGP. PGP author Phil Zimmerman marked the 10 year anniversary of the release of PGP 1.0 on Tuesday, June 5th. "It was on this day in 1991 that I sent the first release of PGP to a couple of my friends for uploading to the Internet". It quickly grew faster than he had ever dreamed possible. "Volunteers from around the world were clamoring to help me port it to other platforms, add enhancements, and generally promote it".

The anniversary is also covered in this Wired article by Declan McCullagh

Security Reports

OpenSSH tmplink vulnerability. A tmplink vulnerability has been reported in OpenSSH when X forwarding is enabled on both the client and the server. It has been reported fixed in the OpenSSH CVS development tree, but is not yet mentioned in the OpenBSD 2.9 errata page. Until an updated version of OpenSSH is made available, disabling X forwarding for both the client and server might be a good idea. This is also covered in BugTraq ID 2825.

Sendmail multiple race condition vulnerabilities. Michal Zalewski issued a paper describing race conditions in sendmail's signal handlers. As a result, sendmail 8.11.4 and 8.12.0.Beta10 have been released with fixes for these problems. Check 2794 for additional details. No distribution updates for this problem have been reported so far.

man malicious cache file creation vulnerability. Yet more trouble for the beleaguered man command. This week, a new vulnerability was reported in which files are cached in the system cache directory from outside of the system manual page hierarchy search path. It is believed that this can be used together with man, mandb or any other utility which trusts cached filenames in order to gain elevated privileges. A workaround is to eliminate the setuid bit from the 'mandb' binary (not the wrapper).

xinetd default umask vulnerability. Red Hat issued an advisory this week reporting that the default umask for xinetd in Red Hat 7.0 and 7.1 was set to zero. As a result, some daemons started from xinetd that did not set their own permissions were creating world-writable files. The default umask has been set instead to 022. No information has been posted yet on whether this problem is specific to Red Hat or shows up in other distributions (though Red Hat-based distributions are likely vulnerable).

ispell symbolic link vulnerabilities. OpenBSD released patches to fix problems in ispell where the use of mktemp() (instead of mkstemp()) left it vulnerable to symlink attacks. The patches also modify the use of gets() to use fgets() instead. This is also covered under BugTraq ID 2827.

Qualcomm qpopper username buffer overflow. A buffer overflow was introduced into Qualcomm qpopper 4.0, 4.0.2 and 4.0.2 as a result of the way in which the client-supplied username is handled. As a result, a remote root attack is possible. An upgrade to 4.0.3 is strongly recommended.

Horde IMP Message Attachment symbolic link vulnerability. A symbolic link vulnerability has been reported in the Horde Imp versions prior to 2.2.5. The vulnerability comes from the use of the PHP tempnam function for creating temporary files. Prior to PHP 4.0.5, tempnam used mktemp for creating temporary files instead of mkstemp. Upgrading to Imp 2.2.5 and PHP 4.0.5 is recommended.

fvwm initialization script vulnerability. If no $HOME environment variable is set, fvwm may read the .fvwm2rc from the current directory instead of from the home directory, making it possible for a local attacker to execute commands as another user. fvwm-2.2.5 fixes this issue.

OpenBSD Dup2 VFS Race Condition Denial Of Service Vulnerability. It has been reported that a local user can cause a kernel panic on OpenBSD if a file descriptor shared by two processes is set to null by one process while the other process is asleep. This can be used to facilitate a local denial-of-service attack. All versions of OpenBSD are reportedly vulnerable. No confirmation or advisory for the problem has been posted on the OpenBSD site as of yet.

Acme.Serve 1.7 arbitrary file access vulnerability. Acme.serve is a Java class that contains a small, embeddable HTML browser. By default, Acme.Serve 1.7 allows all connections to browse the entire filesystem. No fix for the problem has been reported so far. Check BugTraq ID 2809 for more details.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

Updates

gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build programs with gnupg 1.0.6 when compiled without gcc.

This week's updates:

Previous updates:

Webmin environment variable inheritance vulnerability. Check the May 31st LWN Security Summary for the original report.

This week's updates:

  • Caldera, updated packages now available
Previous updates:
  • Caldera, disabling Webmin recommended, no updated packages available yet. (May 31st)

MIT Kerberos FTP daemon buffer overflows. Check the May 24th LWN Security Summary for the initial report. MIT Kerberos 5, all versions, is affected. If anonymous ftp is enabled, a remote root exploit is possible. Otherwise, a local root exploit or a remote root exploit via an authorized login is still possible.

This week's updates:

Previous reports:

Red Hat update to mktemp. Check the May 24th LWN Security Summary for the initial report. This problem is specific to Red Hat Linux prior to version 7 (and other distributions based on Red Hat).

This week's updates:

Previous updates:

man -S heap overflow. Check the May 17th LWN Security Summary for the initial report. The exploitability is definitely on whether or not the man command is installed setgid group man.

This week's updates:

Previous updates:

Resources

Linux Intrusion Detection System (LIDS) 1.0.9 for 2.4.5. LIDS 1.0.9 has been ported over to the 2.4.5 kernel and includes a few other minor bugfixes.

oftpd - a secure anonymous FTP server. oftpd is an anonymous FTP server specifically designed for security. Author Shane Kerr sent us a note describing some of its features and explaining why he chose to implement only anonymous ftp access. "Non-anonymous FTP is a security risk, despite certain FTP extensions that support encryption via SSL or other mechanisms. As used most commonly FTP is a fundamentally flawed protocol, in that it sends passwords in the clear. Because of this I suggest that no matter how secure you make your server software, FTP should be avoided for data transfer, especially since excellent alternatives such as SSH are available".

The first stable release of oftpd occurred in March. The most recent release is 0.3.5, a development release made in mid-April.

Research Paper - ICMP Usage In Scanning v3.0. Ofir Arkin has released version 3 (PDF) of his paper entitled "ICMP Usage In Scanning".

Events

Upcoming Security Events.
Date Event Location
June 7 - 8, 2001TISC 2001Los Angeles, CA, USA
June 11 - 13, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.
June 17 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France
June 18 - 20, 2001NetSec Network Security Conference(NetSec '01)New Orleans, Louisiana, USA.
June 19 - 20, 2001The Biometrics SymposiumChicago, Illinois, USA.
June 19 - 21, 2001PKI Forum Members Meeting(Kempinski Hotel Airport Munchen)Munich, Germany
July 11 - 12, 2001Black Hat Briefings USA '01Las Vegas, Nevada, USA.
August 7, 2001CIBC World Markets First Annual Security & Privacy ConferenceNew York, NY, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


June 7, 2001

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current kernel release is still 2.4.5. Linus is back from his trip to Japan, and has released the first 2.4.6 prepatch. It contains the usual scattering of fixes, including some aimed at the ongoing virtual memory problems with the 2.4 kernel series.

The prepatch also contains one problem that can cause problems with unresolved symbols in some modular kernels. Ingo Molnar produced a simple fix which gets around the problem; after several iterations he also released a much more involved fix dealing with a number of other difficulties introduced in 2.4.6pre1.

Alan Cox, meanwhile, is up to 2.4.5ac9. Along with the usual fixes he has included a new driver for the Sony Vaio I/O controller, the new improved Configure.help file (see below), and a number of fixes for problems found by the Stanford checker.

Another approach to bounce buffers. The discussion last week on virtual memory and bounce buffers passed over one interesting approach to fixing the problem. We'll try to make it up this week, but doing so requires a little bit of background in how Linux memory management works. The following discussion is somewhat specific to the x86 architecture, but the concepts carry over to any 32-bit system.

On a processor with 32-bit addresses, a total of 4GB of memory may be addressed. Linux systems have traditionally not been able to handle that much memory, however, due to the way memory is laid out. For some time, the virtual address space has been broken up as shown in this diagram:

[Virtual memory layout]

(Please excuse your editor's crude use of the "dia" tool...).

Thus, any individual user-space process may have up to 3GB of address space, with the uppermost 1GB being reserved for the kernel. 2.2 kernels always laid out memory in this way, and 2.4 still does by default. Before 2.2, the kernel mapped the entire range of physical memory into its portion of the address space, since that mapping provided easy, direct access to all of the memory on the system. It made life easy for kernel hackers, but it also limited the total amount of memory on the system to the amount that could be mapped in the kernel segment - 1GB, with subtractions for things like the PCI I/O memory space. That is why 2.2 kernels could only make use of about 960MB of memory.

The 2.4 release lifted that restriction by enabling the kernel to work with memory that is not directly mapped. The result was (1) the ability to handle up to 64GB of memory on x86 systems, and (2) the creation of a new class of memory, "high memory," which is a little trickier to work with. So physical memory is now divided into three zones, as shown by another ugly diagram:

[Physical memory layout]

The "DMA" zone is memory which is addressable by old ISA peripherals that can only do 24-bit DMA; "normal" is memory above 16M which is directly mapped into the kernel, and "high memory" is memory which is not directly mapped. On systems with tremendous amounts of memory, most of that memory is "high memory."

Now, finally, we can get to the bounce buffer problem. With current 2.4 kernels, any memory which is in the DMA or normal zones may be used in DMA operations with reasonable devices on reasonable buses. When I/O must be performed to or from high memory, however, a bounce buffer is allocated in one of the lower zones. The data is copied through the bounce buffer in its travels between the device and its high memory home. On I/O bound systems with a lot of high memory, bounce buffers can create a lot of pressure in the normal and DMA zones, leading to memory shortage problems. All that copying isn't entirely desirable either.

Jens Axboe looked at this problem and made an observation that, in retrospect, should have been fairly obvious. PCI devices can (usually) address 32 bits (4GB) of memory. When the kernel uses a bounce buffer for high memory below 4GB, it is really wasting time and memory. The kernel may not be able to address that memory directly, but the peripheral can. So why not just do the DMA operation directly and skip the bounce buffer?

