Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Mono, of course, is a free implementation of parts of the .NET framework. In particular, Mono aims to provide a compiler for the C# language, an implementation of the "Common Language Infrastructure" (yet another virtual machine and remote procedure call implementation), and an extensive class library. In theory, Mono will help with the development of secure, highly interoperable applications.

Then again, there's Don Marti's inimitable characterization of the whole .NET framework:

If you break the whole mess down, as far as I can tell you get a rounded-scissors version of C++, a standard library for same, a virtual machine, and a Big Brother bank/authentication/anal probe system.

All of this stuff, of course, has been designed by Microsoft. Some of it has been proposed for ECMA standard status - but not all of it. The Mono implementation is progressing, but it remains far from a stable, complete state.

One thing that people should keep in mind before getting too upset over Miguel's statements is that he is talking about GNOME 3 or 4. The GNOME project has not yet released version 2.0, and Mono 1.0 is still a distant prospect. So any integration of GNOME and Mono will not happen for years. There will be plenty of time to see how Mono works out, how Microsoft manages its .NET standards, and whether the .NET framework truly helps the application development process.

Even then, Miguel is not pushing for a major rewrite of GNOME. Instead, he sees Mono as a way of making GNOME development go better in the future:

I am not asking anyone to rewrite any code. Indeed, I encourage people not to do so. But when it comes to extend a product, Mono might be a valuable tool. Valuable, because I believe that the major feature of .NET is reduction of development time and the reduction of the money we spend on developing those products.

Indeed, development time is one of the key factors behind this push:

Evolution: roughly 2 years of development, and at its peak had 17 developers working on it. [...]

The bottom line is that developing these applications is costing a lot of time, and a lot of money. I want to see Linux succeed on the desktop, and for this to happen, many more apps will need to exist. I want to go from having 17 people working for two years on a product to have those same 17 people work on four products in the same time.

.NET supporters cite a number of features which can help achieve this increase in development productivity: a comprehensive class library, the ability to easily integrate code in multiple languages, a garbage collection system which eliminates memory management problems, and more. It is also claimed that using the .NET framework will greatly increase the number of developers who can write for the Linux platform.

These claims, certainly, are worth the time to evaluate. Linux has far more applications than it did even a few years ago, but very few people would say that it does not need any more. If Mono can help bring about more free applications sooner, then it is worth a look.

The fact remains, however, that .NET is a standard created by Microsoft for its own ends. Adopting Mono could serve mainly to bring Linux systems into the whole HailStorm framework - an idea which lacks appeal. In the rush to develop more applications for Linux, it is worth taking some time to consider exactly what kind of applications we want.

Then, consider that there is nothing to keep Microsoft from "embracing and extending" its own standards. Some years from now, Mono could look much like the Wine project does now: forever chasing a set of shifting standards, and never being quite solid enough to completely serve its intended purpose. There also remains the issue of possible royalty claims or patent issues with .NET. Microsoft has not been entirely clear on the status of much of .NET, and unpleasant surprises are a real possibility. It is dangerous to base your applications on a standard controlled by a competing company.

Those worries are all speculation at this time, however. Given the amount of time that will pass before GNOME could even conceivably adopt Mono in any serious way, there will be ample opportunity to see how things play out. And, in the end, Miguel, while highly influential, lacks the ability to commit GNOME to any such course. The GNOME Foundation exists for a reason, and it's likely that its members will look hard before leaping onto the .NET bandwagon.

(See also: Miguel's "long reply" on this issue).

Who has more security problems? The folks at vnunet started some fun with this article claiming that Linux had more security problems than Windows in 2001. Here's their reasoning:

Although the statistics so far only go up to August 2001, aggregated distributions of the Linux operating system suffered 96 vulnerabilities while Windows NT/2000 suffered only 42. Breaking the figures down by distribution, Mandrake Linux 7.2 notched up 33 vulnerabilities, Red Hat 7.0 suffered 28, Mandrake 7.1 had 27 and Debian 2.2 had 26.

Any Linux user will immediately see the flaw in this reasoning: the same vulnerabilities are being counted up to four times. The real number of Linux vulnerabilities will certainly have to be a lot less. vnunet quickly backpedaled, noting that "all Linux distributions essentially use the same kernel, certain bugs are being counted more than once." Which still somewhat misses the point, since Linux distributions share far more than just the kernel.

We decided that it was time to try to get a handle on how many vulnerabilities were really suffered by Linux systems in 2001. To that end, we plowed through more security updates than any sane person would want to see in one day, and compiled the following table. Anybody who is proud of Linux's security should have a good look and weep - it is a very long list.

There is no end of caveats that apply to this table: it is hard to make a one-for-one comparison of security updates across distributions. Undoubtedly some updates have been joined that should not be, and others have been kept separate when they should be together. The table also does not distinguish between versions; an update for Red Hat Linux 6.2 makes the list, even if 7.x was available and not vulnerable. The picture is rough, but, we think, still interesting. Without further ado:

Linux security updates in 2001
Vulnerable package	Debian	Mandrake	Red Hat	SuSE	Turbolinux
analog	X				X
apache (Jan)	X	X
apache (Jul)	X	X	X
arpwatch		X
bind	X	X	X	X	X
cfingerd (Apr)	X
cfingerd (Jul)	X
cron	X	X	X	X	X
ctags	X
cups		X		X
cvsweb					X
cyrus-sasl			X	X
dhcp					X
dialog					X
diffutils		X	X
ed					X
ePerl	X	X		X
elm		X
esound					X
exim	X		X
exmh	X	X
expect		X
fetchmail (Jun)	X	X
fetchmail (Aug)	X	X	X	X
fml	X
gdm		X
getty_ps		X
gftp (May)	X	X	X
gftp (Oct)	X
glibc (Mar)	X	X	X		X
glibc (Dec)		X	X	X
gnupg	X	X	X	X	X
gnuserv	X
gpm	X	X
groff	X
gtk+		X			X
htdig	X	X	X	X
hylafax		X		X
icecast	X		X
imap		X		X
imp	X
inetd			X
inn	X	X
iptables			X
ispell		X	X
jazip	X
joe	X	X	X	X
kdelibs		X	X
kdesu		X		X
kernel (May)				X
kernel (Oct)	X	X	X		X
kernel (Nov)		X	X	X
ld-linux				X
libgtop		X
licq		X
linuxconf		X
losetup			X
lpr			X	X
lprng			X		X
mailman	X		X
mailx	X
man (May)	X		X	X
man (Feb)	X
man2html	X
mc	X			X
mesa		X
mgetty	X	X	X		X
micq	X		X
minicom		X	X
mktemp			X
mod_auth_pgsql			X
mod_auth_mysql				X
most	X
mutt		X	X
mysql	X	X
ncurses		X			X
nedit	X	X	X	X
netscape	X	X	X		X
nfs-utils					X
ntpd	X	X	X	X	X
ntping				X
nvi	X
omni print			X
openldap	X	X
openssh (Jan)	X
openssh (Feb)	X	X		X	X
openssh (Oct)		X
openssh (Dec)	X	X	X	X
openssl		X	X		X
php4	X	X
pine		X
pmake					X
postfix	X	X
printtool			X
procmail	X	X	X
proftpd (Feb)	X	X
proftpd (Mar)	X
rdist		X
rpmdrake		X
rxvt	X
samba (May)	X	X
samba (Jun)	X	X	X	X
sash	X
screen				X
sdbsearch				X
sendfile	X
sendmail	X	X	X	X	X
sgml-tools	X	X	X	X
shadow-utils		X
slocate					X
slrn (Sep)	X
slrn (Mar)	X	X	X
snmp			X
splitvt	X
squid (Jan)	X	X			X
squid (Jul)	X	X	X	X
sudo	X	X	X	X
susehelp				X
tcpdump		X			X
telnet	X	X	X	X
tetex		X	X
timed		X		X
tinyproxy	X
tripwire		X
util-linux		X		X
uucp	X	X		X
vim		X	X	X	X
w3m (Jun)	X
w3m (Oct)	X
webalizer			X	X
webmin		X
wmaker	X	X		X
wmtv	X
wu-ftpd (Nov)	X	X	X	X
wu-ftpd (Jan)	X	X			X
Xaw	X
xemacs		X	X		X
xfree86	X		X
xinetd	X	X	X	X
xloadimage	X	X	X	X
xmcd				X
xtel	X
xvt	X
zope (May)	X	X	X
zope (Mar)	X	X
Totals:	81	81	56	44	28

Whew. That is a total of 290 updates for 145 unique vulnerabilities. It would seem that the vnunet article actually underestimated the problem. A quick look at the totals suggests that Turbolinux is the most secure distribution with only 28 updates, while Debian and Mandrake top the list at 81. It must be time to put out a press release.

That is, of course, complete nonsense. Why do the different distributors have different numbers of updates? Here's a few reasons:

• Not all distributors ship the same packages. Debian, due to its size, is almost guaranteed to have more issues than any other distribution. Very few others ship packages like cfingerd or xtel.

• Distributors sometimes combine multiple fixes into a single update - especially if they are running behind. The number of updates puts a lower bound on the number of security problems fixed, but doesn't tell much more than that.

• Some distributors are rather better at getting updates out than others. All distributions, for example, were vulnerable to the latest glibc buffer overflow problem. Debian's update came out in January, and thus didn't quite make the 2001 table. Turbolinux has yet to issue an update for that problem, and for many others. If you simply count and compare updates, you will penalize the distributions that are more serious about security.

In other words, we are not yet at a point where we can make meaningful comparisons even between Linux distributions. Trying to compare Linux with Windows seems like a waste of time. In the end, there is only so much to be learned about the security of an operating system by counting its published vulnerabilities. One has to look at the seriousness of each, how it was discovered (internal audit or external exploit), how long users had to wait for a fix, and how many users were actually compromised as a result of the problem. We need better ways of understanding and comparing security response; simply counting vulnerabilities is not sufficient.

