Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

As a result, Mr. Sklyarov faces a total of five counts; if found guilty, he could be sentenced to 25 years in prison and a $2.25 million dollar fine. In other words, he could be a guest of the U.S. prison system long after the mere armed robbers, rapists, and child molesters are allowed back into society.

It will be interesting to see how the U.S. decides to pursue the indictment against Elcomsoft the company; it's hard to sentence a corporation to jail. Elcomsoft President Alex Katalov is showing some serious bravery by remaining in the U.S. despite all that has happened.

The U.S. government, clearly, is serious about this prosecution. Somebody, somewhere, wants to put an immediate and forceful stop to the creation of "circumvention devices" and the exposure of third-rate encryption schemes. The raising of the stakes may be an attempt to intimidate Mr. Sklyarov into pleading guilty to a lesser charge, or perhaps the government wishes to make an example of him that nobody can ignore. One way or another, we are now seeing the degree of repression that the U.S. is willing to apply to ensure that certain kinds of software are not written.

It is time for the free software community worldwide to get serious as well. This is a threat we can not ignore. If this prosecution is successful, we will certainly see an increasing number of attempts to control, with force, how we can use our computers and what software we can write.

It takes very little imagination to picture a future where the general-purpose computer has been replaced by a "trusted computing platform" and systems which do not "seal data within domains" are treated as "circumvention devices." At what point, exactly, does Linux become an illegal device under the DMCA? In a world where programmers face 25-year sentences for code that was legal where they wrote it, this vision should not be seen as overly paranoid.

It is time to get serious. How can that be done?

• Write code. The wide distribution of PGP years ago had a profound effect on attempts to restrict cryptographic software. Free software is difficult to control; there is no easy target like the one Elcomsoft provided with its proprietary offerings. The more code that is out there, the freer we all will be.

• Attend protests. Many will be happening on August 30, of course, to mark the arraignment. But we will have to make ourselves seen and heard for a long time thereafter. See the event calendar on the FreeSklyarov.org site for the definitive list of events.

• Pressure the political system. U.S. citizens should be writing to their congressional representatives asking them to apply pressure for Dmitry Sklyarov's release, and to push for a repeal of the DMCA. Web pages exist to help you find your House and Senate representatives. Note that snail mail tends to be more effective than email.

  Those of you outside the U.S. can raise awareness within your governments, and work to ensure that DMCA-like legislation is not passed in your country. DMCAish laws have been proposed in numerous countries; now is the time to show where such laws lead. The DMCA should not be allowed to infect countries beyond the U.S.

• Tell people about what is going on. Write letters to the local newspaper. The Sklyarov case remains unknown to much of the non-technical population; that needs to change.

• Contribute money. A legal defense fund has been set up to help pay Dmitry's expenses. The EFF is also expending considerable resources on this case (and others), and could benefit from your membership.

It is also time to consider pulling Adobe's name back into this whole affair. It is Adobe that started this particular prosecution; the company should not, at this point, be able to get out with one simple joint press release with the EFF. Adobe started this thing; it should help end it.

The free software community is faced with a challenge that is far more daunting than that of creating a top-quality, free operating system. Most of us are well out of our competence and comfort when dealing with this sort of oppressive politics. But this issue is going to come to us, whether we choose to address it or not. We can win this fight; even in the U.S., justice can usually be made to prevail. But it is going to take an effort beyond just putting "free Sklyarov" in our .signature files.

The Sklyarov story is developing quickly; see the LWN.net Daily Updates Page for the latest news. (See also: the EFF advisory on the Sklyarov indictment. The indictment itself is available in PDF format. The Free-Sklyarov mailing list is a good, if occasionally high bandwidth, source of information and rallying point.)

VA Linux goes proprietary? VA Linux Systems started off with the bad news: in its fiscal fourth quarter, the company managed to lose an amazing $5.58 per share. Much of this loss ($267 million) is a result of the company's exit from the hardware business. Losses in the upcoming quarters will be less, which is a good thing.

Losses are going to have to keep getting smaller, though. The current projection is for a loss of $10 to $13 million in the next quarter. VA Linux Systems currently has $83 million in the bank, of which it expects to burn $6 million above its loss in the first quarter of fiscal 2002. That can not be sustained for very many quarters before something has to give.

The next bit of news out of VA Linux was, to some observers, even worse. In a letter to SourceForge users, the company explained that it plans to start offering commercial versions of the SourceForge software that include proprietary components. The nature of those components has not been made all that clear; it seems to include glue to integrate SourceForge with customer-owned proprietary systems (such as databases).

Interestingly, SourceForge.net, the free software development site, will be using a version of the SourceForge software with proprietary components. From the FAQ:

SourceForge.net will be using SourceForge Portal Edition, which will also include proprietary extensions, because it provides functionality that won't be available in future releases of SourceForge Open Edition.

So developers of free software on SourceForge.net will be using proprietary software to do their work.

A different spin on VA's new business direction can be found in Eric Raymond's mailing. According to Eric, VA is not changing its focus as an open source company in any way, it's just finding a way to more readily sell its free software and services by catering to the conservative instincts of middle managers.

What VA is doing instead is throwing a sop to those instincts by hanging some proprietary tinsel off the product. This makes it psychologically easier for Mr. Middle Manager to sign the check; he can think "I'm buying something real" -- as if bits on a disk are more real than the people-hours in the service contract that goes with it. But there it is; most sales and marketing is founded on the reality that people aren't very rational.

This, of course, is not a particularly complimentary attitude for a company to take toward its customers, but there may be some truth there. Maybe a bit of "proprietary tinsel" will succeed in making the SourceForge product more appealing to certain classes of customers. The proof will be in VA's results in the coming quarters.

It is difficult to criticize VA for doing what it thinks it needs to do to survive. If selling tinsel allows the company to continue to exist, employ free software developers, and operate SourceForge.net, then perhaps it is the best thing for the company to do. SourceForge.net, in particular, is a heavy, expensive commitment to the free software community. The lower VA's cash reserve gets, the more concerned SourceForge users (i.e. all of us, in one way or another) should be. As long as VA respects the licenses of the software it works with (and there are not allegations to the contrary), one can only wish the company luck as it looks for the combination that actually makes money.

Still, it is disturbing to consider the implication that excellent free software and services are not, themselves, sufficient to sustain a business the size of VA. That, certainly, is not the conclusion that many in the free software community were hoping to reach. Perhaps, as Eric Raymond says, the need for proprietary add-ons is temporary. And certainly the current economic climate is not helping. But it would have been nice to have more clear-cut free software business success stories by now.

Linux as a sound business move. Last week's History Page included a quote from a three-year-old ZDNet article:

Technically, Linux might be a reasonable choice, but what kind of company is going to rely on unsupported freeware or something that's supported by two tiny vendors? Rejecting Linux is a straightforward business decision. If it were supported by an IBM or a Hewlett-Packard, then that would be an entirely different matter.

That sort of stuff is always fun to pull out for a quick laugh; some of us, after all, had no doubts of Linux's bright future even in the prehistoric days of 1998. There is an interesting thing to note here, though: nobody talks that way anymore. One might reasonably question whether running a Linux business is a reasonable decision, but running a business on Linux is no longer controversial.

As an example of how entirely different the matter really is, consider this press release from IBM. It seems that the Securities Industry Automation Corporation (SIAC) is moving its "ARTMAIL" system to an IBM zServer running Linux. ARTMAIL operates as part of the New York and American stock exchanges, generating transaction reports for brokers.

It's hard to imagine a more conservative environment for Linux than the shuffling of financial data for the highest-volume stock exchange on the planet. Linux users will not doubt that the system can handle that sort of task; the fact that stock brokers now understand as well says a lot. Using Linux is not just a straightforward business decision; it's often the best decision.

Inside this LWN.net weekly edition:

• Security: A new SELinux release.
• Kernel: Whither 2.5?; min() and max() again; smarter readahead.
• Distributions: LNX-BBC reviewed; Linux DA for the Palm; Omoikane GNU/Linux.
• On the Desktop: KOffice 1.1 released, Webmin on Debian, Progress from Sun's Desktop Division.
• Development: The GPLFarm, MontaVista Library Optimizer, Jabber News, new FLTK, GNOME Accessibility, profiling multi-threaded Python, Automake 1.5.
• Commerce: Cluster solutions; lots of LinuxWorld announcements.
• History: Corel's Linux plans through the years; Red Hat and LASER5 part ways; OSDL's first year.
• Letters: Richard Stallman and freedom; entropy; VA Linux.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

New NSA SELinux release. A new release of the NSA's Security Enhanced Linux has been announced. This version is based on the 2.4.9 kernel; the most interesting new feature, though, is likely to be that this release is built on the new Linux security module architecture. It's the first release of this work as part of an integrated product, and thus it gives an indication of how future secure Linux releases will look.

The security module project, remember, started after the Kernel Summit last March. Linus Torvalds had stated that he wanted the various security projects to agree on a framework for hooking security extensions into the kernel, so that users could easily experiment with (and switch between) them. Work on the security module project has been proceeding quickly, to the point that the developers are beginning to consider proposing it for inclusion in the 2.5 kernel. Assuming there ever is a 2.5 kernel, of course.

The SELinux release is a good step in that direction, since it provides a demonstration of a security-enhanced kernel using the new architecture. It will also allow for wider testing of the security module code and help to shake out the remaining problems.

See the NSA Security-Enhanced Linux pages for more information. The generic security module code can be found on the Linux Security Module page.

CERT's quarterly summary is available; as usual, it points out the security vulnerabilities that (in CERT's opinion) people should be most worried about. It is dominated this time around by Windows-specific problems - Code Red, Sircam, etc. There is one issue in the list that is relevant for Linux users, though: the telnetd vulnerability. The current list of telnetd updates appears in the "Updates" section below; anybody who is still running telnet should be sure to apply the relevant update to their systems.

Security Reports

String handling problems in xinetd. A new set of problems has been found in xinetd, having to do with how it handles strings. Versions prior to 2.3.1 are vulnerable, and should be upgraded. As of this writing, the only distributor update available is from Conectiva.

web scripts. The following web scripts were reported to contain vulnerabilities:

• The PHProjekt groupware suite contains a vulnerability allowing any user to view and modify other users' data. The fix is to upgrade to version 2.4a.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Cisco has reported a vulnerability in its CBOS operating system that runs on its 600-series routers - such as its widely-used DSL routers. A denial of service is possible through excessive traffic to the router's web-based configuration port, which is enabled by default.

• Netscape 6.01a has a temp file vulnerability which could be used by a suitably talented and lucky local attacker to overwrite system files.

Updates

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19 LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3.

Previous updates:

• Mandrake (August 28, 2001)
• Progeny (May 17)
• Red Hat (June 21), 7.1, default configuration not vulnerable

Previous updates:

• Conectiva (August 29, 2001)
• Debian (August 9, 2001)
• Mandrake (August 13, 2001)
• Progeny (August 14, 2001)
• Red Hat (August 9, 2001)
• Yellow Dog (August 10, 2001)

This week's updates:

• Red Hat (October 22, 2001) (no explanation of changes from previous update).

Previous updates:

• Caldera (August 24, 2001)
• Conectiva (August 23, 2001)
• Debian (not vulnerable).
• Immunix (August 23, 2001)
• Mandrake (August 31, 2001)
• Red Hat (September 6, 2001)
• Slackware (August 27, 2001)
• SuSE (August 23, 2001)

Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.

This week's updates:

• HP (February 12, 2002)

• Caldera (August 10, 2001)
• Conectiva (August 24, 2001)
• Debian (August 14, 2001) (SSL version)
• Debian (August 14, 2001) (Update for Sparc version)
• Mandrake (August 13, 2001)
• Mandrake (December 17, 2001) (kerberos version)
• Progeny (August 14, 2001)
• Red Hat (February 7, 2002) (Update, for Red Hat 5.2, 6.2, 7.0, and 7.1, to the original advisory, issued August 9, 2001.)
• Red Hat (August 9, 2001)
• Red Hat (August 9, 2001) (kerberos version)
• Slackware (August 9, 2001)
• SuSE (September 3, 2001)
• Yellow Dog (August 10, 2001)
• Yellow Dog (August 10, 2001) (kerberos version)

Previous updates:

• Conectiva (August 28, 2001)
• Debian (August 9, 2001)
• Mandrake (August 31, 2001)
• Mandrake (September 12, 2001)
• Progeny (August 14, 2001)
• Red Hat (July 12)
• SuSE (July 26)
• Yellow Dog (July 25, 2001)

Resources

Events

The 14th Annual Computer Security Incident Handling Conference will be held on June 24 to 28 at the Hilton Waikoloa Village in Hawaii. The call for papers has been issued; the submission deadline is November 16.

