Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

gnucash 1.6 and the dependency nightmare. The release of gnucash 1.6 was announced on June 11. gnucash is an important application - it is the only free package which provides comprehensive personal and business finance functionality. Your editor has been using it for over a year, and has been anxiously waiting for it to catch up to what the commercial finance packages can do.

From the release notes, the 1.6 release has gotten much closer to that goal; unfortunately, LWN is not, as yet, able to say more than that. You see, we have not yet been able to make it work on any of our systems.

gnucash is perhaps the prime example of shared library dependency hell. The executable requires no less than 60 different shared libraries, all, of course, with the right version. Upgrading to GNOME 1.4 addresses many of those dependencies, but not all of them. Dealing with the rest has proved tricky, even for people who are accustomed to this sort of problem.

There is no criticism of gnucash intended here. The gnucash developers are trying to produce the best package they can by taking full advantage of the work that has been done by others. That is how component-oriented software development is supposed to work, after all. And gnucash is certainly not the only application that presents this sort of dependency issue. But there is an important point that is worth raising here.

A program that needs 60 different libraries is depending on a very complicated software environment to support it. As of this writing, there is probably not a single distribution which, out of the box, provides that environment. Upgrading to that environment is helped by the various update services and tools that an increasing number of distributions are providing. It is worth asking, however, just how many of you would proceed with such an upgrade in confidence that it would work, and that nothing else would break?

As the Linux software environment becomes more complex and powerful, it also risks becoming more brittle. The desktop will not be won as long as users must upgrade dozens of libraries, with a good possibility of breaking their systems, to get a new personal finance application. The desktop developers have a serious challenge ahead of them here: make the environment robust and easy to upgrade, or see the users wander away in frustration.

(As an addendum, it's worth noting that the gnucash developers have plans to offer a CD with the application and all required libraries shortly).

Linus is not accountable? We got a pointer this week to a white paper published by Microsoft entitled "Linux in Retail & Hospitality: What Every Retailer Should Know." It is available from the Microsoft web site, but only in Word format. It contains a pretty serious copyright notice that prevents us from putting up a decrypted version, unfortunately.

It is a worthwhile read. While the company's executives make people laugh by calling Linux "a cancer," this document dedicates a dozen pages to flat out Fear, Uncertainty, and Doubt. It even cites LWN editor Liz Coolbaugh as an expert on the number of distributions available, which, of course, is presented as a problem:

Imagine how confusing it would be if Microsoft released 188 versions of Windows and multiple versions of the GUI, each with a slightly different functionality? Wouldn't that be confusing? Wouldn't it be extremely difficult to run an enterprise solution with confidence about your future and return on investment in Microsoft products? That is the exact scenario that Linux is presently in by having so many distributions.

You read it here: choice is bad.

Rather than get into a point-by-point rebuttal, however, we would like to focus on one issue in particular:

With everything being in Torvalds' hands, he is in total control over where the future of Linux goes. If he doesn't want a new retail feature to be included in the core operating system, it will not be included. Additionally, he doesn't have any accountability to the industry when the releases are delayed, if they do not work well, etc.

One could have a lot of fun examining the degree of "accountability" shown by Microsoft when its releases are delayed, when they did not work well, etc. But that misses the point. The important thing to point out here is that Linus has, simultaneously, less control and more accountability than Microsoft would like its readers to believe.

On the issue of control, it suffices to say that Linus' domain does not extend beyond the kernel. Most of what users see as "Linux" has very little to do with Linus; it is, instead, the responsibility of thousands of developers worldwide. In particular, almost anything seen as a "retail feature" is unlikely to involve him.

Linus has a level of accountability that far surpasses anything Microsoft can claim: he can only lead where users and developers will follow. There is no structure that requires anybody to run or develop for his standard kernels; if he mismanages development, he may well find himself in charge of an obscure fork while the real activity goes elsewhere.

For an example of how this can work, see the the coverage of the device number debate in the May 17 LWN Kernel Page. When Linus made an unpopular decision, Alan Cox refused to follow him. As a result, many prominent distributions will probably include kernels that implement a policy different from that decreed by Linus.

In fact, most of the major distributors employ high-profile kernel hackers, and almost all of them distribute kernels which have been modified in some way. They have, in other words, declined to follow Linus in situations where they feel that their users' needs call for something different. Thus, for example, SuSE users have had ReiserFS for some time, and Red Hat users had the current RAID implementation, even though the standard 2.2 kernel did not.

This is one of the great powers that free software gives to its users: nobody can prevent them from incorporating whatever functionality or changes suit their needs. And it is the core of Linus' accountability. If he tries to take the kernel in the wrong direction, his user community will simply go around him. Proprietary software vendors generally lack that accountability, and their users suffer for it.

The survey results are in. Thanks again to everybody who took the time to fill in the form. Here, for those who are interested, is a set of highlights from the results. There was much there that was interesting to us.

• We got just over 3100 replies.

• Most of you seem to like us - 94% said that they have the site bookmarked and come here regularly. The bulk of you come by once a week, but about 1/3 of the respondents said they hit the Daily Updates Page every day.

• People are generally happy with the content, with the Front, Kernel, and Security pages topping the list. The pages with the highest "dissatisfied" votes were On The Desktop and Commerce, at 11% and 12%, respectively.

• On the list of possible enhancements, the security incidents and updates database and detailed research reports came out on top. Two often-requested features - email delivery and a PDA version - were requested by less than half of the respondents; those who want those features, though, want them quite a bit. Comment posting came in at the bottom.

• You are a very male group - 98.7%. There are almost as many women writing LWN as reading it. Most of you are between 25 and 35 years old. Almost all of our readers have at least some college education, with 38% having completed a graduate degree.

• 41% of our readers live in the U.S, and 5.5% in Canada. Most of the remaining readers are European, with the U.K. and Germany topping the list. Almost every other country on the list (and a few that weren't - sorry) was represented, though; we have readers from Argentina to Zimbabwe.

• Most of our readers are employed in technical positions, and most of them at smaller companies.

• More of you run Intel systems than any other, which is not too surprising. But almost 30% of you have Alpha-based systems and 20% use PowerPC systems as well. 85% of you have Red Hat Linux around; all of the other distributions fall into the single digits, with one surprising exception: half of you claim to run Slackware on your networks.

• 667 of you took the time to write in additional comments, and we've read every single one of them. Took a while. There were a few common themes that we found; even after we got past the most common type of comment, which was complaints about the survey itself. Yes, the survey could have been done a lot better; we apologize (again) for the problems.

  Beyond that, numerous people asked us not to change too much. Quite a few expressed hostility to the idea of comment posting, which came as a bit of a surprise; we had been considering adding such a feature. Gripes about the "On The Desktop" page were fairly common. We also saw a number of requests for expanded development coverage and a better organization for the software announcements pages.

  Some of you took us to task for excessive coverage of Red Hat on the distributions page. Others complained that we ignore Red Hat in favor of other, more obscure distributions.

  We were also surprised by a number of complaints about excessive commercial coverage. We operate in the belief that you can not really cover Linux and free software while ignoring the commercial sector; corporations, at this point, have a lot of influence over what happens. Numerous readers disagree, however.

We're still digesting the results of the survey; there is a lot of information there. We would like to thank you all, one more time, for giving us a bit of your time. It will help us to create a better LWN for everybody.

New LWN.net events calendar. The LWN.net Linux Events Calendar has seen a much-needed, much-delayed major upgrade. The new, Zope-based calendar provides a more flexible interface, and the ability to filter events by type. And finally we've done something with that linuxcalendar.com domain name... Have a look, we hope you like it.

Inside this week's Linux Weekly News:

• Security: Non-executable stack and heap implementations, new vulnerabilities in LPRng, xfs, gdm, xinetd, exim, fcron and TIAtunnel.
• Kernel: 2.4.6pre3; the limits of what modules can do; kernel data formats.
• Distributions: 217 Distributions and counting ...
• On the Desktop: Usability testing, GNUStep interview, and PalmOS updates.
• Development: GStreamer, Cplant cluster software, Ganymede 1.0, GVD 1.2.0, Open Source Legal Issues, APL for Linux.
• Commerce: TV Linux Alliance; 'LPI Certification in a Nutshell' from O'Reilly.
• History: Debian 1.1 was released 5 years ago; The "Open Source" trademark officially died 2 years ago.
• Letters: Licensing and security; naive economics; Linux's astrological sign.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

Non-executable stack and heap for Linux. Discussion regarding the security value and cost of implementing non-executable stack and heap for Linux was revived this week with the announcement of RSC, a non-executable stack and heap kernel module for Linux by author Paul Starzetz. Other projects with similar goals were discussed, such as PAX, announced back in October. Non-executable data areas, of course, are interesting to some because they can block certain types of buffer overflow attacks.

During the discussion, Crispin Cowan posted this message which provides links to prior discussions on this topic, related papers and more. We recommend perusing it if you are interested in the topic. He summed up the argument for non-executable heap and stack fairly succintly, presuming, of course, that the implementation costs are not too high. Crispin writes:

Summary of my personal view only:

• non-executable segments do add some security value
• non-executable segments is arguably an obscurity defense, because attacks exploiting overflow vulnerabilities that are stopped by non-executable segments can always be re-worked to be "return into libc" style attacks that bypass the non-executable segment by pointing directly at code in the code segment
• this obscurity defense arguably has value, because writing return-into-libc exploits is hard, and hard to make scriptable, because the offsets are fussy

That is, of course, not the end of the conversation - not everybody thinks that the "security through obscurity" approach of non-executable data segments is worth the trouble.

Open source to the rescue (ZDNet UK). This article in ZDNet UK looks at the European Parliament's stand on open source. "I thought this particularly interesting since it was among the resolutions voted for by the European Parliament, and must surely be the first time any parliament has come out and said that open source software is intrinsically more secure than closed source software. Microsoft take note.

More interesting still was the European Parliament's resolution to urge member states to devise ''measures to promote, develop and manufacture European encryption technology and software and, above all, to support projects aimed at developing user-friendly open-source encryption software.''"

Pittsburgh Company Helps Write Code for European Privacy Standards on Web (Pittsburgh Post-Gazette). Bright Plaza, Inc., a Pittsburgh, USA based technology firm, will be working with the European Commission as they look at developing a prototype for new software to protect privacy on the Web. "The EC initiative is driven by a widespread European belief that life in the Information Age makes personal information far too accessible, said [Carnegie Mellon University scientist Robert] Thibadeau. 'The Europeans are ahead of the U.S.,' he said. 'They regard privacy as if it's part of you as a human being. And they say the state has an obligation to protect your privacy, just as it has an obligation to protect your life'".

Fluffy Bunny speaks on IRC. The cracker behind the SourceForge, Themes.org and Apache break-ins has apparently done an IRC interview, the summary of which has been posted to SecurityFocus. "The cracker also explained how all the recent compromises were related. The common link: a packet sniffer Fluffy Bunny put in place on Exodus. "There was a sniffer on exodus yes, but there are sniffers everywhere," Bunny wrote." The identity of the interviewee has not been confirmed, however. (Thanks to Joe Barr)

Security Reports

LPRng supplemental group membership vulnerability. LPRng fails to drop membership in supplemental groups at the same time it drops setuid and setgid privileges. As a result, such supplemental groups may provide access to enhanced privileges. This bug was not referenced on the LPRng home page, but Red Hat has issued updated packages with a fix for the problem. This is also covered in BugTraq ID 2865.

• Red Hat

XFree86 X font server (xfs) denial-of-service vulnerability. The X font server xfs, part of XFree86, has been reported to contain a denial-of-service vulnerability. When connected to "numerous" times and given random data, xfs may crash, which can, in turn, cause the X server to crash as well. This is only applicable to font servers that are listening to TCP/IP, which is likely only the case for a machine that is serving X terminals. No workaround or fix for the problem has been reported so far.

gdm cookie vulnerability. gdm 2.2.2.1 has been released and, according to the changelog, contains a fix for a security problem under which an attacker could log in, save his cookie and then have that cookie used by the next person to log in.

• Slackware (from the Changelog)

xinetd buffer overflow. A buffer overflow has been reported in xinetd which may be exploitable either to gain elevated privileges or to cause a denial-of-service. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging.

Linux FPF kernel module denial of service vulnerability. FPF is a Linux kernel module which can be used to alter the Linux TCP/IP stack in order to emulate other operating systems when the system is probed by tools such as nmap or Queso. With the patch applied, it is possible to cause the kernel to panic by sending it multiple fragmented packets. A fix for the problem has been released. Nonetheless, the authors still state that the module has some problems and they recommend against using it on servers.

exim format string vulnerability. A locally-exploitable format string vulnerability has been reported in exim, a GPL-d Mail Transfer Agent. Root access may be gained if the 'syntax checking' mode is turned on (not the default). Workarounds and an unofficial patch are available. The patch will be rolled into exim 3.30, which is expected to be released "soon".