Inside this LWN.net weekly edition:

• Security: Checking for root kits; Sardonix security auditing portal
• Kernel: Linus tries BitKeeper; the radix tree page cache.
• Distributions: Lists Again; Three not-so-new Japanese distributions.
• Development: PostgreSQL 7.2, Ogg Vorbis RC3, AFPL Ghostscript 7.04, ht://Dig 3.1.6, Galeon 1.0.3 and 1.1.3, GNOME 2.0 Desktop Alpha 2, GARNOME Preview 1, Samba 2.2.3, Gnumeric 1.0.4.
• Commerce: Edward Felten drops DMCA case; LinuxWorld awards.
• Letters: Lindows coverage; Linux Standard Base

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor

See also: last week's Security page.

Security

News and Editorials

Michael recommends regularly checking exposed systems by running chkrootkit. This nifty tool locally checks for signs of a rootkit. Running it regularly and using diff to compare the results to past runs is one way to look for compromised systems.

The Sardonix security auditing portal. Crispin Cowan has announced a new security portal designed to encourage auditing of code. "The whole project is intended to leverage community skepticism of claims of security, and the community's joyful habit of criticizing the work of others, and so we call it Sardonix." There will be features to track the auditing of various packages; it will also be able to audit the auditors by tracking how many bugs are found after somebody has declared it clean. The project is in an early stage, and contributors are being sought. This work is supported by a DARPA grant.

Out of the box, Linux is 'dreadfully insecure' (Register). The Register reminds us that default installations for most Linux distibutions are insecure. "Jay Beale, the lead developer of Bastille Linux and an independent security consultant, says it's not the Unix-based systems with interesting stuff on them that get hacked, it's the vulnerable ones. And if you're not prepared to tighten up what you get from the vendor, it's just a matter of time."

Security Reports

Mandrake Linux Security Update - gzip. Mandrake has issued a security advisory for gzip. This fixes two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server.

Net::FTPServer security fix. The Net::FTPServer project released this security fix to close a potential vulnerability "allowing users to list directories to which they should not have access. If your configuration file uses 'list rule', then you need to upgrade to version 1.034."

PHP Safe Mode Filesystem Circumvention Problem. According to this post to Bugtraq: "If an attacker has access to a MySQL server [...], he can use it as a proxy by which to download files residing on the [PHP] safe_mode-enabled web server".

web scripts. The following web scripts were reported to contain vulnerabilities:

• Faq-O-Matic has a cross-site scripting vulnerability described in this Bugtraq post. There is a fix available in CVS according to this subsequent post.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Multiple vulnerabilities in Oracle 9i and 9iAS are described in Bugtraq posts from NGSSoftware Insight. They are charaterized as potential remote compromise, multiple buffer overflows and JSP translation file access. Although the vulnerabilties are described as present on "all operating systems" no mention is made of verification on Linux.

• texis(CGI) has a path disclosure vulnerability described in this Bugtraq post.

Updates

This vulnerability is remotely exploitable; updating is a good idea.

Note: If an update isn't yet available for your distribution, setting enable-msg-view-urls to "off" in pine's setup will avoid the vulnerability. (Thanks to Greg Herlein).

This week's updates:

• Conectiva (January 31, 2002)

• EnGarde (January 14, 2002)
• Red Hat (January 14, 2002)
• Slackware (January 13, 2002)
• Yellow Dog (January 27, 2002)

This week's updates:

• Caldera (January 24, 2002)
• Conectiva (January 25, 2002)
• Debian (February 3, 2002) (note: if you applied the original update, which broke rsync, you need to update again.)
• EnGarde (January 25, 2002)
• Mandrake (January 28, 2002)
• Red Hat (January 30, 2002) (note that this alert was updated; if you applied the original version you should update again.)
• Slackware (January 26, 2002)
• SuSE (January 25, 2002)
• Trustix (January 28, 2002)
• Yellow Dog (January 27, 2002)

Events

Upcoming Security Events.

The schedule for CodeCon 2002 has been announced. "CodeCon is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community." CodeCon 2002 will be held at DNA lounge in San Francisco, February 15th to 17th.

Date	Event	Location
February 15 - 17, 2002	CODECON 2002	San Francisco, California, USA
February 18 - 22, 2002	RSA Conference 2002	San Jose, CA., USA
March 11 - 14, 2002	Financial Cryptography 2002	Sothhampton, Bermuda
March 18 - 21, 2002	Sixth Annual Distributed Objects and Components Security Workshop	(Pier 5 Hotel at the Inner Harbor)Baltimore, Maryland, USA
April 7 - 10, 2002	Techno-Security 2002 Conference	Myrtle Beach, SC

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Dave Jones's current patch is 2.5.3-dj3. It includes the latest fixes from the 2.4.18 prepatches, and tosses in the radix tree page cache patch for good measure.

It is worth noting that there have been a few reports of filesystem corruption under 2.5.3. Nothing has really been nailed down, however.

The latest 2.5 status summary is available from Guillaume Boissiere (who also maintains a nice web version).

The current stable kernel release is 2.4.17. Marcelo released 2.4.18-pre8 on February 4; this prepatch adds another set of fixes but no new features. A note from Marcelo indicates that the first 2.4.18 release candidate will be coming out soon.

Alan Cox's latest is 2.4.18-pre7-ac3, which includes a different set of fixes and a few filesystem updates.

Linus tries out BitKeeper. LWN reported way back in 1998 that Larry McVoy's BitKeeper tool was being positioned to help out with kernel development. More than three years later, Linus is actually giving it a try. This experiment is, of course, a direct result of the "patch penguin" discussion (as covered last week). Once things have stabilized, the hope is that BitKeeper will make it easier for Linus to handle patches and keep the development process on track.

For the moment, the benefits of BitKeeper are yet to be seen - Linus has been spending his time getting up to speed and working the system into shape. One immediate plus, however, is that BitKeeper makes it easy to retain the comments that maintainers put on their patches for Linus; thus, the new, verbose changelogs.

Change information is also being made available on a BitKeeper site. More information - including the actual, individual patches - is available there. This information is likely to be incorporated into the kernel.org system as well.

The real potential of BitKeeper will be realized when a sufficient number of other kernel developers start using it. BitKeeper makes it easy to move specific patches between repositories, and provides some seriously slick tools for handling merges. With luck, a more productive kernel development team will emerge from the testing period. Meanwhile, however, as Larry points out:

On the other hand, he's only been using it for a week and he isn't saying it is the best thing since sliced bread. So it's a bit premature to predict whether he will be using it in a month or not. We hope so, and we'll keep working to make you happy with it, but Linus is a harsh judge - if BK doesn't help out, he'll kick it out the door.

Stay tuned.

The radix tree page cache patch by Momchil Velikov and Christoph Hellwig was merged into 2.5.3-dj3. It is expected to make an appearance in the 2.5.4 prepatches before too long, but it was not included in -pre1. Time for a quick look at what this patch does.

The Linux page cache is a collection of pages that belong (usually) to files; they are kept in main memory for performance reasons. The page cache can often take up the bulk of the memory in use at any given time. Whenever a process reads or writes a file, takes a page fault, or is swapped out, the page cache is involved.

The performance of the page cache thus has a big influence on the performance of the system as a whole. When a particular page is called for, the page cache must be able to find the page (or determine that the page is not in the cache) quickly, and, preferably, with minimal memory overhead. The Linux kernel has long maintained a global hash table for pages in the cache. This system works reasonably well much of the time, but it does have a couple of limitations:

• A page's hash is not unique, so the system must be able to resolve collisions. This is handled by chaining pages in a linked list off the hash table entries. The list entries require eight bytes for every page of physical memory in the system - whether the page is in the cache or not. Traversing the hash chains also adds a small overhead, especially when the desired page is not present.

• The page cache is controlled by a single, global lock, which presents scalability problems even with a small number of processors.

The radix tree patch addresses these problems by combining a better data structure with a fundamental observation about the nature of the page cache. The observation is this: the existing page cache is a large, global data structure, but the page caching problem is actually a set of smaller, individual tasks. With the patch, Linux actually has many little page caches, one for each open file in the system. The page cache which tracks pages from, say, /usr/bin/vi need not coexist with the cache for index.html in a web documents directory.

Separating page caches from each other has a couple of advantages. One is that each page cache can have its own lock, and the global page cache lock goes away. The other is that the searching problem becomes much smaller, since a smaller address space is involved.

When each file has its own page cache, the only index needed to look up a specific page is its offset within the file. A 32-bit offset will handle files up to 2⁴⁶ bytes (when 4K pages are used) - enough to keep even the streaming video people happy for now. A complete lookup table for 32-bit values would, at 8GB, be a little too large - it would tend to erode the memory savings gained by removing the hash table list entries from the page structure. So a radix tree is used instead. Essentially, the 32-bit offset is divided into sub-fields as follows:

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

The current patch uses 7-bit indices, as shown above; that number may eventually change based on benchmark results, but the algorithm remains the same.

That algorithm, essentially is this: the highest-order subfield is used to look in a 128-entry table in the root of the radix tree; the entry in that table will be a pointer to the next node in the tree. The next lower subfield from the index is used to index that node, yielding the third one. Eventually the algorithm finds its way to the bottom of the tree and obtains the page pointer - or finds an empty entry and knows that the page is not present. This data structure thus strongly resembles the system's page tables - which is not entirely surprising, given that it is solving a very similar problem.

An important optimization employed by the patch is to make the tree no deeper than necessary - for small files (up to 128 pages - most of them), the tree will have only one node. Only the least significant subfield of the offset (the red bits in the diagram above) will be used. Lookups should be almost instantaneous.