Upcoming Security Events.

Date	Event	Location
September 11 - 13, 2001	New Security Paradigms Workshop 2001(NSPW)	Cloudcroft, New Mexico, USA
September 28 - 30, 2001	Canadian Association for Security and Intelligence Studies(CASIS 2001)	(Dalhousie University)Halifax, Nova Scotia, Canada.
October 10 - 12, 2001	Fourth International Symposium on Recent Advances in Intrusion Detection(RAID 2001)	Davis, CA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Alan Cox's current patch is 2.4.9ac3. This one contains everything from 2.4.9, with the exception of the min()/max() stuff and the virtual memory changes. The VM work, at least, is likely to find its way into the "ac" series slowly, in order to make it easier to assess the effects of each change individually. Also present in the 2.4.9ac series is a large merge of the MIPS port.

Whither 2.5? Back on June 21, Linus said that the 2.5 series "will open in a week or two." That, of course, was more than two months ago. As of September 4, it will have been a full eight months since 2.4 came out. Never in ten years of Linux development has there been such a long period without a development kernel.

This hiatus is making itself felt in a number of ways. One is that development items are finding their way into the "stable" kernel series. Back in January, Linus had laid out a stern policy on patches for 2.4:

In order for a patch to be accepted, it needs to be accompanied by some pretty strong arguments for the fact that not only is it really fixing bugs, but that those bugs are _serious_ and can cause real problems.

Patches since then have included API changes, wholesale driver replacements, zero-copy networking, and numerous other changes that would seem to have bent the above rule just a little bit.

Meanwhile, much of the serious development work that is on tap for 2.5 remains isolated and untested, or not done at all. And developers are increasingly wondering when the 2.5 series will start.

It is important, certainly, to hold the line on development work while the 2.4 kernel stabilizes. The developers need to maintain their focus on stability until the job is really done, and an open development series could easily distract many of them. But eight months is a long time without a development kernel. It seems time for 2.5 to start.

The min() and max() issue... Linus returned from Finland and put in his contribution to the debate on the changes to min() and max():

Yes, the new Linux min/max macros are different from the ones people are used to. Yes, I expected a lot of flamage. And no, I don't care one whit. Unlike EVERY SINGLE other C version of min/max I've ever seen, the new Linux kernel versions at least have a fighting chance in hell of generating correct code.

In other words, he does not intend to back down on this change, and people should just deal with it and get on with things. Most of the kernel hackers seem to have accepted this, with, perhaps, a final grumble or two and the discussion has died down.

An open question, still, is what Alan Cox will do in the "ac" series. 2.4.9ac3 does not have "the min/max thing which needs to be dealt with." Last week Alan had said that he would not incorporate this change in this form - though he does agree with the basic goals of the change. This change, however, affects a lot of files throughout the kernel, and maintaining a kernel that differs from Linus's in this respect would be a lot of work for Alan and many other kernel developers. It would probably be much easier for everybody involved to just adopt Linus's new way of doing things and be done with it.

Then, there was the well-intentioned guy who suggested supporting both the new and the old min/max macros, and surrounding each call with a #ifdef. That idea didn't get too far...

In search of smart readahead. This week saw a complaint that disk read performance is very slow when numerous threads are all reading simultaneously. One suggestion that came out quickly was to increase the readahead limit for disk files. It's an approach that has worked for some people, but a more general solution requires a deeper look.

"Readahead," of course, is the act of speculatively reading a file's contents beyond what a process has asked for, with the idea that the process will get around to asking for it soon. When properly done, readahead can greatly increase read performance on a system, and most operating systems implement the technique. A larger readahead limit can help performance by creating more contiguous I/O operations for the disk, and by making it easier to stay ahead of the reading process. So increasing the readahead size would seem like a fairly straightforward decision. Until, of course, you realize that readahead requires memory, and the system might just have one or two other possible uses for that memory.

In fact, it can even be worse than that. As Rik van Riel points out, awful things can happen if the system tries to perform more readahead than it has memory for. When memory gets tight, pages used for readahead can be reclaimed for other purposes, with the result that the data so carefully read ahead gets dropped on the floor. When the reading process gets around to asking for that data, it has to be read from the disk again. In this mode, all readahead does is increase memory pressure and duplicate I/O operations; the system would be better off giving up on readahead.

The solution, it would seem, would be to be smarter about just how much readahead is done. When lots of memory is available, the readahead window should be large; as memory gets tight that window should be reduced. There are several ideas on how smartness should be implemented, however.

• A relatively simple approach, again from Rik van Riel, is to keep track, on a per-file basis, of how many pages are read ahead, and how many are actually still there waiting when the process wants them. A large discrepancy would mean that pages are getting tossed before they are used, and the readahead window should shrink. This approach has the added benefit of adapting the window for each reading process; the readahead window would naturally be larger for processes that move through their data quickly.

• Daniel Phillips has a more complicated scheme involving active management of readahead pages as a separate class of memory page.

• Linus points out that "trying to come up with a complex algorithm on how to change read-ahead based on memory pressure is just bound to be extremely fragile and have strange performance effects." He proposes, instead, to simply drop readahead requests when the I/O request queue for a disk fills up. It's a simple technique that is easy to implement and verify, though it is not clear that it would fix all of the readahead problems.

Rik van Riel has stated his intention to proceed (with others) on an approach which dynamically scales the readahead window size "using heuristics not all that much different from TCP window scaling." Stay tuned for a patch.

Journaling filesystem performance comparison. Andrew Theurer (of IBM) has posted the results of a performance comparison between several Linux filesystems. The standard ext2 filesystem beat all of the journaling filesystems by a fair amount; JFS was the fastest among the journaling systems. ReiserFS came in last in this set of tests.

It turns out that Randy Dunlap, too, has been testing journaling filesystems. He is using a different benchmarking tool, but has come up with roughly similar results.

The ReiserFS testing, as it turns out, was done with a default mount option that reduces performance (but which saves disk space). People interested in performance in ReiserFS should mount with the -notails option. The above tests will be rerun with that option, but no results had been posted as of "press" time.

Other patches and updates released this week include:

• Jens Axboe has released a new version of his zero-bounce high memory block I/O patch (which contains the 64-bit PCI DMA code from David Miller as well). Among other things, the number of drivers that support high memory I/O has been increased.

• devfs v191 and devfsd v1.3.18 were released by Richard Gooch.

• Robert Love has updated his patch which allows network devices to contribute to the /dev/random entropy pool.

• Also from Robert Love is an updated version of the preemptable kernel patch by Nigel Gamble (covered in the March 15, 2001 LWN kernel page). Note that this patch "has not been tested" on SMP systems.

• A snapshot of the x86-64 port, based on the 2.4.9 kernel, has been posted by Andi Kleen.

• Keith Owens has released new versions of the ksymoops and modutils packages.

• Version 0.9.0beta7 of the ALSA sound driver system has been released by Jaroslav Kysela.

• Neil Brown has released version 0.5 of his "mdctl" RAID control utility.

• A "diet" version of the hotplug scripts, intended for memory-constrained systems, has been released by Greg Kroah-Hartman.

• The FOLK Project has a new, more bloated than ever release with a number of new features, including the Linux security module patch and more.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

The bootable business card is not dead, though. Many of the original BBC developers went off and created the LNX-BBC project to continue the BBC work. This project has recently come out with version 1.618 (the version number is a long story...) of this distribution, and has cranked out a few thousand copies to hand out at LinuxWorld.

Get one if you can, the LNX-BBC project has created a high-quality distribution.

The new BBC boots into a 2.2.19 kernel; you can even get it to run in the framebuffer mode if you don't mind the cute but distracting business card logo on the top of the screen. It's a full kernel, with support for PCMCIA, ReiserFS (and about any other filesystem you could name), FreeS/WAN, and more. The boot process attempts to locate and mount all of the filesystems on the host system, which can make life easier if you're trying to fix a seriously hosed system.

If you need networking, just run the trivial-net-setup script. It needed a little help in picking a module for the adapter driver, but was able to come up with the right guess on our test system.

Once you're up, you're talking to a Debian-derived Linux system with a full complement of utilities; the LNX-BBC folks have managed to shoehorn an awful lot of stuff into that little disk. Everything you would expect in a rescue system is there: utilities for disk diagnosis and repair, restoring of backups, hardware diagnosis, network debugging, and so on. But it doesn't stop there; LNX-BBC also includes an X server, and tools like cdrecord, cvs, links and lynx, perl, python, pilot-link, and a highly useful little gadget called "sl", which makes a steam locomotive chug across the screen. There's even a version of kerneld, though, with a 2.2 kernel, it's not clear why that would be necessary.

Also included is an experimental Debian installer. Thus, the LNX-BBC can be used as a quick and easy way to install Debian on any system that crosses your path. Doing so with those Windows-only systems in the LinuxWorld press room would probably be considered to be in poor taste, however.

The new LNX-BBC should find its way into any system administrator's toolkit. Be sure to grab your copy at LinuxWorld, or download one from the LNX-BBC web site.

Note: The German firm innominate also supplies a bootable business card rescue disk.

New Distributions

Empower Technologies Inc. Creates Operating System Choice for Palm Users and Palm-Compatible Manufacturers. Empower Technologies announced its Linux DA operating system for the Palm Pilot. Linux DA O/S v1.0 DBE replaces the Palm O/S within the actual handheld device, but still remains fully compatible with the Palm and Palm-compatible hardware.

Omoikane GNU/Linux. Omoikane GNU/Linux is a Japanese commercial distribution based on Debian. The base system is Debian 2.2r2. They actually offer four types of distribution: Workstation (a compact system for desktops), Workstation++ (which adds more packages to Workstation, mainly for development), Server (which, as you might guess from the name, provides server packages such as Apache, BIND, Namazu2 (a Japanese text search engine), PHP4, PostgreSQL and squid), and lastly X-Term (an unusual system which turns a PC into an X terminal using a live boot system, so it requires no installation).

Omoikane isn't a new distribution, but as it is focused on the Japanese market, it seems to be largely unknown outside of Japan. Their website is in Japanese. (Thanks to Bruce Harada for the pointer and the translation.)

Distribution News

EnGarde Secure Newswire!. EnGarde Secure Linux presents the EnGarde Secure Newswire #2. This monthly newsletter contains details on EnGarde development, usage tips, news and reviews pertaining to EnGarde, and information on the latest software released by Guardian Digital for EnGarde. This issue contains reviews and information about the latest software updates.

LASER5 Linux 7.1. LASER5 started out as a project to localize Red Hat Linux to Japanese. Though LASER5 and Red Hat parted ways two years ago, the project has stayed active. They have a new release as of August 24. At least I think that's what it says. The website is, of course, in Japanese.

Linux Mandrake News. The Mandrake Community News #11 is available in French and available in English.

Mandrake Linux PPC 8.0 final release is now available.

Mandrake Linux 8.1 beta 2 is also available. New features this time around include improved administration tools and the Prelude intrusion detection system.

New NSA SELinux release. A new release of the NSA's Security Enhanced Linux has been announced. Among other things, this release includes the security module work that has been proceeding so quickly over the last few months.

SuSE Linux. SuSE president and CTO Dirk Hohndel has announced his intention to leave the company. "Dirk steps away from SuSE to pursue his personal and professional interests." No word as yet on who the replacement might be.

SuSE has announced the release of SuSE Linux Enterprise Server 7. It's strongly aimed at corporate users, of course, and, beyond all of the features one would expect in a server product, it includes maintenance services. Also listed as a feature is a one-year release cycle.

SuSE announced a back to school special. SuSE's Free Linux Program for US High Schools is in Phase II of its successful campaign to develop greater awareness of open source computing and SuSE Linux throughout US high schools.

Redmond Linux build 38. Build 38 of the Redmond Linux distribution has been announced. A number of fixes and new features are included; it's not quite ready to be called a release candidate, however.

