Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Recently, the law's drafting committee held a meeting to try to resurrect UCITA. The resulting amendments are described in this posting from long-time UCITA critic Cem Kaner. It makes for interesting reading.

Certain aspects of UCITA, such as the "self help" provision that would allow vendors to shut down software remotely, have been cleaned up. UCITA no longer allows vendor back doors, thus closing off one obvious source of problems and security holes. In theory, the provisions allowing vendors to forbid public criticism of their software have been removed. As Mr. Kaner points out, though, a huge loophole remains.

For the free software community, however, the most interesting provisions are likely to be those having to do with warranties and liability. On the surface, the refurbished UCITA allows the disclaimer of warranties on free software. The situation is not as good as it seems, however:

• UCITA uses a "free beer" definition of free software. Thus, for example, Internet Explorer is free software under this code.

• Warranty disclaimers are not allowed when the user is a "consumer" (i.e. not a business).

So, the UCITA battle will have to be fought yet again, on a state-by-state basis. The alternative is the prospect of free software being forced off the net (or, at least, out of the U.S.) with implied warranties that nobody was ever paid to back up.

What does 2002 hold for Linux? One of the privileges of editing a publication is the ability to put out annual lists of dubious predictions. LWN is not immune to the attraction of pretending that we know more than anybody else, so here goes. The following stuff might actually happen this year. Or it might not.

• Linux systems will suffer a major security incident with significant costs to those affected. Names like "Code Red," "Nimda," and "Sircam" inspire disdain and amusement among Linux users. But, while our systems are generally more secure, we do not have an absolute solution to security problems. Sooner or later, we will get bitten too.

• We will lose a major distributor to bankruptcy, merger, or acquisition. Consolidation in the distributor market has been predicted for some time, but the distributors have proved remarkably resilient. There are limits to resilience, however, and at least one distributor is likely to find out where those limits are. No, we will not try to predict which one.

• Workable free software business models will begin to emerge. The Bubble Days distracted Linux businesses from the vital task of actually making money for a while, but those days have been gone for a while now. With no alternative, some businesses will actually figure out a way to survive.

• Desktop Linux will be taken far more seriously by the end of the year. Over the last year, an impressive array of desktop tools have reached a stable state: consider Galeon (and, of course, Mozilla, upon which Galeon is based), Konqueror, GnuCash, Nautilus, Evolution, and, of course, the KDE and GNOME desktop environments in general. 2002 will see the stabilization of a number of office productivity tools, such as KOffice, OpenOffice, Gnumeric, and AbiWord. At that point, the Linux desktop will have almost everything needed by a large number of desktop users. More specialized applications will take years to fill in, but the basics are coming into place.

• The legal situation will get murkier. A high-level U.S. court ruling against the DMCA is possible; chances are good, however, that we will have another Dmitry Sklyarov to defend.

• Alternative kernel trees will grow in importance. Linus Torvalds will continue to set the general developmental direction, but, increasingly, the kernels that people actually run will be produced by somebody else.

The LWN.net 2001 Linux Timeline, final version. We are, perhaps, better at looking backward. So, with pleasure, we announce that the final version of the LWN.net 2001 Linux Timeline is now available. Thanks to all of you who offered comments on the previous versions.

Inside this LWN.net weekly edition:

• Security: Microsoft's security bugs; exploitable mutt problem; glibc updates
• Kernel: 2.5.2 scheduler changes; development process issues; waiting for kbuild.
• Distributions: Distributions in Review - Part 2; DutNux.
• Development: KDE 3.0 beta 1, Ogg Vorbis RC3, P2P Topologies, Gnumeric 1.0.0, Bluefish 0.7, DotGNU yearly review, GCC 3.0.3, Jython 2.1, XML issues.
• Commerce: News from ActiveState; Creatures Internet Edition now shipping.
• History: Linux on PowerPC; mirrors for the kernel; Y2K.
• Letters: Galeon installation; SourceForge; U.K. and open source.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor

See also: last week's Security page.

Security

News and Editorials

Microsoft's security bugs. Perhaps some of you run networks where you have to deal with these things... Certainly the current bug in Windows XP is getting a lot of attention, since it exposes most network-connected systems to a remote exploit. The thing that stands out to some of us is that it took Microsoft five weeks to get a fix out. Not all Linux security problems get fixed immediately, but a vulnerability that exposed almost every network-connected Linux system would see a very quick response.

Fewer people have been concerned about this Internet Explorer bug, but it's really just as bad. Write a web page that feeds IE a .exe file with an image/jpeg MIME header, and IE will happily execute it. You don't even have to be a script kiddie to exploit this one. Be careful out there...

Security Reports

Remotely exploitable security problem in mutt. A couple of new mutt releases (1.2.5.1 and 1.3.25) were announced this week. These releases include a fix for a security problem which, apparently, can be exploited remotely. The nature of the vulnerability is still being kept under wraps.

The Debian Project came out with the first mutt update for this vulnerability that we have seen. Expect to see updates to a number of other distributons shortly.

Problems with libgtop_daemon. The libgtop_daemon package is a GNOME program which makes system information available remotely. LWN reported the remotely exploitable format string and buffer overflow vulnerabilities in that package on December 6th. On November 28th SuSE recommended disabling the libgtop_daemon on systems where it is running until an update is available.

MandrakeSoft has issued what appears to be the first security update to libgtop that fixes the problems. Mandrake Linux systems do not run libgtop by default, but applying the update is a good idea anyway.

Debian security update to gpm. The Debian Project has issued a security update to gpm fixing a format string vulnerability in that package.

EnGarde security update to stunnel. Stunnel has a format string bug described in detail here. EnGarde Secure Linux has already put out a security update addressing the problem.

Red Hat security update to namazu. Red Hat has released a security update to namazu fixing a cross-site scripting problem in that package.

HP security updates to sendmail, ghostscript, and glibc. HP has sent out a bulk security update notice for users of its "HP Secure OS Software for Linux." Updated packages include sendmail (local root exploit), ghostscript (read access to protected files) and glibc (file globbing buffer overflow).

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Magic Enterprise Edition, from Magic Software, has multiple vulnerabilities which are detailed in this post to bugtraq from immutec.
• The Aktivate Shopping System for Linux (and other Unices) had a cross site scripting vulnerability reported on bugtraq.

Updates

This week's updates:

• Debian (January 13, 2002)
• Slackware (January 12, 2002)

• Mandrake (January 8, 2002) (fix 8.0/PPC problem in original update)
• Conectiva (January 3, 2002)
• SuSE (December 24, 2001)
• Immunix (December 19, 2001)
• Mandrake (December 19, 2001)
• Trustix (December 19, 2001)
• EnGarde (December 17, 2001)
• Red Hat (December 14, 2001)

Mailman cross-site scripting vulnerability. This vulnerability was first reported by LWN on  December 13th.

This week's updates:

• Red Hat (December 19, 2001) ( Red Hat 7.2 )
• Red Hat (December 20, 2001) ( PowerTools 7 and 7.1 )

• Debian (December 16, 2001)
• Conectiva (December 11, 2001)

OpenSSH UseLogin vulnerability. This obscure vulnerability is not of concern to most sites. This problem first appeared in  the December 6th LWN security page.

This week's updates:

• Turbolinux (January 23, 2002)

• Caldera (December 11, 2001)
• Caldera (December 14, 2001) (correct December 11th update)
• Conectiva (December 13, 2001)
• Debian (December 5, 2001) (backport from OpenSSH 3.0.2)
• Mandrake (December 13, 2001)
• Red Hat (December 4, 2001) (backport from OpenSSH 3.0.2)
• Trustix (December 19, 2001)

Resources

The Linux Intrusion Detection System 1.1.0 for the 2.4.16 (2.4.x) kernel is available. The Linux Intrusion Detection System (LIDS) is a" a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root."

Events

Upcoming Security Events.

Date	Event	Location
January 7 - 9, 2002	2002 Federal Convention on Emerging Technologies: a Homeland Security Forum	Las Vegas, Nevada, USA
January 30 - February 2, 2002	Second Annual Privacy and Data Protection Summit	Washington D.C., USA
February 15 - 17, 2002	CODECON 2002	San Francisco, California, USA
February 18 - 22, 2002	RSA Conference 2002	San Jose, CA., USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

One of those "other things" is a 'new and anal' kdev_t type. kdev_t, the internal kernel representation for device numbers, has traditionally just been the user-space dev_t in disguise. It is now defined as a structure as a way of finding all kernel code which treats kdev_t as a simple number. Even proper code needs editing, however, since the macros which manipulate kdev_t have changed. As of -pre6, there is a lot of code which still needs work and which, thus, does not compile. The -pre6 prepatch is not for people who are not interested in tracking down these sorts of problems.

The current stable kernel release is 2.4.17, released on December 21. There was some grumbling that the final 2.4.17 patch included a couple of new fixes; Marcelo's policy seems to be that obvious, simple bug fixes can go in even after the last release candidate.

The first 2.4.18 prepatch came out on December 26; it is a large patch with a number of architecture updates.

Other prepatches: Dave Jones's current prepatch is at 2.5.1-dj10. It tracks the Linus prepatches through 2.5.2-pre5, and, thus, does not yet contain the kdev_t work.