Users of the "dj" kernels can run the new code now; expect it to appear in a Linus kernel before too long. There is also a version of the patch available for the 2.4.18-pre7 kernel.

Other patches and updates released this week include:

Core kernel code:

• Christoph Hellwig has posted a set of routines which rationalize the process of creating kernel threads. A more recent version of the patch, without the nice description, is available.

• Version 12c of Rik van Riel's reverse mapping VM is available. Ingo Molnar has posted a version of his scheduler patch that works with rmap.

• Andrew Grover has announced a major release of the ACPI code for 2.5.3.

• The 2.5.3 security module patch is available.

Development tools:

• Hubertus Franke has posted a patch which allows the gcov test coverage tool to be used with the kernel.

Device drivers

• devfsd 1.3.23 was released by Richard Gooch.

• Pavel Machek has posted a patch which adds driverfs support for motherboard devices.

Filesystems:

• UVFS 0.3.1, a user-space filesystem kit, was released by Britt Park.

Kernel building:

• Michael Elizabeth Chastain has resumed maintenance of the CML1 code.

Miscellaneous:

• Keith Owens has released modutils 2.4.13.

• Dave Jones has been reworking the kernel include files in an effort to simplify dependencies and speed up kernel compiles.

• Denis Vlasenko is assembling a new maintainers file intended to actually help people figure out where to send patches.

Networking:

• Dmitry Kasatkin has announced the release of version 0.9-pre10 of the "affix" BlueTooth stack.

• Jean Tourrilhes has announced a new IrDA patch and the latest version of the wireless extensions.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

News and Editorials

Lists Again. The LWN Distribution List is now as done as anything this fluid can be. Those who would like to compare the new list to the old can find the old list here. The pointer to the new list has moved to the right side bar, where it heads up our "list of other lists".

There are two hundred twenty-four "active" distributions and another twenty listed as historical. Some of the so-called "active" distributions probably aren't very active. Over time some of these links will move into historical, or disappear completely. Nor will we guarantee that our list is complete. There are almost certainly more Linux distributions that we haven't heard of. This following list of deleted distributions represents only a small portion of Linux distributions that have come and gone over the years.

Alzza Linux	aXon Linux	Cafe Linux
cLIeNUX	Coollinux	DragonLinux
easyLinux	eXecutive Linux	FTOSX
Gentus	Halloween Linux	ix86 Linux
Jurix	LinuxEspresso	LinuxOne OS
LinuxPPP	Linux Pro Plus	MageNet
OS2000	PKLinux	Runix
spyLinux	Storm Linux	TAMU
Turkuaz	Ute-Linux	VA-enhanced Red Hat
WholeLinux	Xdenu	ZipSpeak

Lycoris community portal launched; Desktop/LX now available. Lycoris (the company formerly known as Redmond Linux) has announced the launch of its new "community portal" at lycoris.org.

Lycoris has released box sets of Desktop/LX (formally known as Redmond Linux Personal). Desktop/LX is now available in two box packages, standard or deluxe.

New Distributions

Three not-so-new Japanese distributions. Thanks to LWN correspondent Maya Tamiya we have added three more Japanese distributions to our list.

The Good-Day GNU/Linux HA Server is a Debian-based distribution, which uses only free software. It is developed by Good-Day Inc. (in Japan). They say that their distribution features high availability, and is for Web applications. The folks at Good-Day Inc. also make a "real-time backup utility for PostgreSQL" named "Usogres" ("Uso" is a Japanese word for "fake") available before the PostgreSQL team made replication available.

HOLON Linux is a Japanese distribution aimed at mass consumers. It is developed by HOLON Inc. (in Japan). They did a TV commercial, which was (and is) an unprecedented promotion in Japan. Their server version received a "Good Design Award" by the Ministry of International Trade and Industry in Japan. Their desktop version product includes 2.8GB of commercial and multimedia applications.

Miracle Linux is a high reliability, scalability and availability server OS for the enterprise market, according to MIRACLE LINUX CORPORATION, the developer of the distribution. MIRACLE LINUX CORPORATION was originally founded by Oracle Corporation Japan. (Currently Oracle Japan owns about 60% of MIRACLE LINUX.) They offer not only "MIRACLE LINUX with Oracle," but also "MIRACLE LINUX for Samba" and "MIRACLE LINUX for PostgreSQL."

Distribution News

Debian News. The Debian Weekly News for January 30 is out. Covered topics include GDB manual licensing, the new package tracking system, the emacs operating system, the woody stabilization process, and more.

A new potato, or Debian 2.2r6, is expected to be released in early March.

The call for nominations has gone out for this year's Debian Project Leader election. The nomination period lasts three weeks, after which the campaigning phase begins.

We have an update from the Debian Jr. project. Most of their energy is currently focused on ensuring Debian Jr. packages are all at least in a releasable state for Woody.

Debian at FOSDEM? Currently Debian is not participating in FOSDEM (happening in Brussels on February 16-17, 2002). There is still time to get involved and help Debian have a presence at the meeting.

Libranet. Debian based Libranet has a new release of its desktop distribution. V2.0 features kernel 2.4.16, the "Libranet Adminmenu" which makes system functions easy, a new installer, and much more.

Red Hat Linux. This Red Hat bugfix advisory says a new tmpwatch package fixes cron warning.

Slackware. Slackware Linux has released XFree86-4.2.0, LPRng-3.8.5 and ifhp-3.5.3 packages for Slackware current-Intel. See the changelog for details.

SuSE Linux Enterprise Server 7 for IBM eServer. The SuSE Linux Enterprise Server 7 is now available for IBM eServer iSeries and pSeries.

Xandros Launches Beta Program for Xandros Desktop 1.0. Xandros announced the launch of its first Beta Program designed to finalize the stability and usability of Xandros Desktop 1.0.

Minor Distribution updates

Astaro Security Linux. Astaro Security Linux released v2.020 on February 4, 2002, with minor bug fixes.

Dyne.org newsletter #4. The Dyne.org newsletter looks at FreeJ 0.3, Transmediale.02 (a FreeJ workshop), MuSE 0.6.6 and more.

LynuxWorks Announces BlueCat 4.0 Availability for the ARM920T Processor. LynuxWorks announced BlueCat 4.0 Linux and VisualLynux Integrated Development Environment (IDE) support for the for the new ARM920T processor.

Distribution Reviews and Interviews

Local Linux edition looks a lot like XP (Eastside Journal). The Eastside Journal is a newspaper that covers the eastern Seattle suburbs including Redmond. Here's an article about Lycoris, formerly Redmond Linux, and its recent release of Desktop/LX. "From the blue sky and puffy clouds of its opening screen to the Go button at bottom left (where XP's ``start'' button is), Desktop/LX was built to convert Windows users. Lycoris sells the operating system for $30, or $40 for a deluxe edition that comes with programming tools."

An interview with ELX Linux founder and chief architect, Abhi Datt (DesktopLinux.com). ELX, Everyone's Linux, is a new project to create a uniquely easy-to-use Linux distribution. Rick Lehrbaum interviews Abhi Datt, Chief Software Architect and founder of Project ELX. "ELX comes with 3 fullfledged office suites (including OpenOffice), 5 browsers, 2 state-of-the-art email clients with outlook express compatibilty, a complete multimedia suite to run virtually all file formats, and more. "Application Launch Pad System" (ALPS) manages all this in the most intelligent way. Though the default desktop environment is based on KDE, it installs base libraries of Gnome so all Gnome applications work perfectly well."

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
DistroWatch
ibiblio
Linux.com
LinuxLinks
Woven Goods

See also: last week's Development page.

Development projects

News and Editorials

The final version of PostgreSQL 7.2 has been released. There are many "enterprise friendly" changes from 7.1.X, some of them include

• An improved vacuuming operation that does not lock tables.
• New support for transactions exceeding four billion counts.
• Optional OIDs.
• Histogram stats are performed during ANALYZE for better optimizations.
• Support for MD5 encryption when dealing with passwords.
• A new table access statistics module for improved index usage statistics.
• New support for international languages.

Those wishing to migrate to version 7.2 will need to perform a dump/restore operation.

The full PostgreSQL 7.2 Documentation is available online, in addition, the Developers-FAQ contains a lot of useful information.

Looking forward to version 7.3 and beyond, the TODO List has a long set of desired additions. The most urgently desired features include replication of distributed databases and point-in-time data recovery.

Audio Projects

Ogg Vorbis RC3 available. Release Candidate number three has been announced for the Ogg Vorbis open-source audio compression suite. "This release features bitrate management, meaning that instead of choosing one of several VBR modes, you can specify average bitrate, put boundaries on the bitrates to emulate CBR (useful for streaming), or the default VBR modes which have millions of possible quality levels."

RX/Saturno DX7 Synthesizer Emulator (linuxmusic). This week, linuxmusic features RX/Saturno, a new (version 0.0.1) emulator of the classic Yamaha DX7 6 operator FM Synthesizer.

Education

SEUL/edu Linux in education report #63. The latest SEUL/edu Linux in education report looks at work towards an open-source implementation of the Schools Interoperability Framework (SIF) Zone Information Server (ZIS). "To recap, the SIF is an XML schema proposed by a consortium of software vendors to allow compliant programs to exchange data. The ZIS is a 'gatekeeper' program that registers the application programs as to what type of data they provide (each 'type' can be registered to only one app at a time)."

Electronics

Icarus Verilog 0.6 released. Version 0.6 of the Icarus Verilog electronic simulation language compiler has been released. This version features lots of bug fixes, better standards compliance, and more. See the release notes for all of the details.

Embedded Systems

Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for January 31 is out. The bulk of the news this week is from LinuxWorld.

Using GTK+/X as an Embedded GUI (ELJonline). Chuck Groom explains how to modify GTK+/X to build a custom GUI. "One of the reasons why WinCE and Palm-sized PC devices did not initially do as well is that a general-purpose GUI design borrowed from desktop paradigms is not appropriate for embedded devices."