• Debian
• Conectiva

man-db nested calls vulnerability. The man-db vulnerability of the week involves the manner in which calls to drop_effective_privs and regain_effective_privs are handled. Nested versions of such calls can be used to cause man-db to regain privileges too early, which could result in a user being able to create files as user man.

• Debian

su-wrapper buffer overflow. su-wrapper is used to execute processes under different uids. A buffer overflow has been reported in su-wrapper 1.1.1. No official patch or upgrade has been released, but an unofficial, untested patch has been posted.

Fcron symbolic link vulnerability. fcron is a periodic command scheduler which implements the functionality of vixie cron but does not assume that your system runs all the time or regularly. A symbolic link vulnerability has been reported in fcron 1.0. Versions 1.0.1, 1.0.2 and 1.0.3 have been reported not vulnerable, so presumably an upgrade to one of these versions will resolve the problem. No information on whether or not the latest development version, 1.1.0, is affected has been posted.

TIAtunnel remote access vulnerability. TIAtunnel is a simple IRC bouncer, released under the GPL. A vulnerability has been reported in TIAtunnel that can be exploited by a remote attacker to gain a local shell under the TIAtunnel account. This was found in PKCrew TIAtunnel 0.9alpha2 and has been fixed in TIAtunnel 0.9alpha3. Note that a stable version of the software has not yet been released.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Security upgrades have been applied to both the client and server potions of Caldera's Volution network management software. Upgrading both components is recommended. This is also covered in BugTraq ID 2850.

• BestCrypt version 0.7, a data encryption product, can be exploited locally to run arbitrary commands as root. An upgrade to BestCrypt 0.8 will fix the problem. BugTraq ID 2875.

• SpearHead Security has acknowledged the URL encoding vulnerability in the NetGap devices reported in last week's Security Summary. They report that the problem has been resolved in build 78 of the NetGap software.

• The Anonymizer.com anonymous web service has been reported to contain a vulnerability in which Javascript code commented out by Anonymizer gets executed anyway. No warning messages are posted. This has been tested only on the free/trial version of Anonymizer. No vendor response has been seen so far.

• A Java-filtering vulnerability has been reported in gmx.net, a European-based free web-mail community. GMX AG has responded, acknowledging the problem and promising an immediate workaround would be put into place.

Updates

ispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.

This week's updates:

• Debian, fixed in ispell-3.1.20-8, updated January 26, 2000.

• Red Hat (June 7th)

xinetd default umask vulnerability. Check the June 7th LWN Security Summary for the original report. Fixing the problem simply requires that the default umask for xinetd be set to 022 instead of 000. This is also covered in BugTraq ID 2826.

This week's updates:

• Linux-Mandrake
• Immunix

• Red Hat (June 7th)

gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.

This week's updates:

• Conectiva
• Red Hat
• Turbolinux
• Caldera
• Debian, unstable upgrade to 1.0.6 on May 29th.

• Engarde (May 31st)
• Progeny (May 31st)
• Linux-Mandrake (June 7th)
• Immunix (June 7th)
• Trustix (June 7th)
• SuSE (June 7th)

multiple imapd buffer overflows. Check the March 15th LWN Security Summary for the original report. This is also covered in BugTraq ID 2856.

This week's updates:

• Linux-Mandrake

• Caldera (March 15th)
• Conectiva (March 22nd)
• SuSE (March 29th)

GTK+ module use in setgid/setuid programs. Check the January 4th, 2001 Security Summary for the original discussion of this issue. The official position of the GTK+ team is that setuid and setgid programs are a bad idea for GUI toolkits and are not supported by the GTK+ toolkit.

This week's advisories:

• Turbolinux
• Havoc Pennington, response to patch issued by Turbolinux.

Multiple buffer overflows in tcpdump. Multiple buffer overflows in tcpdump were reported in our November 2nd, 2000 edition. Check also BugTraq ID 1870

This week's updates:

• Turbolinux
• Linux-Mandrake

• FreeBSD (November 2nd, 2000
• SuSE (November 16th, 2000
• Debian (November 23rd, 2000)
• SuSE (November 23rd, 2000)

Resources

IBM Whitepaper: The Linux Security 'State of the Union'. Dated May 11, 2001, nonetheless it was this week that this IBM whitepaper first came our way. It contains a nice description of Linux security efforts, such as LIDS, Snort, RSBAC, NSA Security Enhanced Linux, StackGuard, packet filtering, LOMAC, PortSentry and TCS.

New Security Portal moderated security discussion list. SecurityPortal has started a new, moderated discussion list for security issues, seeded with a few SecurityPortal people to make sure that an effort is made to answer questions posed to the list.

Events

Upcoming Security Events.

Date	Event	Location
June 17 - 22, 2001	13th Annual Computer Security Incident Handling Conference (FIRST 2001)	Toulouse, France
June 18 - 20, 2001	NetSec Network Security Conference(NetSec '01)	New Orleans, Louisiana, USA.
June 19 - 20, 2001	The Biometrics Symposium	Chicago, Illinois, USA.
June 19 - 21, 2001	PKI Forum Members Meeting	(Kempinski Hotel Airport Munchen)Munich, Germany
July 11 - 12, 2001	Black Hat Briefings USA '01	Las Vegas, Nevada, USA.
July 17, 2001	The Open Group Security Forum briefing	Austin, Texas
August 6 - 10, 2001	CERT Conference 2001	Omaha, NE, USA.
August 7, 2001	CIBC World Markets First Annual Security & Privacy Conference	New York, NY, USA.
August 13 - 17, 2001	10th USENIX Security Symposium 2001 Conference	Washington, D.C.
August 13 - 17, 2001	HAL2001	Enschede, The Netherlands

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.5. Linus released 2.4.6pre3 on June 13. It includes a relatively large set of fixes and updates, including the long-awaited fix that allows ReiserFS filesystems to be exported by NFS; a number of virtual memory updates; a bunch of virtual filesystem cleanups by Alexander Viro; and many other fixes. Linus didn't see fit to mention it, but, as of pre2, the kernel also contains a Bluetooth protocol implementation.

The VM changes include work from a number of developers. After some rigorous testing here at LWN Labs (i.e. "run it on your desktop and see what happens"), we conclude that a number of the VM issues have, in fact, been addressed. It is not perfect, yet, but progress is being made. It's nice to have a system that doesn't seem to be running out of swap all the time.

On the other hand, there have been reports of compile-time warnings due, as it turns out, to a change in the PCI bus API. One might object that this is supposed to be a stable kernel series; evidently the kernel developers concluded that there were few users of this particular interface and a change would not cause problems. Some people disagree, however.

The 32-bit DMA zone patch, covered last week, is still not present in the 2.4.6 prepatch. Linus likes the idea, but wants some changes which create a new interface for setting up memory zones in a more flexible manner.

Alan Cox's latest is 2.4.5ac13. Alan is evidently doing jury duty, and has thus been relatively quiet.

A new networking patch pushes the limits of what modules can do. La Monte Yarroll is working on the Linux Kernel SCTP project, which is producing a Stream Control Transmission Protocol implementation for Linux. The SCTP folks have found that it is hard to just plug a new networking protocol into the kernel - the interfaces are just not set up for that.

So Mr. Yarroll has posted a patch which creates a new registration interface. The current static tables are replaced with a dynamic structure, and a set of functions has been provided which allows a module to add its new protocol to the system. It seems like a useful patch, which should not be overly controversial.

Until, that is, somebody asked if this interface could be used to replace the TCP implementation in the kernel. The answer was "yes," though any hopes of having the new implementation pick up existing connections should be forgotten.

Here's David Miller's take on the idea of plugging in new TCP implementations:

I will never in my lifetime allow such a facility to be added to the Linux kernel.

One might safely conclude that he does not like the idea.

The problem is that David does not want to open the door for people to plug proprietary TCP implementations into the kernel. Linus has, of course, said that non-free kernel modules are OK, as long as they stick to the published module interface. That interface currently does not allow the replacement of network protocol stacks, so the only way to do so would be to link the new implementation directly. Doing so with a proprietary implementation would clearly violate the GPL. Mr. Miller (and many others) are happy with that state of affairs.

This approach is not particularly new or surprising - Linus does not allow modules to add new system calls for the same reason. Binary-only kernel modules are tolerated, grudgingly, but only for certain tasks, such as driving devices. "Embracing and extending" the kernel by replacing whole subsystems goes a little too far. Of course, as was covered on the LWN front page two weeks ago, some people think that even Linus's interpretation is too liberal.

So the registration patch will probably see some minor reworking so that it does not allow the replacement of existing network protocols. But the issue of binary modules is likely to return, soon. There may yet come a point where they are no longer allowed.

The kernel and data formats. Another area of ongoing discussion has to do with how the kernel returns data to user space. Last week's Kernel Page mentioned the discussion of temperature formats; this discussion is worth revisiting (along with one other) because they illustrate how some kernel interface decisions are made.

Last week we reported that kelvins were the likely choice of units for temperatures reported by CPU monitors and such. In fact, a number of people have been advocating for temperatures to be reported in tenths of kelvins, or even hundredths. The stated advantages of this format are that the numbers will always be non-negative, and that a very wide range of temperatures can be represented with 16 bits - a wider range, certainly, than most computers will endure and be expected to still function. Or so it seems.

The assertion that kelvins can not be negative was quickly refuted, but the argument is mostly of interest to pedantic quantum physics enthusiasts. Once again, this is not within the normal operating specifications of current commodity hardware.

Using anything other than straight kelvins has also been controversial. The point being made is that returning a value in hundredths of kelvins might fool people into believing that the temperature measurements are actually that accurate. One degree of precision is more than adequate for modern CPU temperature sensors, and a more precise measurement would be useless even if it were accurate.

Nonetheless, there are people who would like the more precise format, for the simple reason that it may be needed in the future, and these interfaces are hard to change once they are in use. A final resolution has not happened, but a likely format will be tenths of kelvins, since ACPI already uses the format.

Some people have argued for a system configuration option which would allow selection of whatever temperature unit pleases the user best. That didn't get very far, though. There is a near consensus that the kernel should export a single, well-defined format, and leave conversions to user space.

The same idea, however, created a bit more fuss at the end of May, when a new version of the Phillips web camera driver was merged with its color conversion routines stripped out. As a result, applications using that camera see only one format, and many of them apparently do not understand it. The pwc driver author has summarized his position, along with much of the discussion, on his web page.

The argument here is the same: the kernel should export a single data format, and leave conversions to user space. In the case of web cameras, the kernel hackers would much rather see a single, user-space conversion library, rather than a whole set of duplicated conversion routines in each driver. Driver writers, who want to make their devices easily usable, may disagree, however. The kernel hackers say what goes in, though, so this policy is likely to remain.

Other patches and updates released this week include:

• Pavel Roskin has posted a patch which provides devfs support for USB scanners.

• IBM released version 0.3.4 of its journaling filesystem.

• For those who would like to try out the ext3 filesystem, but who aren't up to applying the patches, Peter Braam has released a set of RPMs containing an ext3-enabled kernel.

• The latest reports from the Stanford checker include 15 security holes (some of which were acknowledged to be nasty), and a couple of potential deadlocks.

• There is a new man pages release from Andries Brouwer; it exceeds 1000 pages for the first time, and adds pages for a number of previously undocumented system calls.

• Tom Gall at IBM has announced a port to 64-bit PowerPC processors. As an example of the scale of machines that are to be built with this processor, consider this other note from Tom wondering how he can deal with the current limit of 256 PCI buses.

• Work continues on the security module patch. Here is a version of the patch posted by Stephen Smalley with a number of new features. Greg Kroah-Hartman responded with a patch of his own that takes a slightly different approach.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

217 Distributions and Counting. Since we are being so widely-quoted these days in reference to the number of Linux distributions (see today's Front Page), it seems about time to update some of our statistics about the number of Linux distributions. To review past statistics, here are some general numbers that we've quoted in talks over the past year or so and to which we've added our current total. After all, if we're going to be quoted in the wider media and even as a reference in Microsoft materials, we need to keep our data up-to-date.

Estimated number of known Linux Distributions

Date	Number of Distributions
February 2000	110
August 2000	153
January 2001	188
June 2001	217

Simultaneously, however, we've stuck out our neck far enough to lightly reorganize our distributions list yet again. This time, we've done some small changes to the right-hand column. At the top, in alphabetical order, we've placed the seven general-purpose distributions that we have consistently found used by audience members when we've talked at various Linux conferences and user group meetings.

After that, we've listed seven more general-purpose distributions that, while their audience segment is still unknown, have had a high presence from a news perspective in these pages over the past couple of years.

These two lists are intended to represent the Linux distributions most likely to be considered for usage on a general-purpose server or workstation. Comments and suggestions are, as always, welcome.

Compare the number of distributions on these lists (14) with the overall total (217). This illustrates one of the points of the full talk on Linux distributions that Liz Coolbaugh updates and gives to various conferences and LUGs on an infrequent basis: although there are a multitude of Linux distributions, most of those are very specific, highly tailored tools. Only a fraction of them are competing for space on retail shelves or for the mindshare of Linux users.