So Jens announced a patch which does exactly that - at least, for block devices. (He neglected the little detail of where to find the patch; he filled that in a little later). This patch adds a fourth memory zone, called "DMA32," that sits between the top of the normal zone and the 4GB barrier. Whenever block I/O is being performed on memory in the DMA32 zone, it is done directly without the use of a bounce buffer. Bounce buffers are still required above 4GB; it's a rare peripheral that can reach memory that high. But, even in that case, the bounce buffer can live in the DMA32 zone.

The benefits of this patch are clear. Given that, in all likelihood, most systems with high memory have no more than 4GB, bounce buffers can be eliminated entirely in many cases. And for the rest, the available memory for the allocation of these buffers has increased. The patch was not included in 2.4.6pre1, but chances are good that a version of it will appear in a future release.

About that swapping problem. Problems with the use of swap space in 2.4.x were also mentioned last week. The amount of complaining has gone up recently, as more people try out the 2.4.5 kernel, which appears to be worse.

The response from the kernel hackers so far has been "make sure your swap area is at least twice as large as the amount of RAM in the system." That allows the kernel, essentially, to waste half of the swap space as a copy of what is currently in RAM, and actually swap to the other half. That technique helps, but a number of people are, not surprisingly, unimpressed with that requirement. 2.2 systems seemed to work better, after all. In fact, 2.2 had the same problem with swapping, but the more aggressive approach to caching in 2.4 has made the problem bite a lot more people.

Help is on the way, however. Marcelo Tosatti has posted a patch which cleans the junk out of swap space. Some testers have reported that it improves things for them. There is currently some debate, however, as to whether the locking used by the patch is safe. So it's probably not for everybody, yet. A different swap patch was posted by Mike Galbraith; it is new as of this writing and has not seen much testing yet. With luck, however, some variant of one of these patches will make it into a 2.4 kernel soon.

How should the kernel handle temperatures? David Welton pointed out that parts of the kernel that handle temperatures (generally watchdog drivers) are not consistent - some code uses Fahrenheit, and other parts use Celsius. He proposed a global configuration option to decide what should be used kernel-wide.

The response that came back will be familiar to linux-kernel watchers; the kernel should use one standard temperature format, and user-space tools can convert to other standards if necessary. Fahrenheit has very few defenders for that standard, not surprisingly. But the proponents of Celsius look like they will lose as well. If one is going to use standard units, one should do it right and use kelvins. That way nobody is happy.

Then again, one reader proposed that BogoDegrees be used instead...

Configure.help is complete. Eric Raymond has announced that, after great effort, the kernel Configure.help file now contains help entries for every one of the 2699 known configuration symbols.

Of course, Eric knows how ephemeral such a victory can be. So he is also proposing a policy that no patches will be accepted unless they contain help entries for any new configuration symbols they introduce.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet


June 7, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Distributions based on your existing installation. After quite a lull, where we were beginning to think that the flood of new distributions had permanently slowed to a trickle, a huge number of new distributions showed up this past week, in part thanks to contributors such as Fred Mobach and Gratien D'haese. In fact, so many showed up that we haven't even included all of them in this page; a few of them have been held back and will be listed next week instead.

Getting so many new distributions at the same time gives us a good chance to look for patterns. We didn't find a lot. One distribution for handhelds/PDAs, one for the PA-RISC architecture, one distributed with a German magazine and a couple floppy-based distributions.

However, we did find two distributions that shared a common theme. In this case, both distributions base themselves not on a specific distribution, but on an existing installation, meaning that they build themselves using the kernel, modules and applications installed on your current computer.

The two distributions are MkCDrec and Mindi Linux. MkCDrec, as the name suggests, builds a CD-based Linux distribution. Mindi Linux builds a floppy-based distribution. In both cases, they could also be considered toolkits rather than distributions, because they pull the actual kernel and applications off your existing system rather than from a software repository.

MkCDrec was of particular interest to us because it is specifically tailored to disaster-recovery. In addition to creating a bootable image based on your existing system, it will create a backup of the entire system, either onto the bootable CD, if there is room, or onto a multi-volume CD set. As a result, if your system fails, you'll have everything you need to restore it completely. Of course, the restore will be only as up-to-date as the last time you created your backup. Still, it is nice to have your backups be bootable -- it should make it easier to test backups, to make sure they are working properly and eliminates one step in the disaster-recovery process. Disk-cloning is also supported.

PA-RISC Linux Version 0.9 released. HP has released version 0.9 of PA-RISC Linux, a version of the Debian distribution for the PA-RISC processor.

Although we knew that HP has been working on Linux for the PA-RISC platform for sometime, we had no direct link to the project on our list. With this announcement for the latest release of PA-RISC Linux, we've also added them officially to our list.

Support for both 32 and 64 bit systems is included in the new release, along with support for large memory systems (up to 16GB). "This release is the result of several years of work by developers in the Free Software community including developers from The Debian Project, Hewlett Packard, and Linuxcare".

Linux-Mandrake for Itanium. Thanks to Bob Finch for pointing out to us that Linux-Mandrake is available for Itanium-based systems. The ISO images can be downloaded now. This distribution was announced on May 29 with the others, but we managed to miss it.

Fully Automated Installation 2.0 released. Thomas Lange has announced the release of FAI (Fully Automatic Installation) 2.0. This package is intended to ease the installation of the Debian distribution on clusters, but can be used in any situation where multiple systems need to be installed.

Redmond Linux, deepLinux merger. Redmond Linux and deepLinux have merged to form the Redmond Linux, Corp., according to the press release. "The deepLinux acquisition brings Redmond Linux additional expertise, product lines, and a presence in the Silicon Valley".

ThinkNIC in Europe. The ThinkNIC has passed European Certification and is now available for sale in Europe.

Distribution News

Red Hat News. XFree86 4.1.0 rpms are now available on Rawhide. Note, however, that updated kernel modules will be required before these will work well.

Meanwhile, for those of you interested in running ReiserFS under Red Hat on big-endian machines like the IBM S/390, check out this post by Jeff Mahoney. He has a very large patch that you are going to need.

Debian News. Anthony Towns noted that the Debian Freeze is still on hold indefinitely, because they do not yet have a set of boot-floppies that work for all the i386 installs listed in their archives.

A new version of the Debian Policy document has been uploaded. This will be of interest primarily to developers, since it defines what must be done to make their packages compliant with policy.

A new Kernel Cousin Debian Hurd was published on May 30th. Hurd F2 ISO images are now available and major progress using XFree86 was reported.

Last but not least, master.debian.org is down with disk failures, resulting in the loss of many services, including mail to anyone at debian.org. It went down Wednesday, June 6th and will presumably be up as soon as humanly possible.

Linux-Mandrake News. The second Linux-Mandrake Community Newsletter is out. Topics covered include MandrakeSoft's presence at Linux Expo Montreal, Linux-Mandrake for the Itanium, the Single Network Firewall product, and more.

MandrakeSecurity "Single Network Firewall" has been released. Check the newsletter for detailed features.

Meanwhile, in news from MandrakeForum, a new version of drakfont was released to fix a problem importing Windows fonts. Meanwhile, the reports from road trips in Germany and Brazil are worth reading as well.

Slackware News. Most of the progress this week took place in the Intel development. Speakup support (a speech synthesizer/screen reader) was adding in under 2.2.19. Sendmail was upgraded to 8.11.4 (fixing a security issue, see this week's security section) and XFree86 4.1.0 is now the default. Some interesting bugfixes went in, along with updates to vim, zsh, fvsm, guile, gnome-print and lesstif. Most interesting was the comment, "I'm still looking it over to see, but we can't be far from a freeze now".

The SPARC and Alpha ports saw much less activity. Both of them got upgraded versions of autoconf, cvs and libtool. The 2.2.X kernel series under SPARC was upgraded to 2.2.20pre2 due to an nfs bug under SPARC that can cause kernel panics.

OpenBSD 2.9. OpenBSD 2.9 was released this week. It promises major improvements in filesystems speed, support for Alpha architectures, new drivers and more. Of course, it comes with OpenSSH 2.9. In addition, it will run both on the Alpha platform and on the new Apple Titanium PowerBook G4.

Yellow Dog Linux 2.0 teaches Mac new tricks (ZDNet). Yellow Dog Linux extends support to older Mac hardware that the new Mac OS X can't reach, according to this ZDNet report. "If somebody has a [Power Mac] 8500, they can't run Mac OS X. They may need the robustness of Unix, but Mac OS X just doesn't run on their hardware. With Yellow Dog Linux, they can say, 'Look, I've got this old machine, and suddenly it's useful again' as a server."

kmLinux 2.0, a German distribution for schools. kmLinux is a Linux distribution for schools out of Germany. It is of particular interest since it is sponsored by the Landesbildungsserver Schleswig-Holstein, a German governmental organization in cooperation with the Verein Freie Software und Bildung e.V. (Union for Free Software and Education).

kmLinux 2.0 has just been released with a new installer that has the ability to automatically resize an existing windows partition. Included you will find the Linux 2.4.4 kernel, XFree86 4.0.3, KDE 2.1.2 and KOffice 1.1beta2.

Reviews

Review: Red Hat Linux 7.1 (ZDNet). ZDNet reviews Red Hat's latest Linux release, Red Hat Linux 7.1. "Managing multiple user accounts and passwords can be a significant burden for a systems administrator. On the client side, Red Hat Linux lets you specify which NIS, LDAP, or Kerberos server you'd like for user authentication. Red Hat's support for client- and server-side centralized user authentication is an attractive option for organizations looking to minimize the number of passwords that users are required to remember."

Linux-Mandrake 8.0 (CNet). CNet reviews Linux-Mandrake 8.0. "Simply put, no other distribution beats the polished user experience offered by Linux-Mandrake 8.0."