Peer to Peer

Smart & simple messaging (IBM developerWorks). Wes Biggs discusses SMS (Short Messaging System), a wireless message protocol. "Developing wireless applications in the present environment can be frustrating. Because device-independent code is still the exception rather than the rule, today's successful projects tend to focus on narrowly defined target audiences, where each user can be guaranteed to have the same, or at least highly similar, wireless equipment. Despite recent trends toward technology consolidation, there is no standard, or even de facto standard, for deploying a wireless app."

Printing Software

AFPL Ghostscript 7.04 Released. A new version of AFPL Ghostscript has been released. Version 7.04 is a security and maintenance release.

CUPS v1.1.13 is released. A new version of the CUPS printing system is available. "CUPS 1.1.13 adds support for the KOI8-R and KOI8-U encodings, message catalogs for several Russian locales and for Simplified Chinese, improvements for MacOS X (Darwin) and IRIX, improvements to the PDF, PostScript, and text filters, status reporting for IPP-based printers (paper out, etc.), and improvements to the SAMBA driver export facility. The new release also fixes bugs in the scheduler, the lpstat command, the CUPS API, and the pstoraster filter."

Science

SQL Clinic Reaches 1.0 (LinuxMedNews). LinuxMedNews reports on SQL Clinic 1.0, an SQL interface for dealing with clinical data via a web interface.

Standards

The Free Standards Group Releases Two Linux Standards Platforms. Here is the official announcement from the Free Standards Group on the release of LSB 1.1 and Li18nux 1.0.

Joint POSIX/Single Unix Specification. The Open Group has announced version 3 of its Single UNIX Specification document. (Thanks to Andrew Josey.)

System Administration

Intro to cfengine for system administration (IBM developerWorks). Teodor Zlatanov illustrates the use of cfengine for automating systems administration tasks. "Cfengine (configuration engine) is a UNIX administration tool that aims to make the easy administrative tasks automatic, and the hard tasks easier. Its goal is system convergence from any state towards an ideal state."

Web-site Development

ht://Dig 3.1.6 released. A new version of the ht://Dig web site search engine has been released. "This new production version fixes a number of important bugs and adds a few heavily-requested features. As the latest stable release, it is recommended for all production servers." See the Release notes for all of the details.

Call Profiler - profile your Zope website. Version 1.2 of Call Profiler, a Zope site optimizer tool, has been released. Call Profiler features a BSD style license.

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Desktop Development

Audio Applications

WaveSurfer 1.2.1 released. Version 1.2.1 of the WaveSurfer audio editing package has been released. The Changes in this release include new command line options, GUI additions, and bug fixes.

Web Browsers

Mozilla 0.9.8 Released. Version 0.9.8 of the Mozilla browser has been released. Changes include improvements to the address book, a fix for dynamic theme switching, improved favicon.ico handling, support for MNG animations, and more.

Galeon 1.0.3 and 1.1.3 released. Two new versions of Galeon have been announced. Version 1.0.3 (stable) adds Mozilla 0.9.8 compatibility and bug fixes. Version 1.1.3 (development) also adds security options, a new set of preferences icons, socks proxies support, and more.

Desktop Environments

GNOME 2.0 Desktop Alpha 2: 'Mr. Nilsson Sheds a Tear'. The Alpha 2 release of the GNOME 2.0 Desktop has been announced. "Due for general consumption in March, the GNOME 2.0 Desktop is a greatly improved user environment for existing GNOME applications. Enhancements include anti-aliased text and first class internationalisation support, new accessibility features for disabled users, and many improvements throughout GNOME's highly regarded user interface.".

GARNOME Preview 1. The first preview of GARNOME, "the bad-ass, bleeding edge GNOME distribution for testers and tweakers everywhere", has been announced. (Thanks to Jeff Waugh.)

There is also a GNOME Gnotices discussion available on GARNOME.

People of KDE: Cornelius Schumacher. This week's People of KDE features Cornelius Schumacher, the maintainer of KOrganizer, author of Kandy, and contributor to other KDE projects.

Impressions on the Paris Linux Expo. Philippe Fremy writes about a real-time code writing experience from the Paris Linux Expo. "Then I saw this magic thing: A live coding session by a truly talented KDE core developer: David took his laptop and started coding under my eyes. In five minutes, it was done: the 'URL' label on Konqueror would accept a pasted URL and simply open it. Really great!"

GNOME Summary for February 2, 2002. This week's Gnome Summary includes news of the upcoming GUADEC conference, two recent versions of GNOME, Miguel on GNOME and Mono, Evolution 1.0.2, and more.

Games

The Chopping Block returns!. The February, 2002 issue of the Chopping Block is out with all of the latest developments from the WorldForge project.

WorldForge Audio White Paper. A new version of the WorldForge Audio White Paper is available. Various audio formats are compared.

Three new games on PyGame. This week, PyGame takes a look at Samepygame 1.1, Pykanoid 0.12.1, and Pypong 0.2.

Graphics

GDKXFT for i18n Environment. A new version of GDKXft has been released. GDKxft adds anti-aliased font support to gdk+-1.2. "GDKXft has a new version for the international environment that allow GTK-1.2 to render anti-alias font for i18n environment."

Interoperability

Samba 2.2.3 released. Samba 2.2.3 has been released. It contains a number of bug fixes (but, seemingly, no security fixes), and a number of changes aimed at dealing with scalability problems.

Multimedia

Gnome-Media 1.112.0: 'The IMF taking care of business' released. A new version of Gnome-Media has been released. Version 1.112.0 adds a new theme format, preferences, and bug fixes.

GStreamer 0.3.2 released aka 'Do-b-day'. A new version of the GStreamer multimedia framework has been announced. Version 0.3.2 is the first release that was built with using Glib 2.0 and libxml2, it features a new capabilities negotiation system, a new Alpha GNOME 2 mediaplayer, new mjpeg encoder/decoder plugins, and lots of bug fixes. GStreamer also has new support for the Ogg Tarkin video encoding and decoding system.

Office Applications

Gnumeric 1.0.4 released. Version 1.0.4 of the Gnumeric spreadsheet program is available. This is a bug fix release.

AbiWord Weekly News #81. Issue #81 of the AbiWord Weekly News is online. The bug fixing mission continues.

Programming Languages

Caml

Caml Weekly News for February 5, 2002. The latest Caml Weekly News is out. Topics include building TAGS tables for emacs, IoXML, ocamlnet-0.92, OCamlCVS 1.1, and string searching with OCamlAgrep 1.0.

This week on the Caml Hump. The Caml Hump features articles on MLDonkey, a linux client developed in OCaml for the peer-to-peer file sharing network, openin, OCamlAgrep, and IoXML.

Java

Building dynamic Web sites with mathematical content (IBM developerWorks). Michael Juntao Yuan writes about using LaTeX and Java to add mathematical figures to dynamic web pages. "The Internet and the Web were originally designed by scientists to exchange scientific and mathematical research information. Ironically, after more than 30 years of Internet and 10 years of Web development, there is still no easy way to publish mathematics-intensive content on the Web."

Using XDoclet: Developing EJBs with Just the Bean Class (O'Reilly). Dion Almaer introduces XDoclet on O'Reilly's xml.com. "Have you developed an EJB? Have you been frustrated at having to create and manipulate the XML deployment descriptors, as well as the interfaces? I certainly have. I was recently working on an EJB for the Xbeans open source project and I decided to use another open source tool -- XDoclet -- to generate the XML descriptors and interfaces for me."

Lisp

CL-PDF 0.3 brings Adobe Acrobat to Lisp. A common lisp library known as CL-PDF version 0.3 has been released. "This is an early version of a Common Lisp library for generating documents in Adobe Acrobat format. This small but powerful library is self-contained and does not require Adobe tools such as Acrobat Distiller."

Free The X3J Thirteen! for January, 2002. The January, 2002 issue of Free The X3J Thirteen! is out. Topics this month include new releases of GCL, OpenMcL and SBCL, and more.

Perl

Inaugural issue of The Perl Review (use Perl). Use Perl has posted an announcement for the first issue of The Perl Review. The first issue covers extreme programming, structured classes, benchmarking, and more.

Beginning PMCs (Perl.com). Jeffrey Goff discusses extensions to the Perl 5 Parrot interpreter. "One of the best things about Parrot is that it's not just for Perl implementors. Parrot 0.0.3 came with support for extensible data types that can be used to implement the types used in your favorite language. The mechanism by which these types are extensible is called the PMC."

PHP

PHP Weekly Summary for February 4, 2002. The latest PHP Weekly Summary topics include manual translations, a safe_mode_include_dir patch, Satellite in PECL, FreeBSD and CVS, a PHP 5 build system, the Roxen SAPI, and more.

Python

Dr. Dobb's Python-URL! for Feb 4. Stackless Python returns with a 2.2 alpha release; Zope 2.5.0; Python and Zope participants needed at The O'Reilly Open Source Convention; and more in this week's Python-URL.

This week on the Daily Python URL. This week's entries on the Daily Python URL look at converting TrueType fonts to XML, doing Church's lambda calculus, using the SimpleParse module, processing meteorological radar data, and more. A python 3D museum display is also examined.

PyChecker 0.8.9 released. PyChecker version 0.8.9 has been released. This release features several new warnings and lots of bug fixes.

Ruby

This week on the Ruby Garden. This week's Ruby Garden entries include Version 0.4 of the Radical web application framework, and an interview with Kent Beck and Alan Cooper,

The Ruby Weekly News. The Ruby Weekly News looks at the Ruby utilities Log4r 1.0.1, RbProf 0.2.1, PerfCtr 0.1.0, and Locana.

Tcl/Tk

Dr. Dobb's Tcl-URL! for Feb 4. This week's Tcl-URL looks at driving Excel from Tcl; SMTP authentication; explanations of names paces; and more.