Minor Distribution updates

ClarkConnect. ClarkConnect is an Internet gateway software package based on Red Hat 7.1. Version 0.8.1 was released August 20, 2001.

Astaro Security Linux. Astaro Security Linux version 2.0 was released August 24, 2001. The new version significantly enhances the included software with added functionality such as VPN for IPSec, PPTP for secure road warrior communications and SCSI-Support for high availability security solutions. The complete list of enhancements included in Astaro Security Linux 2.0 can be found in the press release.

Distribution Reviews

The Linux lineup (ZDNet). ZDNet compares a slew of recent Linux distributions, including Caldera OpenLinux eServer 2.3, Linux-Mandrake 8.0, Slackware Linux 7.1, Turbolinux Workstation Pro 6.1, Debian GNU/Linux 2.2, Red Hat Linux 7.1, SuSE Linux 7.2 Professional.

Vector Linux 2.0 Review (Evil3d.net). The folks at Evil3d.net have reviewed Vector Linux 2.0. "80MB heavier, VectorLinux 2.0 is still going to be my choice of a gaming box distribution. It is still very light, still up to date, and it includes better configuration tools than the previous version."

Yellow Dog 2.0 Review (MaximumLinux.org). Here's a review of Terra Soft Solutions' Yellow Dog Linux from MaximumLinux.org. "Yellow Dog Linux is a very robust distribution based heavily on the Red Hat x86 distro. With two big differences, it's uses a PPC kernel (obviously), and the default installation is much more secure than Red Hat's distribution. Yellow Dog leaves all ports turned off by default leaving it up to you turn on which services you plan to use for your particular application."

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

KOffice 1.1 released. KOffice 1.1 is out; see the announcement for the details. The list of changes is lengthy and impressive. These changes include:

• KWord: a new formatting engine is powering the whole thing. KWord is now more careful in its on-screen formatting, so that you should see things the same size as they will appear on paper. Table support has been redesigned, and there is a new formula widget as well. You can now embed KPresenter objects into a document, and KWord can be embedded into other applications as well.

• KSpread: A whole list of new functions has been added. Hiding of rows and columns is now supported. The undo mechanism has been improved.

• Kivio: this application (a flowcharting program) has been integrated into KOffice.

• Kugar is another new application; it is a database reporting tool.

Those interested in KOffice might also want to look at the KDE dot News story on the release, which, among other things, points out a number of the shortcomings that the KOffice developers still have to address. The proprietary format filters seem to be at the top of that list. As a work in progress, KOffice certainly will have areas that could be improved; that does not, however, change the fact that this free office suite has come a long way in a short time, and shows no signs of slowing down.

Webmin/Debian update.   Last week we said that Debian developers were looking seriously at the Webmin administration interface but we weren't sure if they were adding it to the Debian distribution. Well, they are. The Webmin maintainer for Debian, Jaldhar H. Vyas, tells us:

Webmin packages are available in the testing and unstable distributions and I will make unofficial packages for stable available from my websiteWebmin packages are available in the testing and unstable distributions and I will make unofficial packages for stable available from my website.

Desktop Environments

Gnome Board Meeting. Daniel Veillard has sent us the minutes from the August 21, 2001 GNOME board meeting.

Interview: James Henstridge and libglade. The GNOME folks are starting up a series of interviews with their developers; the first is this interview with James Henstridge, developer of libglade and several other things. The interview concentrates mostly on libglade and its future.

Sun's Desktop Division making headway (linuxpower). Christian Schaller interviews a number of GNOME developers at Sun. "Still, most of the Sun hackers and their work is not well known to all members of the GNOME community and definitely not to the Linux community in general. To do something about this, I decided to interview some of the members of Sun's Desktop Division and ask them what kind of things they are working on. The number of people interviewed here is still just a small subset of the people working at Sun on GNOME and GNOME related technologies. Most of the people in this interview work at Sun's offices in Ireland."

KC KDE Issue #20. The Kernel Cousin KDE is back with "... stories on continuing efforts to improve Konqueror's support for EMCAScript (JavaScript), security issues when using webform completion, efforts to create SCP and SFTP KIOSlaves, and much more."

Office Applications

Abiword Weekly News. Well, he said he'd be gone for two weeks, but Jesper Skov has published another issue of the AbiWord Weekly News this week. Topics this week include lots of discussions on new feature requests such as tabbed windows instead of multiple top level windows and better PalmDoc support.

Desktop Applications

Bonobo Clipboard 0.1 'Hey! It compiles!'. The first release of the Bonobo Clipboard, version 0.1, has been announced. Since this is an early release, several testing programs are included.

And in other news...

Roundup Issue Tracking System. Version 0.2.7 of the Roundup Issue Tracking System has been announced. " Roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. It is based on the winning design from Ka-Ping Yee in the Software Carpentry "Track" design competition."

Simutrans for economic simulation (Linux For Kids). Linux For Kids reviews Simutrans, an economic simulation game that is similar to Railroad Tycoon. "The graphics are very good, with little animations a la Simcity. There is an AI that competes against you by building its own roads and tracks between lucrative spots on the map. You only make money by delivering the goods, not for manufacturing. Once you build the roads, you will see houses starting to pop up, and car traffic starting to use the roads you built for your trucks."

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

GPL Farm is a developers family with a very innovative idea. GPL Farm will collect Linux developers around the world throught our developers center, each developer subscribes in our site, then we will launch a software project with guidelines and a fixed timeline. Registered developers will subscribe to a project, then we'll select a programmer who will work on the project and will assign it. Then the programmer starts making the requested software, within the established time. The programmer submit his work to GPL Farm, then we'll test it with our Testers Staff. At this point we pay to the programmer the accorded ammount and the final step is that GPL Farm will release the software under the GPL license. Easy no?

Payment for projects will range from around US$500 to US$30,000 depending on the complexity of the project. Projects are categorized into groups of life forms such as insects, birds, reptiles, mammals and dinosaurs. Insect projects are small and easy to develop, whereas dinosaur projects are large and long term.

Developers will be required to sign a contract, and payment will be made when the project reaches beta testing status. Developers who don't complete projects will be ineligible for further work. Once finished, the project will belong to the GPL Farm, and will be released with a GPL license.

Beta testers will work for free, they will have access to the code in an early state, and presumably, will be able to add their direction to the project with feedback to the developer.

The documentation does not go into much detail about how the various projects will be selected, presumably, that will be done by the GPLFarm leaders. It does not appear that the sponsors will have a lot of power in choosing categories that their funds will support, although that does seem like a logical method for assuring more motivated sponsors.

The GPL Farm looks like a novel idea, and will hopefully succeed in focusing developer efforts onto useful new projects for Linux.

Audio

Linux Audio Mailing Lists. In the current Musings section of the Linux Sound Software site, Dave Philips mentions a new mailing list for Linux sound enthusiasts, the Linux Audio User list, which focuses on the user side of Linux audio software. Also, for the more development oriented people, the Linux Audio Developer list covers the software side of Linux sound.

Databases

Release 0.1 of myperl. Brian (A.K.A. Krow) discusses the embedding of Perl code in mySQL as a stored procedure, and introduces an experimental project called myperl for achieving this capability.

Education

GNU/Linux in education report #51 for August 24, 2001. The GNU/Linux in education report for August 24, 2001 is out and includes discussions on Linux in Australian schools, free software at the World Education Forum, and a new project that is assembling case studies of open source software in schools.

Electronics

New Icarus Verilog Snapshot. A new snapshot release of the Icarus Verilog compiler, dated August 26, 2001, is available. This version includes speed optimizations, and adds functionality for general bit selections.

Embedded Systems

Embedded Linux applications (IBM developerWorks). IBM's developerWorks explains the benefits of embedded Linux and offers some options in this arena. "Some real-time hardware and software Linux APIs to consider are RTLinux, RTAI, EL, and Linux-SRT. RTLinux is a hard real-time Linux API originally developed at the New Mexico Institute of Technology. RTAI (DIAPM) is a spin-off of the RTLinux real-time API that was developed by programmers at the Department of Aerospace Engineering, Polytechnic Politecnico di Milano (DIAPM). EL/IX is a proposed POSIX-based hard real-time Linux API being promoted by Red Hat. And Linux-SRT is a soft real-time alternative to real-time APIs, which provides performance-enhancing capabilities to any Linux program without requiring that the program be modified or recompiled."

Embedded Linux Newsletter for August 23, 2001. The August 23, 2001 edition of the Embedded Linux Newsletter includes news of HP's expanded role in the embedded Linux market, the multivendor set top box project known as Linux4.tv, and Lineo's latest financing deal.

HP expands commitment to Linux in devices (LinuxDevices). LinuxDevices covers HP's upcoming LinuxWorld announcements, including the new Chai-LX. ``Bruce Perens, HP's senior strategist on Linux and Open Source, put HP's commitment to Embedded Linux this way: "Linux is now the standard operating system platform for embedded systems at HP."''

BusyBox 0.60.1 released. A new minor release of the BusyBox integrated toolkit is available. Version 0.60.1 fixes a few minor bugs that showed up in the recent 0.60 release.

Embedded Open Motif. ICS has announced the availability of their version of Open Motif and some accompanying applications for embedded Linux systems on the Compaq IPAQ and the Agenda VR3. The applications will be released with a GPL license.

MontaVista releases library optimizer tool. MontaVista has announced the open source release of its "Library Optimizer Tool," which trims down library code in order to produce smaller executable files for embedded applications.

Interoperability

Wine Snapshot for August 24, 2001. A new Wine snapshot, dated August 24, 2001, is available for download. The Wine Announcements page lists the following improvements:

• Inter-process SendMessage support.
• More DDE improvements.
• Preparation work for shared window handles.
• Several debugger improvements.
• Better GDI objects management.
• Lots of bug fixes.

IRC Software

Jabber Weekly News for August 29, 2001. The August 29, 2001 issue of a new newsletter, the Jabber Weekly News, has been published.

Network Management

OpenNMS Update for August 24, 2001. The latest update is available from the OpenNMS project. News includes a switch from JSDT to OpenJMS, dealing with the demise of ICMPD, the replacement of SCM, and new functionality for the Web UI. The OpenNMS people have also released some new documentation, see the new Quick Start doc and the OpenNMS Install Guide.

Science

Report on Open Source Initiatives in Bioinformatics (bioinformatics). Bioinformatics looks at a new report that examines the role of open source software in genetic studies. The report is in pdf format.

Web-site Development

The latest from Zope Newbies. This week, the Zope Newbies Site includes discussions on xml-rpc, optimizing PostgreSQL, paying for web services, and an Athlon 1.33 Ghz box that broke the 20,000 Pystones/sec speed limit.

SkunkWeb 3.0 released. Version 3.0 of the SkunkWeb Web Application Server has been released. This version follows several beta version and features fixes for a number of bugs.

Window Systems

FLTK 1.1.0b1 is available. Version 1.1.0b1 of FLTK, the Fast Light Tool Kit, has been announced. This release includes many new features. If you are not familiar with FLTK, the FLTK Home Page may be a good place to start.

GNOME 2.0 Accessibility Framework early release. The GNOME Foundation has announced the early access release of the GNOME 2.0 Accessibility Framework. The Framework assists users with disabilities as they work with GNOME applications. Much of this work has apparently been contributed by Sun.

Miscellaneous

Letter to SourceForge users. Here is a letter to SourceForge users (and that's all of us, in one way or another) on VA Linux's plans to sell a proprietary version of the SourceForge system. "By selling proprietary software together with Open Source software, VA is making it easier for its enterprise customers to purchase and deploy SourceForge software. VA Linux will be distributing SourceForge Enterprise Edition to its corporate customers under a combination of the Mozilla Public License (version 1.1) and a proprietary software license." The word is that nothing will change for SourceForge.net users.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Caml

Caml Weekly News for August 22 to 28, 2001. The latest Caml Weekl News is available. Topics include a Vim 6.0 OCaml indent file, a binding between OCaml 3 and OpenSLP 1.0.1, and the CamlZip library.

FORTRAN

Caldera Intel developing debugger for Fortran 95. Caldera seems to have decided that its customers want Fortran; the company has announced a joint venture with Intel to add Fortran 95 support to the gdb debugger on both the IA32 and Itanium architectures.