NetBSD 1.5 (Duke of URL). The Duke of URL turned his attention this week to NetBSD 1.5. "If you took a poll on who has used NetBSD -- a lot of people would probably respond that they've never touched in, when in fact, it's closer than many may think. Today, NetBSD is not only competing in the *BSD arena, but it's also making inroads with users who don't even know they're using it. Apple's Mac OS X and the more-obscure OpenBSD both utilize the NetBSD core, which has been both praised and put down by many in the industry".

New Distributions

This was definitely "New Distribution" week. It has been a long time since we got so many new distributions within such a short amount of time

Enter Runix: Linux for the PlayStation (ZDNet). Runix, which is coming from a Czech company, is set to be released under the GPL in order "to make the PlayStation2 a low cost PC," according to this ZDNet story.

ViraLinux_II. Rick Hohensee, author of the cLIeNUX distribution, sent us a pointer to ViraLinux_II, a floppy-based Linux distribution. "It's an uncompressed minimal Linux that can boot with no HD or ramdisk, i.e. it can boot with / on the floppy. It has about 300k of space free on the floppy for the user to write programs. It has ash, eforth with 160 Linux syscalls, and my 3-stack language with 50 Linux syscalls. How is this possible in 1.1 meg? No libc".

UltraLinux. UltraLinux is not a commercial distribution, but instead a central point for sharing information in support of Linux on SPARC and UltraSPARC platforms. It provides links to all of the full distributions that provide Sparc versions. [Thanks to Fred Mobach].

Go!Linux. Go!Linux is a German distribution that comes with the magazine PC!Linux, though you can also purchase it directly. [Thanks to Fred Mobach].

Familiar Linux. Handhelds.org is now hosting a new Linux distribution, Familiar Linux. Designed from the ground up to run on the Compaq iPAQ, Familiar Linux uses the ipkg package system (modeled on Debian's dpkg). The name "Familiar" stems from the meaning of the word as a noun, not as an adjective. In this case, a "familiar" is an intimate companion, "a spirit often embodied in an animal and held to attend and serve a person".

Version 0.4 of Familiar was released on May 14th and the website has some nice screenshots. Check this week's Front Page for more in-depth coverage [Thanks to Richard Cohen].

Distribution Updates

  • Root Linux 1.2 is a major update to this Slackware-based distribution. It promises "an auto-booting CD, improved initscripts, reiserfs support, KDE 2.1.1, GNOME 1.4 with upgrades, XFree86 4.1.0, support for slackware packages in pkgtool and general package upgrades, security fixes, and bugfixes".

  • TA-Linux 0.1.2 is a minor update containing bug-fixes.

Section Editor: Liz Coolbaugh


June 7, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's On the Desktop page.


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop


Linux and the Palm Pilot. While the influx of Linux based PDA (personal digital assistant) devices is growing (see the Yopy, iPAQ and VR3, for example - LinuxDevices summarizes them all), most users of handheld systems are still using devices based on the Palm OS. In order to synchronize data between the handheld device and your Linux system you need tools that are called conduits. According to Palm's definition:

A conduit is a plug-in to HotSync® technology that runs when you press the HotSync button on a handheld cradle or modem. A conduit synchronizes data between the application on the desktop and the application on the handheld.

In other words, conduits should:

  • Open a database on the Palm device.
  • Uploaded and/or downloaded data and software to/from the device.
  • Modify existing records on the device and/or desktop if needed.
  • Work with multiple users and with multiple devices either locally or across a network.
  • Handle data format conversions between the desktop and Palm device.
  • Close the databases that were opened on the Pilot.

In the Linux world, the primary tool for synchronizing between a Pilot and a Linux desktop is the Pilot Link software. This package is a set of libraries and command line tools that work with the basic set of Memos, Todo List, Address Book and Calendar on the Pilot. These tools have been around for quite some time and the latest version, 0.9.3, should work well with most PalmOS 3.0 or earlier devices. The limitation here is that PalmOS devices that use a USB connector may not work with older versions of Pilot Link (see "Other Tools" section below).

While the command line tools in Pilot Link are reasonable, they aren't quite sufficient to make complete use of what the Pilot can provide. They were written mostly as test applications and then expanded lightly for general use. But managing individual records on the Pilot (such as deleting one specific Todo list item) can't be done with the command line tools. That's the bad news. The good news is the Pilot Link library (libpisock) actually does allow such management. All that is missing are tools that properly use this library.

Surprisingly, there aren't that many GUI tools around that take full advantage of libpisock. There are projects for both GNOME (gnome-pilot) and KDE (KPilot) that are in varying stages of development. JPilot is probably the most full featured and mature application, though some may argue that PilotManager may be better. Finally, XNotesPlus offers support for downloading Memos and the Address Book and limited support for database syncing. Besides these, one other command line tool worth noting is Syncal, which performs synchronizing of the Pilot calendar with the ical program.

GNOME Pilot If you're using GNOME 1.4 (either the generic distribution or Ximian's) you should probably have the GNOME Pilot tool already installed. You have to look under the GNOME Control Center (gnomecc if you run it from the command line) to configure it to use conduits, though it's not clear how to use any of them other than the Backup conduit (which backs up all or some of the files from the Pilot). In any case, the first thing you need to do is select the Peripherals->PilotLink option to configure where your Pilot is connected and how to communicate with it.

GNOME Pilot uses a newer and unsupported version of the Pilot Link software, version 0.9.5 that may or may not be widely distributed yet. The setup wizard implies support for both IrDA and USB connected devices. After completing configuration you can then use any of the conduits presented under Peripherals->Pilot selection in gnomecc. These include backup, mail, memos, and even expense conduits. Tests with Ximian GNOME 1.4 showed that only a few of the conduits actually provided any configuration options. No information was provided on how to actually use those conduits.

The current developer's release is only 0.1.54, with 0.1.55 in prelease, so this project is obviously in early development. GNOME Pilot appears to use a client/server architecture where the gpilotd server is started and waits for connections from the Pilot cradle or from applications. It then opens the communications path on the other end. Conduits seem to be accessed via embedded applets inside particular applications (GNOMECal, for example), though this could't be proven at the time of testing.

Unfortunately, documentation is practically non-existant (unless you download the README with the source code) and the web site contains many broken links. If you're interested in following this project, you can subscribe to the gnome-pilot mailing list.

KPilot This project takes a slightly different approach than its GNOME counterpart. First, the application is at least partially self contained. That means the configuration, memo, address and file transfer features are all part of KPilot and not embedded (at least in the 3.2.1 version) in other applications. While this makes the application a little easier to figure out (start KPilot to configure it instead of start gnomecc to configure gnome-pilot), it isn't completely apparent how to use it.

KPilot will HotSync address and memo files from the Pilot directly using the HotSync button on the main window. After the HotSync completes, the address records can be viewed and edited from within KPilot. The same is true for the Pilot's Memos. To access the Todo and Calendar databases from the Pilot you need to install external conduits which are provided with KPilot and configure them manually. When the next HotSync is performed the Todo and Calendar databases are written to a local calendar file that can be accessed and edited using KOrganizer as long as you use the same calendar file, which normally tends to be

      $HOME/.kde/apps/korganizer/file.vcs
  
Like GNOME Pilot, KPilot is built around a client/server architecture. The KPilot daemon, appropriately named kpilotDaemon, waits for connections from either side and can even launch the KPilot GUI when the HotSync button on a Pilot cradle is pressed.

There is more documentation available for KPilot than with GNOME Pilot. The KPilot users guide is launched in a Konqueror window when you select the Help->Contents menu option on the KPilot main menu bar. The documentation is sufficient to learn how to use KPilot, which certainly gives it a step up on the current GNOME Pilot release.

The current stable release seems to be 3.2.1, with 4.0 being actively worked on by the developers. Unfortunately, KPilot's web site forces you into using KDE 2.2 and the 4.0 version out of CVS which is not very end-user friendly unless you happen to have KDE 2.2 already installed. You have to dig around to find an RPM for the older 3.2 version.

JPilot JPilot seems to have a strong following among some of the users queried. That may be because the program is a bit more mature and includes a complete set of features: calendar, todo list, memos and address book, all built directly into the application. In fact, the only real problem with JPilot seems to be the layout of the windows, which can be kind of klunky to use. There are diamond shaped buttons next to phone/email/fax fields, for example, that are mutually exclusive though no hint is provided as to their function.

JPilot, like both GNOME Pilot and KPilot, uses the Pilot Link libraries for communicating with the Pilot. Also like its two competitors, JPilot will synchronize the complete set of databases on each HotSync. This seems a little overkill if, for example, you only make updates to the calendar regularly. JPilot will display address entries using the name or company fields and sorting is always done alphabetically by those fields. The best feature just may be the ability to search in all databases for a given string - look under File->Find in the main menu bar.

While JPilot offers fairly complete sync and edit features for each of the four main Pilot tools, it does have a few minor flaws. First, there is no built in help system. The GNOME and KDE tools launch browsers to display help, but JPilot only provides simple "About" dialogs. That said, the online documentation on the web site is outstanding, including a complete HOWTO styled document that explains all the features as well as how to write plugins for the application. Another annoying but relatively minor flaw is that JPilot won't sync with a pilot that doesn't have a user name and ID installed. You have to run the Pilot Link command line tool intall-user to add these manually.

JPilot does not run on a client/server model. It is linked directly to the Pilot Link libraries. The process is asynchronous (as it is with the GNOME and KDE applications) so the application continues to function during the HotSync process.

Other Tools There are a few other tools worth mentioning in this report.

  • PilotManager is a Perl/Tk application that is the forerunner of most other Pilot applications for Unix systems, though it was originally developed for use with a Sun workstation. Its calender sync application is dependent on the CDE window environment.

  • XNotesPlus was written by the editor of this page. It is currently undergoing a major rewrite of the Pilot Link command line tools so they can be used to more completely interface with the Pilot. The current version, 3.3, supports partial and complete backups, memo import and export and downloading of addresses. Version 3.4 will add Todo import/export, address book editing and calendar support.