XML

Using tDOM and tDOM XSLT (IBM developerWorks). Cameron Laird writes about tDOM and tDOM XSLT on IBM's developerWorks. "Simple benchmarks show that tDOM is one of the best-performing XML processors currently available. Access through the Tcl 'scripting' language makes for a particularly potent development environment -- fast in both development and execution. A 'dual level' (or two-language) model of development combines the advantages of Tcl and XSLT for different aspects of XML manipulation."

Miscellaneous

Introduction to Make (O'Reilly). Jennifer Vesperman introduces Make on O'Reilly's Linux DevCenter. "Make is useful for system administrators as well as developers. This article primarily discusses Make as a compilation tool, but it can be effective for program installation or system configuration changes."

oprofile-0.0.9 available. Version 0.0.9 of the oprofile profiler has been released. The release notes show that support for Linux 2.x kernels has been added, and an RTC mode is now available.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Edward Felten drops DMCA case. Here's the latest EFF update on the Felten case, which sought to challenge the DMCA in U.S. federal court. "Citing assurances from the government, the recording industry, and a federal court that the threats against his research team were ill-conceived and will not be repeated, Professor Edward Felten and his research team decided not to appeal the November dismissal of their case by a New Jersey Federal Court."

Petition for open source in the Bundestag. Here is an online petition calling for the use of open source software in the German Bundestag, which is evidently considering which software it should be using in the future. "The signatories of this declaration have, due to the following arguments, come to the opinion, that to ensure economic competition, promote creative potential, secure the open market and generally re-emphasize the democratic aspects of German society, the German parliament would do well to support the introduction of free software as a prominent move towards the shaping of a new open society in the coming century." Not surprisingly, the petition's original form is in German. (Thanks to Joseph Eoff).

Open Source Achievements Rewarded At LinuxWorld Conference & Expo. IDG World Expo presented the Open Source Product Excellence Awards at LinuxWorld. Winners include Borland's Kylix 2, Powercockpit from Turbolinux, MontaVista's Hard Hat Linux 2.0, Open WBEM from Caldera International, and several of Computer Associates' Unicenter products.

OSDL Enterprise Achievement Award goes to Andrew Tridgell. The Open Source Development Lab has announced that its "Enterprise Achievement Award" has been given to Samba hacker Andrew Tridgell.

Linux Professional Institute Announcements. The Linux Professional Institute (LPI) made several announcements recently, including a special upgrade program aimed at holders of Sair Linux certifications; LPI at CeBit; a new initiative for supporting and funding international affiliate organizations; and LPI has named ProCert Labs as the official review body for a new Training Materials Program.

Cray and Dell to market Linux clusters. Once again, Cray has announced its intent to sell Linux clusters. This time the company is working with Dell. Cray provides the know-how, marketing, and support, and Dell provides the hardware.

Sleepycat releases Berkeley DB 4.0. Sleepycat Software has announced the release of Berkeley DB 4.0. New features include database replication (for high availability) and group commits.

IA-64 Linux Kernel: Design and Implementation. IA-64 Linux Kernel: Design and Implementation, by David Mosberger and Stéfane Eranian, has been published and is available in the stores. It appears to be a detailed volume which covers, in depth, the IA-64 architecture and how Linux was made to run on it.

The Red Hat Press launches. Hungry Minds has announced the founding of the Red Hat Press, which will publish a line of books about, you guessed it, Red Hat Linux.

Learning Red Hat Linux. "Learning Red Hat Linux", revised for v7.2, has been released by O'Reilly.

O'Reilly releases Practical PostgreSQL. O'Reilly has announced the release of Practical PostgreSQL by John C. Worsley and Joshua D. Drake.

Survey Provides New Insights Into 'Hacker' Culture. A BCG survey of 526 OSS community members looks at the motivations of software contributors. "By allowing consumers of its Mindstorm toy robot to rewrite its operating system and programming language, Lego increased the functionality to the user and outperformed its initial sales forecasts. Similarly, Harley Davidson relinquished control of its brand to its biker community, with overwhelmingly positive results."

January Netcraft Web Server Results. The January, 2002 Netcraft Web Server Survey has been published. Apache usage is up this month.

Linux Stock Index for January 31 to February 06, 2002.
LSI at closing on January 31, 2002 ... 30.21
LSI at closing on February 06, 2002 ... 28.50

The high for the week was 30.39
The low for the week was 28.50

Press Releases:

Open Source Products

• Chinese Academy of Sciences (BEIJING, China): Intel And Chinese Academy Of Sciences Deliver Advanced Compiler Framework.

• XAO Inc. (PASADENA, Calif.): XAO Inc. Announces Availability of XAO Web Developer, a Complete Suite of Tools for Rapidly Developing Web Systems.

LinuxWorld Announcements

• Caldera International Inc. (OREM, Utah): Caldera-Sponsored OpenWBEM Project Wins Open Source Product Excellence Award; Award Recognizes Best Open Source Project at LinuxWorld Expo, New York.

• Compaq Computer Corporation (LinuxWorld Expo, NY): Compaq LinuxWorld News.

• Computer Associates International, Inc. (ISLANDIA, N.Y.): CA Wins Big at LinuxWorld; Unicenter Solutions Win Three Awards Including Best of Show .

• Overland Data Inc. (SAN DIEGO): Overland Data Recognized for Best Hardware in Linux Environments; Overland's Neo LXN2000 Tape Library Claims Prestigious Arkeia Power Award at LinuxWorld Expo.

Distributions and Bundled Products

• LynuxWorks (SAN JOSE, Calif.): LynuxWorks Announces BlueCat 4.0 Availability for the ARM920T Processor.

• SuSE Linux (NEW YORK): Linux Made Enterprise Ready: SuSE Linux Enterprise Server 7 for IBM eServer iSeries and pSeries; Latest Result of SuSE Linux and IBM Joint Technology Collaboration.

• Xandros (NEW YORK): Xandros Launches Beta Program; Enlists the help of Linux users to finalize Xandros Desktop 1.0.

Proprietary Products for Linux

• alphaWorks (): alphaWorks tool: Enhanced Cluster Tools (ECT) for Linux.

• Aurora Technologies, Inc. (BROCKTON, MA): Free Aurora Linux Driver Emulates Ethernet Over Sync Serial Connection.

• GoAhead Software (BELLEVUE, Wash.): GoAhead Software Releases New Version of Service Availability Middleware; SelfReliant 2.0 is the Only Cross-Platform, Comprehensive Solution On the Market.

• Landmark Graphics, Corp. (DALLAS): Landmark Delivers Seismic Processing and Reservoir Simulation Products for the Linux Operating System.

Linux Hardware and Bundled Products

• AMD (LINUXWORLD, N.Y.): AMD's Multiprocessor Platform Certified for the Covalent Enterprise Ready Server and the Zeus Web Server.

• Intel (SANTA CLARA, Calif.): Hyper-Threading to be Introduced in Intel-based Servers This Quarter.

• SGI (MOUNTAIN VIEW, Calif.): SGI to Redistribute Intel Software Development Products for Intel(R) Itanium(TM) Processor Family.

Embedded Linux Products

• EndRun Technologies (SANTA ROSA, Calif.): Lowest-Cost Network Time Server Introduced.

• Nokia and Macromedia (HELSINKI, Finland): Nokia and Macromedia Collaborate to Integrate Macromedia Flash Player with Nokia Mediaterminal.

• Team ASA Inc. (San Diego, CA): Team ASA Releases Dual Gigabit Ethernet NPWR Linux Engine with 733 MHz XScale CPU.

Products and Services Using Linux

• Modwest (): Shared and managed hosting company Modwest has found open source technologies make for a profitable niche market. .

• SWsoft, Inc. (S. SAN FRANCISCO, Calif.): SWsoft Alliance Program Boosts .NET-like Software Sales for Macromedia, Versign, Miva, Planet Intra.

• Vineyard Networks (Seattle): New Linux startup: Vineyard Networks will build and host web pages, remote access via VPN, firewalls, SE (NSA) Linux, Windows clients, Samba, and custom database and web based applications. .

Products With Linux Versions

• BakBone Software (SAN DIEGO, CA): NEWS: BakBone Adds Module for Oracle9i.

• Borland Software Corp. (SCOTTS VALLEY, Calif.): Borland Targets C++ Web Services Opportunity; Borland C++Builder 6 Enables Cross-Platform-Ready Windows/Linux Applications with Latest Web Services Technologies.

• Gordano Ltd. (NEW YORK): Gordano's Virus Protection Expands to Cover Linux and Solaris.

• NetIQ (ORLANDO, Fla.): NetIQ Announces Availability of First AppManager and XMP Modules to Monitor and Manage UNIX, Linux and Novell NetWare.

• SlickEdit Inc. (MORRISVILLE, N.C.): Visual SlickEdit Wins 2001 ''Riding the Crest'' Award.

Linux At Work

• RackSaver Inc. (SAN DIEGO): RackSaver Builds a 264 AMD Athlon MP Processor Supercomputer for UC Santa Cruz.

Java Products

• Lutris Technologies (SANTA CRUZ, Calif.): Lutris Announces Lutris EAS 4.1 Complete J2EE Java Services Platform.

• X-Hive Corporation (ROTTERDAM, THE NETHERLANDS): X-Hive Adds J2EE, WebDAV, and XUpdate to X-Hive/DB 2.0.

Books & Documentation

• O'Reilly (Sebastopol, CA): "Mastering Perl/Tk" Released by O'Reilly.

Other

• Eduventures, Inc. (BOSTON): Eduventures Releases New Study on Open Source Technology Solutions for Higher Education Market; Highlights Potential for Cost Reduction and More Robust E-Education Technologies.