Java

The Go-ForIt Chronicles: Memoirs of eXtreme DragonSlayers, Part 5 (IBM developerWorks). Allison Pearce Wilson covers view beans in an IBM developerWorks article, the fifth in a series on Java. "This article discusses how view beans can solve a common design dilemma -- where to code presentation logic. Allison explains how to use view beans to cleanly separate components in a Web application while still providing a rich user interface."

Catching OutOfMemoryErrors to Preserve Monitoring and Server Processes (O'Reilly). Jack Shirazi gives some ideas on the best ways to deal with Java out of memory errors in an O'Reilly article. "Encountering an OutOfMemoryError means that the garbage collector has already tried its best to free memory by reclaiming space from any objects that are no longer strongly referenced."

Perl

New list for perl and open source in government (use Perl). There is a new mailing list for the discussion of perl and other open source software in use in government.

Perl 5 Porters for August 27, 2001. The August 27, 2001 edition of the Perl 5 Porters digest is out. This week's topics include tricks with vstrings, callbacks in the core, CvMETHOD and ->can(), coderefs in @INC, malloc madness, and more.

Perl 6 Porters for August 27, 2001. The August 27, 2001 edition of the Perl 6 Porters digest is also out. Topics include a debate on closures, method signatures, Perl 6 internals, and a module plan for Perl 6.

PHP

PHP Weekly Summary #51. The August 27, 2001 edition of the PHP Weekly Summary is available. Topics include an updated Universe CORBA extension, changes to rand(), new PDF functions, the Apache 2 module, DOMXML, API changes, and more.

PHP Review 0.9.0-rc2 available. Version 0.9.0-rc2 of the PHP Review book review project is available with a number of internal simplifications.

Python

Dr. Dobb's Python-URL! for August 23. This week's Python-URL! covers topics such as unit testing and GUIs, python IDEs, and a number of software announcements.

Python 2.2a2 released. The second alpha of Python 2.2 has been released. Python 2.2 has a number of new features; see Andrew Kuchling's writeup for the full list.

PySSH 0.1 released. Version 0.1 of PySSH, the Python module for controlling ssh and scp, has been announced. PySSH is released under the Python license.

Python Installer 4a3 released. Python Installer version 4a3 has been released. Python Installers allows you to build self extracting executables out of Python scripts. Python Installer is released under the Old Python Style license.

PyInline: Put C source code into Python. Ken Simpson has released PyInline, a module that allows source code from other languages to be installed into Python code.

Profiler for multi-threaded Python. Itamar Shtull-Trauring has released threaded_profile, a pofiler for multi-threaded Python programs.

Ruby

The latest from the Ruby Garden. This week, the Ruby Garden features articles on hidden per-method variables, compression of Ruby libraries, an extension to the Binding class to add reflection capabilities, and more.

Smalltalk

Report from Camp Smalltalk Essen ESUG 2001. John M. McIntosh writes about ESUG 2001, the Essen Camp Smalltalk conference. Check it out for the latest Smalltalk happenings.

Get Smalltalk News Updates Via Email. Monty Kamath has announced a new email list that you can sign up for to receive the latest Smalltalk news and event information.

Tcl/Tk

Dr. Dobb's Tcl-URL! for August 25, 2001. Here is the latest Dr. Dobb's Tcl-URL!, which looks at Tcl as a part of an SDL-mediated solution to grab video from your QuickCam. Other video applications that use Tcl are discussed.

Integrated Development Environments

Build Better Java Apps (TechWeb). Here's a review of Lutris Enhydra, a Java application server and development environment that runs on a number of platforms, including several flavors of Linux. "An interesting note: Enhydra can be used on systems ranging from totally open source to completely commercial. Running it on a totally open-source system can save thousands of dollars in start-up costs. However, this assumes that an organization has the infrastructure to keep these systems up and running. This is especially important given the lack of formal tech support for most open-source programs."

Miscellaneous

Automake 1.5 is available. Version 1.5 of Automake has been announced, and is available for download. Automake is a tool for generating Makefiles. Version 1.5 brings several new conditional tests, support for Python and compiled Java, along with numerous bug fixes.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Clusters of LinuxWorld announcements. This week San Francisco hosted IDG World Expo's LinuxWorld Conference & Expo. This large and very commercial Linux event is always accompanied by lots of press releases. New partnerships are formed, new products are announced and demonstrated at this premier event. This year was no exception. But the flood of announcements reviewed by LWN has nothing to do with the today's title. Instead it was prompted by a large number of announcements about cluster solutions. New solutions, deployed solutions, even solutions that can cluster machines running multiple platforms -- and most of the announcements were made in conjunction with LinuxWorld.

• SGI Federal and Linux NetworX have teamed up to build three Parallel Capacity Resource (PCR) Linux cluster computing systems totaling 472 Pentium 4 processors for the National Nuclear Security Administration's Accelerated Strategic Computing Initiative (ASCI) ongoing computing element. To help with this project SGI and Linux NetworX will also collaborate with Lawrence Livermore National Laboratory (LLNL), using LLNL's Parallel Computing Environment, a 48 Pentium 4 processor Linux cluster recently ordered by LLNL from Linux NetworX and SGI Federal.

• Clustra Systems, Inc. demonstrated its new Clustra DataCenter database appliance and the new 4.1 release of the Clustra Database(TM) at LinuxWorld. The Clustra DataCenter makes it easy to assemble a cluster of off-the-shelf Linux servers into a powerful, high-end, high-availability database.

• MSC.Software Corp. and Livermore Software Technology Corporation (LSTC) are cranking out numerically intensive applications using LSTC's advanced multi-physics simulation code LS-DYNA on clusters powered by MSC.Linux.

• Mission Critical Linux, Inc. had several announcements:
  • The release of Convolo Cluster DataGuard Edition Version 2.0, a high availability cluster solution.
  • The release of Convolo Cluster NetGuard Edition Version 1.0, "the most extensible and flexible Linux cluster solution on the market".
  • A deal with Hewlett-Packard to provide Mission Critical's high availability Linux cluster solutions on HP hardware.
  • And a more generic announcement about the availability of preconfigured Linux cluster solutions, designed, tested, installed, and supported.

• SteelEye Technology Inc. announced the availability of LifeKeeper(R) for Linux 4.0, which has cluster-wide management templates, support for IBM's DB2 UDB, plug-and-play integration with Oracle and many applications.

• Turbolinux released EnFuzion 7.0, a clustering solution for Linux, Unix, and Microsoft Windows servers.

Xandros announces strategic licensing agreement with Corel. It seems that an outright sale of Corel Linux wasn't in the cards after all: the new company called Xandros has announced a "strategic licensing agreement" with Corel that allows Xandros to develop and sell the Corel Linux distribution. Xandros is also evidently employing the Corel Linux developers as well. The first release of the distribution will happen "in the coming months."

Xandros is funded by the Linux Global Partners, which is also a big investor in Ximian. So when they say "We are now working to incorporate our portfolio companies into the Xandros OS which will provide a complete desktop application for Linux" some interesting things come to mind.

HP expands open source offerings. Here's HP's press release describing its latest Linux offerings. They include the "Secure OS Software," a set of security enhancements for the Linux kernel. Also listed is the Embedded Linux Software Platform, the Embedded Software Developer's Network, and a set of management and high-availability tools.

SourceForge Portal Edition to run HP Embedded Software Developer's Network. VA Linux Systems has gotten a high-profile sale: according to this press release, the "Portal Edition" of the SourceForge software will be powering HP's new Embedded Software Developer's Network.

Product and service announcements from Ximian. Ximian helped start the LinuxWorld stampede with a couple of announcements: First is a set of new services based on Red Carpet. Pay Ximian some money and you can have priority access to the download servers. There's also "Red Carpet CorporateConnect" which is positioned as a system to help companies handle their internal software management and distribution. Mission Critical Linux will be reselling these services as well.

Also available is a pair of boxed products. The "Ximian Desktop" is a $29.95 packaging of GNOME and the usual utilities, along with 30 days of support. The "Professional" version ($49.95) throws in StarOffice and 90 days of support.

Announcements from MontaVista. MontaVista Software has also come out with a set of announcements for LinuxWorld. The High-availability Framework is a new failover system for compact PCI systems. The company also has announced support for the Intel XScale architecture in Hard Hat Linux. Finally, MontaVista has a "graphics strategy" seemingly designed to please everybody: you can get either "Hard Hat Graphics," based on Tiny X and GTK+, or you can have Trolltech's Qt/Embedded.

Red Hat, Compaq, and Pioneer-Standard to sell preloaded E-commerce systems. Red Hat has announced a deal with Compaq and Pioneer-Standard to sell systems loaded with Red Hat's E-Commerce Suite; offerings vary from single systems through five-server clusters.

SuSE Linux Database Server. SuSE is getting into the database business. This announcement describes the new "SuSE Linux Database Server" product, which is a version of the SuSE Linux distribution bundled with IBM's DB2.

Largo, Florida chooses Bynari groupware. Here's a press release from Bynari Inc. on how the city of Largo, Florida has deployed Bynari's messaging system. "The Insight solution enables Largo's city government to run messaging and collaboration on a Linux-based thin client network in a Windows-free environment. The move saves taxpayers millions of dollars in hardware, software, support, and upgrade costs."

Linux Stock Index for August 23 to August 29, 2001.

LSI at closing on August 23, 2001 ... 26.46
LSI at closing on August 29, 2001 ... 26.42

The high for the week was 27.28
The low for the week was 26.42

Press Releases:

Open source products

• Integrated Computer Solutions, Inc. (SAN JOSE, CA): Embedded Open Motif Released under The Open Group Public License..

• Sistina Software (MINNEAPOLIS): Sistina Releases Linux Logical Volume Manager Version 1.0 under GNU General Public License.

Distributions and bundled products

• Empower Technologies Inc. (REDMOND, WA): Empower Technologies Inc. Creates Operating System Choice for Palm Users and Palm-Compatible Manufacturers.

• LynuxWorks, Inc. & SoftConnex Technologies (SAN JOSE, Calif. & FREMONT, Calif.): LynuxWorks' Embedded Operating Systems and SoftConnex' USBLink Host Solution Enable Development of Bandwidth-Intensive Embedded Applications.

Proprietary Products for Linux

• Argus Systems Group, Inc. (San Francisco, LinuxWorld): Argus Systems Group Offers Special Pricing for PitBull LX at LinuxWorld 2001 and Through September.

• Bitstream Inc. (CAMBRIDGE, Mass.): Bitstream Develops Ground-Breaking Font Subsystem for Linux.

• Borland Software Corporation (SAN FRANCISCO): Borland Announces Web Services Strategy for Linux; Web Services Offering Aims to Advance Linux as e-Business Server.

• Bullant, Inc. (SAN FRANCISCO): Bullant Announces Linux Bullant Builder 2.1 Pre-Release.

• CodeWeavers, Inc. (SAN FRANCISCO, LinuxWorld): CodeWeavers Releases CrossOver Plugin, Enabling Display of Popular Windows(R) Browser Plugins, MS Office Files in Linux(R).

• Compaq Computer Corporation (SAN FRANCISCO): Compaq announced Linux and Tru64 UNIX Portability Kit..

• Halcyon Software, Inc. (SAN JOSE, Calif.): Halcyon Announces Active Server Pages Support for Linux for the IBM eServer zSeries.

• HancomLinux (SAN FRANCISCO, LinuxWorld): HancomLinux Invades the United States; Korean Linux Experts Bring Office Suite, Linux Distribution to the United States.

• IBM (): Software Evaluation Kit for Linux CD.

• Intel Corp. (SANTA CLARA, Calif.): Intel Launches New Compilers for Linux - C++ and Fortran.

• Legato Systems, Inc. (MOUNTAIN VIEW, Calif.): Legato Extends Cooperative Agreement With Sun With Release of Solstice Backup 6.1.

• Panda Software (Los Angeles, CA): Panda Software Invites Linux Users to Participate in Antivirus Beta.

• Sendmail, Inc. (EMERYVILLE, Calif.): Sendmail, Inc. Presents the Industry's Largest Email Server for Linux on IBM eServer z900.

• SoftKnot Corporation (FREMONT, Calif.): SoftKnot Releases iFS and iShell for Linux; Industry's First Out-of-the-Box Solution for Applications and Data Access Over the Web.