Only a small fraction need to be considered and compared before choosing a Linux distribution with which to work.

The Linux distributions space is haunted, in general, by an absence of absolute statistics. Witness, as a result, this week's battle between Gartner and IDC about how many Linux server systems there really are. We would guess this is why the statistics from Liz's talk ended up first within a TechWeb article in January and now within Microsoft's own documents.

Numbers aren't biased inherently; the conclusions drawn from them will always be biased in some manner or another.

New Distributions

Linux/MNIS. Linux/MNIS is a distribution out of France with a bit of a split personality. It could also be considered two separate distributions, but since only one name is given to describe both of them, we'll keep them together. The two variants of Linux/MNIS come based on either Slackware or Debian. The website comments that both were chosen for their stability and their ease of administration, while Debian was also chosen for the large amount of software provided with it. Intel, Alpha, Sparc and Motorola platforms are supported.

MNIS appears to be a French-based technical support company, among other pursuits. They provide technical support for Solaris, SunOS, Linux, BSD, HP-UX, AIX, SCO-UNIX, and OSF-1. The Linux/MNIS distributions, therefore, are created primarily for their customers and to attract new customers that want local (to France) support available. [Thanks to Fred Mobach].

Distribution News

Red Hat News. The Linux 2.4.x kernel series is a bit stricter than earlier versions of the kernel in the manner in which vfat (Windows) partitions are handled. As a result, applications happily using files on a vfat partition under earlier versions of the kernel may fail under Red Hat 7.1. This unfortunately includes StarOffice 5.2. The actual bug is in the application, but getting a correction into StarOffice 5.2 is not likely to happen any time soon, if ever. All the end user can do is remember transfer files off a vfat partition to another partition before attempting to edit them with StarOffice 5.2.

Red Hat released updated ypbind packages this week to fix an error where an NIS client fails to bind to an NIS server at boot time, but reports success.

Caldera Previews 64-bit Linux for Itanium. Caldera has announced the availability of a preview version of OpenLinux for the Itanium processor.

Linux-Mandrake News. MandrakeSoft has released the first beta of Mandrake Linux PPC which is based on Linux-Mandrake 8.0. Some of the current problems, screenshots and other user comments can be found on MandrakeForum.

Dual-processor AMD systems have been tested with Linux-Mandrake. They are working well and are expected to be added to the supported hardware database soon.

Solutions for some CUPS printing problems are now available.

And a Spanish version of the Linux-Mandrake Demo & Tutorial Center is now online, thanks to volunteers from the Grupo de Usuarios Linux de Jaén. Note that this is still a work-in-progress; not all chapters have been translated.

Debian News. The latest issue of the Debian Weekly News (text version) has been published. Discussions include the recent downtime for master.debian.org and the 100,000th bug to pass through Debian's bug tracking system. Note also that .debs for Mozilla 0.9.1 became available this week.

From the Hurd side of Debian, the Kernel Cousin Debian Hurd reports problems with autoconf 2.50 (apparently also impacting general Debian GNU/Linux development),

Slackware News. Activity in preparation for the upcoming release has been heavy under the Intel port. Updated versions of svgalib, ispell, epic, isdn4k-utils, screen, automake, binutils and more were installed. Major updates include mozilla-0.9.1 (reported to contain nice improvements and no visible new bugs), galeon 0.11.0 and mysql-3.23.39.

gdm was upgraded to 2.2.2.1, which was marked as a security fix. So the Slackware changelogs provided us with information about a security problem that hadn't shown up in the security mailing lists yet. Also on the security front, sudo was updated to 1.6.3p7 (which had not hit freshmeat yet, when we checked), because it was rumored to fix a security problem, though the sudo Changelog gives no description of the changes in sudo 1.6.3p7. Slackware had already upgraded to 1.6.3p6 to fix a buffer overflow problem reported in early March.

Distribution Reviews

Red Hat Linux 7.1 Deluxe Workstation (ZDNet). ZDNet says that this edition of Red Hat Linux carries superb installation help but complex partitioning and modem setup remain difficult. "The installation procedure remains difficult for beginners and even mid-level Windows users, but Red Hat helps considerably by including well-written and highly informative explanations in the onscreen windows during the many steps of the installation wizard."

Minor Distribution updates

• Mindi Linux 0.20, "Some Linux distributions use a copy of the LibC library that is over 4MB in size. This and other over-large libraries and tools are copied piecemeal to Mindi's datadisks at run-time and will be reassembled at boot-time. This change should make Mindi compatible with the latest Debian and Mandrake distros".
• Mindi Linux 0.21, "When modules are loaded at boot-time, their original parameters from '/etc/modules.conf' are now passed to insmod".

Editor's note

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

Usability testing. In the May 3rd edition of the On the Desktop page here at LWN.net there was a note about some usability testing that was done for the GNOME project. Telsa Gwynn wrote in with some additional information on this testing.

The talk was given by Calum Benson of Sun at GUADEC 2001. I went to it and wrote a very brief write-up which includes the how, when and why. Another talk at the same conference about usability was by Darin Adler [formerly] of Eazel and included "user testing on the cheap": two webcams and a checklist works even if you can't afford a UI lab with bells and whistles. And some test results from MIT assessing GNOME usability were posted to nautilus-list@eazel.com before GUADEC II.

According to Telsa, the handouts from Calum's talk explained a little of how the tests were performed: "Here's a desktop. Look at it. Don't move the mouse. What do you think the icons represent? Why? Okay, now you can move the mouse and get tooltips. Now what do you think the icons represent? Okay, now try to ... (and so forth)". After the questions were answered a number of tasks had to be performed.

LWN.net interviewed Calum Benson, a Usability Engineer at Sun Microsystems in Dublin, Ireland about these tests with GNOME users. He says that usability isn't just about ease of use:

A less formal definition would be that a usable product is easy to learn and remember how to use, and helps you do your job quickly and enjoyably without making mistakes. Of course, each of those factors is more or less important depending on the product and the environment in which it will be used-- with an air traffic control system, for example, it's less important to be fun to use or easy to learn, and more important that it prevents you from making mistakes.

GNOME usability references
gnome-gui-list@gnome.org The original list, which tends to be noisy. usability@gnome.org This list was set up in as a result of the GUADEC II discussions. nautilus-list@eazel.com The Nautilus list often has discussions on usability. GNOME Usability Project

The tests on GNOME were organized by Calum's usability group at Sun Microsystems. According to Calum, Sun worries that GNOME developers need to see beyond the current user base of other developers.

The key message is really "we are not our users". The GNOME desktop will become much more mainstream over the next couple of years, especially once companies like Sun and HP start rolling it out, and that opens it up to a whole new audience-- mechanical engineers, web designers, financial analysts and the like, not the developers who currently make up the largest part of the user base.

It is important for developers to understand that users don't have to know about every way of doing a task. They only need one, at least initially.

It's important that the key features on a desktop are well signposted, especially if you're new to that particular environment. But while more advanced features or quicker ways of doing the same thing may not become apparent until you reach a higher level of competence and start experimenting and exploring, they still need to be designed to be as easy to use as possible.

Sun's participation in this sort of testing may be just what the doctor ordered now that Eazel is gone. While Ximian could do the testing, that might be considered akin to the fox guarding the hens. And open source alone may not have the resources to do this testing properly (but read on for KDE's plans for an alternative view there).

KDE Usability.  GNOME, however, is not the only group focusing on usability testing. While the breadth of testing for KDE has not been as wide as described at GUADEC for GNOME, SuSE's Kurt Granroth, KDE Core developer and evangelist in the U.S., says that the limited testing to date has produced results that are being incorporated into KDE 2.2.

The first group to do UI testing with KDE was Corel. They had a dedicated team working on UI issues and they uncovered quite a bit. They never released their results in the form of reports, though. What they did was have their lead UI guy subscribe to our kde-look mailing list. This list had been formulated for the express purpose of discussing and solving KDE UI issues. During the course of discussing various issues, many of the areas that Corel had investigated came up and were incorporated into the discussion.

Lately, a KDE core developer has been doing unofficial UI testing of KDE by installing the latest version in a few computers at an Internet cafe just down the street from where he lives. He then observes how the patrons use KDE and asks questions about how things can be improved. This has proven to be remarkably effective since nearly all of the patrons were new to KDE so they had no preconceived notions. The upcoming "app starting cursor" in KDE 2.2 is a direct result of the testing done in that cafe.

Finally, there is a sub-group starting up to create a formal KDE Usability testing process. It is headed by Jono Bacon and the first official use of it will be at the Linux Expo in England this July. We plan to extend and continue this in the future.

Granroth added that anyone interested in additional information should visit the KDE Usability Study web site.

GNUStep: Adam Fedor talks with LWN.net. Dennis Leeuw provided us with an article on GNUStep for non-technical users to give them an idea of what GNUStep is and why they might like to get involved. We decided to follow that up with an interview of the GNUStep project lead, Adam Fedor. "In fact, GNUStep is actually the same API as Mac's OS X. A program written for OS X would require only a few changes to run with GNUStep. While no OS X applications have been ported that he knows of, older NeXT applications have. One example is the MusicKit/SoundKit for building music, sound, signal processing, and MIDI applications."

AbiWord and KWord unite on Word filters. AbiWord and KWord developers have united to assist each other in developing better MSWord import filters. A call for cooperation from Dom Lachowicz, lead developer of AbiWord and wvWare, was cross posted to the KOffice mailing list (originally via Dom's message after the KOffice 1.1 Beta 1 announcement) and participants chimed in almost immediately. A new version of the wvWare library (previously named mswordview) is now in the works.

Pilot support update. David Desrosiers wrote in with additional information regarding the pilot-link (which he noted is not spelled "Pilot Link") software. The first thing to note is that development on this project is anything but dead. "A lot of good code has been put into the new codebase, and when 0.9.5 is released, it will be a revolutionary change from the 0.9.3 release (the last "official" release of pilot-link)." Most of the information he provided was in the form of links to various mailing list archives. The main web site, where current updates are to be made available, will be moving soon from its current location to pilot-link.org, which at the time of this writing was not yet a registered domain.

Rick Moen also wrote in to let us know he maintains a large collection of open source binaries and source programs for the PalmOS (meaning not just the Pilot but pretty much anything that runs PalmOS). The web site is just a directly listing currently, but an index file exists explaining most of the applications you will find there.

Desktop Environments

Catching up with KDE (Linux Journal). Linux Journal reviews KDE 2.1.1 and finds it provides a rich set of tools. "The Kompany has been turning out an amazing number of much-needed Linux applications. IBM has been working with Trolltech on integration of their ViaVoice software into QT to provide speech recognition to Linux users. "

KDE 2.2Beta Freeze. Waldo bastian posted a note reminding developers that the KDE 2.2 Beta 1 releases should be frozen in CVS now, meaning, among other things, that no new features are to be added to CVS until after Beta 1 hits the street.

Linux gladiators duel for desktop crown (ADTMag.com). The issues between KDE and GNOME run from philosophical to technological, as this article explains in detail, and IT decision makers are looking for a long term choice. "This UI piece doesn't really make any difference, short term. But long term, it becomes an issue. If you're betting on one horse or the other for your company, this decision matters."

Office Applications

Infusion: an Evolution for KDE. Navin Umanee noted on the KDE Promotions mailing list that there is a new QT/KDE based competitor for Evolution: Infusion. It runs through the Citadel/UX server for individual and community based messaging.

GNOME Summary for Jun 03 - June 09, 2001. The weekly summary of the GNOME world is out. Highlights include the release of a new developers version of the GStreamer multimedia framework and discussion on the initial python bindings for Bonobo being entered into the GNOME CVS tree.

AbiWord Weekly News #47. The AbiWord Weekly News #47 is now available. The most interesting bit of news was the discussion thread on the release schedule.

Kernel Cousin KDE #13 Released. This week's KDE Kernel Cousin includes summaries of discussions on Avery Label templates for KWord, KOffice file extensions and mimetypes and Flash support for Konqueror/Embedded.

Desktop Applications

Netscape set to unleash 6.1 beta (ZDNet). ZDNet reports on the upcoming Netscape 6.1 beta release. "Sources familiar with the 6.1 release said it would be faster and more stable than its predecessor. Other changes include a new cache for storing frequently accessed files, an upgraded mail program, new search functionality, and--borrowing a page from competitor Microsoft's Internet Explorer browser--drop-down auto-complete for Web page forms."

Gideon Development Update. This Gideon Development Update is brought to you by the dot (dot.kde.org). Gideon is the codename for the next generation version of KDevelop.

Open-Source Gaming for Linux (Linux Journal). This Linux Journal article looks at some open source gaming options. "One of the many neat ClanLib games, Trophy is basically an auto racing game with some Mad Max flair; you get to shoot at your competitors and toss bombs at them."

Pan 0.9.7 Released. The first stable release in two months has been made for Pan, a GNOME news reader. It includes better startup performance, sports a smaller memory footprint, and more accurately decodes binary attachments.