• Evans Data Corp. (SANTA CRUZ, Calif.): New EDC Study Paints a Vivid Picture of Today's Software Developer.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

DARPA funds open-source bug hunt (Register). The Register reports on the Sardonix portal. "Source code will win points as well, with which open source users can judge how safe a particular piece of software might be. A given chunk of code will be automatically rated according to the cumulative score of every person who has audited it, i.e., the overall level of experience and skill that's been brought to bear on the software."

DMCA: We're not all criminals (News.com). News.com presents Jon "maddog" Hall on the DMCA. "An example of this is the video industry's insistence of creating DVDs that can only be played in a particular area of the world. Citing issues of illegal pirating of the movies, they make it so that movies sold in the U.S. can only be played on players manufactured in the U.S. Recently I was in Britain and saw a DVD in a store that contained a movie unlikely to be promoted to the U.S market. While I was perfectly willing to pay for the British DVD, I found out that I could not play it on my U.S.-based DVD player."

DVD hacker to keep challenging ruling (News.com). CNET covers the ongoing legal battle over DVD copying. "Eric Corley, the central figure in the "DVD hacker" case who was barred by a court from posting online how to make copies of DVDs, vowed Wednesday to keep fighting the copyright law the ruling was based on, and which he says oppresses more and more people each day."

Studios close the door on DVD copying (ZDNet). Here's a ZDNet article about the film industry's latest plans to fight copying. "'If you want DVD watermarking to do what they say it's going to do, it's hard to get around the fact that they'll have to mandate this in all PCs,' said Fred von Lohmann, an attorney with the Electronic Frontier Foundation. Whether that happens in Congress or happens with a carrot and stick inside the market, 'that's where we get concerned,' he added."

Open source a needed outlet for programming pros (Register). Here is the Register's take on the recent BCG survey. "The chief motivations for donating time and effort to the open source community are varied, but include professional advancement; the need for mental stimulation; a personal belief that software ought to be open (not necessarily free); a chance to acquire new skills or refine existing ones; and practical needs for code which isn't commercially available."

Explain yourself Miguel, demands RMS (Register). The Register continues looking into recent comments by Miguel de Icaza that GNOME be based on Microsoft.NET APIs. "Outraged Gnome users were mailing us over the weekend vowing to abandon the platform, and GnomeVFS maintainer Ian McKellar (who we inexplicably missed when we called in on Danger the other week) took a swipe at Miguel on the Gnome hackers mailing list: "You don't speak for me and you don't speak for most of the Gnome developers I know". (He also takes a sideswipe at us - we're "usually full of FUD and lies," apparently)."

Linux for the Sony PlayStation 2: Dilemma or Dream System? (Linux Journal). The Linux Journal ponders Sony's Linux kit for the PS2. "Sony has to have their pound of flesh for every PS2 game sold, but they'd like more developers to learn the PS2 from a technical perspective. It's a tricky situation, and I applaud them for simply making the PS2 Linux kit available in the first place. But it would be even better if they could come up with some way to collect their game royalties and give the developers the freedom to make Linux-bootable games."

What's up with Agenda and the VR3 Linux PDA? (LinuxDevices). The future of the Linux based Agenda VR3 is in doubt according to this LinuxDevices article. "The Agenda developer community is said to be continuing its work on current projects, but some developers have now switched to other projects such as the Sharp Zaurus."

Penguin Power Play (IT-Director). IT-Director looks into Linux kernel management. "Since its inception, Linux has evolved with remarkably few instances of discord, but there are now the first visible indications of tension in the Linux world. The discussions are focussed on a proposal by Rob Landley calling for the establishment of a role, the 'Patch Penguin', to help integrate fixes for the numerous small problems to be found in the current Linux 2.5 kernel."

US mulls Linux for world's biggest computer (Register). Linux is one of the candidates for powering the world's biggest computer. According to the Register: "A bid is being prepared to provide the computing power behind the US government sponsored Project Purple, which will pool a vast server farm to the three leading US research labs, which is scheduled to come on stream by the end of 2004.

Linux World Coverage

Industry support for Linux gathers pace (vnunet). Vnunet covers LinuxWorld announcements from the Open Source Development Lab. "One of the key aims of the group is to make sure Linux develops in a consistent way, according to Ari Virtanen, vice president at Nokia Networks. "We must avoid fragmentation of the Linux kernel," he said."

Caldera, Turbolinux Show New Face at LinuxWorld (InternetNews). Internet News looks at how a couple of distributors have changed their approach. "Two exemplars of the new suit-and-tie face of LinuxWorld are Caldera International Inc. and Turbolinux. The two companies, once numbered among the Linux distribution cowboys of the heady early days of the open source movement, have spent the last year or so striving to create markets for themselves in a proprietary space above the open Linux kernel."

Linux Puts On the Formal Wear (Wired). Wired says that LinuxWorld 2002 isn't quite somber, but it's certainly serious. "Gone are the interesting giveaways, the company-sponsored lavish parties, and gone for the most part are the guys with purple hair and tattered black T-shirts. LinuxWorld is all about business this year."

The News & Observer, Raleigh, N.C., Technology Column. The Raleigh, N.C. News & Observer covers the LinuxWorld Expo. "But IBM is doing what it can to steal the show. Big Blue is the Switzerland of the Linux world, refusing to ally itself with any one provider of the operating system, preferring instead to work with all Linux flavors. At LinuxWorld, IBM is announcing a new line of servers running Linux and two high-profile, Linux-convert customers: digital stockbroker E-Trade and high-tech graphics house and movie-maker Pixar."

LinuxWorld 2002: The flock returns (News.com). CNET has posted its coverage of LinuxWorld 2002, with a look at the various event highlights.

Gadgets draw a crowd at Linux show (News.com). This LinuxWorld article focuses on the gadgets. "The Zaurus uses Lineo's version of Linux, Insignia Solutions' version of Java, Trolltech's Qtopia graphical user interface and Opera's Web browser."

Carly keeps cool on Linux (Register). The Register reports on Carly Fiorina's comments at Linux World. "Calm down, Hewlett Packard CEO Carly Fiorina told an audience at the LinuxWorld conference in New York yesterday. Despite her high-profile presence delivering the conference's opening keynote, Fiorina made it clear that HP sees Linux only as another revenue-earner, and is certainly not going to follow IBM into making any billion-dollar commitments to the open source operating system. She even risked telling the audience that Linux is no threat to Microsoft, writes Tim Stammers."

LinuxWorld New York Pictorial (Linux Journal). For those of you who have not had enough LinuxWorld news, Linux Journal has posted a page of images from the event.

Companies

Linux server start-up nabs Credit Suisse (News.com). CNET looks at Egenera, a start-up Linux company that is providing multiprocessor Linux server machines to Credit Suisse First Boston. "Egenera is taking on a difficult market. Even large, well-established server makers have been punished by the shrinking server market, and Linux-specific server sellers such as Atipa and VA Software have been forced to leave the market or change strategies dramatically. But some analysts believe Egenera has a small enough niche that it won't face much competition from the large players."

E*Trade moves to Linux servers (News.com). The E*Trade online brokerage is moving to Linux according to this CNET article. "The online brokerage is moving its computer systems over to IBM servers that run the operating system. In a statement, E*Trade cited cost savings and performance as reasons for switching to Linux.

E-Trade Taps Linux For New Web Site (TechWeb). TechWeb reports on E*Trade's new Linux-powered operation. "To power the site, the cornerstone of E-Trade's online trading business, it's ditching expensive Unix systems from Sun Microsystems in favor of Linux-powered IBM Intel-based servers. E-Trade says it could eventually save millions of dollars as a result of the move."

Hewlett-Packard CEO, IBM Exec Back Linux (Reuters). Reuters presents its view of LinuxWorld. Quoting IBM's William Zeitler: "`What people tried to do was establish a platform or control point, and having established that control point they would try to erect barriers and extract margins,'' he said. ''It is our view that the open movement is going to fundamentally make it impossible for people to have control points over customers.''"

Palmisano rides the penguin (into the IBM corner office) (NewsForge). NewsForge reports on the naming of Sam Palmisano as IBM CEO. "Palmisano has been the in-house geek-in-a-suit who has driven IBM's embrace of Linux for the last two years. In many ways, Linux was the platform Palmisano ran on to get his new job."

IBM boosts grid computing protocols (vnunet). Vnunet covers William Zeitler's comments on Grid Computing protocols at LinuxWorld. "According to Zeitler, the protocol's development and planned release is testament to IBM's commitment to the kind of open source development that spawned Linux.

'Next month, when we announce the open grid services protocols they will not be owned by IBM, they will be open,' he said."

Ellison says Oracle's 'whole business' to run on Linux (ComputerWorld). ComputerWorld reports on a speech by Larry Ellison. "Oracle Corp. is about to replace three Unix servers that run the bulk of its business applications with a cluster of Intel Corp. servers running Linux, Oracle Chairman and CEO Larry Ellison said yesterday." (Thanks to David A. Wheeler).

Q&A: Red Hat CEO says Linux won't rule (ZDNet). ZDNet interviews Red Hat founder Bob Young (the 'CEO' in the title is incorrect). "The point is, you rely on a car company to take all the pieces out of the very creative automotive industry and turn it into a useful product for you. That's what Red Hat does. IBM has indicated they have no interest in doing that. They understand that the moment they build an IBM Linux operating system, they're going to end up in a bit of a niche, because all the other hardware guys are going to avoid the IBM version in the same way they avoided OS/2."

Taking Red Hat beyond geek chic (News.com). News.com profiles Red Hat CEO Matthew Szulik as part of its "Vision Series." "A hard-charging executive who does not suffer fools gladly, Szulik has won wide praise among Linux supporters for his fierce loyalty to a cause sometimes described as high-tech socialism . Now the software veteran must find a way to turn a profit on this grassroots alternative-operating system movement, taking Red Hat beyond its geek-chic origins to the wider business market in a hostile high-tech economy." (Thanks to Peter Link).