• Tarantella, Inc. (SANTA CRUZ, Calif.): Tarantella Enterprise 3 Starter for Linux Receives IBM ServerProven Certification, New Product to Debut at LinuxWorld.

Hardware and bundled products

• AMD (SUNNYVALE, Calif.): AMD's Multiprocessor Platform Receives Linux Software Certifications.

• Celestix Networks, Inc. (FREMONT, Calif.): Celestix Delivers Aries Groupware Server Appliance for SMBs With VirtualTek's Joydesk.

• FOCUS Enhancements, Inc. (CAMPBELL, Calif.): TUXIA to Display Media/Entertainment Gateway At Linux World Expo Based On Technology From Focus Enhancements, Intel and Sigma Designs.

• Penguin Computing (SAN FRANCISCO): Penguin Computing Announces 1U Dual AMD Server; New system is the first Linux server of its kind.

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C. & SANTA CLARA, Calif.): Red Hat Creates Advanced Tool Chain for SandCraft MIPS Microprocessors; Designs 64-Bit MIPS Core Processor Toolkit Through Partnership with SandCraft.

Products and Services Using Linux

• AdminForce Remote LLC (Boulder, Colorado): AdminForce Remote LLC and CrafTech Inc. Reach Agreement.

• Century Software, Inc. (SAN FRANCISCO, LinuxWorld): Century Software Delivers Fully Integrated PDA Solution.

• Check Point Software Technologies (REDWOOD CITY, Calif.): Check Point Software VPN-1 Delivers Over Half a Gigabit Throughput At $4000 Price Point.

• Egenera, Inc. (MARLBORO, Mass.): Egenera, Inc. to Debut BladeFrame at NetWorld+Interop 2001 Atlanta.

• Lineo, Inc. (SALT LAKE CITY): Lineo Embedix GPL Compliance Toolset to Ship.

• OEone Corporation (SAN FRANCISCO): OEone to Power Internet Devices Featuring National Semiconductor's Geode Technology.

• OEone Corporation (SAN FRANCISCO, LinuxWorld): OEone Previews Penzilla, a new Open Source Platform to Power Internet Devices.

• Radlan Inc. (SAN FRANCISCO, LinuxWorld): Radlan Now Supports Embedded Linux RTOS Alternative; Full Simulation-Based Development Environment Available by Year's End.

• RidgeRun, Inc. (SAN FRANCISCO, LinuxWorld): RidgeRun Shows Streaming Video and Networking for Embedded Multimedia.

• Stream Machine and BPL Telecom (MILPITAS, Calif. & San Jose, Calif.): Stream Machine Chooses BPL Telecom's Software Development Team for Digital Video Recording Projects.

Products With Linux Versions

• Advanced Visual Systems (WALTHAM, Mass.): Toolmaster Portable Graphics Library from AVS Gains Linux RedHat Support, Windows Enhancements.

• Ampro Computers, Inc. (SAN JOSE, Calif.): Ampro Delivers MIPS32 Module to Speed and Simplify Embedded Design.

• Applied Data Systems (INTEL DEVELOPER FORUM, SAN JOSE, Calif.): Applied Data Systems Participates in Intel(r) PCA Developer Network.

• Appligent, Inc. (): Free APStripFiles Utility.

• BEA Systems Inc. (SAN JOSE, Calif.): BEA And Gauss Interprise Announce Strategic Relationship to Offer Its IBM Customers An Upgrade to Gauss VIP Enterprise Software Built on BEA.

• Boulder Instruments (Longmont, Colorado): New Product Announcement: StreamStor PCI-816XF.

• Dataram Corporation (PRINCETON, N.J.): Dataram First to Offer Memory Upgrades for IBM xSeries 380 Itanium-based Server.

• FireLogic, Inc. (ARLINGTON, VA and LIVERMORE, CA): FireLogic announces HealthEngage Software.

• Gordano Ltd. (NEW YORK): Gordano Ltd.: Secure and Flexible WebMail for Unix now available for Linux and Sun Solaris.

• Keyspan (Richmond, CA): New Keyspan products: USB Serial and PDA Adapters for Linux, Mac, and Windows.

• Magic Software Enterprises (Irvine, CA): Linux Software Provider Magic Software Enterprises to Introduce Powerful New CRM Product at the DCI CRM Expo.

• MainConcept (AACHEN, Germany & BEACHWOOD, Ohio): Free Video Clips Available for Downloading From MainConcept Website.

• Microquest (Lee Center, NY): Fw: Product Announcement: Thinkpad 600 Series DVD/CDRW.

• RadiSys Corp. (HILLSBORO, Ore.): RadiSys Introduces Enhanced Microcode Solution for the IXP1200 Network Processor.

• Verisity Ltd. (MOUNTAIN VIEW, Calif.): Verisity Announces SureCov 3.0; Latest Release Provides a Significant Boost in Performance.

• Verplex (MILPITAS, Calif.): Verplex Doubles Formal Verification Speed. Conformal Logic Equivalence Checker is available and supports Hewlett Packard, Sun Microsystems and Linux operating systems platforms. It is priced at $105,000 U.S.

• Xybernaut Corporation (FAIRFAX, Va.): Xybernaut Delivers First Implementation of Transferable Core --TC-- Technology.

Java Products

• Alpha Software Express, LLC (SAN RAFAEL, Calif.): Alpha Software Express, LLC Launches Its Flagship Java Software Product for General Design Work and Management of CAD/CAM/CAE Documents.

• Applied Data Systems (San Francisco, LinuxWorld): ADS demonstrates three Java Virtual Machine (JVM) packages running on ADS' StrongARM based system..

• Espial (OTTAWA): Espial Delivers First Scalable Java Browser.

Books & Training

• Learning Tree International (RESTON, Va.): Learning Tree Releases Hands-on Course: Advanced Perl Programming.

• LinuxCertified.com (Cupertino, California): Linux Network Services Bootcamp W/free Linux laptop!.

• No Starch Press and Loki Software (San Francisco, CA): Programming Linux Games, August 2001.

Partnerships

• Aduva (PALO ALTO, Calif.): Aduva Joins Hewlett-Packard Servicecontrol Manager Partner Program to Deliver Comprehensive Linux Administration Tools.

• Covalent Technologies, Inc. (SAN FRANCISCO): Covalent Technologies to Deliver Optimized Apache Solutions on Compaq ProLiant Servers.

• Cryptographic Appliances (ROSEVILLE, Calif.): Cryptographic Appliances Teams with IBM to Develop Linux Port for Secure Hardware.

• Dot Hill Systems Corp. & Sistina Software (SAN FRANCISCO, LinuxWorld): Dot Hill and Sistina Software Team Up to Improve Computing Performance for Linux Users.

• Integrated Research Ltd (SAN FRANCISCO, LinuxWorld): Integrated Research joins Hewlett-Packard's Servicecontrol Manager Partner Program to Provide System Management for Linux and HP-UX Environments.

• Legato (MOUNTAIN VIEW, Calif.): Legato Works With IBM For Information Protection And To Maximize Gains In Fast Growing Linux Market.

• Turbolinux(R), Inc. (SAN FRANCISCO): Turbolinux Establishes Joint Venture with Samsung SDS.

• TUXIA & Rise Technology (TAIWAN): TUXIA and RISE Form Strategic Alliance to Deliver Best-Performing Embedded Linux Solution for IA Market.

Personnel & New Offices

• REDSonic, Inc. (SANTA ANA, Calif. and SINGAPORE): REDSonic opens new Singapore office.

Linux At Work

• Calian Ltd. (KANATA, Ontario): Calian's Systems Engineering Division Wins Multi-Million Dollar Contract With Thrane & Thrane.

• Compagnie Generale de Geophysique (AUSTIN, Texas): Compagnie Generale de Geophysique ''CGG'' Chooses Dell to Power Houston Data Center.

• IBM (ARMONK, N.Y.): IBM Deploys Linux For Financial Industry.

Other

• Pioneer-Standard Electronics, Inc. (): Let's talk Linux....Experts to Keep on File.

• Rackspace Managed Hosting (SAN ANTONIO): Rackspace Managed Hosting Offers Experts to Discuss Issues Affecting Open Source Servers Today.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Governments push open-source software (News.com). Here's a worthwhile News.com article on the growth of laws requiring governments to use free software when possible. "Beyond the issue of source-code access, analysts say, concerns about autonomy and national security are likely to drive passage of more laws discouraging use of proprietary software."

Why Doesn't The Government Back Open Source? (IT-Director). IT-Director argues for government support of open source software. "Where there are clear economies to be gained, governments could and should lead the way in the use of open source. They also might like to consider trying to provoke open source developments for some of the software that they need, for example, in the local government area or for charities or for education."

UK out of step with European Freedom March (IT-Director). IT-Director looks at the use of free software in European governments. "Accordingly, governments across Europe are beginning to wonder why they should pay high fees to tie themselves into proprietary software system to run online public services which are supposed to be predicated on fundamental principles of efficiency and openness."

Penguin Enrolls in U.S. Schools (Wired). Ft. Collins, Colorado is another in a long line of school systems looking to save money by using Linux in the classroom instead of Windows. "Today, there are many development projects for educational and administrative software out there. Tux4Kids has already released a typing tutor for children, starring Tux the penguin. Sites like K-12 Linux and Simple End User Linux contain links to dozens of math, chemistry, word processing and administrative applications that can be downloaded for free -- and they promote the worldwide adoption of Linux in schools."

Make Way For The Little OS That Could (ZDNet). ZDNet looks at the advantages of Linux. "The fact that Linux was free didn't impress me, but here was a value proposition that money couldn't buy - an increasingly stable operating system (OS) that was less prone to security vulnerabilities in the first place, because so many interested parties were examining it continuously, and that now seemed easier for developers to secure."

A Peek At The Car Of The Future (TechWeb). TechWeb reports that IBM's alphaWorks research facility has implemented a number of emerging technologies in a 2002 Ford Explorer. "E-mail via the Web using IBM's ViaVoice technology. It also has its own Web server and handheld Linux PC. Both employ IBM technology called TSpaces that lets Java-enabled devices exchange data with little programming required. The idea behind the technology is to bring network services such as database access and file transfer to devices that have limited memory."

Fight the GNU/Future (Linux.com). Linux.com has an editorial stating that there are major differences between the "open source" and "free software" camps. "Yet, in our haste to find allies in the very real struggle against the ever-more-powerful (and ever-encroaching) Corporate Powers That Be, we in the Open Source movement have taken strange bedfellows with those in the Free Software movement, and we've done so in a way that at times has been rather confusing for the community at large." (Thanks to David Lang).

The time of the penguin (News.com). C|Net does a multipart story on Linux: why it succeeds where others fail and how IPO's haven't saved the fortunes of some Linux companies. "...despite the large number of companies and individuals backing Linux, the software project has largely retained its cooperative nature. That's been key in avoiding Unix's fate of "fragmentation," in which several companies work independently on different versions."

Will Microsoft Mono-polize open source? (ZDNet). ZDNet looks at the Mono case for Linux. "GNOME and KDE are the competing standards for user interfaces on UNIX, and more importantly, Linux. Mono, on the other hand, is aimed at making UNIX developers competitive in the Web services space by giving them a feature-rich implementation of the .NET development platform using existing open source technologies."

Ale, Ale, the Linux Gang's Here (Wired News). Wired looks around the globe at the celebrations for Linux's 10th birthday, and especially at the Linux Beer Hike. "But most of all, as the event has grown, it has become more than ever a way to mix different cultural perspectives. This year, more than 150 people from 15 different countries are expected, maybe more, depending on how many last-minute sign-ups there are."

Linux World Coverage

Compaq: Big business still leery of Linux (News.com). News.com reports on Shane Robison's LinuxWorld keynote. "'The No. 1 reason corporations are hesitant to deploy Linux in the enterprise surrounds the very nature of the open-source model,' Robison said at the opening keynote address at the LinuxWorld Conference and Expo. Specifically, corporations worry about the large number of companies and individuals responsible for various Linux components, he said. 'Linux lacks a one-stop point of contact.'"

Linux Might Be Too Big for Tux (Wired). Wired News reports from LinuxWorld. "Since the open-source people who usually flock to Linux events are more carefree than the marketing types who clog other Internet events, the conferences have been, at the very least, tolerable. This year the marketers have attacked. Now, it's virtually impossible to walk around LinuxWorld without hearing pitches from company reps extolling the benefits of Linux for 'mission-critical applications in the enterprise,' or some such drivel."