  • Syncal is a command line tool that allows users to synchronize their Pilot Calendar database with the GUI-based ical calendering program. Syncal can be embedded into ical fairly simply, allowing a user to sync directly from within ical itself.

  • A separate project called USBVisor was started to allow Handspring Visor users to connect their handhelds to a Linux box over a USB line.

  • StarOffice has support for the Palm Pilot, but due to time constraints this option wasn't investigated.
Summary.  GNOME Pilot is in very early development and can be difficult to figure out the first time you use it, though after that the tools make more sense. Some end user documentation would definitely help. KPilot is relatively easy to use, but the user interface is mildly awkward. The display for address records looks like a dump of data formatted in columns rather than a nice clean GUI display. JPilot has a consolidated interface yet despite a a clean GTK+ based UI the layout of its windows is klunky at best. Even so, JPilot is far more feature rich than its two other compatriots.

The bad news overall is that pilot-link may or may not be supported any further. While gnome-pilot seems to use an upgraded version, there doesn't seem to be a web site anywhere with updated information on the status of the package and the pilot-unix mailing list is apparently dead. The last word from David Desrosiers, the most recent Pilot Link maintainer, was that Pilot Link was being rewritten to clean up lots of old cruft in the source and provide a cleaner distribution. Note that the SourceForge site for pilot-link is ancient - the project was moved away from there some time back and the new web site is simply a CVS dump of file activity.

DVD on Linux (Duke of URL). The Duke of URL has posted a DVD on Linux summary, explaining what DVD cards are supported and what graphical players are available. "You'll also want to check on various restrictions and missing features in each piece of software. I've noticed kernel 2.4.x seems to work best, and there are bugs in the kernel 2.4.1 which will prevent you from using your DVD drive with that particular kernel version."

Font anti-aliasing for GTK+ 1.2. This isn't user oriented, per se, but it is interesting to compare the current GTK+ 1.2 with the current Qt, which already handles anti-aliased fonts.

A patch was made available for GTK 1.2 that allows that GUI library to render anti-aliased fonts using the Xrender extension. Screenshots are available, but are difficult to see clearly. Havoc Pennington noted that similar patches always break GTK 1.2 internationalization (see comments) but that GTK 2.0, due out later this year, already has support for Xrender.

Desktop Environments

KDE 2.2alpha2 is out. The latest developer release of the version 2.2 for the KDE desktop has been released. There are many improvements in this version over the last alpha release along with the addition of the new Kooka scanning application.

GNOME Summary for May 27 - June 02, 2001. The latest GNOME Summary has been published. Highlights include a call for help for Gnotices (the GNOME news site).

Gnome-print 0.29. A new version of the gnome-print package for GNOME 1.4 was released this past week. This was strictly a bug fix release.

Minutes of the GNOME Board meeting 29 May 2001. The weekly summary of the GNOME Foundation board meeting has been posted.

Office Applications

AbiWord Weekly News #46. A new edition of the recently reborn AbiWord Weekly News is now available. If this site gives you problems, try the AbiWord.org site instead.

Desktop Applications

Is Netscape Leaving the Browser World? (BrowserWatch). It appears, as this story reports, that Netscape will be cutting back on browser development. "Instead of continuing the battle against Microsoft's Internet Explorer, Netscape will instead focus on developing Netscape Netcenter as a Web portal, incorporating content from other Time-Warner publishing outlets."

GDM 2.2.2.1. A new release of the GNOME Desktop Manager (gdm) became available this past week. GDM is the tool that provides graphical logins to the GNOME desktop. This release fixes, among other things, a security problem where cookies could be used to bypass security.

And in other news...

Linux on an iPAQ (O'Reilly). This second installment on Linux and handhelds covers the Compaq iPAQ handheld. "For those who want to run a more familiar operating system, Linux can replace WinCE in the unit's 16 megabytes of flash ROM. While Compaq won't sell a unit without WinCE, they are contributing considerable resources to making Linux work on the machines."

Linux Not Ready for Desktop Move (AP). This AP Technology story says that the Linux desktop isn't being accepted yet because of a lack of a choice of applications. "'If we look at what drives people to select an operating system, it's not the operating system,' [IDC analyst Dan Kusnetzky] said. 'Almost always, the things that drive them to select something is the availability of their chosen applications.'"

Linux on the Desktop: The Possibility Still Exists (Penguinista). This opinion piece says that the Linux Desktop isn't dead, with or without Eazel. "Why am I comparing Eazel's Nautilus to Konqueror in an article about the Linux desktop? The point is that, while it was good to have the additional support from Eazel, the Linux desktop can and will continue to improve without Eazel. The mistaken assumption that it will not arises from another false idea - that GNOME is the Linux desktop."

KDE Dot News changes servers. The KDE news server has been moved to a new home. Hopefully this will cure some of the problems people have had accessing the well followed news stream.

Company offers free Linux installs on desktops (CNN). CNN reports on one company's offer to install Linux for free to help push Linux onto the desktop. "With graphical interfaces for Linux beginning to look more like Windows, better stability, and improved networking hookups and security, Linux Centers is betting that more business and individual users will be willing to at least give it another look for the desktop."

Section Editor: Michael J. Hammel


June 7, 2001


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

XFree86 4.1.0 released. The people at the XFree86 Project have released XFree86 version 4.1.0. [XFree86]

The README file lists a number of interesting capabilities of version 4.1.0, some of which were introduced in release 4.0.0 including:

  • A major re-design of the XFree86 architecture.
  • More interaction between graphics hardware and the X server.
  • A new Direct Rendering Infrastructure which takes advantage of hardware 3D accelerators.
  • Support for more hardware.
The release notes detail a number of changes:
  • More drivers converted to use the fb layer with support for anti-aliased fonts.
  • Support for a number of new chips.
  • Numerous updates for existing drivers.
  • More support for Alpha and Power PC hardware.
  • XDarwin updates.
  • X server extensions and updates.
  • New and updated clients such as an Xt/Xaw free libXmuu.
  • Build system updates.
  • Numerous bug and security fixes.

The Driver Status page documents all of the currently supported boards and chip sets.

Incidentally, XFree86 has switched to a new version numbering scheme as of this release.

The code is available from the heavily loaded XFree86 FTP site as well as a few mirror sites, and Installation Details have also been published. (Thanks to Frank Lapore and Oliver Jost)

Audio

GLAME 0.4.2 released. Another release of the Glame audio tool has been announced. This version features a few bug fixes and a nifty new quick start guide in the built-in documentation. The guide will walk you through all of the steps required to play a WAV file, edit the file, record a new file, and save the results. See the Glame home page for more information.

Some recent linux music app releases (Mstation.org). Mstation.org's Miriam Rainsford looks at some new Linux music software in a feature article on Mstation.org. Software examined includes SpiralLoops, Audacity, Ecaenvelopter, PVNation, Bonk, CheeseTracker, and GtkGEP, a program that can turn your PC into a guitar effects processor.

Documentation

LDP Weekly News. This week's issue of the Linux Documentation Project Weekly News is now available. News includes an online store that is funneling a portion of the profits to LDP, a new HOWTO for Linux MP3 CD burning, a "Linux-Apache-PHP-Sybase mini-HOWTO", and some updated documentation.

Mind your FAQs (IBM developerWorks). IBM developerWorks features an article by Jodi Bollaert on writing and maintaining FAQs. "Frequently Asked Questions (FAQs) are a great way to provide quick, easy answers to users' most common questions. However, ensuring that they fulfill their purpose effectively requires careful planning and design. This article provides 16 tips to help you mind your FAQs."

Electronics

Xcircuit 2.3.1 available. A new beta version of the Xcircuit schematic drawing program is available for download. Version 2.3.1 includes a lot of underlying structural changes to the label and parameter code and also includes some new but well tested netlist generation code.

Embedded Systems

Embedded Linux Newsletter for May 31, 2001 (LinuxDevices). The weekly summary from LinuxDevices.com for the embedded Linux marketplace is now available. Topics include embedded Linux and Java, the Net2Phone Tux-tone dialing service, the new Sharp Zaurus PDA, recently availability of the Agenda VR3 PDAs, and lots more.

Nanozilla gets a name change and website facelift (LinuxDevices). The Nanozilla project, targeted at a Mozilla adaptation to embedded systems, has changed its name to Nxzilla.

Ripley -- a Linux-based wearable computer (LinuxDevices). The founder of ZeroSpin talks about his companies wearable computer project, known as Ripley, in this LinuxDevices.com article. "The first design, Ripley-1.0, was modeled loosely after Dr. Steve Mann's WearComp6 wearable computer. The Ripley's core, however, was based on Cell Computing's CardPC technology and the batteries were COTS (commercial off the shelf) Sony InfoLithium camcorder batteries."

Games

WorldForge update. A new "unofficial" update for the WorldForge gaming project is now available. "To me, Stage is the gem in our crown, a highly configurable server system that provides a toolkit for game developers. Work is progressing rapidly now, after years of gestation".

Interoperability

Wine Weekly News Issue 21 is out. The latest issue of the Wine Weekly News is available. This issue covers the addition of a new section to the wine configuration file, dealing with the latest XP, Office installation issues, using Wine with Suse and Mandrake, and more.

Network Management

Interview with Wietse Venema about his tcp_wrappers license (BSD Today). BSD Today interviews Wietse Venema, author of such tools at SATAN and Postfix, about the license included with his tcp_wrappers package. "If someone wants to redistribute the TCP Wrapper code in a manner that is not covered by the Copyright notice, then they are expected to contact me. I am a nice person and I haven't refused permission to anyone yet."

Be sure to read to the end of the article regarding Wietse's updated license. (Thanks to Ben De Rydt)

OpenNMS Update for June 5, 2001. The June 5, 2001 edition of the OpenNMS Update is available. Topics include preparations for the 0.7.6 release, managing CAPSD, coding project status, and a wish list, among other things.