Michael Cohen has concluded that the world still needs a 2.4-based development tree. So, he has released 2.4.17-mjc1 to fill that need. It starts with 2.4.17, of course, but then adds Rik van Riel's reverse mapping patch, the preemptible kernel patch, software suspend, Andre Hedrick's IDE work, and more. Despite all that, Michael claims "I'll try to keep this as close to the 2.4.x line as possible."

2.2 users may be interested in 2.2.21-pre2 from Alan Cox.

Scheduler tweaks. The debate on what changes should be made to the scheduler in 2.5 has not yet really happened. Even so, Linus has started merging in tweaks to the existing algorithm, in the form of Davide Libenzi's Time Slice Split Scheduler patch. This patch changes the way the scheduler handles the "dynamic priority" of processes; the result, hopefully, is fairer scheduling with lower overhead.

The Linux scheduler has traditionally handled dynamic priority via a task structure field called counter; the number stored in counter is, essentially, the number of clock ticks left in the process's time slice. By using this count as a priority adjustment, the kernel tries to divide the processor relatively equally among processes that need it; a process which has not managed to use up much of its time slice will be selected over another which has exhausted most of its time.

The new scheduler separates dynamic priority from time slice accounting by replacing counter with two new task structure fields: dyn_prio and time_slice. This change simplifies the time slice accounting in the kernel, and makes it easy to adjust the dynamic priority for other reasons. For example, a small priority boost can be given to a process which has just completed an I/O operation without increasing its time slice.

The new code has been steadily tweaked since its inclusion in the prepatch, mostly through adjustments to the time slice and dynamic priority settings. There have been few complaints, but also few posted benchmark results. And this patch does little to address the difficulties encountered by the current scheduler on SMP systems. Work with the scheduling algorithm is likely to continue for some time.

The kernel development process has been discussed from many angles over the last couple of weeks. Perhaps, at the end of a sometimes difficult year, developers need to ponder on how to make things better. Here's a few things that have come up:

• Where is aio? Ben LaHaise first submitted his asynchronous I/O patches early last year. The AIO code enables user processes to queue up I/O operations directly from their buffers (i.e. without being copied through the kernel) without having to wait for their completion. AIO is a feature that Oracle has wanted for some time, as have other authors of high-performance applications.

  Discussion of the AIO patch on the kernel mailing list has been light, despite the fact that this patch makes deep and significant changes to how things have been done. Ben feels that part of the problem, at least, is the fact that these patches - or at least the part that reserves the AIO system calls - has not been merged into the mainline kernel. So there is no easy and stable platform for people to play with.

  Linus likes the AIO patch, but is not ready to merge it, or reserve system calls, until it has been more thoroughly discussed on the kernel mailing list. The result is a sort of "chicken and egg" standoff where AIO never really seems to move forward.

  One possible solution is this patch from Keith Owens, which makes it easy for kernel patches to use temporary system call numbers. System calls are registered at system boot (or module load) time, and they are exported to user space via a /proc interface. Properly written applications will be able to find the system calls they need, and they will continue to run properly even if those numbers change.

• Units in the kernel. When somebody talks about "kilobytes," what unit are they really using? "Kilo" traditionally means 10³ (1000), but, in the computing world, it often means 2¹⁰ (1024) instead. A similar ambiguity exists for the "mega" prefix (10⁶ or 2²⁰) as well. For the most part, people have lived with this fuzziness without trouble, but there are always those who feel that it's better to be exact.

  There is, in fact, a standard for the description of binary multiples. According to this standard, a "kilobyte" of memory is really a "kibibyte", and should be written "KiB". The standard also defines "mebi," "gibi," and so on. These definitions have been around since 1998, but their use has been minimal.

  When these units started showing up in the kernel's Configure.help file, some complaints started rolling in. Not everybody likes these units, to say the least. Eric Raymond, current keeper of Configure.help, has stated that he will continue to follow the published standards unless there is a clear consensus to the contrary. Clear consensus can be a scarce thing on the kernel mailing list, however, and no such consensus seems to have emerged on this issue.

• Patch management. Low-level grumbling about patches being dropped by Linus (and others) has been a constant linux-kernel feature for a while. Patches sent to Linus often seem to just fall into the void; they are not applied, and no response comes back. Developers will often find that a patch finally goes in after having been submitted, without response, several times. It can be demoralizing for a hacker to be continually updating a patch to track the current kernel releases with no feedback as to whether it will eventually be included or not.

  One idea that occasionally comes up is the use of a patch management system. That was actually tried once, some years ago, but Linus has since stopped using the system. Among other things, says Linus, there is not much use in actually tracking patches over time. If they are not incorporated into the kernel, they go stale in a hurry and can no longer easily be applied. Linus, would rather that the job of merging patches with other developments stay with the originator of the patch. It also seems that Linus would rather work with people who will be persistent enough to maintain their patches until they are included, on the theory that these people will continue to maintain the code after inclusion.

The patch management issue, in particular, is likely to help drive the continuing success of the alternative kernel trees. Increasingly, one or more of these trees is likely to become a necessary staging area where patches can be tried out before finding their way into the mainline kernel. In fact, Linus says that the multiple trees are one of the strengths of the kernel development process for a number of reasons, one of which is patch management.

The Linux kernel is almost alone in its use of multiple trees as part of the development process. Many projects have stable and development branches, but few have multiple trees on either the stable or development side. It will be interesting to see if the multiple-tree idea proves useful enough to spread more widely in the free software development world.

The new kernel build implementation remains a topic of interest. Eric Raymond has sent out a the state of the new config and build system message stating that everything was ready to go whenever Linus is. Keith Owens, meanwhile, has released kbuild 1.12 for the 2.5 kernel. There remains one little problem, however: the new kbuild takes about twice as long to execute a full kernel build. Not surprisingly, the kernel developers are not entirely enthusiastic about this state of affairs. They wait on kernel builds every day and have little taste for a change that makes things far slower.

Keith's response to the complaints is essentially this: the new kbuild fixes a number of problems, especially with regard to handling of dependencies, that exist in the current kbuild system. Correctness comes first, with performance to follow. Keith believes that he can fix the performance problems, fairly quickly, but only after the kbuild code has been integrated into the kernel. Until then, he is busy enough just managing the patch and keeping it current with kernel releases.

Linus, you have a choice between a known broken build system and a clean and reliable system, which is slightly slower in mark 1. Please add kbuild 2.5 to the kernel, then I will have time to rewrite the core programs for speed. Mark 2 of the core code will be significantly faster.

There has been no word from Linus. In the view of many kernel developers, however, who have not generally had trouble with the existing build system, the new kbuild should not be merged until the performance problems have been dealt with. Keith has already made some steps in that direction with a new design for the management of the data used by the kbuild process.

Other patches and updates released this week include:

• Rusty Russell has posted a new /proc/sys implementation which creates a completely new filesystem for single-value items.

• Pavel Machek has posted a new software suspend patch for 2.5.1.

• Jean Tourrilhes continues work on the new wireless driver API; the latest patch adds for support for wireless events.

• kdb 2.0 for 2.4.17 was released by Keith Owens.

• Dmitri Kassatkine has announced version 0.9pre7 of the affix BlueTooth stack.

• Jeff Dike has released version 0.54-2.4.17 of the User-mode Linux port. Jeff also states that he has sent a UML port off to Linus for inclusion in 2.5.

• Arnaldo Carvalho de Melo has posted a tool which plots the dependencies between Linux kernel include files. An example of its output may be seen on the right.

• Christoph Hellwig has released a DRM 4.0 patch for the 2.4.17 kernel.

• A new high-resolution timers patch was announced by George Anzinger.

• The Linux Kernel Source Finder is a new web page, maintained by David Alan Gilbert, containing pointers to the definitive archives for non-x86 Linux kernel sources.

• Kernel Traffic #148 (December 31) is available.

• James Bottomley has posted a patch adding support for the NCR voyager architecture.

• Momchil Velikov has posted a patch improving the performance of the kernel page cache in a number of ways.

• Rik van Riel has posted a 2.4.17 VM implementation with reverse mapping support. The announcement describes what is in the patch, but people who want to actually run the code should use version 10a instead.

• A BeOS filesystem implementation for Linux is available from Will Dyson.

• Andrew Cannon has a filesystem driver for the Radisys RBF filesystem.

• devfs 199.6 (for 2.4.17) and devfs 205 (2.5.1) were released by Richard Gooch.

• Zygo Blaxell has posted a CryptoAPI patch for 2.4.17.

• CML2 1.9.20 has been released by Eric Raymond.

• The third stable release of USAGI (the "UniverSAl playGround for Ipv6") was announced by Kanda Mitsuru.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.

Distributions

News and Editorials

Distributions in Review - Part 2. As a new year begins, we conclude our review of Linux Distribution news, looking at July through December of 2001. Some distributions call it quits, other distribution mature.

Based on the results of this latest functional evaluation, DHBA believes that the leading Linux distributions are now quite capable of serving as general-purpose operating systems for a broad range of departmental and workgroup applications.
-- D.H. Brown

Things heated up around Debian as the Woody freeze began in July. This was followed by a hard freeze in November. The Debian Multimedia Distribution (DeMuDi) project was launched. DeMuDi is a Debian based distribution with a multi-media focus. Also, the Debian Conference 1 was held in Bordeaux, France.