LinuxWorld San Francisco Coverage. Here is a sampling of the LinuxWorld articles and press releases that we have received:

• Who's who? Here's a press release with exhibitor profiles.

• Press release: AMD will host talks on porting to x86-64.

• News.com: Compaq Computer will announce a deal with Covalent Technology to jointly develop and market Covalent's Apache Web server software.

• News.com: MandrakeSoft will announce version 8 of its software for PowerPC-based computers.

• News.com: Mission Critical Linux will release a new high-end product for telecommunications companies and announce a partnership with Hewlett-Packard.

• Press release: The Open Source Development Lab will be giving out the OSDL Enterprise Achievement Award on Wednesday.

• Press release: PostgreSQL team members will host an interactive Q & A session (also on Wednesday).

• ZDNet: Ximian will announce a shrink-wrapped Linux PIM.

Companies

Corel to sell Linux operating system unit-sources (Reuters). Once again, as seen in this Reuters article, the rumors are flying that Corel is about to sell its Linux group. "A source close to the negotiations told Reuters on Tuesday that a newly formed company called Xandros will pay $2 million for the Linux unit, a division that comprised about 14 percent of Corel's total business as of January 2001."

HP Linux evangelist opens doors to open source. At the end of last year Hewlett Packard hired well-known Linux developer Bruce Perens to help them define an open source policy. "Perens is key to shaping HP's Linux strategy. But his other role, that of liaison to the community of individual developers who create and constantly improve Linux and other open source software, is equally vital."

CSU, IBM deal to create Linux hub (Daily Camera). The Boulder Daily Camera, LWN's home town newspaper, has a brief article on the new system being provided to Colorado State University by IBM. "IBM will provide CSU with a mainframe computer that can be partitioned into thousands of virtual stand-alone Linux servers. The technology allows students to test and develop applications on individual servers and not affect other users on the system."

SuSE Linux President Hohndel steps down (Reuters). Reuters reports on the resignation of Dirk Hohndel from SuSE. "'When companies shift around senior executives, it's usually because they're planning to shift their business strategy,' said analyst Dan Kusnetzky, who covers Linux and other operating systems for research firm IDC."

SourceForge is the new ERP - VA Linux (Register). VA chief Larry Augustin thinks that the SourceForge code could be the next ERP or CRM revolution, according to The Register. "CEO Larry Augustin is bullish. He says there was no competition for the distributed code management system SourceForge. Current development processes and tools haven't kept pace with geographically dispersed or ad hoc teams, according Augustin, who predicts that the impact of SourceForge could be as great as ERP or CRM."

Linux supercomputer to be used for drug research (CNN). CNN reports on Vertex Pharmaceuticals use of Linux in a 112-processor, 110-gigaflop cluster for drug research. "Andy Fant, a Vertex senior systems engineer, said the new machine will replace a 4-year-old 45- to 50-megaflop Silicon Graphics Inc. computer system that is approaching the end of its lease."

Business

Linux support services: Like any other operating system? (ZDNet). ZDNet is carrying a lengthy pronouncement from the Gartner Group on the Linux support business. "Enterprises that plan to customize a Linux distribution or may require changes to a Linux distribution to resolve incidents in a complex environment should select a support provider that can guarantee inclusion of patches in the next distribution release. The Linux distribution vendors are the optimum source for this capability." The report also claims that, in 2005, Linux server sales will still be behind Solaris, HPUX, and AIX.

Hollywood Animators Increasingly Rely on Linux (Raleigh News & Observer). The Raleigh News & Observer looks at IBM and Red Hat's moves into the visual effects industry. "This summer, Red Hat gave a presentation at a symposium held by the Visual Effects Society, which represents the digital entertainment industry. Representatives met with technology leaders from all the major studios and talked about the standards Red Hat Linux would have to meet to become the dominant operating system in the industry."

Reviews

Kylix: Rapid Application Development on Linux (Linux Journal). Linux Journal takes a quick tour of Kylix, Borland's rapid application development tool for building graphical applications. "Although the IDE uses winelib, Kylix applications are not required to use winelib or wine. VisualCLX uses Qt, which is also used by KDE, but that doesn't mean you are tied to KDE. Kylix applications run under GNOME, too, and under any of the popular window managers."

Interviews

Interview: maddog on Linux (developerWorks). IBM's developerWorks site interviews Jon 'maddog' Hall. "And hey, what happens if every Linux company goes under? The Debian distribution has no commercial interests at all, but people are still using it and it's a fine distribution."

IBM's big thinker (News.com). IBM's head Linux honcho, Irvine Wladawsky-Berger, says that IBM embraced the Internet by embracing standards. And in turn, they embraced Linux. "Linus Torvalds wrote this wonderful article talking about how open source represented an evolution of the research culture. It's publishing papers and publishing results, and not just thinking of yourself in a profit-centric way, but as part of the community in the larger scientific field."

Interview with Dave Touretzky (Barrapunto). Barrapunto has posted an interview with Dave Touretzky, the creator of the Gallery of CSS Descramblers. Scroll down for the English version of the interview. "Patents must be publicly disclosed; they're not trade secrets. And it is legal to write about patented technology. The question is: does publishing source code that implements a patented technology count as 'writing' about the patent, or does it constitute an infringing USE of the technology covered by the patent? As someone who has argued that code should be treated no differently than any other form of speech, I don't believe in software patents in the first place. (You can't patent speech; that's what copyright is for.)"

How many Linux distributions does it take to make a profit? (IT-Director). IT-Director has published an interview with Caldera International's Ransom Love. Love says consolidation is necessary in the Linux distributor marketplace. "In essence Love believes that if Linux does not unite and build a single standard kernel then the future will include significant consolidation amongst the existing distributors."

Miscellaneous

Dutch Open Source Society, Industry Group Offer Software Patent Compromise (Linux Journal). A set of guidelines from two groups on excluding trivial patents have been presented, and now work begins on determining if software patents should be allowed. "An experiment is needed to prove that the proposed patent really covers an invention that justifies a patent. It still remains to be seen how this can be done practically."

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

Linux glossary for Windows users (IBM developerWorks). IBM's developerWorks features a new Linux Glossary for Windows users with over 175 terms, pass this on to your favorite Windows geek. (PDF format)

Overclocking Database from SysOpt.com. SysOpt.com has published its latest list of overclocking stats for various motherboards and CPUs. If you feel like living on out on the edge (of the CPU clock), this is worth checking out.

Events

Linux@Work dates for 2002. LogOn Technology has announced the dates for the fourth Linux@Work pan-European tour of 2002. Linux@Work is a one day business oriented Linux conference.

Linux World Expo 2001. Linuxlookup.com covers day 1 of the ongoing Linux World Expo 2001 conference.

Linux @ 10 events. A number of Linux 10th birthday stories and scheduled events have been sent to us. Here is the latest summary of those stories and events.

• The BBC covers Linux's history... "Its emphasis on openness, collaborative development, stability and security have helped it grow in stature and stand in stark contrast to Microsoft's way of doing business."

• ...and shares some users stories. "As an IT manager I love Linux. It works, doesn't crash, runs on cheap hardware, is free and has lots of free application software."

• Reuters chimes in: "The software is called open source because its underlying code is freely available, unlike the closely guarded proprietary code of companies like Microsoft."

• The Linux Australia and regional LUGs 10th Anniversary of Linux installfest.

• ZDNet provides their look at the anniversary: Linux at 10: Where do we go from here?

• A 10th anniversary celebration in the Philippines.

• C|Net celebrates the time of the penguin. "Ten years later, Torvalds continues to release new versions of Linux every few weeks, but he was wrong when he predicted it would be just a hobby."

• Linux-Bangalore asks and answers, Why August 25th? Linux-Bangalore focused on the anniversary at their latest user group meeting.

Events: August 30 - October 25, 2001.

Date	Event	Location
August 30, 2001	LinuxWorld Conference & Expo	San Francisco
August 30 - September 1, 2001	The Linuxbierwanderung (Linux Beer Hike) 2001	Bouillon, Belgium
August 30 - 31, 2001	COMDEX Sucesu-SP Brazil 2001	Sao Paulo, Brazil
September 1 - 2, 2001	LinuxCertified.com Linux System Administration Bootcamp	Cupertino, California
September 2, 2001	Erlang Workshop - Firenze	Italy
September 4 - 7, 2001	Embedded Systems Conference	(Hynes Convention Center)Boston, MA
September 6 - 7, 2001	Open Source Health Care Alliance(OSHCA)	(The Posthouse Hotel Kensington)London, UK
September 17, 2001	XML Information Days	Amsterdam
September 17 - 21, 2001	O'Reilly P2P & Web Services Conference	Washington D.C.
September 18 - 21, 2001	O'Reilly Peer-to-Peer Conference	Washington, DC.
September 18, 2001	XML Information Days	Brussels
September 19, 2001	XML Information Days	Munich
September 20, 2001	XML Information Days	Zurich
September 21, 2001	XML Information Days	Milan
September 23 - 28, 2001	Australian Unix User Group's Annual Conference(AUUG 2001)	Sydney, Australia
September 24, 2001	XML Information Days	Paris
September 25, 2001	XML Information Days	Copenhagen
September 26, 2001	XML Information Days	Oslo
September 27, 2001	XML Information Days	Stockholm
September 28, 2001	XML Information Days	Helsinki
September 29 - 30, 2001	Linux Network Services Bootcamp	Cupertino, California
September 30 - October 4, 2001	XML One	San Jose, California
October 1, 2001	XML Information Days	Budapest
October 2 - 5, 2001	Federal Open Source Conference	(Ronald Reagan Building)Washington DC
October 11 - 13, 2001	Wizards of OS 2	(House of World Cultures)Berlin, Germany
October 15 - 17, 2001	ApacheCon Europe - Canceled.	Dublin, Ireland
October 22 - 25, 2001	XMLEdge International Developer Conference & Expo
October 22 - 26, 2001	The Open Group Quarterly Conference	Amsterdam, Netherlands

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

LUG Events: August 30 - September 13, 2001.

Date	Event	Location
September 1, 2001	Twin Cities Linux Users Group(TCLUG)	Minneapolis, MN
September 1, 2001	LEAP-CF Installfest	Orlando, FL.
September 3, 2001	Baton Rouge Linux User Group(BRLUG)	Baton Rouge, LA.
September 4, 2001	Linux User Group of Davis(LUGOD)	(Z-World)Davis, CA
September 4, 2001	Omaha Linux User Group(OLUG)	Omaha, Nebraska
September 4, 2001	Missouri Open Source LUG(MOSLUG)	Kirkwood, Missouri
September 4, 2001 September 11, 2001	Kalamazoo Linux Users Group(KLUG)	(Western Michigan University)Kalamazoo, Michigan
September 4, 2001	AaLUG: Foredragsaften	Denmark
September 5, 2001	Silicon Valley Linux Users Group(SVLUG)	San Jose, CA
September 5, 2001	KCLUG Installfest	Kansas City, MO.
September 5, 2001	Southeastern Indiana LUG(SEILUG)	(Madison/Jefferson County Public Library)Madison, IN
September 6, 2001	Edinburgh LUG(EDLUG)	Edinburgh, Scotland
September 6, 2001	St. Louis Area Computer Club Linux workshop	St. Louis, MO
September 6, 2001	Gallup Linux Users Group(GalLUG)	(Coyote Bookstore)Gallup, New Mexico
September 6, 2001	UNIX/Linux Special Interest Group of the Dayton Microcomputer Association	(DMA office at 119 Valley St)Dayton, OH, USA.
September 6, 2001	SSLUG: Hyggemöte på Malmö Högskola	Denmark
September 6, 2001	Ottawa Canada Linux Users Group(OCLUG)	(Algonquin College Rideau Campus)Ottawa, Ontario, Canada
September 8, 2001	Consortium of All Bay Area Linux(CABAL)	Menlo Park, CA
September 8, 2001	Route 66 LUG	La Verne, CA
September 8, 2001	Sheffield Linux User's Group(ShefLUG)	(Sheffield Hallam University)Sheffield, UK.
September 8, 2001	NJLUG: BillUNIXium	Denmark
September 8, 2001	SSLUG: UNIX fylder 1.000.000.000 sekunder og Linux fylder 10 år (næsten)	Denmark
September 11, 2001	Victoria Linux Users Group(VLUG)	(University of Victoria)Victoria, British Columbia
September 11, 2001	Phoenix Linux Users Group(PLUG)	(Sequoia Charter School)Mesa, AZ.
September 11, 2001	Long Island LUG(LILUG)	(SUNY Farmingdale)Farmingdale, NY
September 11, 2001	K-LUG	Rochester, Minnesota
September 12, 2001	Toledo Area Linux User's Group(TALUG)	Toledo, OH
September 12, 2001	Columbia Area LUG(CALUG)	(Capita Technologies Training Center)Columbia, Maryland
September 12, 2001	Silicon Corridor LUG(SCLUG)	(Back of Beyond pub in Kings Road)Reading, UK
September 12, 2001	St. Louis Unix Users Group(SLUUG)	St. Louis, Missouri
September 12, 2001	Linux Users Group of Sacramento(sacLUG)	(Calweb)Sacramento, California
September 13, 2001	Boulder Linux Users Group Meeting
September 13, 2001	Boulder Linux Users Group(BLUG)	(Nist Radio Building)Boulder, CO
September 13, 2001	Kernel-Panic Linux User Group(KPLUG)	San Diego, CA

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

Section Editor: Forrest Cook.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Linux History page.