Galeon 0.11.0 Released. A new release of the Galeon web browser is also available. This release brings Galeon in line with the Mozilla 0.9.1 release.

Pyrite & Palm (IBM developerWorks). IBM developerWorks is carrying an article on using Pyrite, a set of Python tools designed to communicate with PalmOS devices. "A limitation of Pyrite Publisher is that it doesn't directly convert PDF or Postscript files to pdb files. Luckily, there is a simple workaround for this. The utility pstotext can transform a Postscript file into a text file. To generate a pdb file, first transform the ps file into a text file, and then use Pyrite Publisher to convert the text file into a pdb file."

And in other news...

Xft font management. Keith Packard posted an interesting tip to the KDE Core mailing list this past week regarding font management with the Xft :

Xft also supports per-user font directories and a per-user ~/.xftconfig file -- that will allow non-root users to install and use their own fonts without changing the global configuration.

Talking with Jim Gettys (LinuxPower). LinuxPower interviews the father of the X Windows System, Jim Gettys. "I believe very strongly that either GTK+fb or QtE are dead ends. Our experience in the market (beyond the hacker community) is that the major attraction is the ability to share with little or no hassle applications written for the desktop: while the applications may need reworking to deal with the screen size and touchscreen, there are many applications not written for GNOME (or KDE)."

The Agenda VR3: A Linux Orbit first look (LinuxOrbit). This review thinks the Agenga VR3 is, to put it plainly, "wow". "Originally, (with the first OS release) I experienced a slight delay when loading multiple applications. Thanks to the eXecute In Place (XIP) features, the PDA is much more responsive, especially when loading many applications at once (how many PDAs can do that?). The buzzer sound is very audible for the Scheduling application and the Contacts program is extremely quick. The FLTK apps for the Agenda have a similar style to their interface. Most of them contain a button labeled "Done" in the bottom left for exiting the application when finished using it. This makes the VR3 have a consistent feel. You don't have to re-learn an interface to use another application. The network application is a GUI based interface configuration program. Configuring it was a snap."

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

A new release of the GStreamer streaming-media framework, dubbed "Critical Mass", version 0.2.0 has been announced. "This release features a completely new scheduler, updated capabilities and autoplugging subsystems, a large number of new plugins, and a bunch of bug fixes."

GStreamer appears to be a very ambitious project, providing a broad framework for the development of many types of multimedia applications. Numerous flavors of Linux are currently supported along with FreeBSD. GStreamer is already being ported to several commercial Unix flavors, and more Unix versions are in the works. There are plans to make GStreamer work under MacOS X and Windows. The upcoming move from GTK+ to Glib 2.0 will allow for independence from a single windowing environment.

With the concept of generic audio and video sources and sinks, as well as the ability to route streams through filters, many types of multimedia functions can be implemented. GStreamer can be used to make mp3 players, DVD players, audio and video editors, mixing boards, and browser plugins, to mention a few possibilities. To get an idea of the breadth of this project, take a look at the GStreamer Status Tables.

The latest source code tar balls and RPMs are available from the GStreamer download page, Debian packages are being assembled.

Those who are interested in contributing to the GStreamer project should look at the developer information for a list of items that need attention. GStreamer is licensed under the LGPL and its plugins are typically released with GPL or BSD licenses.

It will be interesting to watch the development of GStreamer and its associated applications as they mature. If enough interest is generated, this critical mass may yet provide the focus for an explosion of new, cool applications on Linux and elsewhere.

Browsers

Mozilla 0.9.1. The latest version of Mozilla, version 0.9.1, has been released for testing. Updates include much better stability, an updated status bar that merges the old status and task bars, and improved LDAP support for Mozilla Mail.

Clusters

Sandia supercomputer program released to public. Sandia National Laboratories has released its Cplant (Computational Plant) system software for Linux machines. "A computer program that enables a collection of off-the-shelf desktop computers to rank among the world's fastest supercomputers has been released to the public by Sandia National Laboratories. The program, called Cplant[tm] system software, dramatically extends the capability of researchers to modularly assemble large blocks of off-the-shelf computer components." Cplant is being released with a GPL license.

Documentation

LDP weekly updates. This week's updates to the Linux Documentation Project have been posted. A new Initialization for IA-32 HOWTO is available and updates have been posted to the HOWTOs for modems, serial i/o, and text terminals.

Education

Linux in education report #46. This week's Linux in Education report discusses software for tracking exchange students, introductory Linux courses for colleges, and Avanti, a project for a platform independent automated library system.

Embedded Systems

Embedded Linux Newsletter for June 7, 2001 (LinuxDevices). The weekly Embedded Linux Newsletter has been released for this week. Top stories include coverage of Ripley, a wearable computer and the Sharp Zaurus move to Linux.

Network Management

Ganymede 1.0 released. After years of development, version 1.0 of the Ganymede network directory system has been released. "Ganymede allows large groups of administrators to share administrative control over designated portions of a master network directory database, and provides transactional reliability and intelligent constraint management to keep network directories consistent."

Your Network's Secret Life, Part 2 (Linux Journal). This article from Linux Journal reviews EtherApe as a tool in watching local networks. "EtherApe is a graphical network monitor that lets you see the action taking place over your network connection. EtherApe displays live connections in a manner that lets you visualize which connections are busier than others. The nodes appear bigger as larger amounts of traffic go across your network."

Science

FreeGIS CD version 1.1.0. A new release of the FreeGIS software CD is now available. This CD contains various software to analyse and visualise spatial data to make maps, including GRASS, MapIT! and gpsman as well as other software.

Software Development

Release 1.2.0 of the GNU Visual Debugger. A new release of the Gnu Visual Debugger has been announced. Release 1.2.0 contains numerous new features including an enhanced breakpoint editor, a data window with zoom capabilities , a break on exceptions feature, and more. GVD supports the C, C++, and Ada languages.

Web-site Development

mnoGoSearch 3.1.5 and 3.1.6 released. Versions 3.1.5 and 3.1.6 of the mnoGoSearch web search engine have been released. The project history details the changes, which include bug fixes and support for the DMALLOC memory debugger under version 3.1.5. Version 3.1.6 includes fixes for potential cgi exploits in search.cgi and bugs when using lower case flags.

Mod_python 2.7.5 released. Version 2.7.5 of the mod_python Apache/Python integration software has been released. This version adds support for Python 2.1.

AxKit v1.4 released (use Perl). A new release of AxKit, the XML/XSL application server for mod_perl and Apache has been released. The new release contains a large number of changes since the last version.

Zope Weekly News for June 9, 2001. The June 9, 2001 edition of the Zope Weekly News features the latest developments in the Zope world. An announcement has been posted for the first European Zope conference, a new beta release of CMF1.1 is out, revisions proposals are discussed, and new Zope T-shirts are available.

Miscellaneous

Attorney Dan Ravicher on Open Source Legal Issues (Slashdot). Slashdot has posted an FAQ on Open Source and Free Software licensing issues written by attourney Dan Ravicher. Software developers might want to take a look.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Ada

GtkAda 1.2.12 release. A new version of GtkAda, the Ada95 graphical toolkit based on Gtk+ has been announced. This version supports GVD 1.2.0 (see above), and features numerous updates and improved documentation.

APL

Sharp APL for Linux. Sharp has introduced a free verson of APL for Linux. Those familiar with APL know that it uses non standard glyphs instead of regular ASCII characters. To make life easier for the APL programmer, one company offers special APL keyboard decals. that stick onto a PC keyboard. (thanks to John McKown)

Caml

Caml Weekly News for June 6 through 12, 2001. The June 6 through 12, 2001 edition of the CAML Weekly News is out. Topics include the O'Caml Runtime Environment, a tutorial and survey on type theory, and a discussion on the lack of let mutable in O'caml.

Erlang

Erlang R7B-3 released. The R7B-3 release of Erlang has been announced. This release contains mostly bug fixes.

Java

Take control of the DOM, Part 2 (IBM developerWorks). Gary Cole and William F. Phillips discuss the writing of Java weblets in part 2 of a 3 part IBM developerWorks article. Part 1 in the series discusses the use of the Document Object Model (DOM).

Lisp

Recent additions to CLOCC. A number of recent additions have been added to the Common Lisp Open Code Collection (CLOCC) site. Included are a Lisp chess game, a graphical interface design tool, a unit testing environment, a library installation tool, and more.

Perl

Damian Opens YAPC with Perl 6 Overview (use Perl). Taking Larry Wall's place, Damian Conway opened the YAPC conference with an introduction to Perl 6. The design phase of Perl 6 is supposed to be completed by the end of 2001 and the software is scheduled to be released sometime in mid 2002.

CPAN updates (use Perl). The CPAN scripts index is working (again). Also there is now a CPAN update mailing list to keep you informed of new uploads to CPAN.

Perl 5 and 6 Porters for June 12, 2001. The June 12, 2001 issue of the Perl 5 Porters digest is out. Topics include removing dependence on strtol, regex negation, and a discussion on the need for more Perl committers. The June 12, 2001 edition of the Perl 6 Porters digest is also available, with discussions on unicode, properties and use strict, regular expressions, and more.

PHP

PHP Weekly Summary for June 11, 2001. The June 11, 2001 edition of the PHP Weekly Summary is available. Topics include a new PHP release candidate: PHP 4.0.6 RC 3, and bugs involving PHP and the alpha version of Apache 2.

Python

Dr. Dobb's Python-URL! for June 11th, 2001. The Dr. Dobb's Python URL for June 11, 2001 has been published.. Discussions this past week ran from calls for more contributions to the Cookbook, to intelligent agents and the release of MapIt 1.0, a web based raster map navigator.

Python-dev summary. This week's Python-dev summary is out, with coverage of the demise of the strop module, dictionary performance improvements, and more.

Sketch 0.6.11, a vector drawing program. Sketch version 0.6.11 has been released. "Sketch is a vector drawing program for Linux and other unices. It's intended to be a flexible and powerful tool for illustrations, diagrams and other purposes. It has advanced features like gradients, text along a path and clip masks and is fully scriptable due to its implementation in a combination of Python and C." This version features bug fixes and an updated Spanish translation.

Tcl/Tk

Dr. Dobb's Tcl-URL! for June 11th. This week's summary of the Tcl discussion groups is available from Dr. Dobb's. This past week saw some connectivity problems that prevented some postings to reach Google, but the information is available from alternative archives. Topics include a summary of the second European Tcl Users Meeting, Tcl and unicode, working with Roman numerals, Tk in embedded Linux, tclperl 2.3, and gnocl 0.0.3.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Industry Leaders Form TV Linux Alliance. Whether or not Linux is ready for the Desktop, Linux is ready for the TV set-top box. Two dozen companies have joined the TV Linux Alliance to define a standards-based Linux environment for the digital set-top box market by defining a standard application programming interface (API). Alliance members comprise hardware and software oriented companies, many of which already have considerable set-top technology. The alliance will use that existing technology when creating the API.

Having a standard API for all Linux based set-top boxes benefits everyone, from the broadband providers, to the authors of device drivers, and of course the end user. TV watchers everywhere should take note. If the alliance is successful in its efforts, the set-top boxes of the near future will be better and cheaper, with better compatibility between boxes from different manufacturers.

The TV Linux Alliance press release contains additional information as does this article from LinuxDevices. Lineo also sent us a copy of the release.

Non-allied set-top news. Century Embedded Technologies announced it would act as Technical Partner for open-source software technologies for the National(R) Geode(tm) SP1SC10 set-top box reference platform. "Century has developed WebMedia, a plugin-based application framework that includes an integrated web browser, HTML-based menu system, application manager, and a variety of plugins used to control all facets of the set-top box. WebMedia, when combined with open-source drivers from National, form a complete top-to-bottom Linux software solution for next-generation set-top boxes."

'LPI Certification in a Nutshell' from O'Reilly. O'Reilly has announced the release of LPI Certification In a Nutshell by Jeffrey Dean. This book should be of interest to anyone looking at Linux Professional Institute certification, particularly those who are preparing for the exams.

LPI plans to update certification Level 1. LPI announced plans to review and update its first certification. Some level 2 tasks will likely be moved into level 1, also obsolete references will be deleted or modified. Sounds like the book will need a revision soon.

CollabNet Selected by HP for Its Collaborative Development Program. CollabNet announced that it is providing the infrastructure and consulting services for Hewlett-Packard's Collaborative Development Program (CDP). The CDP allows HP employees to collaborate on projects internally and with external business partners.

Winnebago and NHL.com go with Linux. Linux powers a large variety of businesses. The numbers grow daily. In this IBM announcement, we see that Winnebago Industries, Inc. runs Linux on an IBM eServer mainframe. Winnebago will be implementing the Bynari Insight Server for its messaging and collaboration needs.