System Administration

Bulletproofing Servers: Building a Challenge for Murphy (O'Reilly). Andy Neely discusses techniques for making a critical server more reliable in an O'Reilly OnLAMP article. "Most system administrators who have maintained a server for more than a few months will have their own stories to tell. It might be an installation or a configuration problem, a daemon that stops responding every six or eight weeks, or the 150 million duplicate entries that filled up the log partition last Sunday."

Web-site Development

Latest Zope News. A few interesting developments have shown up in the latest Zope News. Among other things, Zope 2.4.0 alpha 1 is available and version 1.1 beta of CMF, the Content Management Framework, has been released.

Using CGI::Application (www.perl.com). Www.perl.com features an article by Jesse Erlbaum on the Perl CGI::Application module. "CGI::Application builds upon the bedrock of CGI, adding a structure for writing truly reusable Web-applications. CGI::Application takes what works about CGI and simply provides a structure to negate some of the more onerous programming techniques that have cast an unfavorable light upon it."

Window Systems

Bonobo and Mozilla's XPCOM. IBM developerWorks has two articles by Uche Ogbuji available on "Bridging Bonobo and XPCOM". One goes into specific techniques for bridging components and the other provides a walk through example implementations. Both tutorials require a free registration.

GNUstep LaunchPad Version 1.0.1. The GNUstep project has released an update to their LaunchPad libraries for creating non-GUI applications using an API based on OpenStep and the MacOS X API.

Gtk-Perl version 0.7007 released. A new version of the Perl bindings fo GTK has been released by project maintainer Paolo Molaro. This version features better documentation, bug fixes, memory leak fixes, and support for new versions of the Gnome libraries.

Section Editor: Forrest Cook


June 7, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Caml

Caml Weekly News for June 5, 2001. The June 5, 2001 edition of the Caml Weekly News is out. News this week features a new release of Camlp4, OCaml compiler optimizations, and more.

FORTRAN

g95: Free Crunch Time. If you have some FORTRAN 95 code that you want to run, check out the g95 Fortran Compiler project. The compiler is still in an "embryonic state", but appears to be moving forward at a decent rate. The g95 team aims to have the software included in GCC, the Gnu Compiler Collection.

Haskell

Haskell Updates. A few updates to the Haskell project have been announced. Version 5.00.1 of the Glasgow Haskell Compiler is available, and a beta version of Hat, the Haskell tracker was also announced.

Java

Java2 SE v1.3.1 rc 1. The Blackdown Java-Linux Team has announced the release of Java2 SE v1.3.1 rc 1 for the Linux/ARM architecture.

Lisp

LISA 0.9.2 Beta released. Version 0.9.2 Beta of the Lisp-based Intelligent Software Agents (LISA) has been released. This version features bug fixes, improved support for CLOS pattern matching, and an updated reference guide.

Prototype cCLan announced. A prototype of the comprehensive Common Lisp archive network, or cCLan, has been announced. The site aims to be the Lisp language equivalent of the Perl CPAN, a central repository for Lisp packages.

Perl

Turning the Tides on Perl's Attitude Toward Beginners ( Perl.com). This article from Perl.com examines how the Perl community can open its arms to beginners better than it has in the past. "After said programmer has been flambe'ed to perfection they have to endure five more messages concerning the use of chop() and its evils, not to mention a handful of warnings about why putting double quotes around $username will cause famine in the land. Granted, these last few messages contain good information, but it's unlikely the beginner will even read these messages. Why would anyone want to subject themselves to more abuse when it's easier to delete the messages and move on to another programming language?"

Perl 5 Porters for June 5, 2001. The June 5, 2001 edition of the Perl 5 Porters digest is out. Topics include improving the Perl test suite, installing libnet into the core of Perl, work on making Perl build cleanly with -Wall (with no mention of -Larry), and more.

Perl 6 Porters for June 3, 2001. The June 3 edition of Perl 6 Porters is available. This week's issue covers more on virtual registers, coding conventions, the new magical variable it, and more.

Tracking Perl Module Use (Dr. Dobbs'). Brian Dfoy takes a look at tracking Perl Modules in a Dr. Dobbs' article. "Hundreds of Perl modules are available to expand the language for almost any task. There are even modules, such as CPAN.pm and Devel::Modlist, to help manage the modules you use."

PHP

PHP Weekly Summary for June 4, 2001. The June 4, 2001 edition of the PHP Weekly Summary has been published. Topics include fixing the cURL extension and the PHP test suite, a new TUX SAPI module, and timing for the release of the upcoming PHP 4.0.6 rc2.

Python

Dr. Dobb's Python-URL! for June 4, 2001. The June 4, 2001 edition of the Dr. Dobb's weekly Python summary is available. Topics include the DISLIN data plotting library, generating graphics with Piddle, the PYUI user interface, Python games, and more.

Getting started with PyXPCOM (IBM developerWorks). IBM's developerWorks looks at PyXPCOM, the Python interface to XPCOM that comes as part of the Komodo project. "The main developer of PyXPCOM is Mark Hammond, who is also the main force behind the Python binding for COM. He's had help from others including David Ascher and the expanding community of PyXPCOM users. PyXPCOM allows the developer to access XPCOM objects from Python code and implement XPCOM objects in Python code."

Dive Into Python Chapter 5. Chapter 5 of the free online Python book has been announced. This chapter covers Python unit testing with PyUnit.

Pyagent 1.00 released. Version 1.00 of pyagent, an open infrastructure for intelligent agents has been announced. "Pyagent provides a simple, open infrastructure for intelligent agents. pyagent is based on Frederik Lundh's implementation of XML-RPC."

Ruby

Ruby 1.6.4 available. A new version of Ruby is available from the Ruby home page. The list of changes includes numerous bug fixes.

Tcl/Tk

Dr. Dobb's Tcl-URL! for June 4, 2001. The June 4, 2001 edition of the Dr. Dobb's Tcl-URL! is available. Topics include Tcl and 64 bit integers, building TclPro, working with directories and sym links, and more. "Also noteworthy, from the director of the Tcl Consortium: 'The lawyers can make rules, but these guys (open source programmers) will find a way to get around them.'"

XML

The State of XML: Why Individuals Matter (O'Reilly). Edd Dumbill adapted his closing notes to the XML Europe 2001 conference and has produced an article on Why Individuals Matter. "Adding XML into your computing environment can be like initiating a chain reaction. Once one component can import, export, or process XML, it becomes obvious that there will be great benefit if the next component does, and the next, and so on. Within organizations and systems, XML is starting to form the basis for a 'data bus,' where information can flow between applications with less resistance and effort than previously." The article provides a good overall look at the current state of XML.

Revisiting XML tools for Python (IBM developerWorks). David Mertz takes a look at Python based XML tools in an IBM developerWorks article. "The first two installments of Charming Python by David Mertz provided an overview of working with XML in Python. In the year since those initial writings, however, the state of XML tools for Python has advanced significantly. Unfortunately, most of these advances have not been backwards compatible. This special installment article revisits the author's previous discussion of XML tools, and provides up-to-date code samples."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Sharp's PDA.  This week's big commerce news came out of the JavaOne conference in San Francisco. Rumors of the new Sharp Zaurus personal digital assistant have been floating around for some time but this week the reality hit the road. The new device is a Linux based StrongARM platform which uses a Java virtual machine for applications. Lineo was chosen to provide their Embedix Embedded Linux distribution for the system.

The device, which is expected to become widely available sometime this Fall, currently holds 32MB of memory with an additional 16MB available in Flash. It sports a 240x320 reflective TFT color display and multiple card slots. Communication with the device will be possible through IrDA, USB, and serial ports, along with an audio out headphone jack.

Amiga has already announced their plans to port and write Java applications for gaming, 2D, 3D, animation, video, and music to the new platform.

EuroLinux alliance on the Hague Convention. The EuroLinux Alliance has issued a press release on the dangers posed by the draft Hague Convention revision. EuroLinux fears that, among other things, the Convention could pave the way for the enforcement of U.S. laws in Europe - including software patents and the Digital Millennium Copyright Act. Have a look for more information.

IBM, Devgen analyze genomic data. Belgium-based biotech company Devgen NV has deployed IBM technology to conduct genetic research on a microscopic roundworm (C. elegans). This research is being done to help fight human diseases such as diabetes, depression and obesity. Devgen's new system includes a cluster of IBM eServer systems running Linux and AIX which is used to analyze genome information.

VMware Offers 2001 College Graduates Special. VMWare has announced a program for graduating college students to get a discount on VMWare Express. The discount drops the price to $20.01 from the retail price of $79.00.

Caldera Establishes Japanese Subsidiary. Caldera announced the formation of its Japanese subsidiary, Caldera K.K. The venture will be backed by Fujitsu and Hitachi.

Open source WAP/SMS gateway developer files for bankruptcy. Wapit, the Finish company that developed the Open Source WAP and SMS gateway Kannel has announced it is filing for bankruptcy after failing to secure a second round of funding. (Thanks to J.H.M. Dassen)

Linux Stock Index for May 31 to June 06, 2001

LSI at closing on May 31, 2001 31.96
LSI at closing on June 06, 2001 32.75

The high for the week was 32.85
The low for the week was 30.13

Press Releases:

Open source products

Unless specified, license is unverified.

Distributions and bundled products

Proprietary Products for Linux

Hardware and bundled products

Products and Services Using Linux

Products With Linux Versions

Java Products

Books & Training

Partnerships

Personnel & New Offices

Financial Results

Other

Section Editor: Michael J. Hammel.


June 7, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Unsung heroes: Linux Kernel Janitors (NewsForge). NewsForge looks at the Kernel Janitors Project. "The chosen name, Janitors, indicates the relative glory of code cleanup. Still, the prestige of contributing to a major piece of free software is hard to ignore. Half of becoming a free software developer is knowing where to start."