This week in Linux history

Three years ago (September 3, 1998 LWN): The world was trying to figure out what to make of Corel's jump into Linux.

"I expect Corel to making tens of millions of dollars in the Linux space within the next 12 months," says Robert Young, president of North Carolina-based Red Hat Software Inc., a leading distributor of Linux software. "It's got some very well known software brands and there is a lot of demand among Linux users for more advanced software," he adds.
(Ottawa Citizen, August 26, 1998).

Oh well. Three years later, Corel did evidently bring in $2 million by selling its Linux operation...

Salon Magazine, meanwhile, talked with Richard Stallman:

Never mind that Stallman started the free software movement, or that thousands of lines of code that he personally authored are an integral part of what most people today call "Linux." To the new generation, Stallman is an embarrassment and a hindrance who must, at all costs, be trundled into a back room before he scares off the investors.

The Debian Project released "Hamm-JP", its first shot at a Japanese version of its distribution.

Caldera split into two companies: Caldera Systems and a thing called Caldera Thin Clients, which handled the DR-DOS/embedded systems business. Caldera Thin Clients would eventually rename itself Lineo. Caldera Systems later became Caldera International (as it merged in parts of the former SCO).

But the big news, of course, was that LWN adopted a new, multi-page format, leaving behind the "one big page" except for the hard core that refused to do without it....

Two years ago (September 2, 1999 LWN): Red Hat parted ways with a company called LASER5, which had been doing all of Red Hat's localization work in Japan. LASER5 stated its intent to go into the business on its own and dominate the Japanese Linux market. Two years later the company is still around and even has a 7.1 release available, but is not quite the market force it had hoped to be.

Sun's purchase of StarDivision was made official. Sun also announced plans to release StarOffice under the Sun Community Source License, which did not raise a great deal of enthusiasm. Sun's plans also included something called "StarPortal", which never went much of anywhere.

Linux stocks were defined by some as "exuberant", but both Applix and Corel were down, supposedly because of Sun's acquisition of StarOffice.

Sun Microsystems' adoption of a new office software suite might be a good thing for Linux users, but it hasn't been so good for the makers of competing products.
-- News.com.

It certainly didn't help.

Sm@rt Reseller asked Is Linux falling apart? and answered "No", in a surprising change from the usual 'Linux will fragment' articles.

Don't get me wrong; there will be nasty wars between the Linux vendors. With money talking, the warm 'we brave band of brothers' feeling of the early days of Linux is going to erode. But, the cold legal facts of Linux's foundations will keep Linux from ever shattering into incompatible versions that made Unix application reselling such a pain in the neck.

Linux still seems in no danger of fragmenting. Those "nasty wars" haven't broken out yet, either.

One year ago (August 31, 2000 LWN): IBM announced the release of the Andrew Filesystem (AFS) this week. The AFS was released under the IBM Public License, which, according to the FSF's license list, was not compatible with the GPL.

The Galeon web browser, then at version 0.7.3, made a big splash. It was reviewed on LWN's front page and in this LinuxToday article. LWN proclaimed Galeon about 90% there with a about 90% left to go. Today's Galeon is at version 0.12 as of August 18, 2001, and is heavily used by some LWN staff.

The Open Source Development Lab was created. Well the idea and a the mission statement were introduced, anyway, along with several initial sponsors.

The companies were vague on details, like the size of the lab, how much it would cost and how much the project's backers would invest. The backers said the lab would be run by an independent director who would essentially choose which projects would be emphasized and which software would be tested, although they suggested that the laboratories would be accessible to Linux developers at large.
( New York Times)

Since then they have created the actual computing lab in Portland, Ore. and added some new sponsors. There now are proposed projects, active projects and even one completed project. Not bad for its first year.

Corel talked about its Linux plans:

Also next year, we intend to release a server edition of Corel LINUX OS, followed by an enterprise edition. The enterprise edition will allow small to medium-sized enterprises to deploy Linux, Windows and UNIX-based applications throughout their organizations with ease.

Oh well.

Section Editor: Rebecca Sobol.

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

See also: last week's Letters page.

Letters to the editor

From:	 Garry Knight <garryknight@bigfoot.com>
To:	 letters@lwn.net
Subject: Linux's birthday
Date:	 Thu, 23 Aug 2001 14:11:27 +0100

Dear Sirs

I see from your front page on Thursday 23 August that there's some 
controversy over exactly when Linux's first birthday will be. You quote 
August 25 and October 5 as possible candidates.

On page 87 of Linus's autobiography, "Just for Fun", Linus himself says:
  "There's a protocol for numbering releases. It's psychological. When you 
think a version is truly ready to be released, you number it version 1.0. 
But before that, you number the earlier versions to indicate how much work 
you need to accomplish before getting to 1.0. With that in mind, the 
operating system I posted to the ftp site was numbered version 0.01. That 
tells everybody it's not ready for much.
  "And yes, I remember the date: September 17, 1991."

Could this be a better candidate for a birthday?

-- 
Garry Knight
garryknight@bigfoot.com  ICQ: 126351135
Linux registered user 182025

From:	 "Robert A. Knop Jr." <rknop@pobox.com>
To:	 <letters@lwn.net>
Subject: Sad about Source Forge Enterprise Edition
Date:	 Fri, 24 Aug 2001 10:26:34 -0500 (CDT)

Before I say this, I must say that I don't fault VA Linux.

However, seeing them going to selling proprietary extentions to an open
source project makes me sad.  Not because I think that VA Linux has sold
out or anything-- but because it's yet one more nail in the coffin of what
I had hoped would be the software model of the future.  That model was
much like FSF's: software would be free, and users (large and small)
who wanted it would pay for maintainance and support.

The argument always went something like, what if we're a large company,
and we want to buy a lot of hardware and have it just work?  The answer
was, buy your hardware from somebody like VA Linux, and then buy a support
ocntract for all the software.  If you find that the support you're
getting is unsatisfactory, the software is free, so you can find another
company (say, Red Hat) to support your software installation.  You're not
locked into mandatory support contracts forever more from one single
monopoly.  Or, if you're a smaller site, find an outfit with a smaller
plan, or hire a Linux Geek who will both support your installation as well
as contribute back to the efforts of free software programmers (and,
thusly, be enough in the community to draw on the de facto software
support that comes from it).

Alas, VA Linux, like Red Hat, was a sort of poster child for this.  They
were a hardware vendor who sold hardware with (at least mostly) free
software.  But now that model is gone, and to survive, they feel that they
have to go selling and supporting proprietary software.

As long as VA Linux does continue to support and contribute to the Open
Source community as they do now, with things like Sourceforge and keeping
Eric Raymond on staff, I won't fault them or bear ill will towards them.
But their selling of proprietary extentions to the Sourceforge software
does seem to be one more strike agains those of us who still want to think
that the Free Software/Open Source model of software development is one
that can work and that ultimately will be the best for everybody.

-Rob

From:	 David.Kastrup@neuroinformatik.ruhr-uni-bochum.de
To:	 letters@lwn.net
Subject: Stallman and things
Date:	 23 Aug 2001 11:59:39 +0200


The problem of Stallman is that of many a great revolutionary: once
the idea they have so painfully nurtured and fostered and kindled has
finally caught on and is spreading like a wild fire, they cannot
simply leave it to itself and restrain the urge to control what needed
their care for a long time.  Sort of a children and parent problem.

Stallman is no fool, but a bit out of touch with reality.  Apply the
proper grain of salt when listening to him.  He has deserved it.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum
Email: David.Kastrup@neuroinformatik.ruhr-uni-bochum.de

From:	 Kapil Hari Paranjape <kapil@imsc.ernet.in>
To:	 letters@lwn.net
Subject: Freedom zero and all that
Date:	 Sat, 25 Aug 2001 12:41:23 +0530

Dear LWN,

I read with interest your editorial this week ("Let's beat up on
Richard Stallman") and the articles by O'Reilly and the others.
Of course this has led to another series of postings in various
fora and the debate will rage on. Here is my 2 paise worth.

1. RMS < FSF < GNU < GPL. But we are often guilty of equating them. In
   particular, each time RMS makes a statement that people object to
   they use it as an excuse to beat up on the FSF and sometimes the GPL
   as well. Of course, RMS himself is guilty of over-reaching on some
   of these inequalities...

2. The GPL is about the user's freedom. What O'Reilly (and open
   source) is talking about is the developer's freedom. But the
   distinction between users and developers is a grayscale and not black
   and white. We all start as (l)users and (should) try to attain some
   sort of mastery. The GPL says that every developer *must* help a user
   in this by letting the user (a) use the program (b) study and adapt
   it (c) get friends involved in this ativity (d) carry on the work of
   developers that came before by helping others too.

3. If developers grant themselves the "freedom"/"power" to stop
   helping users in this way *or* users grant themselves the right to
   expect "readymade" fixes from developers forever, it is only a
   matter of time before the division is created and made permanent.

Unfortunately, O'Reilly's "freedom zero" is easily distorted into a
freedom for developers such as in (3). The response from RMS/BMK also
too easily interpreted to mean a user's "right to expect" as in (3).

A cliche (actually the title of an Indian soap opera) may help!

   	"Sans bhi kabhi bahu thi"
   		(A mother-in-law was also a daughter-in-law once).

Kapil Paranjape.

From:	 Michael Alan Dorman <mdorman@debian.org>
To:	 letters@lwn.net
Subject: Thanks for cutting through the rhetoric!
Date:	 23 Aug 2001 07:27:05 -0700

Your "Should we be talking about freedom?" section on the Main Page of
this week's issue is something that I would hope many people will read
and remember and refer back to.

Although I'm personally happy I work on "Debian GNU/Linux" rather than
"Debian Linux"---I got started using GNU software before I started
using Linux (heck before Linux existed), and I *do* think the GNU part
is really important---it's a point on which reasonable people may
disagree.

The value of freedom, however, is one thing which I would hope people
would recognize is essential and Richard Stallman is our conscience on
this matter, with all that implies: an inability to compromise, a
tendency to nag, and hundreds of other annoyances that one must,
nevertheless, tolerate because he is also our benchmark---you may not
share his values, but you always have a fixed, absolute point from
which to navigate.

I will, however, spare you with my jeremiad against Eric Raymond,
including my analysis of why his response to Stallman and Kuhn is
obviously slanted against them, and why I don't think Eric Raymond
really cares deeply about any freedom other than that of gun
ownership. :-)

Mike.
-- 
"One does not write satire anymore; one merely tries to stay half a
step ahead of reality." -- Jon Carroll

From:	 Stuart Thayer <thayer@scfn.thpl.lib.fl.us>
To:	 letters@lwn.net
Subject: Eric Raymond
Date:	 Thu, 23 Aug 2001 13:14:16 -0400

Folks:

	I think Eric Raymond's missive to Stallman and Riley bends
backwards too far to be fair. Fairness is, most would agree,
a noble thing. But he seems naive, at least for the sake of
making his point, about American politics.

	There is a far greater chance of outlawing open source than
outlawing proprietary software, so the power play isn't as
equal as it may seem.

	U.S. politics is based on bribery. We don't call it that,
of course; we call them campaign contributions. Even our
illustrious Supreme Court tries to bamboozle us by calling
them free speech, thus protected by the First Amendment. The
U.S. may be the only country in the world where bribery
enjoys constitutional protection.

	Owners of proprietary software, with their profits, are
thus in a far better position to bribe U.S. lawmakers to
make free software illegal than developers of free software,
with few profits, are to persuade, cajole, jawbone, or
otherwise plead -- with no monetary incentive -- lawmakers
into making proprietary software illegal.

	I'll leave it to you to decide which poses the greater danger.

From:	 David Gibson <david@gibson.dropbear.id.au>
To:	 lwn@lwn.net
Subject: Flerbage
Date:	 Wed, 29 Aug 2001 13:08:46 +1000
Cc:	 esr@thyrsus.com, rms@gnu.org

The FSF's use of the word "freedom" might be confusing, but Eric
Raymond's flerbage argument is certainly a straw man.

Eric postulates that a law banning proprietary software has been
passed.  Thus, he argues he could now be thrown in jail for offering
people software under the same proprietary license as he did before
the ban, which would indeed seriously diminish his flerbage.  But why
on earth would anyone pass a law making it a jailable offence to offer
a proprietary license, when all that is necessary to effectively "ban"
proprietary licenses is to modify copyright law so that they are
unenforceable[1].  Essentially Eric's argument assumes that it is
possible to offer proprietary licenses, whereas the point of banning
them would be to make it impossible, rather than to punish people
merely for making the attempt.

So let us suppose instead that proprietary software was "banned" in
this much more sensible way.  Now, in such a world, I could go and
offer software under a proprietary license to whomever I pleased.  Of
course, whoever I did offer it to is quite likely to either a) laugh
in my face, or b) take the software and then do whatever they please
with it, since they know I can't enforce my license restrictions.
Still, I'm not going to be dragged off to prison for it.  So, while
this state of affairs might be unfortunate for me if I was planning to
live off license sales, it hasn't affected my flerbage.

Note that in the above I haven't actually touched on the issue of
whether banning proprietary licenses would be a good idea or not. 
That's a much more subtle issue, and one that can't be decided on
matters of flerbage alone.

[1] Strictly there are two things which would have to be done - first
make explicitly restrictive licenses unenforceable and second remove
the built-in restrictions imposed by copyright [2].

[2] Before anyone points out that this would probably also make the
GPL unenforceable, that's strictly true, but irrelevant.  A ban on
proprietary licensing would give many of the rights (e.g. unrestricted
duplication and modification) that the GPL grants automatically and
while someone could promulgate binaries but not sources to a formerly
GPLed program, there would be little incentive to do so.

-- 
David Gibson			| For every complex problem there is a
david@gibson.dropbear.id.au	| solution which is simple, neat and
				| wrong.  -- H.L. Mencken
http://www.ozlabs.org/people/dgibson

From:	 zooko@zooko.com
To:	 lwn@lwn.net
Subject: /dev/random silliness
Date:	 Thu, 23 Aug 2001 09:32:03 -0700


Folks:

The vast majority (perhaps all) of the people who use /dev/random to the
exclusion of /dev/urandom in their crypto applications are doing so out of
ignorance, and are not making their application any safer for their users.


Assume that the random pool has been initialized with 160 bits which no
attacker can guess.  (That assumption is the hard part, but if it is wrong then
/dev/random can fail just as easily as /dev/urandom can.  Note that this
implies that /dev/urandom *must* block or otherwise signal an exception if this
precondition is not met.)

Now for an attacker to guess the output of /dev/urandom he must accomplish one
of the following:

1. perform roughly 2^160 work (i.e. guess-and-check for all possible initial
   states)
2. exploit a flaw in the cryptographic underpinings of the /dev/*randoms (e.g.
   SHA1)
3. penetrate the computer and read the state of the random pool
4. exploit a flaw in the code that implements the /dev/*randoms


In practice, some combination of these might enable an attack, although
obviously #1 will never happen, as long as the attacker is confined to using
conventional (Turing machine) computers.


Now my point is that /dev/random can fall to an attack like this just as easily
as /dev/urandom can!  In fact, the added complexity of implementing the
/dev/random behavior makes #4 *more* likely for /dev/random than for
/dev/urandom.

Not to mention that /dev/random's specification *requires* the applications
that use it to become susceptible to a DoS attack by sucking down the "entropy
estimate" count.


Here's the real kicker: with the exception of a true One Time Pad, any
application that uses /dev/*random is going to also use some cryptographic
primitives like a block cipher, stream cipher, secure hash, public key
cryptosystem etc., now each of *those* primitives themselves are susceptible to
a massive, impossible brute-force attack (attack #1, above), just like
/dev/urandom is!

Therefore, there is absolutely no improvement in using /dev/random over
/dev/urandom, and then feeding the results into a block cipher which is itself
susceptible to an impossible (e.g. 2^128) brute force attack.


The bottom line is: if you are not implementing a true One Time Pad that
utilizes no cryptographic primitives -- it uses only XOR -- then you shouldn't
be using /dev/random.  To do so opens you up to a DoS attack, and makes the
security of your app depend on more complex code, but gives you no real-world
improvement in security.


Regards,

Zooko

From:	 Leandro =?ISO-8859-15?Q?Guimar=E3es?= Faria Corsetti Dutra
	 <leandrod@mac.com>
To:	 letters@lwn.net
Subject: Kernel /dev/random entropy only adds to security worries
Date:	 Thu, 23 Aug 2001 16:03:00 -0300

> Once again, nobody has ever gotten close to demonstrating an attack of
> this nature, but if security people didn't worry they would have little to
> do.

	It seems to me that it wasn't intentional, but this sentences sound to me like 
the author meant that security people had to worry about very improbable 
events in order to get occupied.  It sure can be construed like that, and 
that's certainly not true, as bad security practices almost everywhere already 
give them surely plenty of labor.



-- 
  _
/ \ Leandro Guimarães Faria Corsetti Dutra           +55 (11) 246 96 07
\ / http://homepage.mac.com./leandrod/     BRASIL    +55 (43) 322 89 71
  X  http://tutoriald.sourceforge.net./     mailto:lgcdutra@terra.com.br
/ \ Campanha fita ASCII, contra correio HTML    mailto:leandrod@mac.com

From:	 "Tom Poe" <tompoe@source.net>
To:	 <letters@lwn.net>
Subject: RH and Proprietary Software Comment
Date:	 Thu, 23 Aug 2001 22:14:41 -0700

Hello:  You mention the issue of proprietary software being written
specifically for RH, this week.  You mentioned that there might be some
straying from LSB by RH, which then would have the market move away from
other distributions in order to have access to proprietary software written
for Linux.

My comment is, that such a path is going to be followed, only if the
software is critical to a business.  If it's not critical, CFO's are going
to have to have some other compelling reason to become vendor inmates once
again, don't you think?

Further, it's my humble opinion, that RH has already crossed the line into
proprietaryville.  I can't help but feel they look like a duck, smell like a
duck, talk like a duck, walk like a duck, and are a proprietary product at
this point.  Maybe it's time they're called a duck/proprietary product, and
need to be recategorized by Open Source folks, or whatever.  Tom

From:	 Robert Bihlmeyer <robbe@orcus.priv.at>
To:	 letters@lwn.net
Subject: Debian and proprietary software
Date:	 24 Aug 2001 14:16:35 +0200

> However, if a business chooses to run Debian and also chooses to use
> a proprietary software product shouldn't this combination just work?

Why should it? While Debian states that it supports its users even
when they're running proprietory software, no claims are made that no
work on the users's part will be required. Making proprietory software
easy to run on Debian is certainly not a primary goal of the project.

Debian developers and users may of course choose to make this their
goal, and support it independently.

> Should that business be forced to use a different distribution just
> because it is tied to a third party product? This is a mode of
> operation more reminiscent of certain proprietary operating systems
> than of Linux.

Oh, come on! What is Debian doing to /force/ its users to a different
distribution? Certainly, some of them may be faced with the choice
between easily installable proprietory software on the one hand, and
whatever advantages one sees in Debian over, say, redhat.

Debian is simply omitting a feature that many Debian users can do
without, not actively prohibiting others from using it the way they
like.

Is redhat /forcing/ Sparc owner to Debian for not providing an
appropriate port of their distro?

Perhaps, what you really want to see is a distribution with the same
technical featureset as Debian, but a different social agenda. Fine by
me, but please let's make this a new distribution, not a future
Debian.

> World domination [...]

... is more reminiscent of certain proprietary operation system
vendors, no?

-- 
Robbe

From:	 Leon Brooks <leon@cclinic.com.au>
To:	 letters@lwn.net
Subject: Simple example of Unix flexibility
Date:	 Sun, 26 Aug 2001 13:47:16 +0800

Many LWN readers will not need to delve into the guts of their 
systems to do what they want done, and may miss most of the goodness 
in their systems. Many similarly inclined non-LWN-readers may wonder 
what all the fuss is about with Linux, and with Unix and general, and 
why geeks get so hyped over it.

I ran across a little example just now which shows how useful the 
flexibility of the Unix every-program-is-a-tool attitude can be.

The problem: I have an ISO image of some Open Source software CDs in 
files on a hard disk, and I want to get them out and burn some copies 
onto CD-R media.

The partition that the ISOs are in is ReiserFS format instead of 
the traditional Linux ext2. Windows users can think in terms of a 
Win2k partition instead of NT-4.0-level NTFS. the tools I have to 
achieve this with are an unlimited supply of Windows 9X boxes, one 
Mandrake Linux 8.0 box [ohso] which can read ReiserFS but can't be 
shut down to have a hard disk installed, and one RedHat Linux 7.1 box 
[archenland] which can't read ReiserFS and also can't be shut down to 
be taught how, but does have a CD burner. All on the same LAN.

The solution, step by step (follow the bouncing ball):

  *  Plug the offending hard disk and a Linux Router Project (LRP)
     floppy into a random Windows 98 box [aravis].

  *  Boot aravis under Linux. LRP can't read ReiserFS either.

  *  From ohso, "ssh -x aravis 'cat /dev/hda5' >hda5.image" to copy
     the 2GB partition across the LAN from the LRP box.

  *  "mkdir 1; mount -t reiserfs hda5.image 1" to make a temporary
     directory and attach the local copy of the partition to it.

  *  "scp 1/*.iso archenland:" to copy the ISO images to the box
     with the burner.

  *  From archenland, "cdrecord dev=0,4,0 -eject -speed=6 first.iso"
     (and repeat for each ISO).

If that had been a Windows-based problem, I would have had to go out 
and find a working machine that had an OS capable of reading the hard 
disk, and a CD burner. Else just cry into my peppermint tea (I'm a 
weird Aussie, I don't like beer). Did I mention that this is on a 
Sunday and in the middle of the Australian outback, 1400km from the 
city?

A couple of things worth noting: I can burn those CDs in a machine 
several hundred meters away, securely and with no special software, 
and have a computer illiterate feed CD-R blanks for me as required; 
archenland is UW SCSI so can safely burn about 12-14 CDs at once; 
authors of newer Gnome and KDE packages tend to make them 
specialised rather than flexible - please don't; Microsoft have 
finally remembered that mounting is useful, and have implemented it 
for XP; Does anyone have a useful standalone version of NT, 2000, or 
XP that fits on one floppy?

For those interested in LRP, I took the EigerStein2BETA image from 
http://lrp.steinkuehler.net/, wrote an IDE-enabled kernel on it, 
added modules for all of the network cards used here, lost the DHCP, 
DNS and web packages, added sshd, made a key and lost keygen, added 
hdsupp. Hand-edited syslinux.cfg then used lrcfg to "backup" all 
packages and reboot to test. If anyone wants to host a copy of the 
finished product, just ask.

This LRP floppy is used for recovering vital stuff from dead Windows 
boxes before reGhosting, and for quick network solutions (random box 
+ extra LAN card + floppy == instant router, add another floppy for a 
proper webserver or the like). More powerful LRP-like bootable CDs 
are also available for machines that actually have CD drives.

We hope that you enjoyed the show.