This IBM press release claims the NHL has gone to the penguins. "The site was recently enhanced using IBM Linux systems running Red Hat Linux version 7.0. The Linux system was easily integrated with existing IBM database servers running AIX, providing the necessary functionality to handle the large flow of data across all of NHL.com's servers. The systems installed by NHL.com will include a Linux-cluster consisting of five IBM Intel-based servers functioning as the Web server."

Linux Stock Index for June 07 to June 13, 2001.

LSI at closing on June 07, 2001 ... 32.81
LSI at closing on June 13, 2001 ... 31.27

The high for the week was 32.81
The low for the week was 31.27

Press Releases:

Open source products

• Cadence (SAN JOSE, Calif.): Cadence Announces a Complete, Reusable Functional Verification Solution to Address System-on-Chip Designs. Includes the TestBuilder open-source testbench development tool.

Distributions and bundled products

• NeTraverse Inc. (AUSTIN, Texas): NeTraverse to Power Caldera; Caldera to Deploy NeTraverse Win4Lin 3.0 Software Across Enterprise.

Proprietary Products for Linux

• Linux Center (HK) Ltd. (HELSINKI, HONG KONG): New Content Manager available, Nadmin Studio 1.4.

• MicroEdge, Inc. (APEX, N.C.): Visual SlickEdit Wins Programmer's Paradise ''Riding the Crest'' Award; Leading Development Tool Outsells All Other Programmer's Editors. In 1999, Visual SlickEdit received the "Riding the Crest" award for the best selling Linux tool.

• National Semiconductor Corporation (SANTA CLARA, Calif.): National Semiconductor Offers Linux Solutions for the Digital Set-Top Box Market.

• SWsoft (SOUTH SAN FRANCISCO, Calif.): SWsoft Launches a Profit Solution for the Hosting Market; 1-Net Singapore is first customer. Based on SWsoft's Virtuozzo(TM) technology, HSPcomplete includes everything a company needs to become a hosting service provider immediately. HSPcomplete currently runs on Linux, with Solaris, BSD and Windows versions planned.

Hardware and bundled products

• ASL (Milipitas, California): World's First AMD Athlon(TM) MP Linux Workstation.

• Macro 4 (): First output management solution for Linux on zSeries. Macro 4 delivers multiple-server, SAP(r) R/3(r) and mySAP.com(tm) certified output management technology.

Products and Services Using Linux

• MontaVista Software Inc. (HILLSBORO, Ore.): RadiSys, MontaVista Software and GoAhead Software Demonstrated Industry's First Truly Open High Availability System Architecture.

• Viosoft Corporation (CAMPBELL, Calif.): Viosoft Releases Arriba! 1.2 for Embedded Linux Development on the Intel(R) StrongARM* SA-1110 Development Platform.

Products With Linux Versions

• Allen Concepts, Inc. (): The KEYKatcher is a 'hardware only' computer monitoring system.

• BRECIS Communications (SAN JOSE, Calif.): BRECIS Communications Launches World's First Multi-Service Processor Family for the Last Mile.

• BRECIS Communications (SAN JOSE, Calif.): BRECIS FastStart Developer's Program for New Multi-Service Processor Receives Strong Support.

• California Software Corp. (IRVINE, Calif.): California Software Announces New Functionality for its AS/400 GUI Product.

• Co-Design Automation, Inc. (LOS ALTOS, Calif.): Co-Design Automation Delivers SUPERLOG Verification Automation Algorithm Within System-level Simulator.

• Diveo Broadband Networks, Inc. (WASHINGTON): Diveo Broadband Networks Named IBM Hosting Advantage Business Partner; Diveo is the First Latin American Dedicated Hosting Provider to Receive IBM Hosting Advantage Approval.

• Forte Design Systems, Inc. (SAN JOSE, Calif.): Forte Design Systems Introduces Perspective Language Independent Verification Results Analysis.

• Get2Chip Inc. (SAN JOSE, Calif.): Get2Chip Brings Timing Closure to Front-End IC Design; TOPOMO System Compiler Integrates Block Placement, Wire Planning Into Synthesis.

• Incentia Design Systems, Inc. (SANTA CLARA, Calif.): Synthesis Player, Incentia, Improves Multi-million-gate Design Timing Sign-off and Consistency. TimeCraft is a full-chip gate-level static timing analyzer for timing sign-off.

• Magma Design Automation, Inc. (CUPERTINO, Calif.): Magma Announces Blast Plan for Complex Chip and SOC Design Planning; Data Reduction Methodology Allows Large Designs to be Handled Efficiently Without Sacrificing Accuracy. Blast Plan is available for both the Solaris and Linux operating systems. It is currently in beta testing.

• Network Disk (BOSTON): Network Disk Showcases the Ultimate in Portable Storage Software in an Industry-Leading Event.

• PatchLink Corporation (SCOTTSDALE, Ariz.): PatchLink Corporation Announces Availability of WebConsole IT Management Suite for UNIX/Linux.

• Quadratec (SANTA CLARA, Calif.): Quadratec Joins EMC Corporation's E-Infostructure Developers Program. Time Navigator 3.5 is immediately available on Linux and other platforms.

• Quintalinux Limited (HONG KONG): Quintalinux Limited Releases Chinese Version of iOffice2000 Web-Enabling Groupware.

• RepliWeb, Inc. (FORT LAUDERDALE, Fla.): RepliWeb Launches RepliWeb Deployment Suite(TM)(RDS) Version 2.0.

• SERENA Software (LAS VEGAS): SERENA ChangeMan ALM Enhances Request Management and Enterprise Database Support.

• Serena Software (LAS VEGAS): SERENA Announces First Integrated Multi-Platform Life Cycle Management Solution to Speed Delivery of Enterprise Applications.

• SERENA Software, Inc. (LAS VEGAS): SERENA Software Teams With IBM to Provide Support for IBM's WebSphere Studio Workbench.

• StorageTek (MILPITAS, Calif.): Super DLTtape Technology Now Shipping in StorageTek L-Series Libraries; Super DLTtape Technology Provides Maximum Capacity for StorageTek Library Customers.

• Tech Soft America (Oakland, CA): HOOPS3D.edu Program offers FREE graphics, streaming and collaboration for education.

• TouchSystemsCorporation and eTurboTouch Technology (ROUND ROCK, Texas): TouchSystems Introduces New Patented, Resistive Touchscreen Technology: Turbo Pen.

• Unibar, Inc. (ROCHESTER HILLS, Mich.): Unibar Offers e-BARZ Pro 2.0 for Web Bar Codes; UNIX, Linux, NT Web Server Software Offers CGI, HTML Support.

Java Products

• Metro Link, Inc. (FORT LAUDERDALE): Metro Link Announces Third Release of Metro EnableWorks.

Books & Training

• LinuxCertified.com (Cupertino, California): Linux System Administration Bootcamp W/free Linux laptop!.

• MightyWords (SANTA CLARA, Calif.): MightyWords and XML Expert Benoit Marchal Provide Exclusive Digital Title with ABC's of XML.

• NuSphere Corporation (BEDFORD, Mass.): NuSphere Announces Nationwide Training Program for PHP Developers; NuSphere Meets Growing Demand for Web Scripting Language With Professional Instruction.

Partnerships

• Caldera International Inc. (OREM, Utah): Caldera and Toshiba Sign Comprehensive Support Agreement; All Caldera Software to be Certified on Toshiba Hardware.

• REDSonic, Inc. (SANTA ANA, Calif.): REDSonic Aligns with MegaSolution to Introduce Real-Time Linux Capabilities to the Japanese Market.

Personnel & New Offices

• Adelante Technologies (EINDHOVEN, Netherlands & LEUVEN, Belgium): New Company Champions Open Source DSP Solutions for 3G and Personal Multimedia Devices.

• Mission Critical Linux, Inc. (LOWELL, Mass.): Mission Critical Linux' Robert Tumanic Appointed Chief Executive Officer; Moiz Kohari, Founder of the Company, becomes Vice Chairman.

Linux At Work

• Nemein Solutions (HELSINKI): Nemein and Everscreen to produce Motiva's new web services. Nemein.Net Content Manager is powered by the Open Source Midgard application server and Hong Kong Linux Center's Nadmin Studio user interface.

• Tivoli Systems Inc. (VIENNA, Austria): Triaton Extends Managed Services of e-business Infrastructures with Tivoli. Triaton will use Tivoli Web Services Manager and Web Services Analyzer versions 1.6, to provide improved real-time event analysis, a real-time synthetic transaction investigator graphing tool, and Linux end-point support.

• Wincor Nixdorf Inc. (AUSTIN, Texas): Burlington Coat Factory Reduces Total Cost of Ownership, TCO, At The Point of Sale With Wincor Nixdorf's Linux Solution.

Other

• OpenP2P.com (SEBASTOPOL, Calif.): OpenP2P.com Announces Project JXTA Developer Contest; Contest Tests Peer-to-Peer Applications and Services.

• REDSonic, Inc. (SANTA ANA, Calif.): REDSonic to Demonstrate Benefits of its Real-Time Linux Solutions and Tools at ESC-Chicago.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Trinity drinks deeply at learning's open source (IT News). This article shows how an Australian college dumped its WindowsNT environment in favor of a thin client based Linux/GNOME/Python solution for its students. "Although the lab uses Debian with the GNOME desktop environment, Trinity was stuck with its Windows 2000 desktop licences. They sit, unused and unopened, in a cupboard. After being assured the HP clients would run Linux, "we couldn't get through to anyone who could give us boxes without Windows," says Wraith."

Code-Breakers Go to Court (Wired). Wired News reports on the lawsuit filed by Prof. Edward Felten and associates against the SDMI, the RIAA, and others. They hope to get a judgment ensuring their right to publish the details of their attack against the SDMI watermarking technology this summer. "'Studying digital access technologies and publishing the research for our colleagues are both fundamental to the progress of science and academic freedom,' said Felten, an associate professor of computer science. 'The recording industry's interpretation of the DMCA would make scientific progress on this important topic illegal.'"

Gartner: 8.6%, Miller: no way, UK Gov't: We'll try. (The Register). A trio of stories came to us from the Register. The first is another account of the recent Microsoft-sponsored Gartner group data showing only 8.6% of the servers in the US run Linux. These numbers are refuted by Robin Miller of Newsforge, who says units shipped hardly reveals units in use for open source operating systems. Finally, the UK Government's e-Envory portal designer has gotten religion and is adding open source connectivity to phase 2 of that project. (Thanks to Dave Killick for all three stories)

Battle brews over Linux server share(ZDNet). Gartner says Linux accounts for only 9% of server sales, but IDC says preinstalled systems are only a small part of the total Linux server usage. The Gartner number would be "quite reasonable" if it simply surveyed those new servers that came with Linux preinstalled, [IDC analyst Dan] Kusnetzky said. "But our research is that this is not how most users get their Linux," he said. "We found that just 10 to 15 percent of Linux adoption comes from preinstalled machines. It's a very small part of the market. For every paid copy of Linux, there is a free copy that can be replicated 15 times."

Companies

HP expands deal with programming site (News.com). CollabNet's expansion into proprietary software for distributed development brings HP in deeper to their business. "HP will pay CollabNet for use of Internet tools that enable worldwide programming efforts, with features such as tracking changes to software and permitting authorized business partners to contribute."

Novell tows VMware into education market (News.com). VMWare is looking to expand its academic distributions, starting with a deal with Novell. "The most complex Novell course requires a student to use four operating systems, said Aaron Osmond, director of business development for Novell's education program. Novell has made VMware-based education kits for four courses and has five more of these Quick Classroom products under development."

Sun woos fans for open-source Jxta (ZDNet). Sun tries to entice open source developers to the JXTA way, but research shows the convert count is small so far. "In an effort to whip up enthusiasm and win new disciples, the tousle-haired Joy spent much of his time sketching out a new vision of the Internet's evolution, a world where cell phones, handheld devices and ordinary PCs would wield the same power as massive Web servers."

Caldera loss exceeds estimate (News.com). C|Net's News.com summarizes Caldera's recent earnings report. "Like other Linux companies, Caldera has faced an increasingly difficult challenge as investors have left their initial giddiness for Linux behind. The company went public in March 2000 at $14 a share and recently has been trading below $2."

Business

Investor rage gets ugly (Red Herring). The Red Herring reports on "investor rage," which comes from having lost large amounts of money on dotcom stocks. "'My kids' ages are off limits, because of security. We get death threats at work from dissatisfied shareholders,' says Matthew Szulik, CEO of Red Hat, whose stock plummeted from a high of $143 in December 1999 to a low of $5 a year later, erasing $23 billion worth of market capitalization. 'People bought in when the stock was hot and the movement was hot,' Mr. Szulik groans, 'and now they're pissed.'"

Microsoft, Red Hat set open-source debate (News.com). C|Net reports on the upcoming Microsoft vs open source debate that will take place at the O'Reilly Open Source Convention in San Diego in late July. "Mundie is expected to explain why Microsoft's vision of "shared source" software, where the software giant makes the source code of some of its products available to customers and partners while still maintaining the intellectual property rights, is better than open source. Michael Tiemann, chief technical officer of Red Hat, will present the case for open source."