Lineo decided to make a real-time version of its embedded OS, Embedix, by licensing the RTLinux patent.

Lineo established this license in response to an existing patent that presented fear, uncertainty and doubt (FUD) in the minds of some embedded developers who would otherwise utilize the robust RTAI open source technology.
-- Lineo's Dave Beal

Progeny Linux Systems ceased development on its Progeny Debian distribution.

The Scyld Beowulf Professional Edition, a distribution aimed at making it easy to create clusters, was released.

Slackware discontinued its Sparc port. The Splack project took up the slack.

SuSE released the SuSE Linux Enterprise Server 7, SuSE Linux 7.3, and most recently the SuSE Linux Enterprise Server 7 for the Itanium.

Xandros licensed Corel Linux, and hired Corel's developers. The Xandros distribution is due "early 2002."

GNU-Darwin for the x86 was released.

Many established distributions came out with new releases, including:

• BlueCat Linux 4.0
• Conectiva Linux 7.0
• Mandrake Linux 8.1
• Red Hat Linux 7.2
• Slackware 8.0
• Trustix Secure Linux 1.5
• Yellow Dog Linux 2.1

New Distributions

DutNux. The project appeared last April, but now there's a 0.9.9-testing release. DutNux is a mini Linux distribution that supports WCCP (Web Cache Communication Protocol) with transparent proxying using Squid. It is intended to cooperate with Cisco routers.

Distribution News

Debian News. The Debian Weekly News for December 19 contains a look at the latest Hurd CD images, Debian's response to security bugs, new mailing lists, and more.

Here's the Debian Weekly News for December 27. Covered topics include localization, the upcoming 2.2r5 release, the ongoing quality of Debian packages, and more.

A new revision of Debian GNU/Linux 2.2 (codename `potato') will be out soon.

Here's a report about the Debian Description Translation Project (DDTP), past and present.

Read this to find out more about Euro support in Debian.

FreeBSD. The FreeBSD-stable branch of the source tree has now been frozen in preparation for the release of FreeBSD 4.5.

If you are running FreeBSD and you cannot bring down the machine to upgrade the OS, but would like to see some of the newer features or bug fixes on your system, the FreeBSD Backports page has what you need.

Mandrake Linux. MandrakeSoft reported that according to a Linux Magazine UK study, 46% of the people in the UK use Mandrake Linux - far ahead of Red Hat Linux, at 21%.

The "Mandrake Clubhouse" is open for business. The Clubhouse is "a custom website where club members can learn about club-related activities, take part in discussions, and enjoy certain privileges."

Check out the MandrakeLinux Cooker Christmas snapshot, a MandrakeCooker snapshot 2 ISOs set available at most mirror sites.

Also available, the KDE 3.0 Beta 1 for ML 8.0, 8.1 and a bug fix advisory for samba.

Red Hat Linux Users Group launches. rhlug.org is new site "from Red Hat Linux users for Red Hat Linux users".

Rock Linux. René Rebe, the maintainer of ROCK Linux Desktop subdistribution (dROCK), has announced the long-awaited 1.4.0 release. dROCK is a subdistribution based on ROCK Linux but intended primarily for desktop use. It is targeted towards administrators who want to install "microwave-style" workstations that just work - everyday.

Rock 1.5.12 has been released. This development release is based on Linux Kernel 2.4.14, glibc 2.2.4, binutils 2.11.92.0.10 and gcc 2.95.3. Get it at the usual places. Changelog here.

LinuxUser magazine has a review of Rock Linux 1.4.0 (in pdf format). The part about Rock Linux begins on page 4. "Rock has a strong community of users in much the same way that other popular distributions do. Often users have encountered many forms of Linux prior to settling with Rock."

Slackware News. Two weeks ago we reported that Slackware.com had been broken into. That was incorrect. The site was down, but it appears there was nothing more sinister than some faulty hardware. Slackware.com is back, we would like to apologize for any alarm or inconvenience our previous note caused. Also congratulations to Patrick who was too busy getting married to notice right away.

There is a new Slackware mailing list for UK slackers. Subscription information can be found here.

Minor Distribution updates

BasicLinux. BasicLinux is a mini-version of Linux, now at version 1.61.

Devil-Linux 0.5 beta 5 released. The fifth beta of Devil-Linux 0.5 has been released. See the announcement for details of what has changed.

Fd Linux. Fd Linux is a mini floppy distribution of Linux set to fit on 1 floppy disk (kernel and root fs are combined). Stable version 2.0-0 is out now.

floppyfw. floppyfw is a router and simple firewall on one single floppy. Stable version 1.0.12.3 was released December 22, 2001 and development version 1.9.15 was released December 24, 2001.

Gentoo Linux 1.0_rc6-r14. Gentoo Linux 1.0_rc6-r14 has been released. Lots of new stuff has been thrown in, including three journaling filesystems, a new installation CD, and more.

Mindi Linux. Mindi Linux version 0.50 has been released.

OpenNA Linux. OpenNA Linux, a secure, fast distribution for running mission critical tasks in a high security, released a beta 2 version.

Trustix Secure Linux. Trustix Secure Linux has released several bugfix advisories:

• Apache
• Freeswan
• kernel
• Postfix

ttylinux. ttylinux is a minimalistic Linux distribution that can fit in 4 MB of disk space. Version 1.17 was released December 28, with updated modutils and util-linux, in the changelog.

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

See also: last week's Development page.

Development projects

News and Editorials

The first beta of KDE 3.0 has been released.

A brief list of the new features to be found in KDE 3.0 include:

• A new Windows/Mac style clipboard in addition to the standard X window system style clipboard.
• A long list of new KMail features.
• KDevelop additions including Zaurus and iPAQ support.
• SSL certificate and CA management tools.
• A file dialog URL speed bar.
• Support for Konqueror sidebar actions.
• A long list of Konsole enhancements.
• Improvements to the KDE Library.

The main purpose of this release is to iron out any remaining problems before the official 3.0 release ( planned in February). "Beta1 is a stabilized snapshot of the current KDE 3 development branch and is meant for testers, developers and translators,"

The goals of the 3.0 beta release are as follows:

• Receive bug reports and constructive feedback from testers.
• Update and complete of the KDE 3 documentation.
• Establish a stable API to allow KDE 2 apps to be ported to KDE 3.
• Solicit feature requests from developers prior to freezing the KDE 3 API.
• Provide a stable snapshot for the language translation teams.

Audio Projects

The latest from LINUXMUSIC. The LINUXMUSIC site lists a number of new packages including a new version of Sox, several new Linux MIDI tools, and more.

Glame 0.6.0 released. Version 0.6.0 of the Glame audio file editor is available. This version is considered a stable branch and features realtime adjustable parameters, key bindings, better localization for French and German users, and more.

Ogg Vorbis RC3 available. A new release candidate, RC3, has been announced for the Ogg Vorbis audio compression suite. This version features better quality and improved bitrate management features.

Quick Toots from Dave Philips. Linux Audio guru Dave Philips has release the first article in a series known as Quick Toots. This article illustrates the creation of spectral displays of audio data using the Ceres3 spectral editor.

Education

SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for December 24 is out with the usual survey of happenings with Linux and the educational community.

Electronics

Xcircuit 2.5.2 released. Version 2.5.2 (beta) of the Xcircuit schematic drawing package has been released. The main new feature is support for displaying multiple instances of an object, with different parameters, on the same library page. There is also a new stable version, 2.3.5 which features bug fixes and enhancements to the Python interface.

PCB 1.7.3 alpha released. After a long period of little activity, a new version of PCB, an open source printed circuit drawing program has been released. The CHANGES are mostly in the area of improved Gerber file driver software.

Embedded Systems

Embedded Linux Newsletter (LinuxDevices). The LinuxDevices.com Embedded Linux Newsletter for December 20, 2001 is out, with the usual gathering of news from the embedded Linux community. Responses to Microsoft's attack on embedded Linux are the main topic this week.

Network Management

Automating Network Administration, Part One (O'Reilly). Luke A. Kanies discusses network administration automation on O'Reilly's ONLamp site. "I'm a sysadmin; it's my job to make sure my company's servers are doing what they're supposed to be doing when they are supposed to be doing it, and it's my job to solve any problems that interfere with that.
This job has given me what I call my Big Red Button Dream(tm): I dream of a separate entrance to my own office, with all of the monitors, servers, workstations, and whatever I need to do my job. No one sees me enter, no one sees me leave, no one knows if I'm working or sleeping. But when anything anywhere on the network breaks, a Big Red Button on the wall starts flashing to indicate a problem."

Printing Systems

LPRng 3.8.4 released. LPRng version 3.8.4 has been released. The CHANGES for this version include some bug fixes and a few new features.

Peer to Peer

Distributed Systems Topologies: Part 1 (OpenP2P.com). Nelson Minar discusses a number of Peer to Peer topologies in an O'Reilly OpenP2P article. "The peer-to-peer explosion has reminded people of the power of decentralized systems. The promise of robustness, open-endedness, and infinite scalability have made many people excited about decentralization. But in reality, most systems we build on the Internet are largely centralized."