SuSE revamps, expects to breakeven (ZDNet). ZDNet covers SuSE's expected financial results. "SuSE has three main elements to its business strategy, Burtscher said: selling boxed copies of its version of Linux, selling consulting services that take advantage of SuSE's Linux expertise, and piggybacking its products on servers sold by mainstream computer companies."

Lindows offers a software sampler (ZDNet). Here's another Lindows article. "Robertson hints that Lindows will change substantially before its public release, scheduled for the first half of this year. "LindowsOS is not ready for use as your everyday desktop, but hopefully (the) Sneak Preview demonstrates that we've shaken the vaporware label," he stated."

Reviews

Unsung Heroes, Part 3 (Linux Journal). Ping, pong and spong. From the SysAdmin Corner of Linux Journal comes this look at spong. "Spong is a flexible web-enabled network monitoring system. It also employs a client-based architecture that lets you monitor remote system resources such as disk space, CPU usage and processes. All this in addition to network services such as ping, HTTP, IMAP and others. Configuration is simple and file-based. You can group hosts or deal with them on a one-to-one basis. Finally, Spong can be configured to send out e-mails or pages if certain alarm conditions are met. Have a look at the cool screenshot below, and then I'll tell you how to get Spong working for you. Oh yeah, Spong is freely distributed under the GPL."

Galeon: Speeding up Mozilla and more for GNOME users (LinuxOrbit). LinuxOrbit reviews the Galeon browser. "Although Mozilla is a fine browser, and one I'd grown quite comfortable with over the past year, Galeon's minor intrusion on my desktop has been a surprising and pleasing experience. In addition to the speed improvments, the additional intuitive interface touches have improved upon an already solid foundation. If you're a GNOME user, you owe it to yourself to give Galeon a try."

Interviews

Looking for a few good 'code demons' (ZDNet). ZDNet talks to Rhys Weatherley, author of Portable.NET, a Linux version of .Net. "A year after Australia's one-man army started pounding out code for GNU/Linux's version of .Net, he's looking to double the quarter of a million lines of code already written before done, and hopes to do so in six months if he can convince some new "code demons" to sign up to the cause."

Two more FOSDEM speaker interviews. Two more FOSDEM speaker interviews are available, one with Adam Fedor, the GNUStep project leader, and another with Vincent Rijmen, co-creator of the Advanced Encryption Standard.

Miscellaneous

Consortium releases Linux standards (ZDNet). ZDNet takes a look at Linux standards, recently released by the Free Standards Group. " The standard, along with software that checks whether a version of Linux or software that runs on Linux complies with the standard, governs some basic parts of Linux--for example, which "libraries" of reusable software components are available, what basic commands Linux can execute, or where to find specific programs in the file system."

Who needs Linux standards? (Register). Here's a Register article on the latest Linux Standard Base release. "'By the end of the year, all distributions will be conformant or compliant,' Scott McNeil, executive director of the Free Standards Group told us."

Bridging Linux language barriers (News.com). CNET reports on standardization efforts from the Free Standards Group. "The Free Standards Group released version 1.1 of the Linux Standard Base (LSB) as well as the first version of the Linux Internationalization Initiative standard to deal with Linux language barriers.

The standards will make it easier for software companies such as Oracle to bring their programs to Linux, said Scott McNeil, executive director of the Free Standards Group, at a news conference. Oracle will know what Linux features can be expected, not only from one company's version of Linux to another, but across newer versions of the same company's product."

Rants & Raves (Wired). For your amusement: here's a Wired letters to the editor column. "The open source movement wants Microsoft's source code because they just want to copy it and put a Linux badge on it. That's real innovation!"

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

LinuxQuestions.org offers project help. The LinuxQuestions.org site is offering help to the Linux community. The site is connecting project maintainers to Linux users in need of help.

DRAG.NET - Windows to Linux Migration Considered as a Vaudeville Routine. DRAG.NET is a semi-serious skit that was performed by Rob Landley, Catherine Raymond, and Eric Raymond at LinuxWorld; you'll learn all about what it took to get Catherine moved over to a Linux system. "We booked KWord on a 305: being kind of pointless. Even if you only read in the text and lose all the formatting, the ability to at least view the file format in which 95% of all business documents are currently being produced (ugly or not) is essential to any serious word processor. Utilities like antiword and wv have been out for years. There is no excuse for not being able to extract at least the ASCII."

Events

Radio Free Linux. Here's an amusing project: in honor of the fourth anniversary of the "Open Source" term, Radio Free Linux will go on the air (and, of course, on the net via a proper Ogg Vorbis stream) featuring a speech robot reading out the Linux kernel source code. They estimate that it will take almost 600 days to get through the whole thing, so it's probably not something you want to use as a download technique.

Conference on Unix and Accessibility. A Unix Accessibility series will be held at the CSUN conference on March 21, 2002 in Los Angeles, CA. New accessibility features of GNOME 2.0 and Java will be presented.

FOSDEM FSF Award Ceremony. The fourth FSF Award Ceremony will be held at FOSDEM in Brussels on Saturday, February 16, 2002.

Free Software Award at University of Osnabrück, Germany. A new Free Software Award has been given out. "The 'Intevation-Award for Free Software' was given out the first time at the award ceremony held in the historical building of Osnabrück's university. Elmar Ludwig and Andreas Beyer were publically acknowledged for their achievement at the university for Free Software and received a total of 750 Euro." (Thanks to Bernhard Reiter).

YAPC Calls for Participation. The Yet Another Perl Conference (YAPC) call for participation has been posted. "Submitted papers are due May 1, and registration will begin by February 15."

Calling All Mongers Groups (use Perl). Dan Sugalski is assembling a list of active Perl monger groups, and is seeking information on new groups.

Association of C & C++ Users (ACCU). The Association of C & C++ Users (ACCU) will be holding a conference in Gaydon, England during April 3-6, 2002.

LinuxTag 2002 Call for Papers. LinuxTag 2002 will be held June 6 to 9 in Karlsruhe, Germany. The Call For Papers has gone out for those who would like to present at the event. The submission deadline is February 28.

wineconf 2002. wineconf 2002 is the first conference dedicated to the Wine project; it will be held on March 15 and 16 in San Diego, California. The conference is being funded by Lindows, to the point of paying expenses for the key Wine developers. (Thanks to Uwe Bonnes).

Events: February 7 - April 4, 2002.

Date	Event	Location
February 7, 2002	OMG Information Days Europe 2002	Paris
February 7, 2002	10th International Python Conference	(Hilton Alexandria Mark Center)Alexandria, Virginia
February 7 - 9, 2002	linux.conf.au	Brisbane, Australia
February 8, 2002	OMG Information Days Europe 2002	Madrid
February 13 - 15, 2002	1st CfP German Perl Workshop	(Fachhochschule Bonn-Rhein-Sieg, Sankt Augustin)Bonn, Germany
February 16 - 17, 2002	Free Software and Open Source Developer's Meeting(FOSDEM 2002)	(Brussels, Belgium)Brussels, Belgium
February 18, 2002	OMG Information Days Europe 2002	Milan
February 19, 2002	OMG Information Days Europe 2002	Zurich
February 20, 2002	OMG Information Days Europe 2002	Munich
February 21, 2002	OMG Information Days Europe 2002	Vienna
February 22, 2002	OMG Information Days Europe 2002	Budapest
February 25, 2002	OMG Information Days Europe 2002	Prague
March 4 - 6, 2002	International Symposium on Advanced Radio Technologies(ISART 2002)	(Dept. of Commerce, 325 Broadway)Boulder, CO
March 5, 2002	OMG Information Days Europe 2002	Helsinki
March 6, 2002	OMG Information Days Europe 2002	Stockholm
March 7, 2002	OMG Information Days Europe 2002	Oslo
March 8, 2002	OMG Information Days Europe 2002	Copenhagen
March 12 - 16, 2002	Embedded Systems Conference	(Moscone Center)San Francisco, California
March 21 - 22, 2002	Annual Conference of Open Source Content Management Systems(OSCMSC)	(Swiss Federal Institute of Technology (ETH))Zurich, Switzerland
April 3 - 6, 2002	The Association of C & C + + Users Spring Conference(ACCU)	(Heritage Motor Centre)Warwick, England

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Alterslash - the unofficial Slashdot digest. For those who find full frontal Slashdot to be a bit much: Alterslash presents the main topics with a small selection of highly-rated comments. There's even cute little plots of comment posting over time.

Section Editor: Forrest Cook.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Letters page.

Letters to the editor

From:	 Michael Robertson <michael@lindows.com>
To:	 lwn@lwn.net
Subject: Your lwn piece on Lindows.com
Date:	 Thu, 31 Jan 2002 15:13:43 -0800
Cc:	 john@lindows.com,cheryl@lindows.com

Jonathan,

I read your LWN.net piece referencing Lindows.com.

I concur that "it's about the software, and sustainable ways to ensure its 
continued development." which was a reference to the entire software 
business, not Lindows.com.

I do think you unfairly criticized Lindows.com and misled your readers with 
your comment, "Lindows is trying to present itself as part of the free 
software community. So, for example, we now have the 'LindowsBuzz'". 
Lindows.com did not create, commission or have any affiliation with 
LindowsBuzz or any of the sites you mentioned. Your suggestion otherwise is 
in error and it would have been simple for you to verify by contacting us 
with a simple email message.

Your entitled to your opinion that "Lindows is seemingly unaware of how the 
Linux community works; it would like to wear the trappings of the community 
without actually being a part of it". But perhaps your readers would be 
interested in some actual facts. Lindows.com has contributed code to open 
source projects. Lindows.com has given financial support to several open 
source initiatives. Lindows.com has made significant investments in linux 
companies, and we have hired open source companies to help us reach our 
goals. In addition, we've recently released an early version of our 
product. We have accomplished this in just 5 months.