Reviews

Hacking Ellison's NIC for fun and profit (LinuxDevices). Jerry Epplin takes The New Internet Computer Company's Linux-based "NIC" Internet appliance for a spin and reviews his findings in LinuxDevices.com. "From my perspective as an embedded system developer, it wouldn't have killed them to provide a serial port on the unit -- although such an interface is admittedly unnecessary for the home market to which the NIC is targeted, and minimizing costs was clearly an overriding concern."

Volution Product Review (Linux Journal). Linux Journal reviews Caldera's web based systems management solution, Volution. "Volution is a systems-management product. It is not an operating system management product. The distinction between the two is gray and Volution crosses the line on both sides. For example, I can have the machine alert me if I have more than 15 users logged in, but Volution in its current state will not let me add or delete users. "

Interviews

Linux Device Drivers Update (O'Reilly Network). The O'Reilly Network talks with LWN editor Jonathan Corbet about Linux device drivers (and, of course, about the upcoming second edition of the Linux Device Drivers book). "In this interview, Jonathan discusses the changes in the device driver world since version 2.0, takes an educated guess or two at what's coming down the pike, and provides a few insights into the actual development process for these very important tools."

Miscellaneous

Want Linux on your desktop? Nine reasons to forget about it (ZDNet). AnchorDesk's David Coursey gives 9 reasons why he thinks Linux won't make it as a desktop. "Linux will never become common as a desktop operating system, and no amount of believing will change that. It only makes adherents look stupid. Why? Because Linux is too complex, and there isn't enough money to make it worth someone's time to build a really great environment for desktop apps." In a debate often ripe with opinion and little fact, Coursey is no different. While he is entitled to his opinion, he doesn't back it up with any research.

Linux Myths and Mythconceptions 101 (AboutLinux). AboutLinux responds to the ZDNet "Linux Desktop is Dead" article and picks apart the arguments presented in that opinion piece one by one to dispell this myth. "I will freely admit that David raises some valid concerns, however I have to point out that most of his "reasons" have absolutely nothing to do with Linux on the desktop; and calling them reasons for forgetting Linux on the desktop is ... interesting."

Is BSD getting lost amid the open source salvos? (ZDNet). ZDNet wonders whether BSD's silence over the Microsoft attacks is because they view the GPL the same way Redmond does. "The ambivalence of the BSD crowd to Microsoft's attacks is due, I think, to the fact that while they may be put off by the overall attack, they agree with Microsoft's complaints about the GPL. The fact that it is so difficult to build a business plan around GPL code--a key point of the Microsoft platform--is a point BSDers have been making for a long time."

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

LinuxUser issue 10. LinuxUser has made issue 10 available in PDF format. Stories include DNS administration, Apache testbeds and Bruce Perens.

Moving to Linux (AboutLinux). Bill Henning provides this series of summaries as he moves his web publishing business to the Linux Desktop. "I am really getting used to the X cut/paste - just select some text, and click the middle button where you want it inserted. Much faster than MS style Copy/Paste; and seems to work great for Netscape & Gnome Terminal. Saves me time. As a matter of fact, I now tend to be annoyed at apps on Linux that don't support the standard X cut/paste methodology."

How Stuff Works: open source, Linux, and Linus. How Stuff Works is a site that helps answer general questions in relatively short but detailed ways. Questions have been posted there relating to open source, Linux, and Linus Torvalds. The first two are questions and the answers provided are actually fairly accurate and succinct. The last item is an editorial piece about Linus.

Tip Of The Week: Sum it up. LinuxLookup takes a look at the md5sum command, to get a checksum on a file.

Events

FastTango Linux Clustering Technology Demo. Network Appliance will demonstrate its Network Appliance(TM) filers running Oracle9i Real Application Clusters (RAC) on FastTango Linux Clustering Technology at Oracle OpenWorld, Berlin, June 18 - June 21, 2001.

LSNet to Host Third Annual Linuxfest. LSNet, a local Internet Service Provider in Galax, Virginia, will host the third annual Linuxfest on July 14, 2001.

YAPC registration opens. YAPC (Yet Another Perl Conference) Europe registration is now open. YAPC runs August 2 - 4, 2001, in Hogeschool Holland Amsterdam, Netherlands.

Events: June 14 - August 9, 2001.

Date	Event	Location
June 14, 2001	Linux@work	Brussels
June 14, 2001	Hot Springs Educational Technology Institute conference	(Hot Springs High School)Hot Springs, Arkansas
June 14 - 15, 2001	Yet Another Perl Conference(YAPC)	Montreal, Quebec, Canada.
June 15, 2001	Linux@work	Amsterdam
June 16, 2001	Australian Open Source Symposium(AOSS 3)	(ANU)Canberra, Australia
June 20 - 21, 2001	Linuxdays 2001	St. Pölten, Austria
June 25 - 30, 2001	USENIX Annual Technical Conference	Boston, Massachusetts
June 25 - 27, 2001	NCSA Linux users' and system administrators' conference	(University of Illinois)Urbana, IL
June 29 - July 1, 2001	Linux 2001 Developers'' Conference	Manchester, UK
July 2 - 5, 2001	Debian One Conference	Bordeaux, France
July 3 - 5, 2001	Enterprise Linux Institute Conference	Olympia, London
July 4 - 9, 2001	Libre Software Meeting	Bordeaux, France
July 4 - 5, 2001	Linux Expo Exhibition	Olympia, London
July 5 - 8, 2001	LinuxTag 2001 - Stuttgart,	Germany
July 9 - 12, 2001	Embedded Systems Conference	(Navy Pier Festival Hall)Chicago, Ill.
July 9 - 13, 2001	SAGE - AU 2001	(Grosvenor Vista Hotel)South Australia
July 14 - 15, 2001	LinuxCertified Linux System Administration BootCamp	Cupertino, California
July 14, 2001	Linuxfest	Galax, Virginia
July 16 - 21, 2001	The Open Group Quarterly Conference	Austin, Texas
July 16 - 20, 2001	The Open Group Real-time and Embedded Systems Forum	Austin, Texas
July 16 - 21, 2001	The IEEE PASC (POSIX) System Services Working Group meeting	Austin, Texas
July 19 - 25, 2001	Networking Event 2000(ne2000)	Nuenen, the Netherlands, South
July 23 - 27, 2001	O'Reilly Open Source Software Convention	San Diego, California
July 23 - 27, 2001	1st annual PHP Conference	San Diego, CA
July 25 - 28, 2001	The Ottawa Linux Symposium
July 28 - 29, 2001	Rocky Mountain Software Symposium 2001(RMSS 2001)	(FourPoints Sheraton in Cherry Creek)Denver, Colorado
August 2 - 4, 2001	Yet Another Perl Conference Europe 2001(YAPC)	(Hogeschool Holland)Amsterdam, Netherlands

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

NetLinOS Web Portal launched to foster development of Linux-based Network Appliances. The NetLinOS Web Portal, a central location in the Internet to consolidate the efforts and initiatives related to Linux-based network connectivity, has been released. The Web Portal is part of the NetLinOS initiative, created by Cyclades Corporation to foster the improvement and consolidation of network connectivity in Linux and the development of Linux-based network appliances.

User Group News

LinuxFund.org launches LUG outreach program. LinuxFund.org is currently launching a unique Linux User Group (LUG) outreach program in an attempt to provide some source of financial support for the LUGs.

ALUG 2001.4 (End Of The Academic Year!). The next ALUG meeting will be at the UEA Norwich venue as a guest of tsw.org.uk (the student web) on Sunday 17th June 2001 2:00pm - 6:00pm.

The Linux Users' Group of Davis and the UC Davis Computer Club hold another free 'Linux Installfest' workshop. The Installfest will be held at Z-World in Davis on June 17, 2001. The regular meeting on the 18th will include a presentation by Gabriel Rosa on '3D Programming Basics with OpenGL'.

Greater London Linux User Group. The next GLLUG meeting will be at the (FrameStore) CFC Preview Theatre, 19-23 Wells St., London W1, on 23/06/01 Starting at 1pm and ending at 6pm.

LUG Events: June 14 - June 28, 2001.

Date	Event	Location
June 14, 2001	Boulder Linux Users Group(BLUG)	(Nist Radio Building)Boulder, CO
June 14, 2001	Phoenix Linux Users Group(PLUG)	(Sequoia Charter School)Mesa, AZ.
June 14, 2001	Hot Springs Educational Technology Institute conference	(Hot Springs High School)Hot Springs, Arkansas
June 15, 2001	Rock River LUG(RRLUG)	(Rockford College)Rockford, Illinois
June 16, 2001	SVLUG Installfest	Silicon Valley, CA
June 16, 2001	North Texas Linux Users Group(NTLUG)	(Nokia Centre)Irving, Texas
June 17, 2001	Beachside LUG	Conway, South Carolina
June 17, 2001	LUGOD / UC Davis Installfest(LUG of Davis)	Davis, CA.
June 17, 2001	Mesilla Valley Linux User Group(MVLUG)	(Village Inn on El Paseo Rd.)Las Cruces, New Mexico
June 17, 2001	Greater Lansing Linux Users Group(GLLUG)	(Michigan Library Consortium)Lansing,Michigan
June 17, 2001	ALUG 2001.4	UEA Norwich
June 18, 2001	Linux User Group of Davis(LUGOD)	(Z-World)Davis, CA
June 18, 2001	Haifa Linux Club	(Technion CS dept. bldg.)Haifa, Israel
June 19, 2001	Bay Area Linux User Group(BALUG)	(Four Seas Restaurant, Chinatown)San Francisco, CA
June 19, 2001	KCLUG Installfest	Kansas City, MO.
June 19, 2001	Linux Stammtisch	(Bandersnatch Brew Pub)Tempe, AZ
June 19, 2001	ESLUG: Hyggemøde	Denmark
June 20, 2001	Central Iowa LUG	West Des Moines, IA
June 20, 2001	Linux User Group in Groningen	The Netherlands
June 20, 2001	Arizona State University LUG(ASULUG)	Tempe, AZ
June 21, 2001	St. Louis LUG(SLLUG)	(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
June 21, 2001	Omaha Linux User Group(OLUG)	Omaha, Nebraska
June 21, 2001	Linux User Support Team, Taegu(LUST-T)	Taegu, Korea
June 21, 2001	South Mississippi LUG(SMLUG)	(Barnes & Noble)Gulfport, Mississippi
June 21, 2001	Gallup Linux Users Group(GalLUG)	(Coyote Bookstore)Gallup, New Mexico
June 21, 2001	Omaha Linux User Group(OLUG)	Omaha, NE, USA.
June 21, 2001	SSLUG: Installations arrangement	Denmark
June 23, 2001	Consortium of All Bay Area Linux(CABAL)	Menlo Park, CA
June 23, 2001	Greater London Linux User Group(GLLUG)	London, England.
June 23, 2001	Eugene Unix and GNU/Linux User Group(EUGLUG)	Eugene, Oregon
June 23, 2001	Linux Demo Day	Eugene, OR, USA.
June 26, 2001	Hazelwood Linux User Group(HLUG)	(Prairie Commons Branch Library)Hazelwood, Missouri
June 27, 2001	Linux User Group in Assen	Netherlands
June 27, 2001	Central Ohio LUG(COLUG)	Columbus, Ohio

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Linux History page.

This week in Linux history

Also announced was the very first version of rsync, written by Andrew Tridgell and Paul Mackerras.

Three years ago (June 18, 1998 LWN) The LWN crew took a much needed break this week, putting out a very light edition. The obvious conclusion, of course, is that very little happened.

Eric Raymond announced the Trove project, which sought to change the way software archives were organized.

I'm aiming high. I want the maintainers of the major existing archives to buy in early, so that by year-end the present creaking infrastructure can be replaced with something better.

Trove has not caught on in the way Eric might have liked, with one big exception: SourceForge uses it.

Two years ago (June 17, 1999 LWN): The "Open Source" trademark officially died, after the OSI concluded that it would never be able to get an official U.S. trademark registration. They promised an "OSI Certified" trademark instead, but that never materialized. Two years later, we seem to be doing OK without anybody's official stamp of approval. It is hard to imagine anybody trying to create such a stamp at this point.

Guylhem Aznar took over leadership of the Linux Documentation Project.

Jon "Maddog" Hall went to work for VA Linux Systems, where he remains employed. (Update: we've since been informed that Mr. Hall has left VA's employ - we were a bit behind the times there...).

The current development kernel release, 2.3.6, was fairly stable. However the 2.3.7 patch was classified as "dangerous", with 2.3.7 pre1 causing filesystem corruption in some cases. Unfriendly certainly, but only dangerous for those who don't believe in backups.

Applix announced the creation of a new Linux division within the company. The division was to concentrate on selling products to Linux users; it was also supposed to operate a web site that

...will provide an on-line knowledge base for users to search for information associated with Linux and Open Source Software vendors

The web site exists at VistaSource, however Applix no longer has much to do with it. Applix' Linux division became VistaSource in April 2000. Applix then sold VistaSource to Parallax Capital Partners, LLC last March.