A Constitutional Right to Decode? (Wired). Wired examines the EFF's battle over the DeCSS rulings. "During oral arguments on May 1, the three-judge panel appeared to be siding with copyright over free speech, but then took the unusual step a week later of sending both sides 11 questions to answer. The queries included "Does the dissemination of DeCSS have both speech and non-speech elements?" and "Does the use of DeCSS to decrypt an encrypted DVD have both speech and non-speech elements?""

Brazilian Army adopts free software. According to this portuguese language article, the Brazilian Army is set to adopt free software. "The Brazilian Army also is in phase of implementation of free software, already using the Linux, StarOffice and Direto - developed in partnership for the Procergs and university - as solution for the e-mail." The Babelfish translation is failry clear with this one. (Thanks to Cesar G.)

Itanium: New Opening For linux? (ZDNet). Interactive Week thinks Itanium may be just the ticket that Linux vendors need to get into the high end server market. "Intel has teamed with Linux vendors to bring the open source OS to the new chip. And those vendors are eager to raise Linux to a high-performance platform."

Linux forklifts in the data warehouse (ZDNet). Last week's LinuxWorld Tokyo showed just how involved database vendors, both proprietary and open source, are getting in the Linux arena. For example, Oracle has taken more than a 50% stake in the Japanese Miracle Linux distribution. "PostgreSQL lists a Web page full of commercial support organizations, of which the best-known (or at least best-funded) is GreatBridge. For those in Japan who don't need all the horsepower of Oracle, Miracle Linux offers a Linux/PostgreSQL bundle."

Free Web: Its days are numbered? (ZDNet). While some free web services are drying up, access to wide spread free content will never go away, even as some sites are learning to make a successful business out of sbuscription based content, according to this ZDNet special report. "Copyrighted or not, most of the basic information that viewers found for free yesterday will be freely available tomorrow. For this reason, many industry experts doubt that Yahoo and other portals will be able to charge for some content because it is so widely available through other online sources."

Looking Ahead To Linux 2.5, 2.6 (Byte). An interesting and rather detailed look at what may be ahead for the 2.5 and 2.6 kernel series comes from this Byte article. "Next to the inclusion of SGI's XFS and IBM's JFS file systems in the current 2.4.x source tree, several other new features might show up in 2.5. For one thing, senior Linux people and I have discussed including the Mosix clustering software in the standard source tree. Activating the Mosix cluster on any given Intel machine would just require re-compiling the kernel with the Mosix option = TRUE."

Open-source spat spurs software change (News.com). News.com covers the IPFilter licensing debate. "The squabble illustrates some of the pitfalls of the open-source software movement, in which philosophical principles can butt heads with the legal complexities of intellectual property law. Though proprietary software isn't immune from such tangles, companies writing proprietary code typically have better access to legal advice than the open-source programmers, often volunteers working on their own time."

Companies

Sun promotes Java on Cobalt servers (News.com). Sun has released a developer's kit to make Java software run on Linux-based Cobalt servers run. "The software kit comes with features that let the servers run Java programs called servlets and deliver custom Web pages using the Java Server Pages software, Sun said. These technologies are built into an open-source software package called Tomcat that ships with new Cobalt servers."

Sharp picks Intel for handheld (Reuters). A brief Reuters note indicates that the Sharp Linux-PDA will be using a StrongARM chip from Intel. "Until now, Japan's Sharp has used Hitachi chips. Compaq Computer's iPaq handheld already uses Intel's StrongARM chip. Sharp's upcoming handheld will run on the upstart and increasing popular Linux operating system".

Business

Open Source-onomics: Examining some pseudo-economic arguments about Open Source (FreeOS.com). The failure of Linux stocks is not representative of the truth behind Linux economics, as this article tries to prove. "At a certain point in time, commercial vendors may be reduced to selling differentiated features that 90 percent of the market doesn't need, while the most commonly-required features will be available to all, free of charge. Those common features will conform to standards, while proprietary, differentiating features will remain exactly that, -- proprietary and non-standard. It is such commoditization of the market that could slaughter proprietary commercial software, driving it into niches and ensuring that the mainstream goes Open Source." This is a well thought out treatise on the value of Linux both for business and individuals and is definitely worth a read.

Reviews

Taking linux in hand (ZDNet). ZDNet examines the Linux-based VR3. "The VR3 runs Linux-VR, a branch of the Linux 2.4 test kernel from Silicon Graphics Inc. The VR3's GUI is driven by a slimmed-down X server and the Fast Light Window Manager."

Python Documentation Tips and Tricks (ONLamp). Cameron Laird looks at the documentation of Python code in this ONLamp article. "The culture of the Python community reinforces high standards in documentation. Since the existing documentation is good, code authors expect that they will need to do as well for new contributions."

Miscellaneous

Linux on the Desktop--an Impossible Dream? (Linux Journal). Is the usable desktop an unattainable goal for Linux? Not according to this Linux Journal opinion piece. "I believe there's a bright future for Linux on the desktop, but understanding this future requires going beyond viewing the Linux desktop in isolation. Smith's point focuses on the difficulties of Linux in 'pulling' users away from Windows and Mac OS--but that's only part of the story. As the history of personal computing reveals, major usage shifts involve 'push' as well as 'pull.'"

Section Editor: Forrest Cook


June 7, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

What is open source software? (CNN). CNN tries to explain open source software to the common man. "The concept of open source software is sometimes hard to understand for IT executives who are familiar with traditional ways of buying software. Concerns about support and accountability are valid when thinking about using open source software. But supporters assert that open source is more reliable because problems can be found and fixed quicker."

Linux Gazette #67 (June 2001). The monthly Linux Gazette has been published for the month of June. Topics in this issue include spam protection with Mailfilter, an introduction to awk and using ssh-agent.

Humor

The tribulations of being a wandering penguin. Dr. Fun tells us that it can be tough to be a penguin on the move....

Events

Linux-Kongress 2001 Announcement and Call-For-Papers. The announcement and call-for-papers for the Linux-Kongress 2001 has been released. The event will be held November 28-30, 2001 at the University of Twente, Enschede, The Netherlands. Linux-Kongress "has evolved into the most important meeting for Linux experts and developers in Europe. This year is special because we celebrate the 10th anniversary of Linux and are organizing the conference for the first time outside Germany".

Linux@work Paris & Brussels. Linux@work Paris and Brussels, scheduled June 13th and 14th, will be holding two keynote panels on the topic "Is Open Source Software threatening intellectual property?"

Australian Open Source Symposium. The Australian Open Source Symposium will be held next week, on Saturday, June 16th, in Canberra, Australia. "The purpose of this event is to bring together the Australian Open Source community on an annual basis".

Events: June 7th - August 2nd, 2001.
Date Event Location
May 31, 2001II Forum Internacional do Software LivreBrazil
May 31, 2001The Unix Users Group the Netherlands Spring Conference(De Reehorst)Ede, the Netherlands
May 31, 2001MontaVista seminar(Irvine Hilton)Irvine, Calif.
June 5, 2001MontaVista seminarChicago.
June 6 - 7, 2001Linux ExpoMilan, Italy
June 7 - 8, 2001Second European Tcl/Tk User MeetingGermany
June 7, 2001MontaVista seminarToronto.
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 13, 2001Linux@workParis
June 14, 2001Linux@workBrussels
June 15, 2001Linux@workAmsterdam
June 20 - 21, 2001Linuxdays 2001St. Pölten, Austria
June 25 - 30, 2001USENIX Annual Technical ConferenceBoston, Massachusetts
June 25 - 27, 2001NCSA Linux users' and system administrators' conference(University of Illinois)Urbana, IL
June 29 - July 1, 2001Linux 2001 Developers'' ConferenceManchester, UK
July 3 - 5, 2001Enterprise Linux Institute ConferenceOlympia, London
July 4 - 9, 2001Libre Software MeetingBordeaux, France
July 4 - 5, 2001Linux Expo ExhibitionOlympia, London
July 5 - 8, 2001LinuxTag 2001 - Stuttgart,Germany
July 9 - 12, 2001Embedded Systems Conference(Navy Pier Festival Hall)Chicago, Ill.
July 9 - 13, 2001SAGE - AU 2001(Grosvenor Vista Hotel)South Australia
July 19 - 25, 2001Networking Event 2000(ne2000)Nuenen, the Netherlands, South
July 23 - 27, 2001O'Reilly Open Source Software Convention - San Diego, California
July 23 - 27, 20011st annual PHP Conference - San Diego, CA
July 25 - 28, 2001The Ottawa Linux Symposium

User Group News

LUG Events: June 7th - June 21st, 2001.
Date Event Location
May 31, 2001Bergen Linux User Group(BLUG)Bergen, Norway
May 31, 2001The Unix Users Group the Netherlands Spring Conference(De Reehorst)Ede, the Netherlands
May 31, 2001AaLUG: Generalforsamling i AaLUGDenmark
June 2, 2001Twin Cities LUG(TCLUG)Minneapolis, MN
June 2, 2001Sheffield LUG(ShefLUG)University of Sheffield, UK
June 4, 2001Baton Rouge LUG(BRLUG)Baton Rouge, LA.
June 5, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
June 5, 2001NorthWest Chicagoland LUG(NWCLUG)(Harper College)Palatine, Illinois
June 5, 2001Missouri Open Source LUG(MOSLUG)Kirkwood, Missouri
June 6, 2001Silicon Valley LUG(SVLUG)San Jose, CA
June 6, 2001Southeastern Indiana LUG(SEILUG)(Madison/Jefferson County Public Library)Madison, IN
June 6, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
June 7, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
June 7, 2001Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
June 9, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
June 9, 2001Route 66 LUGLa Verne, CA
June 9, 2001GalLUG Installfest(Connecting Point Computers)Gallup, New Mexico
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 12, 2001Victoria LUG(VLUG)(University of Victoria)Victoria, British Columbia
June 12, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale, NY
June 13, 2001Toledo Area LUG(TALUG)Toledo, OH
June 13, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
June 13, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
June 14, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
June 14, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.