I am constantly surprised at the harsh treatment many young companies 
receive in linux focus publications based solely on a writers conjecture 
and opinion rather than any attempt at a balanced presentation of the 
facts. I hope you'll keep an open mind in the future about Lindows.com and 
give us some realistic time to achieve the big goals we have set.

-- MR

Lindows.com
michael@lindows.com
858-410-5941

Bring choice to computers: Become a Lindows.com Insider 
http://www.lindows.com/signup 

From:	 Robert Davies <rob_davies@ntlworld.com>
To:	 lwn@lwn.net
Subject: LSB and Distributions - SuSE box claims support of LSB standard
Date:	 Fri, 1 Feb 2002 22:12:58 +0000

> The time has come for the Linux distributors to either announce their plans 
> for standards compliance, or to explain why they feel this compliance is no 
> longer necessary. The time for waiting is over

I cannot agree more.  From outside of SuSE 7.3 Update box :

    All software packages in RPM format; source code in SRPM format.
   This version was compiled with gcc 2.95.3.  SuSE supports the LSB standard.

Unfortunately in reviews I've seen there is little mention of this.  They 
altered their filesystem hierarchy and have included innserv(8) which 
implements the LSB init.d stuff, and the script '/usr/lib/lsb/install_initd' 
has existed since SuSE 7.1.

I switched from Red Hat after looking at RH 7.0, and realising 
the iplications of gcc 2.96, and it's C++ linking incopatabilities with 2.95 
and earlier, and gcc 3.0. 

Without some positive publicity for Distributions which have taken steps for 
LSB compliance, I fear the momentum behind LSB will be lost.  It may become 
an ignored lost standard, in the face of more exciting 'cool' stuff.  Few of 
the enthusiasts on the net are bothered by it, as of course they prefer a 
"./configure; make; su -c 'make install'"  cycle anyway.

Rob

From:	 Adam Wosotowsky <adam@trellisinc.com>
To:	 lwn@lwn.net
Subject: Linux Standarc Base commment
Date:	 Mon, 4 Feb 2002 12:13:29 -0500

I just wanted to make a comment that you may or may not have heard
before and perhaps you can factor into your comments on the LSB.

The LSB has a great chance to be counter-productive.  I have a friend
who began a little movement to replace the GNU utils with linux-specific
ones.  This can greatly increase the speed of an ls, or mv, or cp
because it only has to work on linux.  Unfortunatley this little quest
for effective linux-only replacement has been somewhat sidelined because
the LSB was written by looking at GNU manpages, which are going to
include a lot of stuff that most linux users never ever use.  For
example, why require an "exclude this pattern" option in command XXX
when a simple little use of grep could accomplish the same thing?

Anyhow, I agree that the vision of the LSB is a good one, but am wary of
its effects on the development of new versions of the same "old" tools.
I don't require a response, I just wanted to give some food for thought.

I really enjoy LWN, BTW.  <smile>

--adam

From:	 Pete Flugstad <pete_flugstad@icon-labs.com>
To:	 tina@newsforge.com
Subject: Re: Out of the box, Linux is 'dreadfully insecure'
Date:	 Thu, 31 Jan 2002 17:44:34 -0600
Cc:	 letters@lwn.net

Ms Gasperson,

   I agree with almost everything you say in your article:

http://www.newsforge.com/article.pl?sid=02/01/29/1635245&mode=thread

except the title.  I don't know who picked it, but lets be
objective here: "dreadfully insecure".  As compared to say,
Windows XP.  While some Linux distro's may have problems with
defualt configurations that rather insecure, it's a darn sight
better than ANY OS Microsoft has EVER shipped.

In addition, many distros (I know Red Hat and Mandrake in
particular) are well aware of what their default settings
are, and over the last 2 years have taken great strides in
tightening their default security settings.  Go install
Red Hat 6.1 or 6.2, and compare it's default settings to
Red Hat 7.2.  You'll see a world of difference in the number
of services that are enabled by default (very few actually),
firewall settings, setuid settings, etc.

Now compare this to XP again - Microsoft yet again ships
an OS with everything and the kitchen sink (can you say
UPnP) enabled.  This on a *consumer* os.  IMO, that's
_dreadfully_ insecure.

As I noted above, the article itself is quite good.

Please, try to be a little more objective in chosing titles,
and try and choose a title that actually has something to
do with the information in the article, which I found
quite informative.

Thanks,
Pete Flugstad

From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 letters@lwn.net
Subject: Maddog on DVD's
Date:	 Tue, 5 Feb 2002 22:13:29 -0500

I must admit, I'm a little surprised at Jon.

He asserts, in a CNet News story to which LWN linked this week, that
the movie industry "cite[s] illegal pirating" of movies to justfiy
region coding.

This is not only not the reason that they do this, it's not even -- I
don't believe -- the reason that they admit to in public.

What's really at issue here, you see, is that they can make more
*money* if they restrict when things are issued in different
territories.  So they put a region locking code on the disc, and code
in the players to prevent discs from more than one region from being
playable at a time.

You *can* reprogram the region code to deal with "I moved to England",
(though as maddog notes, you would still have to deal power issues --
though maybe not with signal standards; *my* $80 player does both NTSC
and PAL).

But you can only do it some small, finite number of times (like, maybe,
5 or 10) before the player locks up on you.

But avoiding *this* is a red herring anyway; since region coding
doesn't involve encryption, it has nothing to do with DMCA.

What you become a federal felon for doing is unlocking CSS -- the
Content Scrambling System, which encrypts the data used to play back
the DVD in the first place.

Now, we're probably mostly familiar with the DeCSS case -- Norwegian
Johansen has been arrested by his local police at the behest of the
MPAA (yeah, that's right), and that's not to mention the fiasco with
Eric Corley of 2600 Magazine, enjoined from *linking* to other sites
which publish DeCSS source code.

In fashions ranging from Perl source through English to Haiku.

Corporate America continues to behave in the amoral fashion we have
designed it to -- trying to maximize profit at the expense of anything
we'd call reasonable behavior.  It continues to buy off legislators to
modify laws in such a fashion as to deprive American citizens of more
and more of their rights.  I see no reason it won't continue to do
this, and the more unreasonable commercial laws which are passed, and
the more frequently we're forced to break the law in the course of what
*used to be* normal living...

the less we will, as a citizenry, respect the law in general. 

I used to think it was just a joke, when I saw the words "Second
American Revolution" in science fiction novels.

Not anymore.  I'm figuring on the War of 2012, at the very latest.

Unless we fix it.

Unless we take back our government.

"When they came for me, there was no one left to speak up."

"Those who ignore history are doomed to repeat it."

And most importantly, these days:

"They that would give up essential liberty for a little temporary security,
deserve neither liberty, nor security."

(This sounds off topic maybe... but if you haven't been following SSSCA
v Linux, or can't make the connection, then I feel sorry for you.  I
think it's perfectly on topic, myself.  Freedom is the point here, no?)

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")

From:	 Martin C.Atkins <mcatkins@giasbg01.vsnl.net.in>
To:	 lwn@lwn.net
Subject: PDA and Telephone Convergence: The Death of Linux on the PDA?
Date:	 Sat, 2 Feb 2002 11:28:38 +0530

PDA and Telephone Convergence: The Death of Linux on the PDA?

Everyone seems to be saying that PDAs and mobile phones are going to
converge, and we are beginning to see the first effective devices
coming out now. I'm worried that this is going to lock Linux
out of the PDA marketplace.

The crux of the problem is that these devices seem to share much of the
non-DSP-type phone functionality with the PDA functionality, and
on the same processor. Thus it will not be easy to do what was
done for the iPAQ, and replace the PDA operating system - that
will leave a complex interface to the DSP part of the phone to
be replaced, and even if it can be worked out what to do (which
will probably be different for each phone model), what
regularatory issues might have to be resolved before the result
can be used? (I don't know the answer, but I suspect the situation
might be like that of dumb ISDN adaptors, where some of the driver
code has had to go through type-approval mechanisms before the
device can legally - at least in some countries - be attached to
the phone line.)

This issue seems to affect both types of device:
1) Phones with added PDA functionality, and
2) PDAs with GSM/GPRS/etc interfaces added.

How can we hope to get Linux on either of these (without effectively
throwing away the phone functionality!)? Talking the phone manufacturers
into using Linux themselves doesn't seem likely, given the alliances
they have made with Symbian, etc. (See the receent article about
huge cash investments from phone company investors into Symbian)
Equally, it seems unlikely that Palm, for example, would embrace
Linux (Unfortunately :-) !

The only place where this does not seem to be a problem is the
two-box scenario: phone + PDA connected by Bluetooth (probably),
since Linux is already on PDAs, and Bluetooth stacks already exist.
But, although I think I personally favour this arrangement for other
reasons, I can't see it being the popular one! (At least, not once
someone gets their act together and produces a half-decent Bluetooth
headset! Aside: that, for example, does stereo, so that the PDA/phone
can also be an MP3 player, without using *another* headset!)

The recently reported growing popularity of Nokia's 9210, only
confirms my worries. Handspring are also now saying that they do not
believe there is a future in unconnected PDAs. The only hope is
that some of the current rash of Linux-based PDAs can buck this trend
by providing the phone functionality themselves (not easy to do!). 

I don't really mind (too much) phones being closed devices, but I *would*
*like* my organiser to be open, and it's looking more and more as if PDAs
without phone functionality are dead products in the medium to long term,
and if Linux can't move onto these products, it will die in this arena
with the unconnected PDA.

Oh dear!
Can anyone point out what I'm missing?

Martin
-- 
Martin C. Atkins	martin@mca-ltd.com
Mission Critical Applications Ltd, U.K.