One year ago (June 15, 2000 LWN) SCO announced it would launch its own Linux distribution. LWN wrote:

If you accept the idea that UnixWare shops are going to want to migrate toward Linux, the next question that comes to mind is "which distribution will they pick?"

SCO's distribution was abruptly cancelled shortly thereafter, as the company made an announcement that answered the above question: its merger with Caldera.

OpenSSH 2.1.1 was released.

Exile III: Ruined World for Linux was released.

Dave Winer says the Web is real, but open source is not in The Sixth Sense.

Thankfully the open source rage is on its last legs. If you're honest and made a bet on open source, and want to get help from the press and investors, here's some open source (free) advice. Play it down. "Oh that's an open source play" they will say, shaking their heads as they look for something else to hype. Like B2C and B2B, it's last year's trend. Avoid those trends like the plague.

Maybe so, but those "last legs" are looking fairly strong...

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

See also: last week's Letters page.

Letters to the editor

From:	 kevin lyda <kevin@suberic.net>
To:	 letters@lwn.net
Subject: linux is a virgo...
Date:	 Thu, 7 Jun 2001 10:50:49 -0400

on the whole i think ballmer's comments - and any other comments by ms
on free software - should be ignored.  obviously facts should be stated
where lies have been offered, but that should be enough.

however, one fact has not been corrected in most accounts i've read:
linux is not a cancer, it's a virgo.  linux was released on august the
25th, 1991.

personally i would love to hear of the following exchange:

reporter: mr. ballmer, were you aware linux was released on the 25th of
          august, 1991?
mr. ballmer: yes.  ok.  whenever.
reporter: then why did you say it was a cancer?
mr. ballmer: er...
reporter: do you use astrology a lot in your business decision making?

kevin

From:	 tet@accucard.com
To:	 Tres Melton <class5@pacbell.net>
Subject: Re: License trouble everywhere.
Date:	 Thu, 07 Jun 2001 12:24:56 +0100
Cc:	 letters@lwn.net


Tres Metlon writes:

> The only places that I would forgo this freedom is in the area of
> security.

This is the one place, above all others, where it's absolutely
*essentail* to have that freedom. Not doing so places you at the
mercy of the vendor, whether that be Dan Bernstein, Linux Torvalds,
or some nameless corporation. If a security flaw is found, you need
the right to modify the code and distribute the changes to guard
against a lack of responsiveness from your vendor. And sisnce you have
the source, you can always audit the changes yourself, or if you lack
the skill or desire, pay a third party to do the audit for you.

Tet

From:	 Tres Melton <class5@pacbell.net>
To:	 tet@accucard.com
Subject: Re: License trouble everywhere.
Date:	 Thu, 07 Jun 2001 16:38:14 -0600
Cc:	 letters@lwn.net, djb@cr.yp.to

tet@accucard.com wrote:

 
> This is the one place, above all others, where it's absolutely
> *essentail* to have that freedom. Not doing so places you at the
> mercy of the vendor, whether that be Dan Bernstein, Linux Torvalds,
> or some nameless corporation. If a security flaw is found, you need
> the right to modify the code and distribute the changes to guard
> against a lack of responsiveness from your vendor. And sisnce you have
> the source, you can always audit the changes yourself, or if you lack
> the skill or desire, pay a third party to do the audit for you.
> 
> Tet

I understand your point of view, completely.  I think it has more 
relevence to Microsoft products than to others that come with source. 
DJB's programs come with source, come with a license provision that 
allows changes to be made and allows those changes to be distributed in 
'patch' form.  If you look at the history of his programs security, to 
my knowledge, has never been compromised.  If you look at his WWW page 
for qmail he lists several patches that are available to filter spam and 
add extra functionality but since he has not thoroughly audited the 
code, and more importantly
they provide functions that are not within the scope of the relevent 
RFC's, he has limited their distribution to patches against his original 
source.  As far as vendor responsiveness is concerned, I suggest that 
you first find a security flaw and then see how responsive he is.

Tres

From:	 "David A. Wheeler" <dwheeler@dwheeler.com>
To:	 letters@lwn.net
Subject: Re: License trouble everywhere.
Date:	 Thu, 7 Jun 2001 11:03:40 -0400

Mr. Bernstein and some others have stated that they don't want modified
versions of their programs being distributed on the Internet without their
blessing.  However, by prohibiting free redistribution, their code
is no longer open source nor free software.

Thankfully, there are at least two simple, well-established legal tools
that can be used to meet both needs: trademarks and certification marks.
To use a trademark, just trademark the name of the program, and state that
modified redistributions may not use the name without permission
(without permission, they'll have to use a different name).
For example, Red Hat (http://www.redhat.com/about/corporate/trademark) and
Abiword (http://www.abiword.org/tm_guide.phtml) do this, and the
open source definition (point 4) _explicitly_ permits this.
To use a certification mark, create a certification mark and attach it
only to "blessed" programs.  Certification
marks let unblessed modified programs use the same name, but users then
have to look for the certification mark if they want a "blessed" version.

So that people can follow the rules, make sure you
put information about this in the program documentation
(and, if you're using a trademark, suggest types of names that are preferred
for unblessed versions).  You don't need to change the license -- in fact,
changing the GPL or LGPL license would make the code incompatible with other
LGPL/GPL software.  Instead, you just have to note the existence of
the trademark/certification mark and explain what that means.

You can also include prohibiting the use of certain names in the license
itself.  Apache does this (http://www.apache.org/LICENSE-1.1), but
according to some this creates an incompatibility with other software.

Of course, a cracker can ignore the legalese and distribute an unmarked
infected program.. but they can do that with licenses that
prohibit modification, too.

This way, developers can make sure that users know what they're getting,
while the program remains open source/free software.

A caveat: I'm not a lawyer.  But the use of trademarks in particular
is well-established practice, by organizations who DO have lawyers.

From:	 dps@io.stargate.co.uk
To:	 letters@lwn.net
Subject: Non-modification licences and security
Date:	 Fri, 8 Jun 2001 00:03:41 +0100

If one claims that modification restrictions are required for security,
I think they are missing the point. What is required is control over the
"official" version and people not being able to prevent trojanised versions
as the original or mainstream versions.

My checkps package is obviously in need of this control becuse it runs as
root and when it reacts your system has been cracked. Obviously trusting
almost anything is presumably a bug... in fact I hope that smart admins
will spot nything I missed. Source control is easy---my official versions
have seperate PGP signatures and I keep the keys required to generate
an official signture to myself.

(If I m unable to distingish between insecure and secure patches then
you would be well advised to avoid my security software. I like to
imgine checkps is paranoid enough to scupper all attempts to exxploit
it. Being open source the curious can examine the code to gauge the
reliability of my assertion...)

From:	 Chris Lawrence <chris@lordsutch.com>
To:	 Tres Melton <class5@pacbell.net>, letters@lwn.net, djb@cr.yp.to,
	 rms@stallman.org
Subject: Licensing (from LWN)
Date:	 Thu, 7 Jun 2001 20:52:37 -0500

I think the central goal of assuring end-users that they have the
"real McCoy" version of free/nearly-free software, that has been
audited by the author or some other source, can be accomplished a
number of ways:

- Licensing: Only permit limited redistribution.  DJB and Pine take
this approach.

- Trademarks: The AbiWord developers only permit releases of their
GPLed software that they build to carry the AbiWord name and certain
proprietary logos.  Ximian may fall into this camp too, but their
policy is more ambiguous, I think.

- Digital Signatures: The builder/distributor can sign the archived
software in some way (usually with GnuPG/PGP).  Ximian does this too;
many providers of RPMs sign packages; Debian signs release information
and is going to start signing packages too.  If the signature isn't
from the distributor, or there is no signature, you don't trust it.

None of these approaches will stop a determined person from
distributing non-real-McCoy software; I could put build binaries from
modified versions of DJB's sources and stick them in Freenet, and
probably live to tell about it, and at least one person has modified
Pine sources and binaries packaged for Debian on a website.  The
trademark approach is also problematic; people will often just
misappropriate trademarks (www.helixcode.co.uk to name one example).
Signatures have the best chance of working, but only if end-users or
adminstrators care who built the package (presumably they do if they
are security-conscious).  The latter two approaches do have the
advantage (or disadvantage, if you're the Pine folks or DJB) of
allowing scrupulous distributors to distribute the software, albeit in
modified form.

I think the real question is whether people benefit more from limited
distribution with no changes or unlimited distribution with possible
deviations from the initial author's intent (including possibly the
always-dreaded fork).  As a Debian developer (not speaking for the
project), I tend to think that the latter is preferable to the former.
There are reasonable licensing restrictions that can be made to
alleviate upstream concerns about frivolous support problems caused by
the distributor (forced renaming of modified versions; requiring
modified versions to include distributor support information instead
of upstream's, etc.) without foreclosing all modification.  Similarly,
concerns about package layout on different systems can be alleviated
through symbolic links.  I think we all benefit when more people can
hack on and use software, and truly free (open source) licenses help
ensure this freedom.


Chris
-- 
Chris Lawrence <chris@lordsutch.com> - http://www.lordsutch.com/chris/

From:	 andrew@pimlott.ne.mediaone.net (Andrew Pimlott)
To:	 Charles Hethcoat <CHETHCOA@oss.oceaneering.com>
Subject: Re: On the auditing of free software
Date:	 Thu, 7 Jun 2001 12:30:08 -0400
Cc:	 letters@lwn.net

Charles Hethcoat wrote:

> I think your outlook on auditing of code is a tad pessimistic.

It's hard to observe the state of computer security without becoming
pessimistic.

> Sure, code may sit there for years, but I feel it probably gets
> the attention that it warrants.  That is, if it gets little
> attention, then it's probably doing its job pretty well.

This is a dangerous fallacy, if you're talking about security
auditing.  "Doing its job" usually means that the common codepaths
work with common inputs.  Security holes typically involve uncommon
codepaths and unusual inputs.  We should have learned this lesson:
many free software packages have "done the job" for years, all the
while sporting serious vulnerabilities.

Open code may encourage auditing, but you're under illusions if you
think that more than a small fraction of security-relevant free
software has received the equivalent of a thorough audit.

> Having open code helps assure that the number of bugs steadily
> approaches zero over time.

This is a risible assertion--see http://bugs.debian.org/ (down right
now--due to hardware failure, not bugs!) for starters.  The only
method I know for achieving this is to have Donald Knuth write the
software.

> Look at how the immortal DOS and Windows bugs remain a part of the
> landscape forever, even though they are widely known to have
> caused all sorts of problems for people.

You have highly selective vision.  Read the SANS Top Ten
(http://www.sans.org/topten.htm) and cry.

Andrew

From:	 Steve Jorgensen <stevej@intertecservices.com>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: Comment in response to "Linux gladiators duel for desktop crown (ADTMag.com)"
Date:	 Fri, 8 Jun 2001 11:36:36 -0700

Following your link to "Linux gladiators duel for desktop crown 
(ADTMag.com)" and seeing that they have no kind of "talk back" feature, I 
thought I would post a reponse to you instead.

One thing that was left out of the comparison between GNOME and KDE is that 
there still is a Qt licensing issue with KDE, and it is of more than simple 
philosophical consequence.  I am working with a team desiring to produce a 
powerful, general-purpose, GPL-licensed database front end program that 
will run on both Linux and Windows.

The X version of Qt is free software, but the Windows UI version is not, so 
using KDE as a framework will not be an option for us.  We have, thus, had 
no choice but to use GNOME instead.  I think others wanting to develop 
GPL-licensed, cross-platform software will be coming to the same 
conclusion.

Note that I am not a rabid idealist, and I like KDE.  I just can't use it 
for what I'm trying to do because of the remaining Qt license conflicts.

From:	 Marcin Krol <mark@btweng.krakow.pl>
To:	 letters@lwn.net
Subject: Open source and common mistake of naive economics
Date:	 Mon, 11 Jun 2001 12:10:04 +0200

Hello LWN,

I wanted to point to a problem related to open source
and its economics that is frequently misunderstood
and important at the same time. In June 7th edition of
LWN in Security section you quote (I believe) Kaladix
developer:

"I am aware that it is not possible to relicense GPL
licensed software. Taking into respect that I do not
like companies that make money from my work, I thought
of licensing Kaladix Linux free for non-commercial
use according to the following assumption: [...]"

The above line of reasoning is oft-repeated fallacy.

Anybody who sells proprietary, closed-source
modified version B of program A is only able
to sell it for the sake of modifications made;
otherwise there's no point in buying/using
B at all, since A is available for $0, with
source code.

Typically, nobody moves A out of reach of public
by modifying A to B and selling B (note: it doesn't
even matter whether modified source code is available
or not). If so, the only thing that this company or
person makes money on is his own added value.