Event announcements should be sent to lwn@lwn.net in plain text.


June 7, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Five years ago: Linus Torvalds released the 2.0 kernel on June 9, 1996. This was the first (stable) release to support the Alpha processor and to support SMP systems, among many other things.

The penguin logo was offically adopted at this time as well. After five years, it seems like Tux has been around forever.

Three years ago (June 11, 1998 LWN): yes, it's been three years since the infamous John Dodge article, one of the classic examples of early-day ZDNet FUD:

First, let me say that I am uniquely unqualified to write about this week's topic. Like most of you, I've never used Linux....

Yes, the Linux camp, like a fat, speedy penguin, is making noise. However, some of the 25 letters I've gotten on Linux simply refer to it as a Windows alternative, not something they worship or even use.... Linux has a snowball's chance in hell of making perceptible inroads against Windows. And Torvalds left UHel last year for the commercial world.

"Uniquely unqualified" indeed.

Adaptec finally saw the light, and started providing programming information for its controllers to the Linux community.

The long-awaited GIMP 1.0 release happened, finally. GNOME 0.2 was also released.

Two years ago: (June 10, 1999 LWN): Red Hat filed for its initial public offering of stock - the first of (shorter than expected) series of Linux IPOs. LWN's analysis of the IPO filing is still available; it is interesting to see how things have changed. Somehow "my.redhat.com" never did seem like a winner...

But the mere fact that there is now an official SEC document that includes the text of the GPL serves as fairly astonishing proof that the rules of the software business really are being rewritten.
-- Andrew Leonard, Salon.

[Debian Logo] The Debian Project chose its new logo, after a long process involving a great many proposals. Debian also officially adopted the Filesystem Hierarchy Standard.

One year ago (June 8, 2000 LWN): Richard Stallman went on the attack against Open Motif and its not-really-free license.

Their announcement says they have released Motif to "the open source community", but this is true only in an unnatural interpretation of the words. They have not made Motif available within the free software community; instead, they have invited the people in the free software community to leave the community by using Motif.

One year later, the non-free license remains.

Plan 9, meanwhile, was released under a not-quite-free license.

Linux-Mandrake 7.1 was released.

Turbolinux had its first big round of layoffs, at the same time that it was paying founders Cliff and Iris Miller over $8 million to leave the company.

Remember how people were talking about Eazel a year ago?

When is a startup more than a startup? When that startup is kissed with the golden glow of success long before it retains a public relations firm or the first PowerPoint presentation is drafted. What does such a firm look like? It might have $13 million in startup funding based on a handful of phone calls. It might have some of the most talented programmers the world has produced to date. It might have the kind of seasoned management, with a little gray at the temples, that makes venture capitalists nod sagely and move along to the next and more troublesome funding project.

Things sure did look different back then...

Ah yes, it has now been one year since the antitrust judgement against Microsoft. Not much has changed on that front either....


June 7, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

June 7, 2001

   
From:	 "Michael Hunt" <michael.j.hunt@usa.net>
To:	 <letters@lwn.net>
Subject: Some positive thoughts on the Desktop section
Date:	 Thu, 31 May 2001 12:30:24 +0100

It seems lately that Hammel has been getting some flack over his writings
for LWN's Desktop section and while I can see the point of peoples claims
(i.e. that the feel of the writing is not in the tradition or spirit of LWN)
I do want to point out some positive points (since I am ever the optimist).

1. This weeks Desktop section was the best so far and I think much more in
line with what readers expect from LWN. Having read Michael's GIMP book the
expertise on Linux printing is to be expected and shows through and I wish
to applauded him for the quality of it.

2. His pointers to good resources on the subject of printing showed research
and allowed people who were interested in the topic to pursue it, while
leaving others free to move on.

3. Comment was concise and to the point. It was also stated in a "mater of
fact" way not a "I think this is right".

4. News coverage was to the point and not long winded.

I understand that any new direction that LWN takes is going to be meet with
challenges such as readership acceptance, maintaining of style, keeping your
core focus etc. So far the desktop section has not entirely meet all of
these satisfactorily but if this weeks edition is anything to go by you are
getting much closer.

Michael Hunt
An Aussie in Africa

P.S. As a GNOME user I have enough trouble just trying to stay up to date
with it let alone all the other desktops out there.

   
From:	 Hans-Peter Fischer <hp.fischer@heidenheim.com>
To:	 letters@lwn.net
Subject: On The Desktop
Date:	 Thu, 31 May 2001 19:10:51 +0200 (CEST)

Dear editor,

I am writing to you because I am somewhat appalled by the hostile reaction of
some of your readers to Michael J. Hammel's desktop column, especially Bret
Mogilefsky's arrogant "he's got to go" comment. Have all these self-made
desktop experts who can't stand witnessing somebody learning something
forgotten how to skip an article they don't like?

I have no intention to either install KDE or Gnome on my machine because I
don't see what they could possibly do for me that fvwm2 can't and because I
like all my applications look and behave differently, but I still enjoy reading
Mr. Hammel's column simply because it is well written, and sometimes also
informative.

What I find annoying about LWN is something totally different, namely that it
has become more and more "business-minded" over time, and apparently so without
any member of the "free" Linux community complaining.

So why not split LWN in two: one edition about Linux - in which there would
certainly be a place for Mr. Hammel - and one about stock quotes and business
with/on Linux?

Yours sincerely,

Hans-Peter Fischer

-- 
Visit http://www.hei-news.de/
   
From:	 Robert L Krawitz <rlk@alum.mit.edu>
To:	 letters@lwn.net
Subject: Printing
Date:	 Thu, 31 May 2001 21:05:19 -0400

I read the On The Desktop section of your May 31 edition with
considerable interest.  As the project lead for Gimp-Print, I'd like
to explain the relationship between Gimp-Print, the GIMP, CUPS, and
other printing systems.

Gimp-print has indeed seen a major overhaul.  It is no longer just the
Print plugin for the GIMP; it can be used with CUPS, Ghostscript,
Foomatic (http://www.linuxprinting.org/foomatic.html), and (via
Ghostscript) plain unadorned lpd and LPRng.  At the core, it's
organized as a set of dithering routines, color management (of a
sort, presently rather ad-hoc), and a collection of drivers for the
main families of printers we support (Epson, HP, Lexmark, and Canon).
In 4.1 (the current development mainline), this was organized into a
shared library that applications that need to generate printer output
link against.  The current clients of this library are the GIMP Print
plugin, a CUPS driver, and a Ghostscript driver (named "stp" when
compiled into Ghostscript).  Using this package directly through
Ghostscript is not recommended due to the large number of options;
it's much more convenient to use it with CUPS or Foomatic.

The GIMP plugin aside, the package is strictly a driver package.  We
leave spooling and rendering to people who are experts in that field,
and work with those people to ensure that the interfaces between
layers are appropriate for our needs.

The focus of this project (at least since I started working on it) has
always been on high quality output, comparable to or better than OEM
drivers in many cases.  Some of our developers have backgrounds in
color and dithering theory and practice, and this has been of enormous
value to the project.  We're working on supporting additional
printers, including high end professional devices such as the Epson
Stylus Pro series of printers.

I think that the name of the project, Gimp-Print, is confusing to many
people; it's easy to assume that it's just the GIMP plugin.  However,
we've never succeeded in coming up with a better name, and to be
perfectly honest, the association with the GIMP (the premier free
end-user graphics application) isn't anything to be ashamed of :-)

-- 
Robert Krawitz <rlk@alum.mit.edu>      http://www.tiac.net/users/rlk/

Tall Clubs International  --  http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf@uunet.uu.net
Project lead for Gimp Print/stp --  http://gimp-print.sourceforge.net

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton
   
From:	 "Kevin Postlewaite" <kevin.postlewaite@tumbleweed.com>
To:	 "'lwn@lwn.net'" <lwn@lwn.net>
Subject: Response to LWN's statement about Linux security costs
Date:	 Thu, 31 May 2001 12:25:25 -0700

In LWN's front page article about the relative security costs of Linux
versus Windows, you wrote:
"While it is nice to see a (hopefully) objective result that favors Linux,
it is also a little disappointing. 5-15% is a fairly small margin; we should
really be able to do better than that. It's a start, anyway. "

I used to work for PricewaterhouseCoopers auditing computer security of our
clients.  We would go in and try to penetrate our clients' systems (with
their permission, of course).  The main flaws that existed did not have to
do with the particular OS but depended on the skill and conscientousness of
the system administrators, as well as the computerl security education of
the company's employees.  The most successful penetrations were obtained
when some sysadmin would set the root password to root (or better yet, none
at all) or have the Windows Administrator password be Administrator.  Also,
a surprisingly high number of employees would gladly give out useful
information (including accounts and passwords) to people that they didn't
know over the phone.  People were the weakest link, not the OSes.  Thus, I
wouldn't expect that the underlying OS would affect the expected damages by
much.  Far more important than installing Linux is educating the users(not
that they shouldn't install Linux anyway :-) ).

-Kevin



   
From:	 "First Name Last Name" <spamalabasura@my-deja.com>
To:	 letters@lwn.net
Subject: Software Auditing
Date:	 Fri, 1 Jun 2001 13:39:32 -0700

Dear LWN editors,

I read your front page article on the auditing of free software. You make a
good point that not enough auditing is being done.

Your articles in LWN can play a very beneficial role in encouraging more
people to participate in the auditing process. Instead of describing
auditing as 'tedious' and auditors as 'obscure participants' you could
focus on successful code auditors. Probably the most active community in
the auditing scene of Free Operating Systems is OpenBSD, led by Theo
DeRaadt. For OpenBSD hackers, auditing is not tedious and auditors are
'star players'!