Web-site Development

The latest Zope Members News. This week, the Zope Members News site looks at ZCGI, a package that allows CGI-BIN scripts to be run directly under Zope.

AxKit 1.5 Released (use Perl). Version 1.5 of AxKit has been announced. "For those not in the know, AxKit is an XML application server - allowing you to generate applications in an Apache server using various XML technologies such as XSLT and eXtensible Server Pages." AxKit is built with Perl, mod_perl, and XS.

Protozilla: Pipes, Protocols and the Web Browser (Linux Journal). The Linux Journal looks at Protozilla, essentially a browser-side CGI implementation. "The main goal of the Protozilla project is to make it easy for the browser to interact with existing software, without the need for extensive modifications to conform to any browser-specific interface. The client-side CGI feature of Protozilla essentially allows any command-line program to be invoked within the browser." Yes, they do discuss the scary security implications of this capability.

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Desktop Development

Web Browsers

Mozilla 0.9.7 released. Mozilla 0.9.7 is available. The release notes list a number of new features including a fully implemented Labels feature in Mail&News, SMIME functionality, a new Document Inspector, a new advanced preference panel for fine-grained JavaScript control, and lots more.

Galeon 1.0.2 released. Progress continues on the Galeon web browser, Version 1.0.2 of the stable branch features a few bug fixes and compatibility with Mozilla 0.9.7.

There is also a review of Galeon 1.0.2 on the technologyreview.org site.

Desktop Environments

People of KDE: Meni Livne. This week's People of KDE features Meni Livne, maintainer of the KDE Israel website.

Mosfet Contributes Code to KDE (Again). After a bit of a break, long time KDE hacker Mosfet has contributed a number of new effects to KDE/Qt. "The new effects include normalize, equalize, solarize, threshold, emboss, despeckle, charcoal, rotate, sample, addNoise, blur, edge, implode, oil paint, sharpen, spread, shade, swirl, wave, and contrastHSV"

Gnome Installation Guide 1/2002 has been published. A new edition of the GNOME Installation Guide has been announced. The new edition is available here.

GNOMEnclature: Getting ready for GNOME 2, Part 1 (IBM developerWorks). Mikael Hallendal and Richard Hult present the first in a series of articles on GNOME 2. "Mikael Hallendal and Richard Hult of CodeFactory will give you the inside information you need to make the best use of the new GNOME 2 platform. In this series, you'll learn how to use the new and improved libraries available with GNOME 2 so that you can write your own Nautilus view, panel applets, and much more."

FLTK v1.1.0b8 Released. A new version of FLTK, the Fast Light ToolKit has been released. Several new component packages are also available.

Games

Pygame Review (O'Reilly). Gareth Noyce reviews PyGame on O'Reilly. "Pygame is a lightweight wrapper around the Simple DirectMedia Layer(SDL) -- stay with me here! -- a cross-platform library for accessing low-level graphics programming routines available under Windows, Linux, Mac OS, and BSD (amongst others). Think 'DirectX' and you'd be close enough, except the beauty of SDL is it's free, non-proprietary, and extremely powerful."

Meanwhile, PyGame 1.3 and some new tutorials have been released.

Interoperability

Kernel Cousin Wine #111. Issue 111 of Kernel Cousin Wine has been published. Topics include a possible Wine license change, a working NetBSD port, a Crypto API, Windows Screensavers, and more.

Office Applications

Gnumeric 1.0.0 released. The long-awaited Gnumeric 1.0.0 release has happened. See the announcement for a description of the capabilities in this release; it is truly a fully-featured spreadsheet program. Congratulations to the Gnumeric team.

Bluefish 0.7 HTML editor released. Version 0.7 of the Bluefish HTML editor is available. Features include "numerous small updates and improvements, more translations the custom menu now is extended for custom search and replace macro's, some small memory leaks fixed and better handling for file history. For the brave: there is autocompletion in progress ".

Miscellaneous

KC GNUe #8. Issue number eight of Kernel Cousin GNUe is available. Check it out for all of the latest GNU Enterprise developments.

The year in DotGNU. For the new year, the DotGNU Newsletter takes on an annual perspective. It is a lengthy and interesting publication, with several articles on what DotGNU can provide now, and where the project intends to go.

Programming Languages

C

GCC 3.0.3 released. Version 3.0.3 of the GNU Compiler Collection, GCC, has been released. This is a bug-fix release that fixes, among other things, a bug that showed up when compiling the Linux kernel.

Caml

Caml Weekly News for January 1, 2001. The Caml Weekly News for December 19, 2001 through January 1, 2002 is out. Topics include Ensemble 1.34, Cameleon 0.2, MacroHTML, OCaml on the iPAQ, and more.

New Caml Hump additions. This week, The Caml Hump takes a look at Camomile, a module set for multi-lingual processing, MacroHTML, an HTML macro processor, the Cameleon OCaml IDE, and more.

Java

Java3D 1.2.1_03 and 1.3-beta1. The Blackdown Java-Linux Team has released version 1.2.1_03 of its Java3D API implementation. It is a bug fix release; the more adventurous, however, should note that the first beta of Java3D 1.3 is also available.

Rock 'em, sock 'em Robocode! (IBM developerWorks). Sing Li talks about Robocode, a Java 2 graphical robotics battle simulator. "Is it possible to learn inheritance, polymorphism, event handling, and inner classes, all while dodging bullets and executing precision attack maneuvers? A surprisingly addictive teaching-tool-turned-game-craze called Robocode is about to make this a reality for Java developers worldwide."

Perl

Parrot's now officially functional (use Perl). The new Perl 6 Parrot interpreter is now functional.

Perl 6 Porters for December 29, 2001. The December 29, 2001 edition of Perl 6 Porters is out. This issue looks at JIT, output primitives, and the Perl Development Grant Fund.

PHP

PHP 4.1.1 released. A new version of PHP is available. Version 4.1.1 fixes a few minor bugs that showed up in version 4.1.0, see the release notes for all of the details.

PHP Weekly Summary for December 31, 2001. The latest PHP Summary looks at several proposed changes to PHP, a number of new bug fixes, and other PHP issues.

Python

Python 2.2. Guido van Rossum has announced the release of Python 2.2, "just in time to be placed under the Christmas tree."

This week's Python-URL. Here's Dr. Dobb's Python-URL for January 2, 2002, with the latest in happenings from the Python community.

The latest Daily Python-URL entries. Recent additions to the Daily Python-URL includes a look at a Python comment extractor called HappyDoc 2.0, a Doc format e-book publisher known as Pyrite Publisher 2.0, and new release of the online book Thinking in Python.

Jython 2.1 released. A new version of Jython, a Python interpreter written in Java, has been released. See the Jython NEWS document for all of the details.

Ruby

This Week's Ruby Garden. This week, the Ruby Garden features discussions on integer division, Ruby bindings for libGMP, the RubyGems 0.4 library packaging system, the new Ruby 1.6.6 release, and more. Also, check out the new Ruby Weekly News from the Ruby Garden folks.

Tcl/Tk

This week's Tcl-URL. Two new editions of Dr. Dobb's Tcl-URL are available, the December 24, 2001 issue, and the the usual gathering of interesting tidbits from the Tcl/Tk community. January 1, 2002 issue.

XML

Clark Challenges the XML Community (XML.com). Edd Dumbill discusses James Clark's opening keynote at the recent IDEAlliance XML 2001 Conference in Orlando, Florida. "Though at the center of the development of XML 1.0 and XSLT, and much SGML technology before that, Clark has recently become an increasingly dissenting voice at the World Wide Web Consortium. He used his speech to set out his concerns about the position that the guardians of XML now find themselves in."

Working XML: Compiling the paths and automating tests (IBM developerWorks). Benoit Marchal writes about HC, the SAX content Handler Compiler on IBM's developer Works. "Each month in the Working XML column, Benoit Marchal discusses the progress of his open-source projects for XML developers, from design decisions to coding challenges. The new project called HC (short for Handler Compiler) will take some drudgery out of event-based XML parsing by automatically generating the SAX ContentHandler for a list of XPaths."

Versioning Problems (XML.com). Leigh Dodds brings up some issues with the first Working Draft of XML 1.1. "Since before the XML-Deviant column started in January 2000, many in the community have expressed an interest in the creation of a new version of XML. Some considered XML too complex and wanted it simplified--a recurring theme over the last two years. Others have wanted to see more substantial revisions to incorporate other specifications that have become part of the XML 'core.'"

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

ActiveState Python, Komodo news. In this note to the Python-dev mailing list, Mark Hammond announced that ActiveState had dropped its work with Python and the Komodo development environment. While it did, unfortunately, drop Mr. Hammond's job, the former is not true. David Ascher has posted a clarification on what is happening with Python at ActiveState in response to Mark Hammond's note (above). ActiveState remains committed to the Python language, and is continuing to develop Python-oriented products (including Komodo). Hard times have hit ActiveState like everywhere else, but it could be worse.

ActiveState's ASPN Tcl. ActiveState has announced the availability of "ASPN Tcl," a value-added packaging of Tcl, related tools, cookbooks, and services.

Creatures Internet Edition now shipping. For the gamers out there: Creatures Internet Edition is now being shipped by Linux Game Publishing.

The 'HomeBase' Linux-based Internet computer. OEone and Future Power have announced the availability of the "HomeBase" Internet computer. The system is based on Linux and the Mozilla browser, and it comes complete with a TV tuner for a complete video experience.

XPloy 2.3 from Trustix. Trustix has announced the release of XPloy 2.3, its system administration product. XPloy supports a number of Linux distributions.

Turbolinux joins the Atlas Project. Turbolinux has put out a press release proclaiming its involvement in the Atlas Project, which is working on porting Linux to large 64-bit systems (such as Intel's upcoming McKinley processor).

MandrakeSoft Shareholder Newsletter. The December Newsletter for MandrakeSoft shareholders is out. The company lost 13.5 million Euros on revenue of 3.6 million. Much of the loss is attributed to the (now abandoned) e-learning initiative. The company still plans to reach a break-even state by the end of the current fiscal year.

LPI-News, December 2001. The latest LPI-News is out. This month's issue includes Level 1 and Level 2 topics, news from Japan and much more.

Linux Stock Index for December 20 to December 26, 2001.
LSI at closing on December 20, 2001 ... 30.40
LSI at closing on December 26, 2001 ... 30.94

The high for the week was 30.94
The low for the week was 30.40

Linux Stock Index for December 27 to January 02, 2002.
LSI at closing on December 27, 2001 ... 30.90
LSI at closing on January 02, 2002 ... 31.55

The high for the week was 31.55
The low for the week was 30.88

Press Releases:

Proprietary Products for Linux

• The Portland Group (PORTLAND, Ore.): The Portland Group announces PGI CDK 3.3 Cluster Development Kit.

Linux PC Hardware

• ATI Technologies Inc. (MARKHAM, Ontario): ATI Ships FIRE GL 8800 Workstation Graphics Boards; New Mid-Range Offering Will Appear in Upcoming Hewlett-Packard Technical Workstations.

Embedded Linux Products

• SnapGear Inc. (SALT LAKE CITY, Utah): SnapGear Announces New USB/PCMCIA Reference Design.

Products and Services Using Linux

• St. Bernard Software (SAN DIEGO): St. Bernard Software Partners With I-Silver Inc. to Provide Continuity of Service to InterGate Customers.

Java Products

• IBM (SOMERS, N.Y. & WALLDORF, Germany): HP, IBM and SAP Ease Web Services Publication with UDDI and Java; Industry Leaders Promote Web Services Adoption with UDDI Technology Upgrade for Java Developers.

Books & Documentation

• Prime Time Freeware (San Bruno, CA): DOSSIER series of document collections for Free and Open Source software.

Other

• Netcraft (): December 2001 Netcraft Web Server Survey.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Sklyarov backs employer despite U.S. deal (News.com). Here's a News.com article (from Reuters) on Dmitry. "'I am extremely disappointed with any implication that I am, in any way, cooperating with the (U.S.) government,' Dmitry Sklyarov said in a news conference. 'I am a man of integrity and as such am doing nothing more than telling the truth, not for or against anyone.'"

10 Linux predictions for 2002 (LinuxWorld). Joe Barr looks forward to 2002 in this LinuxWorld article. "Theo de Raadt of OpenBSD fame, Arpad Gereoffy of the MPlayer project, and Brett Glass will team up to form a new PR firm called Darker Image. The concept is simple, like reverse psychology. For a fee, the team will act as advocates for your competition. Rumors have it that the dynamic trio is already in discussions with Redmond about championing the Free Software Foundation."

Linux in 2002: More security, high-end computing (CNN). CNN looks at what the distributors are up to in 2002. "Michael Tiemann, chief technology officer at Research Triangle Park, North Carolina-based Red Hat, said customers are looking for better security for their IT systems, and the company is taking those requests to heart."

2002 in review: Not perfect, but it sure beat 2001 (ZDNet). Here's a set of 2002 predictions, written in the past tense, from ZDNet. "It's pretty clear we've all finally agreed that Linux isn't a desktop operating system. While server sales continued to grow--though more at Sun's expense than Microsoft's--whatever momentum existed for the open-source OS running on your desktop PC seems to have disappeared."

The Year in Internet Law (New York Times). The New York Times asked several legal experts about the most significant events in 2001 with regard to the net and the law. "The trial and appellate courts both ruled that posting and linking to DeCSS were illegal under the DMCA. The motion picture industry won this round of the constitutional fight over the DMCA, but there will be other rounds, and I believe courts will come to appreciate the constitutional deficiencies of the DMCA, even if they didn't in the Corley case." (The Times requires registration).

MS struggles to discredit Linux (Register). The Register claims to have another internal Microsoft memo about its response to Linux. "Much like the support 'communities' that define the Linux experience, the FCS team will strive to build a community to cooperate in winning business against Linux."

Why Microsoft is attacking Embedded Linux (LinuxDevices). LinuxDevices.com looks at why Microsoft is worried about embedded Linux. "Another likely reason for Microsoft's growing concern with Embedded Linux is that major manufacturers like Hewlett-Packard, Sharp, and Motorola have recently begun delivering new consumer devices which contain Embedded Linux. These include handheld computers and TV set-top boxes -- emerging markets with extremely high volume potential, which Microsoft undoubtedly wants to dominate."

Lineo responds to Microsoft attack (ZDNet). Here is Lineo's response to Microsoft's attack on embedded Linux, as carried by ZDNet. "The open source licenses are often spoken of as a disadvantage but they are truly a strong advantage. What they offer you is a choice: Do you want to use existing, freely available code (and contribute the resultant product back to the community) to quickly produce your driver or application or do you want to program from the ground up--increasing the development cycle, but avoiding the derivative work clauses of the open source licenses? This choice is not offered by a closed operating system such as XP Embedded."

Embedded XP or Linux? (IT-Director). IT-Director has sounded off on Microsoft's attack on embedded Linux. "The Linux approach may demand a little extra in terms of development to get exactly what is required but it starts on the right side of the fence. Windows XP may well be the best and most reliable version of the OS ever - but that isn't saying much. It is not a flat racer. In embedded terms, it is a blinkered and rather overweight old nag that will never be able to get down to the correct weight for this race."

Upgrade cycle ensures XP will succeed (IT-Director). IT-Director looks at how Microsoft is forcing businesses into upgrading to XP. "On the other hand, there is an opportunity for the Linux boys here. There is going to be a significant amount of upgrade activity in the next few months and Microsoft Windows is not the only tool in the box (it?s certainly not the sharpest). Wouldn't it be interesting if businesses found an easy way to replace their office systems with a non-Microsoft alternative?"

MP3.com Win In Hand, He Takes Aim At Windows (TechWeb). Here's a TechWeb article about Lindows, or whatever it will eventually be called. "Once Lindows' installed base is large enough, [Michael] Robertson's plan is to have Lindows aggregate Linux applications from sites all over the Web and serve as a virtual clearinghouse for them-much as MP3.com does for music that's available in MP3 format. Robertson steadfastly believes that consumers are ready to download operating systems instead of buying them in boxes off retail shelves."

MS trains legal guns at Lindows (Register). The Register has published a brief article on Microsoft's suit against Lindows. "Microsoft wants to settle out of court i.e. for Lindows to change its name. But unlike most small software start-ups, Lindows has a rich backer."

Why NewsForge hasn't written about Lindows (NewsForge). NewsForge ponders Linux "vaporware". "Shall we talk about (commercial) Linux software companies that spent hundreds of thousands of dollars on trade show displays before they had any products to show or sell? Most of those companies are gone now, as in bankrupt, because their products either never made it to market or were so disappointing that no one bought them."

Special issue of Upgrade on free software. The European "Upgrade" magazine has published a special issue on free software. There are articles from Richard Stallman, Ricardo Galli, Jean Paul Smets, and numerous others. They are, however, only available in PDF form. (Thanks to Stèfane Fermigier).

Ten Years After the Future Began (O'Reilly). Here's an OreillyNet article looking at RFC 1287 ten years after its publication. This RFC, entitled "Towards the Future Internet Architecture," made many predictions on where the net would go. "The modest assumption that IP-based networks would be just one of many networking systems is the biggest point on which RFC 1287 shows its age. Indeed, a few interesting concepts from OSI remain in circulation today (LDAP, for instance, derives from the OSI standard X.500.), but the Internet has effectively swept it from the scene."

Reviews

Network Troubleshooting Tools: A Book Review (Linux Journal). Linux Journal reviews Network Troubleshooting Tools, a book on network strategies and tools.

Interviews

Interview: Matt Dillon. KernelTrap talks with FreeBSD kernel hacker Matt Dillon. "The coolest feature of 5.0 is going to be Julian's KSEs -- basically a totally new way of doing userland threading which combines the best of both worlds: The ability for the userland to switch threads without having to drop into the kernel, and the ability for the kernel to detach kernel stack contexts associated with blocked userland threads on the fly. We will theoretically be able to run massively multi-threaded programs with very little overhead."

Interview: Dave Jones (KernelTrap). KernelTrap interviews Dave Jones, a kernel hacker currently employed by SuSE, and the maintainer of the "dj" patches. "There's been some talk recently about how difficult it is to get Linus to accept patches these days. Whilst I've no objection to anyone sending me updates/fixes etc for inclusion that Linus is silently dropping, I've no intention of pushing anything like that to Linus when it comes to the resync. 2.5 is the development tree after all, not mine."

(For those who are interested, the current "dj" patch is 2.5.1-dj6).

Miscellaneous

Dedication Trumps Talent (Linux Journal). Here's a Linux Journal article on how to understand the kernel. "Reading books, articles, HOWTOs and the development discussion are all very well and good, but the only way to learn the kernel is to 'use the source Luke'."

Phrack 58 released. Phrack #58 is now available. Included therein are articles on Linux /proc programming, hacking code into the kernel via /dev/kmem, and more.

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

DukeOfUrl closes. The DukeOfUrl site, source of many Linux reviews, has shut down. After four years, the effort and economics of running the site caught up to its creator. Good luck, Patrick, on your next venture, and thanks.

Counting potatoes: The size of Debian 2.2. Here's a paper describing research into the code that makes up Debian 2.2. The authors turned up over 55 million lines in the 2.2 distribution; the estimated cost of developing all that code would be, they say, just under $2 billion. The paper also contains a number of comparisons between Debian and Red Hat Linux 7.1. (Thanks to David A. Wheeler).

Guardian Digital Launches Online Career Center. Guardian Digital has announced an online career center that focuses on jobs in the Linux, open source, and security fields.

Events

Interviews with FOSDEM speakers. The Free Software and Open Source Developers Meeting (FOSDEM) is running a series of interviews with speakers who will be at the event (Brussels, February 16 and 17). The first two are with David A. Wheeler and Miguel de Icaza.

O'Reilly Open Source Convention CFP. A Call for participation for the 2002 O'Reilly Open Source Convention has gone out. The Convention will happen in San Diego, California, on July 22 to 26. The proposal deadline is March 1.

linux.conf.au update. "What could make a better Christmas present for your loved one than tickets to linux.conf.au in February?" asks this update from the folks at linux.conf.au. Indeed, Brisbane in February will look good to many of us northern hemisphere dwellers. The list of speakers now includes Andrew Tridgell, Rasmus Lerdorf, Rusty Russell, Alan Modra, and Rasterman, and the early bird discount runs out at the end of the month. Time to sign up if you're going to do it.

Events: January 3 - February 21, 2002.

Date	Event	Location
January 28 - 29, 2002	The Conference on File and Storage Technologies(FAST 2002)	Monterey, CA
January 29 - February 1, 2002	LinuxWorld	New York, NY
February 1 - 3, 2002	Linux Event 2002	Livorno, Italy
February 3 - 6, 2002	Embedded Executive Summit	(Ritz-Carlton)Half Moon Bay, California
February 4 - 7, 2002	10th International Python Conference	(Hilton Alexandria Mark Center)Alexandria, Virginia
February 5, 2002	OMG Information Days Europe 2002	Amsterdam
February 6, 2002	OMG Information Days Europe 2002	Brussels
February 6 - 9, 2002	linux.conf.au	Brisbane, Australia
February 7, 2002	OMG Information Days Europe 2002	Paris
February 8, 2002	OMG Information Days Europe 2002	Madrid
February 13 - 15, 2002	1st CfP German Perl Workshop	(Fachhochschule Bonn-Rhein-Sieg, Sankt Augustin)Bonn, Germany
February 15 - 17, 2002	CODECON 2002	San Francisco, California, USA
February 16 - 17, 2002	Free Software and Open Source Developer's Meeting(FOSDEM 2002)	(Brussels, Belgium)Brussels, Belgium
February 18, 2002	OMG Information Days Europe 2002	Milan
February 19, 2002	OMG Information Days Europe 2002	Zurich
February 20, 2002	OMG Information Days Europe 2002	Munich
February 21, 2002	OMG Information Days Europe 2002	Vienna

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Section Editor: Forrest Cook.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Linux History page.

This week in Linux history

Three years ago (January 7, 1999 LWN): The 2.2 Linux kernel pre-release series began; the stable release was pushing towards version 2.0.37. The Linux Kernel Archive mirror system was started with two mirror sites. There are now hundreds of Linux kernel archive mirror sites all around the world.

Numerous people predicted that Open Source software would be big in 1999; these predictions turned out to be accurate.

Info World speculated that "Linux will become just another Unix. The Internet lost its charm when big business discovered it. The same will happen with Linux. Linux will wipe out SCO and Unixware and gain ground against NT, but will lose its soul in the process". Well, they got the SCO part right, but Linux continues to have almost as much soul as James Brown.

Red Hat was getting lots of attention with its corporate expansion and potential of being a threat to the Microsoft empire.

The first issue of the Debian Weekly News came on-line; that project is still going strong.

Aladdin Ghostscript was released under a GPL license.

Two years ago (January 6, 2000 LWN): Linux survived the Y2K bug with a few minor bugs here and there; so did the rest of the world. Several Linux distribution vendors came out with some additional Y2K bug fixes.

The cracking of the DVD encryption format was big news; Eric Raymond wrote a letter to LWN entitled DVDCA and the Big Lie.

The stable kernel was version 2.2.14, which was a bit long in coming. The development kernel was version 2.3.35. With Y2K concerns out of the way, the Unix Year 2038 bugs were beginning to get a look.

The first of many SEUL/edu Linux in Education reports came out; this group continues to produce good information concerning Linux in the schools.

Numerous commercial entities announced the open-sourcing of projects; among them were InterBase from Inprise, the CompactPCI networking package from MontaVista, and several device drivers.

VA Software (formerly VA Linux) introduced the now well-known SourceForge site.

Apple announced the roll-out of its Mac OS X, a Free BSD based platform.

One year ago (January 4, 2001 LWN): With very little fanfare, and in a slipped-release schedule matched only by the Linux kernel itself, GIMP 1.2 was released to the masses on Christmas day.

Speaking of the kernel, Linus released Linux 2.4.0-prerelease on December 31, 2000. The official 2.4.0 was released on January 4, 2001.

Torvalds said in June 1999 that Linux 2.4 would be done by last fall. In May 2000, Torvalds acknowledged that likely it would be October 2000 before 2.4 saw the light of day, since developers were attempting to cram more new, high-end features into the final release. On Oct. 6, at Frankfurt's LinuxWorld, Torvalds was quoted as saying Linux 2.4 wouldn't be launched until December at the earliest.
-- News.com

Keith Owens posted a long description of plans to redesign the kernel Makefile system. The Makefile system has been redesigned in the last year, but the changes have not been incorporated into 2.5 as of this writing.

Slackware.com was compromised on December 25th, forcing a shutdown of that site. The breakin appeared to have been due to an older version of imapd.

Linus Torvalds was named Reader's Digest European of the Year 2000.

Torvalds had done something remarkable: he had created the kernel of a new computer operating system?the brains of a computer which controls the hardware and organizes the programs. Not only that, he had then given it away free, a decision akin to the Coca-Cola company publishing the formula for Coke, or MI5 releasing its top-secret files.

Section Editor: Rebecca Sobol.

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

See also: last week's Letters page.

Letters to the editor

From:	 craig@postnewspapers.com.au
To:	 letters@lwn.net
Subject: re: Galeon release announcement
Date:	 Thu, 20 Dec 2001 17:36:51 +0800

While I know its been done to death, Mr Ashworth's letter about
galeon's dependencies really annoyed me.

Tell me, would you prefer it if the app developers built against old
versions of libraries, without any of the new features or other
improvements, so the app would install on old systems? Or would you like
a faster, more reliable app that you have to update some libs to run?
Perhaps the app developers should just never update their lib support so
that the app can be compiled for Red Hat 1?

You have to draw the line somewhere. I, personally, like "yesterday"
because if you can download the app, you can download its deps too.
There is no reason for an app developer to build against outdated
libraries.

If you want a version of galeon that will install seamlessly, wait 'till
Red Hat package a version for Red Hat 6.2. Its not the Galeon
developer's problem to support various distros, and especially not old
versions of them.

An upgrade to a newer version of a distro is largely painless. You don't
have to pay for an "upgrade licence," you can just borrow the disks if
you don't want to buy them. You don't even have to update the entire
distro, you have the choice of just updating the required libs.

Dependency management is (finially) making its way into RPM based
distros anyway, so hopefully soon you'll be able to "apt-get install
galeon".

-- 
Craig Ringer
IT Manager
POST Newspapers
http://www.postnewspapers.com.au/
http://oberthur.dyndns.org/~craig/
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27  C16E D3CE CDC0 0E93 380D

From:	 Peter Lawson <peter.w.lawson@noaa.gov>
To:	 letters@lwn.net
Subject: Installing applications
Date:	 Thu, 20 Dec 2001 11:46:04 -0800

To the Community of Linux Developers --

Warning -- this is a rant. I have been using Linux since before the birth
of RedHat, but I am not a sophisticated user.  I am one of those who wants
a stable, capable desktop that is easy to administer.  At this point in my
career I do not want to spend a lot of time learning the innards of my OS
or tinkering to get things working, but I frequently do.  Last month I took
a full day to get my CD-ROM burner running because the HOW-TOs were out of
date and the FAQ answers too terse. Someone with knowledge of the system
could have written a configuration script that would have worked 95% of the
time and saved a lot of users a lot of pain. Today I learned of a nifty
software package that looks like it could make Linux more useful and reduce
my lingering dependence on (shudder) windows for certain tasks.  The
problem is I can't get the damn thing to run, because I either do not have,
or it can't find, certain libraries. I don't feel like I should have to
muck around finding and installing new libraries, breaking dependencies,
configuring PATHs, etc. until this wonderful package stops complaining and
decides to run.  Wash my mouth out with soap, but if I were using windows I
would just double click on setup.exe and trust to the good will and
competence of the author to cram his/her program onto my system without
breaking it.  Usually it works.  Why can't it be that easy in Linux?

If Linux wants to capture more than the recently reported 0.25% of the
desktop market we, as a community, must find a way to make it simple to
install new applications. Most people are not going to pound their heads
against some obscure installation problem in Linux when they can do the
same thing in windows and it *just works*. Linux will become popular on the
street when it becomes easier to use than windows.


-- 
Peter W. Lawson
Fishery Biologist
National Marine Fisheries Service

From:	 "Bill Rugolsky Jr." <brugolsky@yahoo.com>
To:	 letters@lwn.net
Subject: Skylarov and bad US law.
Date:	 Thu, 20 Dec 2001 09:07:32 -0500

In LWN for 011220, you wrote:

   "The end of the Sklyarov prosecution is the loss of, perhaps, the best
   opportunity to mount a powerful constitutional challenge to the DMCA.
   Some have criticized Dmitry for having accepted the agreement, saying
   it was his duty to resist to the end. That criticism does not stand up,
   however. Mr. Sklyarov was a Russian citizen facing 25 years of
   imprisonment in the U.S. To say that his duty to help the American
   people in fighting one of their bad laws overrides his duty to his
   family, or, indeed, to himself, is inappropriate. He did not choose
   this fight, and nobody has the right to tell him that he can not
   withdraw from it."

Thank you for bringing some calm reason to the rantings of the
self-righteous.  Any U.S. citizen who wants to mount a constitutional
challenge to the DMCA is welcome to do so, at the risk of his personal
wealth and liberty.  This is not a difficult task, requiring at most a
few weekends worth of concentrated effort to break the vast majority of
copy-protection schemes in use today.

Regards,

   Bill Rugolsky

From:	 Gareth Bowker <tgb96@aber.ac.uk>
To:	 letters@lwn.net
Subject: Re: Microsoft's security bugs (lwn daily pages 2001-12-21)
Date:	 Fri, 21 Dec 2001 21:25:02 +0000

LWN wrote on 2001-12-21 re Microsoft's security bugs :

> The thing that stands out to some of us, though, is that it took Microsoft
> five weeks to get a fix out.

Martin Schulze (in DWN) wrote:

> On Fixing Security Critical Bugs. Javier Fernández-Sanguino Peña made
> some [4]analysis regarding vulnerabilities detected and posted to the
> Bugtraq list and those sent as [5]Debian Security Announcements
> (DSAs). His analysis reveal that for the last year it has taken Debian
> an average of 35 days to fix security-related vulnerabilites.

Doesn't it seem a little hypocritical to be slating MS for their 35-day
bugfix, when Debian's average is, er, 35 days?

Cheers,

Gareth
(a Debian user)

From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 letters@lwn.net
Subject: The General Public Virus
Date:	 Tue, 25 Dec 2001 01:32:51 -0500

That's a popular snide comment to make about RMS's baby, the GPL.

There is, as was noted in last weeks' LWN, much discussion, and no
small amount of acrimony about the license.  It's *my* considered
opinion that we owe Linux to it -- at least, Linux as we see it today,
where our plans for World Domination are proceeding precisely on
schedule.

But regardless of that, it's a completly different aspect of it's
virulence I come to talk to you about today.

How many copies of it do you have on your drive?  Need an extra couple
meg of free space?  Try

# find / -name COPYING -exec rm {} \;

I got 2.6MB back.  Think of it as my Christmas present to you all.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")

From:	 Grant Bowman <grantbow@svpal.org>
To:	 Larry Augustin <lma@valinux.com>
Subject: Concerns about SourceForge Open Edition
Date:	 Thu, 20 Dec 2001 16:13:58 -0800
Cc:	 Eric Raymond <esr@thyrsus.com>, Patrick Fossenier <pfossenier@valinux.com>,
	 Eureka Endo <eureka@valinux.com>, Marla Kramer <mkramer@vasoftware.com>,
	 Amit Chopra <amit.chopra@csfb.com>, James Byers <jbyers@valinux.com>,
	 Patrick McGovern <pat@sourceforge.net>,
	 Jacob Moorman <moorman@users.sourceforge.net>,
	 Dan Bressler <db@valinux.com>, lwn@lwn.net, editors@newsforge.com,
	 coopx@coopx.eu.org, Keith Backman <keith.backman@abnamro.com>,
	 Prakesh Patel <prakesh.patel@wrhambrecht.com>,
	 Betsy Schiffman <bschiffman@forbes.com>,
	 Tish Williams <twilliams@thestreet.com>,
	 Stephen Shankland <stephens@cnet.com>, Jack Bryar <jack_b@newsforge.com>,
	 Jeff Bates <hemos@slashdot.org>

Hello Mr. Augustin, 

I am writing this open letter <http://www.grantbow.com/letter.html> today
regarding my concern for the lack of comprehensive response from VA and
SourceForge staff to inquiries regarding the SourceForge Alexandria project
and/or SourceForge Open Edition collaborative software development (CSD)
software.  A document now removed from your site indicated plans for the
release of the Open Edition.  My intent is to seek the status of present and
future Alexandria/Open Edition source code.  

VA Software Corporation is a public leader in the efforts to legitimize
business use of Open Source software and legitimize business plans promoting
Open Source software.  A lack of comment from any level of your company feels
like something is being covered up or quietly dismissed as unimportant.  I
maintain that the license used by software that hosts so many of the Open
Source community's projects (including one I develop) is highly relevant and
needs to be addressed clearly.

The projects hosted on SourceForge.net all rely on the functioning of the CSD
services (each provided by Open Source components) that your company generously
hosts on SourceForge.net.  The hosted projects rely on the software which
powers SourceForge.net.  I feel an important premise is and has been that the
base software running SourceForge.net will itself be available using an Open
Source license.  Proprietary extensions seem a separate matter.

Good faith efforts to clarify the intentions for Alexandria and the Open
Edition have been made by many people spanning weeks, yet none of them have
received answers.  This includes inquiries on the public forums of the
Alexandria project.  Several forked efforts based on the Alexandria 2.6.1 GPL
version from earlier this year are presently under development due to a lack of
guidance from VA and fear regarding the future actions or lack of action by VA
and SourceForge staff.  These and other actions the community has witnessed
seem out of character for a company that was born from and has supported the
Open Source community in so many other ways.  In the spirit of this holiday
season, I hope that this lack of clarity can be resolved.

I hope you, someone within VA Software or an internal working group will
address the licensing and related issues thoroughly and promptly.  I have tried
to send this and previous emails to people who I hope will be able to respond
or who may be interested in this apparent change in your strategy.  My intent
is to seek the status of present and future Alexandria/Open Edition source
code.  Any help you can provide would be most appreciated.

Regards,

--
-- Grant Bowman                                   <grantbow@svpal.org>

From:	 Leon Brooks <leon@cyberknights.com.au>
To:	 ukgovtalk@citu.gsi.gov.uk
Subject: Open Source Software (1 of 2)
Date:	 Tue, 1 Jan 2002 20:28:16 +0800
Cc:	 letters@lwn.net

I commend the UK government for the courage and foresight to directly address 
new and vital technologies such as Open Source, when many other ``leading'' 
governments are fiddling about while their various IT Romes burn.

I would like to encourage and support you in this effort. You have asked for 
constructive criticism, although it is labelled consultation, and I hope the 
following will be both useful and illustrative.

The page http://www.govtalk.gov.uk/rfc/rfc_document.asp?docnum=429 has an 
obvious oversight in that both of the formats offered for download are 
proprietary, and the whole point of the document is to discuss avoiding 
proprietary software and associate file formats.

To illustrate the Open Source attitude to such shortcomings - namely, fixing 
it is more helpful than whining and sitting back - following is a solution 
for this bug, namely attachments in a variety of different, non-proprietary 
formats. As well as encouraging you, I would encourage all Open Source 
advocates to respond in the spirit or co-operative helpfulness, rather than 
simply nitpicking, as is the general habit of the human race.

The .html file should be pretty much self-explanatory, except that the 
missing characters are non-standard proprietary additions which fall within 
both the ISO-8859-1 and UniCode control character ranges, so have been 
deleted. The .gif and .png files are associated with it and were extracted 
from the Microsoft Word document using OpenOffice.

The .sxw file is an OpenOffice 6 document, the .rtf is in Rich Text Format, 
and the .ps.gz file is compressed PostScript. All represent the same document.

To further illustrate Open Source methods, and to demonstrate that Open 
Source software is able to interoperate with proprietary software if given a 
reasonable chance, I have also returned a patched version of your Microsoft 
Word file.

You will note that the new document is about one third the size of the 
original, but lacks no significant information. It is also absolutely 
guaranteed to be free of Macro Viruses. This is achieved by reading it into 
OpenOffice and saving it back into the original format. OpenOffice takes care 
not to include your passwords, revision information and whatever other junk 
happened to have been sitting around in your computer's memory when Word last 
saved your document. This is one reason why very few lawyers use Word as a 
document interchange format.

As to the content of the document:

> starting to take a significant market share in some specific parts of
> the software infrastructure market.

NetCraft histories show that it has taken a significant market share of most 
parts of the software infrastructure market. Counting by dollars or unit 
sales is not at all relevant when the product is low-cost or free, and can be 
liberally and legally reinstalled, duplicated, handed on and otherwise 
multiplied without sales being documented. It would be fairly true to say 
that it has a significant share in practically every computer market except 
for ``desktop'' systems.

It is also worth noting that much proprietary software (including, by way of 
a significant example, many components of Microsoft's Windows operating 
system) is based on Open Source software which follows the BSD licence style.

> Contracts will be awarded on a value for money basis.

This at first would seem to favour Open Source software, but in reality the 
major OSS cost benefits do not appear up front. They lie in reduced 
maintenance, upgrade and future licencing costs, the absence of licence 
management, and in costs more difficult to quantify which are associated with 
such abstract factors as the market culture associated with each type of 
system.

For a concrete example of a hidden cost, there is generally no place on a 
tender form to specify negative costs for reboots which no longer happen, and 
virussed attachments which no longer clog mail servers, and nor are tenderers 
required to specify how much these things are likely to cost a purchaser.

A further important justification appears to be missing. The authors of Open 
Source products often include citizens of the United Kingdom, and equivalents 
in members of the European Union, and use of OSS serves not only to support 
and encourage their efforts, but also to leave more of the available work in 
the hands of local tradesmen rather than sending it overseas to assist 
someone else's trade balance.

Thank you for the opportunity to comment.

Sincerely yours,


Leon Brooks
Director, CyberKnights Pty Ltd
Western Australia

From:	 Myrddin Ambrosius <imipak@yahoo.com>
To:	 letters@lwn.net
Subject: A commentary on O'Reilley's commentary
Date:	 Sat, 29 Dec 2001 13:11:32 -0800 (PST)

Hi,

   Here's a quick critique of O'Reilley's commentary
on the "Future of the Internet" RFC.

   First, multi-protocol support exists, and has
existed, on the Internet for some time. It's called
"tunneling". Tunnels allow you to connect any two
machines/networks in the world, and transport any
protocol between them. Ok, this uses the IP layer as
an underlying network protocol, but this is irrelevent
as far as support for other protocols is concerned. If
support is layered, parallel, or purple, it's still
support.

   Second, DoS attacks (including distributed ones)
are a pain, but hardly a killer. The Internet
certainly has DoS-stoppers in place -- it's just a
question of people using them.

   Let's start with flooding from a single source. For
this, you want a firewall and a source-based queue.
The firewall will block ICMP floods, and the
source-based queue will kill off TCP flooding from a
specific machine or network. (It also stops the
router/firewall being killed by TCP flooding.) The
queue should be set up to reject overly-large bursts
outright.

   For distributed flooding, you add a CBQ
(Class-Based Queue) + RED (Random Early Detection)
layer AFTER the source-based queues. This will limit
the overall traffic plus the traffic per class.
Flooding simply falls off the class queue, or gets
dumped to prevent network overload. Again, you
configure the queue to reject overly-large bursts.

   Is there any other way to prevent DoS? Certainly.
If you only allow connections from machines with IPSEC
support and valid certificates, then you're not in any
peril of connections from phantom machines (one big
TCP DoS technique). The connection would never be
established, as the IPSEC layer would reject it
outright.

   Ok, you've done all of this, but someone finds some
novel way to overload your poor server, even so. Is
there anything you can do? Again, yes. Run MOSIX, or
some other transparent clustering software, and turn a
group of machines into a mega-server. You've now
raised the bar, substantially. Because the Internet is
a noisy place, at the best of times, packets are going
to be lost in intermediate routers. Doubling the
number of servers doubles your capacity, but doubling
the number of attacking machines will less than double
the number of packets that get through.

   Last, but by no means least, if the OSI standards
are so dead, why is everyone using X.509 certificates,
often served from an LDAP server? I'd check the pulse
again, before burying anything.

Jonathan Day

From:	 Leon Brooks <leon@cclinic.com.au>
To:	 letters@lwn.net
Subject: Between the lines, drawing the lines: a call to action
Date:	 Thu, 3 Jan 2002 09:39:21 +0800

There is a point to this commentary, and an important question at the end.

>From http://www.theregister.co.uk/content/4/23518.html, Brian Valentine 
speaking:

> We have the best d*mn sales force in the world backed by the best
> engineers in the world

The entire email is sales oriented, just as the entire company is sales 
oriented. Features like actual functionality, reliability, security and so on 
are largely irrelevent and don't rate a mention in the email at all.

The attitude is ``we're gonna sell it - oh, and I suppose we'll support it 
too.'' The selling is what drives and controls everything.

> they [Linux] are a competitor and we will compete.

Paul Allen funded the PBS Evolution series, and between the lines we see the 
same attitude here. History is clear that ``compete with'' is Microsoft 
jargon for ``try really hard to exterminate.'' Do you remember ``DOS ain't 
done 'till Lotus won't run?''

> We need to be there when they are making these decisions and prove
> to them the Windows platform is the best platform for them across any
> aspect of their business. 

Note the absence of a case-by-case attitude. Windows is best for everything, 
they say, now let's figure out how to prove that to you and never mind 
whether this reflects reality or not. One-eyed Linux fans have a bad name for 
this kind of thing, but Microsoft are the professionals and the true leaders 
in the field of zealotry.

> Oh -- and you can bet anyplace IBM is talking to your accounts, they
> are saying Linux and switching to higher end non-pc systems. With the
> current economic times we are living in, just about every customer is
> looking into how they can get rid of those over-priced, legacy Unix
> systems and ride the PC economics wave. 

Translation: induce people to stick with crappy PCs. Anything new, 
revolutionary, adventurous that you see: step on it, because we don't own 
that market.

See if you can figure this out: IBM zSeries bad, Windows cluster good. Why? 
Because you have all your eggs in one basket, they say, never mind the 60 
year MTBF, the frightening licencing cost of Microsoft's competing proposals, 
the need for a cluster to even compete on reliability grounds since the 
software is inherently unstable.

If you can't do it right, you must do it over again, and a cluster of 
unreliable servers is basically a demonstration of this.

> It's crucial that you get out there with your TSP/SE/MCS folks and do
> actual walkthroughs in your accounts. Ask open ended questions; find
> out what they're evaluating for both key projects as well as smaller,
> more tactical projects. Ask about the 'connector' pieces -- you'll
> potentially find Linux in these areas.

In other words, poke your nose into your customers' business.

> Much like the support "communities" that define the Linux experience,
> the FCS team will strive to build a community to cooperate in winning
> business against Linux.

I wonder how often Microsoft will ``fire'' them as they did with their Most 
Valued Professionals (MVP) community?

> The DH Brown report will be customer ready and will help your
> customer understand just how competitive Microsoft is in this arena. 

Or else will vanish silently if it turns out that there's no way to fudge 
figures to say what Microsoft wants them to say.

> ETA for this tool is in May and it will be a great tool to help you
> sell the value of Windows solutions over Linux.

It's pretty clear by now that these figures will be puppets, isn't it?

> I want to give you folks all the information I can in a very open way.

Which he hasn't done, listening to the doublespeak in this email.

At first glance, this email looks like the ``same old same old'' but it seems 
to me that an important point could be missed. They're effectively expanding 
their Microsoft Consulting approach, which is to go in after a sale, 
focussing on specific issues to the exclusion of any important and real 
considerations that might speak against Microsoft's products and systems.

With a database.

To misquote a certain donkey, ``I've got a pack of lies and I'm not afraid to 
use it!'' While there are many Linux HOWTOs and advocacy FAQs and the like 
out there, and corporations like Mandrake are helping by actively pursuing 
positive case studies, there seems to be no direct equivalent to Microsoft's 
knowledge-base of tricks to winkle Windows in anywhere you want.

Linux doesn't depend on sales for survival, as Microsoft do. But unless Linux 
and fellow travellers like FreeBSD maintain and extand their share of IT 
space, Microsoft will ``compete'' us into the ground. If a Microsoft lock-in 
inconveniences two percent of all computer users, nothing will be done. If it 
inconveniences 20%, something may be done. If it inconveniences 50%, 
something will be done.

I don't have a suitable server to hand, or more specifically suitable 
bandwidth, to offer a weblog/wiki style service for building a 
how-to-defeat-Microsoft's-tricks knowledge base, but I believe that it is an 
important thing to do, and do soon.

As Be discovered, and the US government appears reluctant to learn this, 
treating Microsoft as just another competitor - albeit a hard-ball player - 
is a lethal mistake. Let's not make it. We won't have a second chance, none 
of their vict^H^H^Hcompetitors ever do.

Cheers; Leon