Regards,

Marcin Krol

From:	 Joe Klemmer <klemmerj@webtrek.com>
To:	 <letters@lwn.net>
Subject: Linux Handhelds
Date:	 Thu, 7 Jun 2001 16:19:04 -0400 (EDT)


	I just wanted to write a little about the Agenda VR3 that just
arrived in my hot-little-hands a couple of days ago.  This shouldn't be
considered a review, per se, but more of one man's experience.

	The VR3 is one cute little thing and it really is fun watching X
boot up on it.  The GUI isn't bad at all, FLTK is a nice and crisp toolkit
for X and it is small.  Having an xterm is definitely very cool.  The next
thing to do is to try and run an app off of the VR3 on my linux desktop.
:-)

	The only major down side to the thing is that Agenda should have
picked a much heftier processor for it.  The 66 MHz chip in there is darn
right pokey.  Think of running X on a 386 with 16 meg RAM (for those of
you old enough to have actually done this with Linux).

	The handwriting recognition doesn't work the way the manual says
but it does work, though I found it faster to use the on screen keyboard
for most of the stuff.  I haven't tried the sound part of things but I'm
an aboration, it seems, in that I don't care for MP3 players or any of
that stuff.

	Having seen PocketLinux running at last years ALS and seeing the
VR3 now I do think that the future for Linux PDA's is bright.  I don't
know if they will replace PalmOS PDA's anytime soon, though, but it looks
like they're off to a decent start.

---
If I actually _could_ spell I'd have spelled it right in the first place.

From:	 Dominic Mitchell <dom@semantico.com>
To:	 letters@lwn.net
Subject: Linux and the Palm Pilot
Date:	 Thu, 7 Jun 2001 10:13:25 +0100

I'd like to point out that you missed one useful tool for connecting
your palm pilot: coldsync <URL:http://www.ooblick.com/software/coldsync/>.

This is a command line tool, but it is very handy for quick backups as
well as syncing.  It's more of a "bare-bones" tool, you may have to
write your own scripts to get things done the way you want, but it's
very flexible and independent of pilot-link.

It also supports the Visor USB connection (but not, alas my new CLIE :-(  ).

-Dom

-- 
| Semantico: creators of major online resources          |
|       URL: http://www.semantico.com/                   |
|       Tel: +44 (1273) 722222                           |
|   Address: 33 Bond St., Brighton, Sussex, BN1 1RD, UK. |

From:	 Phil Cameron <pcameron@crescentnetworks.com>
To:	 letters@lwn.net
Subject: Kpilot Visor Mandreake 8.0
Date:	 Fri, 08 Jun 2001 09:42:58 -0400

Kpilot supports the Visor in Mandrake 8.0. I have been using it for a
couple of weeks now. I performed a backup and several syncs. You have to
start kpilot and hit the sync button at the same time for it to work.
Otherwise it just hangs.

phil

From:	 "Bryan O'Sullivan" <bos@serpentine.com>
To:	 letters@lwn.net
Subject: GTK+ text anti-aliasing support
Date:	 Thu, 7 Jun 2001 14:07:54 -0700

As a footnote to your article this week, it's worth pointing out that
both Jacob Berkman and I released patches to support Xft text
anti-aliasing under GTK+ 1.2 at the beginning of this year.  The
initial work is easy (obviously, since there are at least three
separate, independent patches out there); fixing broken GTK+
applications that do their own text rendering is a pain.

With GNOME 2.0 slouching towards Bethlehem, the level of motivation
needed to really tidy up and polish these patches into a coherent
whole is higher than any of us seems able to muster, alas.

	<b

From:	 Matt Dillon <dillon@earth.backplane.com>
To:	 letters@lwn.net
Subject: For Letters to the editor, re: "Is BSD getting lost amid the open source salvos?"
Date:	 Tue, 12 Jun 2001 18:10:36 -0700 (PDT)

    I feel compelled to comment on this ZDNet piece which showed up on
    LWN's Daily Updates page, because I think it approaches the issue of
    BSD, GPL and Microsoft from a fundamentally flawed direction... it
    considers them in opposition but I have only seen this from the fringe
    community.  I have never seen any such manifestation in the vast majority
    of programmers (except may you know who) who work on GPLd and BSD
    projects.  The copyright an author puts on his own work is simply a
    personal preference, nothing more.  I have never once seen the type
    of copyright prevent an open source author from contributing to a
    project he has an interest in.  Many linux authors contribute to the
    FreeBSD kernel and many FreeBSD authors help support the linux kernel.
    There is far more collaboration between the alleged 'camps' then
    is implied by press accounts, perhaps because those of us who do a lot
    of programming also tend to do less talking.  Or we try, anyway. 
    It is lost on many people that a huge portion of what makes up a BSD
    system is GPLd, just not certain core pieces.  A good 20 or 30% of
    the utilities and probably 80% (my guess) of the largest utilities
    are GNU and other vendor imports into our CVS tree.  Over 13MB of the
    source code in our tree is gnu alone, and another 130MB is contributory
    (mostly GPLd, like GCC).  The rest is BSD.  Whoopie, big deal.

    In terms of BSD being more commercial friendly then GNU... well, that is
    certainly true on a relative scale.  I even argue the point myself
    sometimes... but we are in total agreement that GPL does not particularly
    handcuff commercial interests.  Most commercial interests can use GPL'd
    code just as easily as they can use BSD code without having to worry
    about the copyright. 

    In regards to forcing more open standards, my opinion... and keep in
    mind that this is just my opinion, is that a BSD style license has as
    great an impact on pushing commercial interests to use open standards
    as the GPL does, it just goes about it in a different way.  You have
    to ask the question: Why would a company use open source in the first
    place verses building it themselves?  The answer is usually because
    they don't want to spend the resources building it themselves.  Well,
    just because a company can hide modified BSD code does not mean they
    are now suddenly willing to spend an enormous amount of resources
    making fundamental changes to aid code when they weren't willing to
    write the program from scratch in the first place!  The same reasoning
    applies, which is why you see a company like Microsoft 'steal'
    Kerberos but then use it almost verbatim, despite having tens of
    billions of dollars of cash lying around that could easily fund a
    complete replacement (hmmm... of course, finding sufficient talent
    might not be so easy even with billions of dollars, eh?).  Kerberos
    forced MS to go 95% of the way to an open-source solution, which is
    better then the 0% we would have gotten if Kerberos had been GPL'd. 
    And now that MS has done it, they have to support it.  Look at
    TCP/IP - Microsoft is being forced to essentially throw away a
    decades worth of proprietary networking protocols and use an open
    standard, and the GPL has nothing to do with the reason why.  LDAP,
    DBMS, etc etc etc... they all have similar effects and as much as MS
    tries to proprietize them, the simple truth is that they fail much
    more often then they succeed.  Even when they succeed it is usually
    by playing dirty tricks (like intentionally degrading MP3 audio in their
    player to force people to use their own formats) and has little to do
    with copyrights.

    My personal favorite is BSD, for the reasons above and because I don't
    really care if someone makes money off my code -- I am under no illusion
    that I can stop people from abusing my code no matter the copyright
    so I might as well not worry about it.  More power to them I say! 
    I get what I want, they get what they want.  Everyone is happy.  But, hey,
    that's just my personal preference and it certainly does not prevent me
    from pushing into conversations on linux-mm and other linux groups from
    time to time, nor does it prevent me from using or contributing to GPL'd
    code, or writing it (I wrote one of the original replacements for Vixie
    cron under Linux, called dcron!).  I like Linux too, but there are
    only 24 hours in the day and I need at least a few to sleep!

    Those of us associated with the BSD project know that Linux pushes our
    cause as much as it pushes its own.  Open source is open source, after
    all, and Linux is essentially UNIX no matter what the fringe elements
    say - open source projects compile up (natively) on FreeBSD as easily
    as it does on linux and we have our linux emulation for binary-only
    distributions!   KDE?, GNome?, Samba? yup... got all that, and a spiffy
    cool ports system that makes them easy to build and install too!

    Linux has the moment, and the momentum in the press, but it certainly
    isn't pulling developers away from the other BSD projects.  Everything
    is growing together in the open-source movement.  I see no reason to
    try to split the world's attention and neither do most other BSD focused
    developers.  We all win either way and that, perhaps, is one reason why
    we don't speak up as much as we could.  Linus speaks for us too!

						-Matt

From:	 deivu@tomigaya.shibuya.tokyo.jp (David Moles)
To:	 letters@lwn.net
Subject: Nine reasons
Date:	 Thu, 14 Jun 2001 04:47:15 +0900 (JST)
Cc:	 bhenning@aboutlinux.com, david_coursey@zdnet.com


Dear editors:

David Coursey set a trap
('Want Linux on your desktop? Nine reasons to forget about it'
http://www.zdnet.com/anchordesk/stories/story/0,10738,2773365,00.html)
and I'm afraid Bill Henning fell right into it ('Linux Myths and
Mythconceptions 101' http://aboutlinux.com/art_linmyth101_a.html).
We in the Linux community have still not learned to separate
advocacy from observation and accuracy from wishful thinking. Mr
Coursey's article is not always a model of clear reasoning, but
Mr Henning's response will do little more than to strengthen Mr
Coursey's opinions on Linux 'zealotry'.

The first point Mr Coursey makes in his editorial is a bit
convoluted but comes down to saying that Linux is not ready for
the desktop and until it is ready for the desktop there'll be no
financial incentive for companies to *make* it ready for the
desktop. Mr Henning's response is to say that Linux *is* ready
for the desktop, and this demonstrates that financial incentive
isn't necessary to make it so.

While I think in the long run Mr Henning's second assertion --
that good software can be developed outside of corporate labs --
will prove to be correct, I have to disagree with his first. Not
so much because Gnome and KDE aren't good user environments --
they are, or at least can be configured to be (see the Sun
usability tests at
http://developer.gnome.org/projects/gup/usabilitytests.html ) --
but because Mr Coursey is dead right about the applications.

The examples Mr Henning cites are telling: WordPerfect Office,
StarOffice, Kylix. (I confess to being unsure which AppGen he's
talking about.) Every one of those came out of a corporate lab;
and Kylix is a developer's tool, not a desktop application.
WordPerfect Office and StarOffice are both missing crucial
features for hard-core office users (MS Word's outline mode is
the one that's kept me tied to MS for ten years now) and have
compatibility and ease-of-use issues (font handling and printing,
for instance) as well. 'Almost-as-good-as-MS' is not going to put
Linux on the desktop of anyone but us 'zealots'. (That said, I
have high hopes for StarOffice's GPLed successor OpenOffice -- by
some time in 2003 or 2004 it might be quite nice.)

Mr Coursey also makes the point that if Linux is enough of a
threat to MS that it will spur MS to try harder to make their
customers happy, making it even more difficult for Linux to catch
up. Mr Henning's response is to claim that MS is more likely to
make their customers even unhappier than to make them happy. I
think this is going to turn out to be wishful thinking. I don't
like the idea of software rental, closed audio standards,
hardware-locked licenses, or appropriation of my email copyright
any more than Mr Henning does. However, with the exception of the
last -- which, as Mr Henning admits, MS has already given up on
-- I don't think the average desktop user claims about the first
three at all. Hardware-locked licenses aren't a problem to
someone (be they an individual or a company) who replaces
machines every three years and buys a complete new set of
software with each new machine. Closed audio standards aren't a
problem if you're only sharing audio with other MS users. And
software rental is not that far from the situation MS users are
already in -- paying $200 every 18 months for a basically
unavoidable MS Office upgrade.

Many of Mr Coursey's other points are, as Mr Henning says, not
really relevant. Mr Coursey's point about the threat of Linux
becoming Balkanized, however, is something the Linux community is
going to have to work hard to avoid. We'd better hope that the
major Linux vendors (and other interested parties such as Ximian)
take Mr Henning's 'Solution #3' -- the Linux Standards Base --
seriously. His other solutions are not promising. RPMs still
can't always be relied on cross-distribution without the
occasional '--nodeps' or '--replacefiles' ('cross your fingers
and hope it doesn't break anything'), and './make; ./configure;
./install' is hardly worth laughing at. This is the *desktop
market* we're talking about.

Which comes back around to Mr Coursey's main point -- that Linux
is not, so far, ready for the desktop. It is still too complex
for anyone but a power user -- and a power user who's willing to
take the time to learn its ins and outs. (I know professional
programmers with years not only of Windows background but Solaris
as well who have given up on getting Linux to work with their
hardware.) The desktop applications are not up to snuff and not
well integrated with the desktop environments. And we have yet to
see whether the free software model (or open-source model if you
prefer) can produce complex applications that address all the
needs of non-technical users. I still have hope that some day
Linux will get to that point, but it isn't there yet.

--David Moles

P.S. I suppose there is one rather depressing 'bright side' for
Linux -- which is that Windows, with a consistently inferior user
experience, has nonetheless been able to stay far ahead of the
Macintosh among desktop users. Perhaps the Linux community can
learn something from Windows' 'success'.