All areas of software can be interesting once you find the right
community. Some people say that writing installation packages is boring but
you can ask Debian developers and they'll give you a very different
perspective.

In future editorial articles on the state of Linux auditing, you could add
links to interviews to OpenBSD hackers on how fascinating code auditing can
be and also add some pointers on where to learn more about this subject.

Approach this subject with enthusiasm and you will encourage more people to
do something similar for Linux.

Best Regards,

Eusebio C Rufian-Zilbermann

------------------------------------------------------------
   
From:	 "Charles Hethcoat" <CHETHCOA@oss.oceaneering.com>
To:	 <lwn@lwn.net>
Subject: On the auditing of free software
Date:	 Fri, 01 Jun 2001 17:02:11 -0500

I think your outlook on auditing of code is a tad pessimistic.  Sure, code
may sit there for years, but I feel it probably gets the attention that it
warrants.  That is, if it gets little attention, then it's probably doing
its job pretty well.

The key condition, to me, is that the code is _there_, available for review
when necessary.  When some situation arises that triggers an widespread
audit, then a rapid period of bug squashing ensues.

Having open code helps assure that the number of bugs steadily approaches
zero over time.  The time scale may be hours, days, or years, but I find it
reassuring to know that it's headed in the right direction.

Compare this to the situation with closed code.  Here, you don't have any
assurance that anybody is doing anything, at least if you are not a part of
the organization that owns the code.  Look at how the immortal DOS and
Windows bugs remain a part of the landscape forever, even though they are
widely known to have caused all sorts of problems for people.

Charles Hethcoat
Oceaneering Space Systems


   
From:	 Mike Coleman <mkc@mathdogs.com>
To:	 letters@lwn.net
Subject: Re: The Boundaries of GPL
Date:	 Thu, 31 May 2001 23:29:14 -0500 (CDT)
Cc:	 "Chad C. Walstrom" <chewie@wookimus.net>

Chad C. Walstrom's suggestion that the Linux kernel licensing issues could
be solved by "unifying" the copyrights of code contributed to the kernel,
transferring "copyright control" to the FSF or a newly created non-profit
organization, begs the question.  The problem itself is that it is not
feasible to get all of the past contributors to agree to anything,
including any such transfer.  (Many would see this as good fortune rather
than a problem, in any case.)

I believe Mr. Walstrom's characterization of RMS and the FSF as
"Marxist-like" is a baseless attack.  If he feels that they are a bit too
left-leaning for his tastes, though, then he must be absolutely howling
with rage at those corporations and individuals who (pounding their shoes
on the podium) insist that those of us who GPL our software are obliged to
instead give our work away without compensation (i.e., by switching to a
non-GPL license).  Marxist indeed!

-- 
Mike Coleman, mkc@mathdogs.com
  http://www.mathdogs.com -- problem solving, expert software development
   
From:	 Fred Mobach <fred@mobach.nl>
To:	 Linux Weekly News <lwn@lwn.net>
Subject: Re: The Boundaries of GPL
Date:	 Sat, 02 Jun 2001 23:03:13 +0200

"Chad C. Walstrom" <chewie@wookimus.net> wrote :

 I highly doubt that all the Linux kernel developers could be convinced
 to sign over copyright control to their contributions to the FSF, as
 not too many people buy in to the Marxist-like views of RMS and the
 FSF.

It is still every time very offending to read about the "Marxist-like"
views of Richard Stallman. Mr. Walstrom should _prove_ why he states
this or he should shut up. A little bit of study on marxism and the FSF
might help him, although I'm not sure ;-).

Regards,

Fred
-- 
Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976

The Free Transaction Processing Monitor project : http://www.ftpm.org/
   
From:	 "Chad C. Walstrom" <chewie@wookimus.net>
To:	 Mike Coleman <mkc@mathdogs.com>
Subject: Re: The Boundaries of GPL
Date:	 Fri, 01 Jun 2001 02:51:51 -0500
Cc:	 letters@lwn.net

To Mr. Mike Coleman:

Howling?  Baseless attack?  You misinterpret me quite wildly, and base
some far fetched assumptions about my character from that
misinterpretation.  My classification of FSF policies as Marxists is
not an attack at all.  To refute this classification, however, is in
most cases an amusing knee-jerk reaction to a "bad word".  I do not
place a value upon the policies the Free Software Foundation or of
Marxism in general, I simply pointed out a commonly accepted
observation that the FSF exemplifies many of the same principles.  The
question about my personal position has no bearing on the
conversation.

What we do agree on, to some extent, is that it may be difficult to
"sign over" control of the Linux kernel from each of its contributors
to the FSF or any other centralized foundation.  Organizing such a
move is no small task.

Regardless, these logistics are somewhat off-topic in reference to the
original article, which addressed the relationship between a GPL
software product and proprietary modules that interface with that
product.  It is a topic that relates to any similarily licensed
products, and one that needs further legal clarification.

--
Chad Walstrom <chewie@wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD
   
From:	 Tres Melton <class5@pacbell.net>
To:	 letters@lwn.net, djb@cr.yp.to, rms@stallman.org, class5@pacbell.net
Subject: License trouble everywhere.
Date:	 Sat, 02 Jun 2001 02:41:57 -0600

Dear Editor,

	I realize that I'm a little late in addressing this issue as you
wrote about it in the 24 May 2001 issue.  But after reading Richard M
Stallman's speech and various other tidbits regarding the licensing of
ip_filter and tcp_wrappers
(http://bsdtoday.com/2001/June/Features496.html) I thought that this
issue might need to be re-examined.  Particularly in light of the other
article that you wrote regarding djbdns.

	You mentioned the license as not being free to modify and redistribute
djbdns (qmail, and ucspi-tcp).  The reasons for this are Mr. Bernstein's
and are related to security.  It seems that he doesn't want to have
modified versions that might have security problems running around the
Internet for people to download thinking that he has given them his
blessing.  I have been a programmer for many years but security is not
my forte.  I have audited his code (to the best of my abilities) and am
reasonably sure of its security; enough to be running his software on my
machines.  I find his code to be exceptionally clean and well thought
out. This is in stark contrast to some of the other servers (sendmail,
bind, etc.) that are distributed with the various GNU/Linux
distributions.  These programs seem to focus on features to the
detriment of security.

	Was it not a security flaw in sendmail that brought the Internet to its
knees in the 80's?  I believe the first time the major news outlets
covered the Internet was to say that it was being devasted by an unkown
problem and most of the major sites were pulling the plug to The 'Net
until they could fix it. Although that was a bit before my time I'm
currently very aware of the various bugs that have been exploited
recently in multiple BIND vulnerabilities to create a multitude of
migrains for various system administrators throughout the world.

	A great deal of software that I use that is considered free and/or open
and I enjoy tinkering with it. I also enjoy the new features that come
out on a regular basis.  Unfortunatly some of these features come out
without serious thought put into their security.  When it comes to
running these programs on my desktop, behind my firewall, with limited
local access, I can easily tolerate these mistakes in the name of
progress.  When it comes to a corporate server that is exposed to the
Wild, Wild, 'Net that is a different story.  In that case I'm very
thankful that programs written by Mr. Berstein have his seal of
approval; not to mention having survived the security bounty that he has
placed on these programs:

http://cr.yp.to/djbdns/guarantee.html
"I offer $500 to the first person to publicly report a verifiable
security hole in the latest version of djbdns"

I believe that qmail had a similair bounty for awhile too.

	I realize the difference between DJB's programs and ipfilter is that
ipfilter is embedded within an OS with its own license and not running
ontop of it as a service.  And I'm not sure how to address a license
that is a small part of a whole product with a different license, as in
the case of BSD and ipfilter.  I do know that I'm willing to accept
things like:

http://cr.yp.to/qmail/dist.html
If you want to distribute modified versions of qmail (including ports,
no
matter how minor the changes are) you'll have to get my approval. This
does not mean approval of your distribution method, your intentions,
your
e-mail address, your haircut, or any other irrelevant information. It
means a detailed review of the exact package that you want to
distribute.

if it means that I can be assured that the code has undergone a thorough
security audit by the author and has his/her seal of approval.  I know
that Linus keeps a tight leash on 'his' kernel: as distributed by
kernel.org but that it doesn't always get the review that it might
need.  The various forks of Linux are even more murky.  I would be in
favor of the firewalling code and other security portions of the kernel
either not being modified or having the modifications approved by the
authors.  I know that RMS might not agree but he has the expertise to
verify his own code.  Some of us do not.  The freedoms granted by the
GPL are very important to me but so is secure code.  There are certain
circumstances in which I would be willing to forgo
the third freedom of the FSF as RMS put it:

http://www.gnu.org/events/rms-nyu-2001-transcript.txt
(aprox 1/3 of the way down)
And Freedom Three is the freedom to help build your community by 
publishing an improved version so others can get the benefit of your
work.

The only places that I would forgo this freedom is in the area of
security.
Perhaps the solution is to change the license to include an author's
seal of approval and allow modification provided that the seal of
approval is removed.  

	Afterall what would happend to qmail if DJB got hit by a truck and
later a bug was discovered.  Could it never be fixed?  Would the
software fade away?  What if he gets hit before he migrates djbdns to
IPv6?

What would happen to these quality pieces of software?

Tres Melton
class5@pacbell.net
   
From:	 Richard Stallman <rms@gnu.org>
To:	 class5@pacbell.net
Subject: Re: License trouble everywhere.
Date:	 Sat, 2 Jun 2001 14:48:49 -0600 (MDT)
Cc:	 letters@lwn.net, djb@cr.yp.to, class5@pacbell.net

It is clear that your goals and values are very different from mine.
I don't think technical merit can make up for a lack of freedom to
distribute modified versions, any more than a capable despot who makes
the trains run on time can make up for a lack of democracy.

   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds