[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Not good enough. A look at this week's LWN Security Page shows that it has been a busy week. The PHP updates were still wandering in when problems turned up with OpenSSH and the zlib library. This is a scary set of vulnerabilities.

PHP is present on, according to the PHP usage page, well over 7 million domains. OpenSSH can be found on most security-conscious systems. And the zlib library finds its way into no end of applications, and even the Linux kernel. Each of these vulnerabilities has instantly exposed a large portion of the entire installed base of Linux (and Unix) systems. (In all fairness, it's not clear that the OpenSSH bug is exploitable remotely, and the zlib problem looks like a hard one to take advantage of). This is the stuff that large-scale damaging worms are made of.

It is fortunate, in other words, that nobody with the requisite skills felt the whim to take down the Internet with these vulnerabilities. The cause of Linux World Domination would certainly be set back a bit if vast numbers of Linux systems simultaneously fell prey to a vicious attack. One of these days, a widespread vulnerability will be discovered by somebody with hostile intent; that will not be a good day.

The security of open source software may well be better than that of proprietary code, but it's clearly not good enough. We are all exposed to vulnerabilities lurking in code that we depend on every day. The free software community has to improve its security performance soon, or somebody is going to rub our noses in how bad it really is.

The GNU HURD will be ready by the end of the year, or so says Richard Stallman in this PC World article. Says Richard:

We actually have the GNU kernel working, and we can now produce the GNU system, as opposed to the GNU/Linux system that people have been using so far.

The HURD, of course, is the operating system kernel built by the GNU project, which is based on the Mach microkernel. It has been under development since 1990, and many have despaired of seeing it ever reach a releasable state. But most have paid little attention; the Linux and BSD kernels have been more than adequate for a long time. What is the point of releasing a GNU kernel now?

There's a few obvious reasons that come to mind. One is that it is, in a real sense, the completion of the GNU project as laid out by Richard Stallman almost 20 years ago. The microkernel architecture is seen by some as being inherently superior to the monolithic design of the Linux kernel (though there is hardly a consensus on that point). Finally, one should not overlook this other quote from the PC World article:

Distributions of GNU/Linux include commercially licensed software, and that diverts the user and developer community from the goal of freedom, according to Stallman. "One of the reasons we are looking forward to having the GNU system finally available from the GNU Project is that it will be only free software," Stallman added.

It will take an interesting interpretation of the GPL and LGPL to keep proprietary software off the GNU kernel, but it appears that RMS is planning to try.

The chances are that no mainstream commercial software house would try to challenge a "free software only" edict for the HURD kernel. Linux and BSD both, after all, have no problem with proprietary applications. Thus, it seems unlikely that the HURD will mount a substantial challenge to the established free kernels anytime soon.

Unless, of course, the claims of technical superiority turn out to be true. If the HURD really is that much better, we may yet find it on our desktops, and "the GNU/Linux system that people have been using so far" could find itself consigned to history. But the HURD will have to be a lot better...

Running a free software business with donations. MandrakeSoft, the publisher of the Mandrake Linux distribution, has put out its strongest call yet for donations to help keep the business going:

As a company, we make our revenue by selling packaged versions of the distribution and by delivering services such as consulting, training, etc. -- but our development costs and community-based services are not yet covered by income. It is estimated that we will "break even" by the end of 2002, but it is unlikely that MandrakeSoft can remain unchanged during these next few months without drastically cutting costs unless additional revenue is generated quickly.

The company is hoping to generate that additional revenue through memberships in the Mandrake Linux Users Club and Corporate Club. Without these memberships (i.e. donations), MandrakeSoft will likely have to take further staff cuts, with the company's various free software developments being among the first things to go.

Could it really be true that the open source business model is fundamentally broken, that the only way for an open source business of any size to survive is by asking its users for tips? MandrakeSoft claims that is not the case:

The company's long term prospect are very good, but we are still paying for the "sins" of the previous management.

According to the posting, if MandrakeSoft can get past its current short-term problems, it should be in good shape for the long run. One can only hope that this claim is true. MandrakeSoft is perhaps the most community-oriented of the large commercial distributors. The company's openness to its users and commitment to free software are unparalleled. If MandrakeSoft were to fail, or to change its community-oriented approach, the community would suffer a great loss. It will be a sad sign if a company that builds such high-quality products and that is so responsive to its customers were not a viable operation.

But, then, perhaps it is appropriate that the user community should be asked to support this sort of corporation directly. Mandrake users derive a real and substantial benefit from that distribution; it is not too much to ask that they help fund its development. Making donations to support the software that one uses makes all kinds of moral sense. It is hard to see a viable way for users to contribute to all the developers of all the free software they use. But helping out a community-oriented distributor seems like a good start.

Supporting LWN. There's another community-oriented free software business which could use your help: LWN.net. We, too, are facing a short-term cash crunch and need some income to keep the site on the air for the next few months while longer-term initiatives mature. To that end, we have a couple of ways in which you, our readers, can help out:

  • Donations. Numerous readers have asked us over the last few months whether we would accept donations. We may be distressingly slow in responding to such an obviously good thing, but we eventually get there. We're glad to announce our donation page, where interested readers can contribute to LWN via Paypal. (Yes, we realize that not everybody has or wants a Paypal account; we are working on other alternatives).

  • Advertising. LWN could use some more advertisers. If you have a small business or other endeavor that you would like to advertise on LWN, please have a look at our self-service advertising page. A small amount of money can yield a great deal of exposure to LWN's readers.
We thank you, as always, for your support. Dealing with our readers has always been the greatest reward of working on LWN.

Inside this LWN.net weekly edition:

  • Security: Significant zlib vulnerability; OpenSSH release; Java VMs and Linux
  • Kernel: The IDE hostile takeover; taskfile and filtering; ultra-fast kernel compiles.
  • Distributions: Debian Project Leader Elections; New - Arch Linux; LFS 3.2 is out.
  • Development: GTK+ 2.0, GNOME 2.0b2, mpg321 0.2.9, Mozilla 0.9.9, Galeon 1.2, Gimp 1.3.4, Samba 2.2.3a, GnuCash 1.6.6, oprofile 0.1, Valgrind memory debugger.
  • Commerce: HP Announces Global Consortium; Embedded Linux Market enters era of standardization.
  • Letters: France and patents; SSSCA; AOL and Linux.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

March 14, 2002


 Main page
 Linux in the news

See also: last week's Security page.


News and Editorials

OpenSSH 3.1 released. OpenSSH version 3.1 has been released. The main changes include defining /etc/ssh as the default configuration directory, ssh-keygen now requires a key type to be specified, and X11 forwarding now listens on localhost by default. A number of additional changes have been made.

Users are advised to upgrade to OpenSSH 3.1 (see the security report below), or to apply the included patch.

Latest Security Vulnerability: Java VMs (TechWeb). Security problems in Java virtual machines can impact many platforms, as this TechWeb article describes. "Versions of Netscape's browser, version 6.1 and lower, are also impacted, as are some Solaris and Linux releases that ship with the problematic virtual machine."

Exactly which Linux distributions are impacted is unclear. According to the Sun Microsystems Security Bulletin; "This issue may or may not affect other vendors' Java technology implementations which are derived from Sun's SDK and JDK(TM) source bases." The Java SDK and JRE versions 1.3.0_02 and 1.2.2_010 are vulnerable; the latest versions (1.4, 1.3.1_02 and 1.2.2_011) are not (despite an earlier version of this LWN story which said, erroneously, that they were).

Jac virus targets Linux (vnunet). Here's another one of those new Linux virus stories; this one is on vnunet. "Linux users typically crow about how much more secure it is than the Windows platform, but this time they may be justified as Jac has only been branded as a low threat. It is not expected to spread in the wild and causes little damage."

Security Reports

An off-by-one error in the channel code of OpenSSH versions 2.0 to 3.0.2 has been found. Users are advised to upgrade to OpenSSH 3.1, or to apply the relevant security update. "This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client."

Also see the the advisory from Pine for this vulnerability.

Distributor updates seen so far:

zlib corrupts malloc data structures via double free. This vulnerability impacts all major Linux vendors. It may impact every Linux installation on Earth. Updates are required to zlib and any packages that were statically built with the zlib code.

LinuxSecurity describes the vulnerability and coordinated distributor efforts in detail. "Packages including X11, rsync, the Linux kernel, QT, mozilla, gcc, vnc, and many other programs that have the ability to use network compression are potentially vulnerable."

Updating is recommended. Now it the time to prepare; before there are any known exploits. As always, please proceed with caution when applying updates to the kernel.

Distributor updates seen so far:

Note that we have received a last-minute report saying that the Red Hat kernel update does not actually include the zlib fix.

See also: articles in ZDNet and The Register about the zlib vulnerability.

Slackware rsync update. This Slackware upgrade to the rsync packages makes "sure that supplementary groups are removed from a server process after changing uid and gid". It also addresses the zlib double-free bug described above.

Mandrake Linux update for mod_frontpage. Mandrake Linux has released a security update for mod_frontpage.

Debian update for xtell. Updated Debian packages are available for the simple messaging client and server xtell. "In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains '..'. These problems could lead into an attacker being able to execute arbitrary code on the server machine. The server runs with nobody privileges by default, so this would be the account to be exploited."

XTux Arena server DoS vulnerability. XTux Arena is a client server network game for X11 featuring opensource mascots. The XTux server may be subject to DoS attacks as described in this post to Bugtraq.

Multiple Ecartis/Listar vulnerabilities are described by Janusz Niewiadomski and Wojciech Purczynski in this post to Bugtraq. "Listar is a open-source software package that administers mailing lists (similar to Majordomo and Listserv)."

web scripts. The following web scripts were reported to contain vulnerabilities:

  • Directory traversal vulnerability in phpimglist. There is a vulnerabilty in phpimglist which "allows a user to traverse through directories outside the web root." phpimglist 1.2.2 fixes the problem and is available from here.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

  • CaupoShop 1.30a, and maybe all versions before, may be subject to a nasty cross-site-scripting bug. Caupo has released a new version which fixes the problem.


Apache mod_ssl buffer overflow vulnerability. According to this announcement "modssl versions prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL routines in a manner which could overflow a buffer within the implementation. This situation appears difficult to exploit in a production environment[...]." (First LWN report: March 7).

This week's updates:

Previous updates:

Both PHP3 and PHP4 have vulnerabilities in their file upload code which can lead to remote command execution. This one could be ugly; sites using PHP should apply updates at the first opportunity. If an update isn't available for your distribution, users of PHP 4.0.3 and later are encouraged to consider disabling file upload support by adding this directive to php.ini:

	file_uploads = Off

CERT has issued this advisory on the problem. This article in the Register also talks about the vulnerability. (First LWN report: March 7).

Developers using the 4.2.0 branch, are not vulnerable because because file upload support was completely rewritten for that branch.

This week's updates:

Previous updates:

Update: Despite some concern expressed in an earlier report by LWN, these updates do, in fact, fix the problem. The original update from the php team fixes the security hole but introduces a "rare segfault condition" that is not a security problem.


Linux security week. The and publications from LinuxSecurity.com are available.


Upcoming Security Events.
Date Event Location
March 14, 2002Financial Cryptography 2002Sothhampton, Bermuda
March 18 - 21, 2002Sixth Annual Distributed Objects and Components Security Workshop(Pier 5 Hotel at the Inner Harbor)Baltimore, Maryland, USA
March 18 - 20, 2002InfoSec World Conference and Expo/2002Orlando, FL, USA
April 1 - 7, 2002SANS 2002Orlando, FL., USA
April 5 - 7, 2002RubiconDetroit, Michigan, USA
April 7 - 10, 2002Techno-Security 2002 ConferenceMyrtle Beach, SC
April 14 - 15, 2002Workshop on Privacy Enhancing Technologies 2002(Cathedral Hill Hotel)San Francisco, California, USA
April 16 - 19, 2002The Twelfth Conference on Computers, Freedom & Privacy(Cathedral Hill Hotel)San Francisco, California, USA
April 23 - 25, 2002Infosecurity Europe 2002Olympia, London, UK
May 1 - 3, 2002cansecwest/core02Vancouver, Canada
May 4 - 5, 2002DallasConDallas, TX., USA
May 12 - 15, 20022002 IEEE Symposium on Security and Privacy(The Claremont Resort)Oakland, California, USA
May 13 - 14, 20023rd International Common Criteria Conference(ICCC)Ottawa, Ont., Canada
May 13 - 17, 200214th Annual Canadian Information Technology Security Symposium(CITSS)(Ottawa Congress Centre)Ottawa, Ontario, Canada

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Dennis Tenney

March 14, 2002

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus

 Main page
 Linux in the news

See also: last week's Kernel page.

Kernel development

The current development kernel release is 2.5.6, which was released on March 8. The final release added little to the prepatches; the main feature of this release from a user's point of view remains the inclusion of IBM's JFS journaling filesystem.

The first 2.5.7 prepatch has been released. It includes Rusty Russell's fast user-space semaphore patch ("futexes"), a thrashup of the VLAN code, the new wireless driver API, a redesigned video device implementation, and numerous fixes and updates.

Dave Jones has released no "dj" patches over the last week. He has presented excuses like moving into a new house as a reason for that.

Guillaume Boissiere's latest 2.5 status summary is available.

The current stable kernel release is 2.4.18. The current 2.4.19 prepatch from Marcelo is 2.4.19-pre3. Along with the usual array of fixes and updates it includes the "new" IDE code - in its original form, not the increasingly reworked version found in the 2.5 kernel. In fact, the -pre3 version is missing some important fixes that went into 2.5 early on - it still has the bug that caused 2.5 to destroy filesystems. There have been no reports of corrupted filesystems with this prepatch, but it should be approached with some care anyway.

Alan Cox's latest prepatch is 2.4.19-pre2-ac4. There is a long list of fixes, but no amazing new features.

Alan has also announced the first 2.2.21 release candidate.

Other kernel trees. The day may yet come when the number of available kernel trees exceeds the number of Linux users...

  • Andrea Arcangeli's latest is 2.4.19-pre3-aa1. It adds his latest VM implementation (vm-31), the X86-64 port, User-mode Linux, and a number of fixes.

  • J.A. Magallon has released 2.4.19-pre2-jam3 with the latest VM code, the O(1) scheduler, the IDE patch, and other performance-oriented fixes.

  • JŲrg Prante has released 2.4.19-pre2-jp7 includes ALSA, the reverse mapping VM, the O(1) scheduler, the preempt patch, the IDE patch, XFS, JFS, various crypto patches, and much more.

  • 2.4.19-pre2-ac4-xfs-shawn10 from Shawn Starr includes XFS, the reverse mapping VM, Jan Kara's reworked quota system, and more.

  • A new entry this week is 2.4.18-mcp3-WOLK from Marc-Christian Petersen, which is inspired by the FOLK patch. It throws in Win4Lin, the preempt patch, the international crypto patch, the IDE patch, JFS, XFS, FreeS/WAN, NWFS, lm_sensors, and a great many other patches.

Linus on BitKeeper. It was already clear, of course, that Linus is not bothered by the BitKeeper license. For anybody who didn't know that, however, he stated his views this week:

And I personally refuse to use inferior tools because of ideology. In fact, I will go as far as saying that making excuses for bad tools due to ideology is _stupid_, and people who do that think with their gonads, not their brains.

Most of the developers seem to be at ease with his position. It is worth pondering, however, on why so many of us insisted on using Linux systems in the early 90's, when it was still clearly inferior to the numerous proprietary Unix systems that were available at the time. Without a certain amount of "gonad thinking," Linux might not have come so far so quickly.

Meanwhile, there has been a small discussion of what features are offered by BitKeeper that really make it worthwhile for the kernel developers. Here's a partial list:

  • Much nicer merging of patches. The three-way merge tool (screenshot) is seriously slick. But the ability to carry merges forward through multiple patch sets is just as important. Merging of patches can be a painful task; having to only do it once can be a real relief.

  • The ability to check in entire patch sets as a single operation.

  • The distributed repository feature is a key to the whole thing. BitKeeper works well with the kernel development style by allowing each developer to set up independent trees and facilitating the movement of patches between those trees.

  • Understanding of directories and operations like renaming; CVS does not handle these well at all.

There are developers out there who are talking about adding these features to the existing free source management systems. It's a nontrivial task, however; the first release is likely to be some time in the future. (Then again, Hans Reiser wants to incorporate version control into the filesystem, and plans to do so with a future ReiserFS release. "Version control has to become just another expected filesystem feature, and one that is so transparent to users that Mom uses it without fear.")

The hostile takeover of the 2.5 IDE code is now officially complete: Martin Dalecki's IDE 18 patch changed the MAINTAINERS file to list him as the person in charge of that subsystem. There were no immediate complaints, but things heated up a bit when he released IDE 19. Therein were comments like:

Apply Pavels Macheks patch for suspend support. Whatever some persons argue that it's not fully implemented, I think that we are in development series right now. I don't buy the mock-up examples for problems with either outdated or broken hardware. Micro Drives are for example expected to be drop in replacements for CF cards in digital cameras and I would rather expect them to be very tolerant about the driver in front of them.

Martin has also been heard to say: "Breakage is the price you have to pay for advancements."

It turns out that some kernel developers are not entirely pleased with the idea of "breakage" in the IDE code - they like their disks to work. There is a feeling that it is better to follow the standards than to expect drives "to be very tolerant about the driver in front of them." Few people have come out in defense of the existing code, but some feel that the current approach to "cleaning up" the IDE code is negligent to the point of carelessness.

The discussion, in fact, involved some of the most unpleasant personal attacks seen on linux-kernel for some time. It also appears to have changed little; Martin continues to crank out IDE patches, and Linus continues to accept them. Perhaps Martin has received a message, however, that standards compliance and stability are important. When it comes to disks, people are not willing to pay for their advancements with any great amount of breakage.

On the future of IDE taskfile commands. The IDE taskfile ioctl (which allows passing arbitrary low-level commands to IDE peripherals) has generally been the source of no end of inflammatory discussions in its own right. Compared to the other IDE threads, however, the current taskfile discussion seems like a new height of civility and technical content.

The issue is not whether low-level commands should be allowed - there is widespread agreement that this capability is occasionally required. Diagnostic code needs it, if nothing else. But when Andre Hedrick first implemented the taskfile capability, he included an IDE command parser to ensure that all commands passed to the drives were legal according to the standards. There never has been a consensus on whether this sort of command filtering is appropriate.

Those in favor of filtering point out that the consequences of executing a malformed IDE command can be severe: loss of data or, in the worst case, having to throw away a brick that was once a working drive. Filtering can thus protect against both programming errors and deliberate attacks. Proponents of filtering also see it as a possible way of defeating future "digital rights management" schemes which may depend on new, undocumented IDE commands.

The opposition points out that most drives have some unique, vendor-specific commands. Unless somebody wants to build (and maintain) a table of all such commands, any filtering is certain to block legitimate commands for some users. The protection against attacks is seen as being weak at best, since a process which is able to execute taskfile commands can also just go and pound on the I/O ports directly. And dealing with DRM schemes is probably not going to be so simple.

For all these reasons, Linus has generally been against IDE command filtering. He also points out that the IDE layer should not be performing any such filtering in any case. The IDE layer, after all, is a driver for the IDE host controller; the commands to be filtered are, instead, aimed at IDE disks. Linus compares IDE filtering to having a network adapter driver perform validity testing and filtering for network protocols.

There are some things that need to be done with low-level commands, however. At a minimum, the buffers they use must be verified. But it would also be a very good idea to better sequence their execution with all of the other IDE commands that may be running at the same time.

So Linus has proposed a new scheme for the handling (and possible filtering) of low-level IDE commands. These commands would be moved out of the IDE driver, into a separate loadable module. Paranoid administrators who do not want those commands executed at all could simply remove the module from their systems entirely. The rest could configure a module which did as much (or little) filtering as they wanted.

This module would not talk directly with the IDE subsystem. Instead, any low-level commands would be run through the drive's request queue along with all the other drive operations. This scheme forces low-level commands to be sequenced along with any other disk activity, and should help ensure that they are executed in a way that doesn't interfere with the other things the system is trying to do.

There have been very few complaints about this proposal. It's implementation would be some work, but there may just be a solution to the problem of the taskfile commands and filtering in sight.

Going for the fastest kernel compile. Martin Bligh posted an interesting note this week. He started with the 2.4.18 kernel and a 16-node NUMA system using 700MHz P3 processors. With that system, he was able to build a kernel in 47 seconds, which would make most of us reasonably happy. Martin wasn't satisfied with that, though, so he applied a series of patches to bring that time down:

  • Various NUMA memory allocation fixes: 27 seconds.
  • The O(1) scheduler from 2.5: 25 seconds.
  • A NUMA-oriented scheduler patch: 24 seconds.
  • A dcache patch which improves cache behavior: 23 seconds.

Compiling a kernel in 23 seconds isn't bad - it looks like a record.

Records, though, are meant to be broken. So Anton Blanchard rose to the challenge with a 24-node "logical partition" on a PowerPC64 system running a patched version of 2.5.6. Building a kernel with the same configuration as Martin's, above, he got the job done in 10.3 seconds. That will be a hard performance to beat, but somebody, somewhere, is certainly working on it.

Other patches and updates released this week include:

Core kernel code:

  • Robert Love has posted a new version of his system call allowing processes to set their processor affinity.

  • A new version of the delayed allocation patch has been posted by Andrew Morton. He might just be looking for people to try it out: "Does anyone know what 'CFT' means? It means 'call for testers'. It doesn't mean 'woo-hoo, it'll be neat when that's merged <delete>'. It means 'help, help - there's no point in just one guy testing this'."

  • Larry Kessler has released an implementation of POSIX event logging for the 2.5.6 and 2.4.18 kernels.

  • Rik van Riel has released a kernel with the reverse mapping VM in RPM format.

  • Erich Focht has posted a new version of his NUMA scheduler.

Development tools:

  • The Linux Test Project ltp-20020307 release is available. Numerous new tests have been added.

  • Keith Owens has released kdb 2.1-2.4.18 for the Sparc64 architecture.

Device drivers

  • The seventh test release of the new Tigon3 driver has been announced by David Miller.

  • A new beta Conexant HCF "linmodem" driver has been announced by Marc Boucher.

Filesystems and related:

  • Kevin Corry has announced version 0.9.2 of the Enterprise Volume Management System.

  • A new, vastly reworked disk quota system has been posted by Jan Kara.

  • Steve Best has announced the release of JFS 1.0.16.

  • Andreas Gruenbacher has released version 0.8.20 of the access control list patch.


  • Rusty Russell has posted a fast userspace read/write lock ("furwock") implementation based on futexes. He has also posted an explanation of how futexes work.


  • This week's release of the Affix BlueTooth stack is version 0_94.

  • Alexander Viro has posted an implementation of the "nfsd" filesystem - a new way of communicating with the NFS server process to perform tasks like exporting filesystems.


  • James Bottomley has posted a new version of his port to the NCR Voyager architecture.

Section Editor: Jonathan Corbet

March 14, 2002

 Main page
 Linux in the news

See also: last week's Distributions page.


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Debian Project Leader Elections. Most readers of this column will already be aware that the Debian Project elects a new leader each year. Also that Debian Project Leader (DPL) elections are currently underway. The DPL guides Debian policy and Debian development, over the course of his term. Last week we announced the candidates and a panel was selected for the upcoming debate between the candidates. The debate will be held on IRC and has been tentatively scheduled for March 23rd 04:00 UTC. There is a call for questions out now.

Each of the three candidates has written a platform statement which can be found here. We will also provide a summary of the platforms here. It is not too surprising that all three candidates address the release schedule and have some ideas about how to accomplish more frequent releases. They are also all staunch believers in free software and the principles behind the open source movement. But they are also individuals with their own ideas of what it means to the DPL. So, here are the candidates, listed in alphabetical order.

Bdale Garbee joined the Debian community in early 1995, and has been contributing to the project in a variety of ways ever since. In May of 2001 he accepted employment with Hewlett-Packard, as an Engineer/Scientist in the Linux Systems Operation (LSO). Debian is the development platform within the LSO for the kernel and related work required to enable Linux support on HP's hardware, so he spends part of his time working on Debian, particularly the IA-64 port. The job also includes:

* helping make sure HP participates as a good citizen in the Debian and larger Open Source communities
* architecting solutions that enable multi-architecture, multi-distribution Linux installation and support on HP hardware
* leading technical development of HP's Linux Enablement Kit products
* helping form HP Linux strategy

He also gets to travel to and speak at a variety of Linux conferences.

Bdale is a strong believer in Free Software and the Community Development Model, and maintains a vision of Debian as a universal operating system. A universal operating system that runs on many platforms and contains quality code that "just works", with a more predictable release schedule. As DPL he would also work to improve Debian infrastructure, security and Linux Standards Base compliance.

RaphaŽl Hertzog is a student at "INSA de Lyon" (in France) where he is part of the computer science department. He plans on receiving an engineering degree this summer, after which he'll be looking for a job related to free software. (Hopefully one that will leave time for Debian work). His first contact with Linux was with Debian 1.3, in 1997. Since then he tried a few other distributions before coming back to Debian. He has been a Debian developer since 1998. RaphaŽl is very interested in Debian Quality Assurance and is the instigator behind new maintainer sponsorship policy, Perl policy, and the package tracking system. He has a lengthy list of projects he would like to manage during the next year to improve Debian organization, and its internal and external communications.

Branden Robinson has been a Debian Developer since early 1998. He is, perhaps, best known as the maintainer of the XFree86 packages. He is also the Treasurer of Software in the Public Interest, Inc. (SPI), Debian's legal parent organization and manager of the Debian Project's assets. He is also employed as a free software developer. Branden has some very specific ideas about the role of the DPL, and what he would do if elected. These include listening to the ideas of others before making decisions, delegating responsibility where feasible, and consensus building among active Debian developers. Another goal is to better track the active developers, and weed out those who are no longer active. In order to have better Debian representation at events, he would delegate regional Event Coordinators. These people would be responsible for keeping track of trade shows, major Linux User Group events, etc., at which Debian should have a presence and to ensure that someone is available to provide that presence. As DPL he would recruit volunteers on behalf of SPI and attempt to grow the organization. He plans to revitalize the Technical Committee and improve the release cycle as well. Other goals include the initiation of a Debian Legal Team, revision of the Debian Machine Usage Policy, providing a greater "Debian Voice" in the greater political machine, and steering development away from non-free software.

New Distributions

Arch Linux. Arch Linux is an i686-optimized Linux distribution. It is lightweight and contains the latest stable versions of software. Packages are in .tar.gz format and are tracked by a package manager that is designed to allow easy package upgrades. Arch is designed to be streamlined while allowing for a customized configuration, with newer features such as reiserfs/ext3 and devfs. The initial release 0.1 became available March 11, 2002.

Distribution News

More Debian News. Here's the Debian Weekly News for March 6. It looks at the second Debian Conference (Toronto, July 5-7), the Debian leader election, Woody's release status, and more.

Here, also, is the March 10 Woody Release Status Update.

Linux From Scratch. Linux From Scratch has released stable version 3.2 with major bug fixes.

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for March 5 is available. It looks at the release of Mandrake Linux 8.2 beta 4, a new training offering, MandrakeSoft at CeBIT, and more.

The Mandrake Linux Community Newsletter for March 12 is also out. It looks at the availability of 8.2 RC1, a legislative alert, and more.

SuSE Linux 8.0 Available on April 22nd. SuSE has announced that SuSE Linux 8.0 will hit the shelves on April 22. New features include more security products (i.e.IPSec), a three-step installation procedure, and KDE 3. (Update: SuSE has since sent us a second release with more details on the new features in 8.0).

Minor Distribution updates

Astaro Security Linux. Astaro Security Linux has released 3.031 (Beta) which contains major bug fixes.

ClumpOS. ClumpOS has released R5.4 with major feature enhancements.

Fd Linux. Fd Linux has released 2.1-0 with major feature enhancements.

floppyfw. floppyfw has released development version 1.9.19 which updates the kernel to 2.4.18, and contains minor bug fixes.

LEAF (Linux Embedded Appliance Firewall). LEAF (Linux Embedded Appliance Firewall) has released beta-4 (Bering).

Leka Rescue Floppy. Leka Rescue Floppy has released version 0.5.2 with minor feature enhancements.

Recovery Is Possible. Recovery Is Possible (RIP) released version 50, with minor feature enhancements.

Distribution Reviews

Linux Orbit Reviews Lycoris Desktop/LX distribution. Linux Orbit reviews the Lycoris Desktop/LX distribution. "Lycoris Desktop/LX has really raised the bar for simple Linux installations. What they've done for convenience however may not make an experienced Linux user happy. The number of choices you have for your configuration are limited to those needed to set up a Linux workstation. This is a distribution clearly focused at current Windows users or Linux newbies looking to get the Microsoft license monkey off their back, which is really original for Linux distributions when you think about it."

Section Editor: Rebecca Sobol

March 14, 2002

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Distribution Lists:
LWN List
Woven Goods


 Main page
 Linux in the news

See also: last week's Development page.

Development projects

News and Editorials

GTK+ 2.0 Released

Version 2.0 of GTK+, the Gimp Toolkit widget set is available. GTK+ was originally developed for The GIMP image manipulation system. It now sees wide use as the toolkit for the popular GNOME desktop.

Some of the more popular GTK+ based applications include the GIMP, the AbiWord word processor, the Dia drawing program, the Glade user interface builder, the GnuCash financial program, and the Gnumeric spreadsheet.

GTK+ consists of three libraries:

  • GLib "is the low-level core library that forms the basis of GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system."
  • Pango "is a library for layout and rendering of text, with an emphasis on internationalization. It forms the core of text and font handling for GTK+-2.0."
  • ATK is the library that "provides a set of interfaces for accessibility. By supporting the ATK interfaces, an application or toolkit can be used with such tools as screen readers, magnifiers, and alternative input devices."
GTK+ works with C, C++, Perl, Python, Objective C, and O'Caml, as well as other languages. It is designed to make the addition of support for other languages easy. See the GTK+ FAQ for more information.

GTK+ 2.0 Features

The announcement for GTK+ version 2.0 lists these new features:

  • Enhanced internalization with full Unicode support.
  • A text widget that supports multiple views of a buffer, styled text, and internationalization capabilities.
  • A powerful tree and list display widget.
  • Improved accessibility support via ATK.
  • The ability to load and manipulate images via gdk-pixbuf.
  • Improved programming interfaces as a result of developer feedback.
  • Improved usability including better keyboard navigation.
  • A new default appearance.
  • Type and object abstraction for wider use.
  • A preview version of the Microsoft Windows port.
  • A simplified and enhanced API which is the result of developer feedback.
It is good to see that the GTK+ developers are taking developer feedback into consideration, the temporary instabilities caused by the changes should be outweighed by the eventual gains in coding efficiency. (Thanks to Joel Becker.)

GNOME 2.0 Beta 2.

The second beta of the GNOME 2.0 desktop, which uses GTK+ 2.0, also has been released for testing. The developers are looking for testers to find and fix bugs.


SAPDB Version available. Version of the SAPDB relational database is available. See the release notes for all of the details.

Embedded Systems

The birth of the Embedded Linux Specification. LinuxDevices.com is carrying a call to all Embedded Linux companies to attend the Embedded Linux Consortium meeting on March 12 in San Francisco (during the Embedded Systems Conference). The purpose of the meeting is to start work on the Embedded Linux Specification, a standards effort which looks much like the Linux Standard Base for embedded systems.


Graphics programming with libtiff (IBM developerWorks). Michael Still introduces libtiff, a C library that implements the TIFF graphics standard. "TIFF (Tag Image File Format) is a raster image format that was originally produced by Adobe. Raster image formats store the picture as a bitmap describing the state of pixels, as opposed to recording the length and locations of primitives such as lines and curves. Libtiff is one of the standard implementations of the TIFF specification and is in wide use today because of its speed, power, and easy source availability."

Mail Software

Python milter v0.4.0 released (Milter). A new version of Python milter, a mail filtering utility, has been announced. This version features bug fixes and simplified content scanning in the mime module.

Peer to Peer

Expanding ChatBot's Repertoire (O'Reilly). DJ Adams continues his article on Chatbot, a Perl-based Jabber bot. "Rather than write a silly function that doesn't do much more than say 'Hello World,' let's look at giving ChatBot a facility that has some use beyond this article. Despite the arrival of the Euro currency in Europe, currency conversion still has its uses, especially for those countries (like my homeland) that have not yet taken the plunge. Another use of currency conversion is it allows for discussion of prices of items essential for everyday life, such as MP3 hardware, between the U.K. and the U.S."

Printing Software

LPRng-3.8.9 has been released. Version 3.8.9 of the LPRng print spooling system is available. The changes include bug fixes and new documentation.


XML Biometrics Standards Committee Forms (LinuxMedNews). LinuxMedNews reports on a new standards committee that has formed to define an XML-based standard for biometric information.

Web-site Development

New version of PHP Review. A new version of the PHP Review book review system is available and includes a couple of bug fixes.

Zope Members' News. The latest Zope Members' News includes a report on the rapid growth of FreeZope.org, an announcement for the Zope BBQ, and takes a look at NuxDocument 0.9 and ZCVSFolder 0.2.7b1.

asp2php Version 0.76.1 released. A new version of asp2php is available. This version features a newly rewritten program core. More changes are on the way.

March 14, 2002

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Desktop Development

Audio Applications

mpg321 0.2.9 Released. Version 0.2.9 of mpg321, the free replacement for mpg123, has been released. Highlights of this version include Shoutcast support, ID3 tag support, a bug fix for gtoaster, improved network support, and more.

AlsaPlayer 0.99.56 released. Version 0.99.56 of the AlsaPlayer PCM player is available. This release features "lots of small bugfixes".

Web Browsers

Encompass Alpha Release 2 (Gnotices). A second alpha release of the Encompass web browser for GNOME has been announced. "This version contains preliminary support for HTTP POST, HTTP Authentication, and HTTP Proxy via the http_proxy environment variable."

Mozilla 0.9.9 released. Version 0.9.9 of Mozilla has been released. This version now supports MathML by default, it also has an improved JavaScript debugger, SOAP support, TrueType font support, and the ability to disable pop-up messages, as well as many other features. A fix for the recent zlib security vulnerability is also included.

Galeon 1.2 released. Following quickly after Mozilla 0.9.9, it didn't take long for Galeon version 1.2 to be released. Check out the announcement and then hit the Galeon home page for your download.

MozillaZine. The latest MozillaZine looks at Mozilla 0.9.9, the new Mozbot 2.2 IRC bot, and more.

Desktop Environments

GNOME Summary. The GNOME Summary for March 2 is available. Covered topics include the new GNOME software map, reviews of Evolution, Galeon, and Gnumeric, and more.

NEW GNOME Installation Guide And Review For GNOME 2.0 Published. A new version of the Gnome Installation Guide has been announced, this edition features new information on GNOME 2.0.

GARNOME Preview Four: 'Perdon; estoy buscando mis pantalones.'. GARNOME 0.8.0, "the bad-ass, bleeding edge GNOME distribution for testers and tweakers everywhere," has been released. Here's a (relatively) easy opportunity to test out the upcoming GNOME 2.0 desktop and find any remaining problems.

New KDE documentation site. By way of KDE.News, we've learned of the launch of docs.kde.org, a new, comprehensive documentation site for the KDE desktop.

People of KDE: Neil Stevens. This week's People of KDE features Neil Stevens, the person in charge of "Kit, Kaboodle, Megami, and a bunch of hard-to-translate Noatun plugins".

LinuxQuestions Members Choice Awards: KDE Kleans Up. LinuxQuestions.org has picked KDE as their favorite desktop. Applications such as Konqueror and KMail also received high scores.


The Chopping Block for March, 2002. The March, 2002 issue of The Chopping Block is available on the WorldForge Game site. Articles include a description of the WorldForge project, a look at the COAL map handling library, a review of the Kings Feast project, and talk on licensing issues.

Pygame: BOMBERS. This week, the Pygame site features BOMBERS 0.7, a "space shootem up" game.


Gimp 1.3.4 released. Gimp version 1.3.4, which is "targetted for developers and curious users" and not for daily work, has been announced. See the README for details.

GUI Packages

New fltk applications. The FLTK site lists two new applications, SpiralSynthModular 0.0.8, an object oriented modular softsynth / sequencer / sampler, and FL-Inventor 0.9.1, a 3D VR applications toolkit.


Wine 20020310 announced. A new version of Wine has been announced. Version 20020310 is identical to the previous version, except for the change to the GNU Lesser General Public License.

Wine Weekly News. The March 8, 2002 edition of the Wine Weekly News has been published. Topics include Crossover 1.1.0, Wine licensing, an X11-licensed fork, and more.

Samba 2.2.3a released. Version 2.2.3a of Samba has been released. It includes a bug fix for a Windows Explorer bug that showed up in the 2.2.3 release. Upgrades are recommended.


GStreamer 'GUADEC By Foot' 0.3.3 released (Gnotices). Version 0.3.3 of the GStreamer Multimedia framework has been released. "This release contains a lot of nice fixes and updates including a new cothread system, a new autoplugger, many new plugins and more."

Office Applications

Release of GnuCash 1.6.6 (Gnotices). A new version of GnuCash has been released. Version 1.6.6 features new and updated translations, improved exchange rate calculations, bug fixes, and other features.

Two new Gnumeric releases. Gnumeric 1.0.5, a bugfix version of the stable release , has been announced.

Gnumeric 1.1.1, from the development branch, has also been announced, the claim is that this version works as well as stable version 1.0.

Kernel Cousin GNUe #19. Issue #19 of Kernel Cousin GNUe has discussions on the GNUe Application Server v2 (GEAS), using analysis patterns for module proposals, integrating Zope and GNUe, data protection, databases, and more.

AbiWord Weekly News #83. Issue #83 of the AbiWord Weekly News covers the latest developments on the AbiWord word processor.

Desktop Environments

Window Managers

Widget Sets


Programming Languages


Caml Weekly News. The March 12, 2002 edition of the Caml Weekly News looks at WhizzyTeX 1.0 and an ssl library for Ocaml.


g95 status. Progress continues on the g95 FORTRAN compiler project, the current goal is to finish the type resolution system. A Linux binary is available if you want to see how g95 reacts to your FORTRAN code.


Cache-Friendly Web Pages (O'Reilly). Jennifer Vesperman explains the HTML Expires and Cache-Control headers on O'Reilly's Linux Devcenter. "There are a lot of HTTP caches out there. How long are they holding your pages? How long should they hold your pages? RFC 2616 (HTTP/1.1) specifies that caches must obey Expires and Cache-Control headers--but do your pages have them? How do you add them? What happens to your pages if you don't?"


Merlin brings nonblocking I/O to the Java platform (IBM developerWorks). Aruna Kalagnanam and Balu G write about nonblocking I/O in Merlin. "Until JDK 1.4 (aka Merlin), the Java platform did not support nonblocking I/O calls. With an almost one-to-one ratio of threads to clients, servers written in the Java language were susceptible to enormous thread overhead, which resulted in both performance problems and lack of scalability."

Top Ten Cool New Features of Java 2SE 1.4 (O'Reilly). David Flanagan examines Java 2SE 1.4 on O'Reilly's OnJava site. For the impatient, the covered features are: Parsing XML, Transforming XML, Preferences, Logging, Secure Sockets and HTTPS, LinkedHashMap, FileChannel, Non-Blocking I/O, Regular Expressions, and Assertions.


Free The X3J Thirteen! for February, 2002. The February, 2002 edition of Free The X3J Thirteen! is out. "This issue covers a new vendor-neutral package format for cCLan, MK:DEFSYSTEM 4 and CLAWK, the Common Lisp Cookbook project, the SPARC and Alpha ports of SBCL, a new version of CL-PDF, and the forthcoming releases of CMU CL and CLISP."

Universal Foreign Function Interface. UFFI, the Universal Foreign Function Interface is available. UFFI is a tool for interfacing Common Lisp to C-language compatible libraries.


Rindolf Specification Document v0.1.12. A new version of the Rindolf Specification Document has been published by Shlomi Fish. Rindolf is a dialect of Perl. Briefly, "Rindolf aims to be an improved and re-engineered Perl 5".

Perl 6 Porters. The March 12, 2002 Perl 6 Porters looks at an effort to redesign printf, Parrot 0.0.4, version 1 of the proposed Assembler PDD, and multi-method dispatch in Parrot.


PHP Weekly Summary. The March 11, 2002 edition of the PHP Weekly Summary looks at the NAPA XSLT processor, socket re-work, an aggregation function bug, the new build system, a new Universe CORBA extension, the path to version 4.2.0, and more.


The Parade of PEPs. Guido van Rossum has posted The Parade of the PEPs, a look at outstanding Python enhancement proposals and his frank opinion on what should happen with each. It's an interesting read for those following the development of the Python language.

Dr. Dobb's Python-URL!. The March 11, 2002 Dr. Dobb's Python-URL! is out. Topics include seeking fame and fortune developing Python, the Disipyl Python interface to DISLIN, RPy, for interfacing to the R language, processing volume images with BBLImage, the lfm v0.8 midnight commander clone, and more.

Text Processing In Python draft available. David Mertz has announced that a draft of his upcoming book Text Processing In Python, (to be published by Addison Wesley) is available on the web. He is looking for feedback on ways to improve the book, of course.

The Daily Python-URL. This week's accumulation of articles on The Daily Python-URL include an announcement for a new Python Imaging Library, the EDDIE Tool systems administration helper, the disipyl DISLIN wrapper, the BBLimage image processing tools, and more.


The Ruby Garden. This week's Ruby Garden looks at BioRuby.org, which features Ruby libraries for working with DNA data.

The Ruby Weekly News. The March 11, 2002 edition of the Ruby Weekly News looks at DBTalk 0.5, an interactive GUI based tool for database querying, programming, and administration, the RDoc documentation tool, Ruby/SMB, and more.


Dr. Dobbs' Tcl-URL! for March 11. The March 11, 2002 edition of Dr. Dobbs' Tcl-URL! is out. Topics include a cash register application in Tcl, Tcl in embedded systems, the Tk look and feel, garbage collection, and more.


Donald Eastlake on XML Digital Signatures (IBM developerWorks). Larry Loeb interviews Donald Eastlake, editor of the XML Digital Signature (XMLDSIG) RFC. "What is 'truly secure XML?' The phrase is meaningless without a definition of what security properties you are trying to achieve and what your threat model is. XMLDISG provides a building block. It is a flexible mechanism for the cryptographic binding of data to a key."

Integrated Development Environments

GNUstep Weekly Editorial. The GNUstep Weekly Editorial for March 8, 2002 is available. Topics include the CDPlayer application, Objective-C++ support, a gnustep-make roadmap, and more.

Software Testing

oprofile version 0.1 released. Version 0.1 of the oprofile code profiler is available. The release notes lists reporting of more symbols and a better output report, in addition to lots of bug fixes.


Valgrind memory debugger. Valgrind is a memory debugging tool for C/C++ on the x86 platform, it has been used by the KDE development community for debugging libraries and applications. Valgrind has been released under the GPL. (Thanks to Julian Seward.)

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 Linux in the news

See also: last week's Commerce page.

Linux and Business

HP Announces Global Consortium to Enable New Linux Capabilities for Academic and Industrial Research. Hewlett-Packard Company announced the formation of the Gelato Federation, a worldwide consortium focused on enabling open source Linux-based Intel(R) Itanium(TM) Processor Family computing solutions for academic, government and industrial research.

Embedded Linux Market enters era of standardization. The Embedded Linux Consortium (ELC) held an open technical meeting in San Francisco, to discuss the creation of a unified Embedded Linux "platform specification".

Panasonic Invests in MontaVista Software. MontaVista Software has received an equity investment from Matsushita Electric Industrial Co., Ltd. (MEI) through its subsidiary, Panasonic Digital Concepts Center (PDCC).

Linux for the Sony Playstation. A Linux for Playstation 2 kit is being offered for the Sony Playstation 2 game platform. "The LINUX (FOR PLAYSTATION 2) accessory kit allows you to utilize the PlayStation 2 console as a fully-functional desktop computer. Download a wealth of Linux programs -- HTML editors, multimedia players, office solutions and more -- or program your own software to run in the PlayStation 2 Linux environment." Some familiarity with the Linux operating system is recommended. (Thanks to Joe Klemmer.)

LPI holds its annual board election. The Linux Professional Institute has held its annual board election. Jon 'Maddog' Hall will be replacing Tom Peters. CeBit attendants can visit the LPI booth and take discounted exams next week.

Free as in Freedom. O'Reilly is promoting their new biography on Richard Stallman, "Free as in Freedom". "Why would Microsoft executives lie awake at night worrying about the antics of a long-haired, renegade hacker named Richard Stallman? Why do some of the smartest programmers on the planet revere this man as 'St. Ignucius'?"

Linux Stock Index for March 08 to March 13, 2002.
LSI at closing on March 08, 2002 ... 28.40
LSI at closing on March 13, 2002 ... 28.26

The high for the week was 28.90
The low for the week was 28.24

Press Releases:

Open Source Products

Distributions and Bundled Products

Proprietary Products for Linux

Linux PC Hardware

Embedded Linux Products

Products and Services Using Linux

Products With Linux Versions

Linux At Work

Open source at work

Java Products


Investments and Acquisitions

Financial Results

Personnel & New Offices


Section Editor: Rebecca Sobol.

March 14, 2002


 Main page
 Linux in the news

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Linux digs in at embedded systems show (CNN). CNN reports on the Embedded Systems Conference. "To allow an application written for one vendors' operating system to run on that of another vendor, an industry group will unveil plans Tuesday to create a standard for embedded Linux systems. The Embedded Linux Consortium (ELC), an industry group with more than 70 members including Intel and Red Hat, has set its sights on firming a standard set of APIs (application programming interfaces) and compatibility test kits so that eventually, any Linux application will run on any Linux operating system, so long as both conform to the specifications."

Jim Allchin mentions Embedded Linux threat (Register). Microsoft's Jim Allchin talks about the threat of Linux in the embedded space. (See the end of the article.) "It's -- we've lost accounts on the client based on it. We have -- we're in constant competitive situations in the embedded space. To me that's where it's strongest, in the embedded space. Second in servers and third in client, but it's a progression that they're moving very quickly with."

Identifying the top requirements for Embedded Linux systems (LinuxDevices). LinuxDevices.com is carrying a lengthy article looking at the requirements for embedded systems and how well Linux meets them. "My personal belief is that not so much power consumption or processing speed but security will be the key issue in embedded systems in the near future. Reliability was one of the demands from the very beginning on -- security, on the other hand, has been neglected. The more embedded systems become complex, offer extensive user intervention and utilize the ability to interact with local networks and the Internet, the more security related issues are emerging."

Stop the Copying, Start a Media Revolution. O'Reilly's Andy Oram discusses current copyright problems. "Why is there so much trading of copyrighted material online? Because the general public has few alternatives to the popular media controlled by large copyright holders. If the Internet developed its own media, there might be less to fight over--although as I will show, the battle will intensify before it subsides."

Republicans Should Back Recording Artists, Consumers (Fox News). Recommended reading: this strongly worded article on the Fox News site. "And now, record companies - who have allied themselves with the just-as-bad motion picture industry - want to make it a felony for you to own a computer that is capable of copying music from a CD to your portable player without paying them money, even though courts have held that such copying is entirely legal." (Found on Slashdot).

Bizarre vs. Bazaar (Linux Journal). Will the DMCA be the death of Internet radio? "Webcasting is just the first species marked for destruction. Whether this is an evil plot, a dumb bureaucracy at work or both, the effects are the same: the destruction of the Net as a commons and its replacement with a plumbing system for the distribution of "content" (a word hardly used in a shipping context before Big Media got all drooly over The Promise of The Net)."

NA cans PGP -- takes on a life of its own? (IT-Director). IT-Director talks about the future of PGP, now that Network Associates has decided to stop developing and marketing the encryption software. "When NAI took the product from Zimmerman in '97, he came with it. He was the face of PGP and the heart of the movement. In February last year however, Zimmerman left NAI citing issues with the firms handling of the PGP solutions. Looking back this was the turning point for PGP. If NAI hasn't got Zimmerman then surely it hasn't got the PGP movement behind it? And, although NAI clearly failed to realise this, it would appear that this took the heart out of the NAI solution -- and, at NAI at least, it died."

Vivendi's Canal Plus sues NDS (MSNBC). Here's an interesting MSNBC article discussing an alleged use of source code as a weapon. Vivendi is suing News Corp.'s NDS, claiming that NDS cracked Vivendi's digital TV content scrambling scheme and released the resulting code on the net. "The lawsuit claims damages of more than $1 billion. It alleges violations of U.S. Racketeer Influenced and Corrupt Organizations Act and federal copyright laws, as well as a breach of California?s unfair competition statute."

Some games aren't fun (InfoWorld). Here's an InfoWorld story about the conflict between bnetd and Blizzard. "It's amazing how the right to protect intellectual property has managed to erode the rights of consumers. Open source, on the other hand, specifically seeks to empower software consumers, giving them the right to use, distribute, modify, and distribute modifications to the software. In the days ahead, I fully expect that the gap between the rights of open source and the restrictions of closed source will begin to resemble the Grand Canyon."

Locking Up Your Rights (MSNBC). MSNBC is carrying a Newsweek article about the ongoing Elcomsoft case. "The main event comes on April 1, when the judge hears [Elcomsoft attorney Joseph] Burton's motions to dismiss on constitutional grounds. Though his argument gets technical, attacking what he calls 'vagueness' in the DMCA, the bottom line is this: how can it be a crime to allow people legal access to what they legally paid for?"

Deciphering the war on open source (News.com). Bruce Perens counters attacks by Microsoft's Craig Mundie. "Mundie uses a textbook tactic of manipulation: start with some reasonable talk, and lead the audience to an unreasonable conclusion. The reasonable part is that businesses have to sell something to make money. And it's (deliberately) hard to commercialize GPL software. To follow Mundie's conclusion, however, you'd have to believe that the money people save by using the GNU-Linux system just disappears."

Ethical and Social Implications of Science and Technology (TechWeb). TechWeb reports on a recent conference that looked at the ethical and societal implications of the accelerating developments in science and technology. Present at the conference were Bill Joy, Raymond Kurzweil, and Mitch Kapor. "Open source creates a sort of 'virtuous circle,' Kapor said, where 'you take it, you improve it, you put it back.' He's critical of the way science is increasingly closed, licensing off its discoveries to corporate interests or making them inaccessible via patents. Says Kapor, 'It would be great if science can get back to its own roots.'"

Il guru hacker propone: 'Mai piu allegati Word' (Repubbl ca). Richard Stallman's call for an end to Word attachments has been reported in La Repubblica, an Italian newspaper. It's a reasonable discussion of the problems with these attachments - though freedom and open file formats are not mentioned directly. An English translation of sorts is available via Babelfish. (Grazie a Massimo Marengo).

Simputer for the masses set for takeoff (ZDNet). ZDNet is carrying a Reuters article about the upcoming rollout of the Simputer in India. "Built by the non-profit Simputer Trust, the device is slightly larger than a regular handheld PC, and uses the free-to-use Linux operating system. Its software is expected to aid farmers seeking to know commodity prices and beat middlemen and also provide speech recognition in regional languages to help illiterate rural folk."


Caldera reverse stock split March 14 (News.com). News.com covers a Caldera International stock split. "Caldera International shareholders approved a 1-for-4 reverse stock split Thursday, the struggling Linux and Unix seller said. The split will take effect March 14, at which point the 57.5 million outstanding shares will be converted into 14.4 million shares."

Resellers get Linux boost (vnunet). Caldera is looking for a few good resellers, according to this vnunet article. "The company, which boasts 1,500 UK partners, is offering free commercial and technical training, free educational materials, access to demonstration software, development tools and sales information."

HP Urges Linux Support for Research (InternetNews). HP is at the forefront of a new consortium aimed at bringing Linux and 64-bit computing to the research community. "Called the Gelato Federation, the group will develop commodity software to help scientists conduct technology research in life and physical sciences."

Leaning HP's Way (InformationWeek). InformationWeek covers HP's renewed efforts to purchase Compaq. "HP board members, in a mailing to shareholders last month, argued that the new HP would dominate the Windows and Linux server markets, which are growing at 20% and 30%, respectively."

IBM preps AIX 5L 5.2 for October release (Register). The Register reports on IBM's plans for AIX 5L version 5.2, which is to be released in October, 2002. "The L in AIX 5L stands for Linux affinity, which means that many of the Linux APIs are supported within AIX so applications written for Linux can be recompiled to run natively on PowerPC and Power4 processors."

Linux-backer Lineo opens doors in India (ZDNet). The embedded Linux company Lineo has announced that it is expanding its operations to India. "Privately-held Lineo aims to closely work with Indian computer hardware manufacturers and offer a suite of embedded software solutions, Ishrat Hakim, vice-president, Asia-Pacific sales at Lineo, told a news conference in Bangalore."

Mandrake Linux looking for users' cash (News.com). MandrakeSoft is in need of short-term funding. "To raise funds, Mandrake urged people to join the Mandrake Linux Users Club, which costs $5 per month or more, and the Mandrake Corporate Club, which costs between $2,500 to $100,000 per year."

Linux company lays off 90 percent (ZDNet). ZDNet looks at the hard times at Mission Critical Linux. "The company has been stripped down to a much smaller entity, with six employees compared with just less than 60 a month ago..."

Red Hat signs Sanyo, Motorola deals (News.com). Red Hat has signed deals to bring its GNUPro software-development tools to Sanyo's Xstormy16 CPU and to support the AltiVec instructions in Motorola PowerPC chips. "Sanyo's Xstormy16 is used in devices without much computing power, including audio devices and home appliances. AltiVec is technology built into many PowerPC chips that speeds up operations such as audio processing. The technology is useless, however, unless software can take advantage of it, and supporting AltiVec in GNUPro will allow Linux to get past that roadblock."

VPN hardware company names new CEO (News.com). Embedded Linux VPN provider SnapGear has promoted Chief Technology Officer Rick Stevenson to chief executive. "SnapGear uses a version of Linux and was a subsidiary of embedded Linux company Lineo until October 2001. The company now has about 35 employees. Stevenson had been vice president of integrated products at Lineo."

Sony starts selling Linux kit for PS2 (News.com). News.com covers Sony's PS2 announcement. "Sony doesn't expect the product to be a mainstream hit but hopes that hobbyists who tinker with the PlayStation can become top-notch game designers. Judging by the 9,626 people who signed a petition for Linux on the PS2, there is significant interest."

Double Checking Sun's Reality Check (Byte.com). Byte.com carries Moshe Bar's rebuttal to Sun's "Reality Check" article. "The big advantage to using Linux on a mainframe is the consolidation of servers. There are data centers out there with thousands of individual x86 servers, especially in new industries like cellular communication, ISPs, and application server providers." (Thanks to Biju Chacko)

Sun Microsystems Faces Critical Point in Company History, Experts Say (Boston Globe). The Boston Globe examines Sun's efforts to get involved with Linux, and looks at one Sun customer's switch. "In 1998, Lucas began switching to cheap personal computers, similar to those found in millions of American homes, and to the free Linux operating system. He has been delighted with the results. The more primitive computers actually run his code faster than the high-end machines ever did and at far lower cost. 'We decided to convert completely over to Linux,' Lucas said."

Sputnik: Open Source wireless public network (Register). The three co-founders of Linuxcare are on another Open Source adventure. "David L. Sifry, Arthur Tyde and David LaDuke launched wireless networking company Sputnik in April 2001, but only last month did they launch a public Web site to reveal their plans. In an effort to "under-promise and over-deliver," as Sifry calls it, the trio have thus far avoided marketing and advertising their product, an Open Source 802.11b wireless gateway designed to allow wireless access providers to authenticate users while sharing their bandwidth."


Will Linux find a home in handhelds? (CNN). CNN reports on the growing number of Linux PDAs. "While new to a market which already has established giants Palm and Microsoft operating systems battling it out for market share, Ishrat Hakim, Lineo's vice president Asia-Pacific sales and corporate development, believes Linux has the ability to hold its own in this ultra-competitive arena."

Cost the key factor in pushing business to open source (Register). The Register examines data gathered by OpenForum Europe, a group advocating the use of open source software in business. "Unlike the more overtly geeky open source organisations we're familiar with, OpenForum Europe has set itself the tricky task of evangelising the software in business and government, which means having a few suits on board itself, and working the line between suit and geek."

AOL embraces Linux and Mozilla, plans to drop MS Explorer (Register). Here is a Newsforge article, carried in the Register, which looks at AOL's internal switch to Linux and Mozilla. "AOL is switching to Linux for the same reason most large companies make the change: to save money. Thousands of AOL servers are already 100% Linux, and more are switching over every day. AOL number-crunchers figure they can replace an $80,000 box running proprietary UNIX with two $5,000 Linux boxes and get a 50% increase in performance in addition to the cost savings."


Mozilla's Revenge (Salon). Salon's Andrew Leonard revisits Mozilla. "Mozilla today is so much more impressive than it was a year and a half ago that it made me feel like I wanted to be a hacker all over again, just as I did when I first began to tap into the fervor that was fueling the growth of Linux and Apache."

The Evolution Continues (Linuxworld). Joe Barr continues his review of the Evolution mail client, and the process of migrating from Sylpheed to Evolution. "After a couple of weeks of constant usage it is even clearer to me today than when I wrote the first column that while both Evolution and Sylpheed are GUI clients, each are seeking a different audience. If it is sheer speed, power, and reliability you want then Sylpheed is the choice for you. If you want ease of use and an almost seamless bridge between Windows clients like Outlook and e-mail Linux-style, then Evolution meets your needs better."


Emulate This! Part 1 (Linux Journal). The Linux Journal launches a new series of columns on interoperability with this look at the mtools package. "You might ask why we would use something like mtools instead of simply mounting a floppy diskette as type msdos (as in mount -t msdos /dev/fd0 /mnt/floppy) and using the traditional Linux commands. Well, for one thing, there's this whole thing about mounting and unmounting diskettes, which can be a bit of a pain."

Consumer Video Editing in Linux (Camcorderinfo). Camcorderinfo looks at some of the advantages of using Linux for video capturing and editing. "Because video editing is so computer intensive, we often push our computers to their limits when editing video and anyone who has worked with video in a Windows environment has experienced the unreliability of Windows and gone through many crashes. Linux is considered much more reliable than Windows and once you have it installed will most likely give you much fewer headaches."


Alan Cox: What the future holds for Linux (ZDNet). ZDNet has posted another interview of Alan Cox, this time the topic is the future of Linux. "In the desktop world there are a set of transitions for the legacy-free PCs which we have to be ready for--we're pretty much in the right spot. So you see machines where USB is basically the only plug-in interface. ACPI (Advanced Configuration and Power Interface) is becoming a requirement on machines, so you have to support the ACPI configuration."

Alan Cox: The battle for the desktop (ZDNet). Here is part 2 of ZDNet's interview with Alan Cox. "A good example of the flexibility of Linux is in internationalization. Because it's open source, anyone can pick that code up and adapt it, and do it with all their own cultural nuances. At one point Iceland had a problem because Microsoft looked at it and said, here's a small country, we won't be doing an Icelandic version of Windows anytime soon. This was unfortunate for Iceland as they are rather attached to their language, having spoken it for more than 1,000 years. So some guys took Linux and translated it into Icelandic."

Brian Chats with Moshe about openMosix (SF Foundry). Brian Finley talks with Moshe Bar about openMosix. "We had then, finally, one last interested [venture capitalist]. very serious people who did a lot of research into Mosix, on the three people invovled and on the chances for marketing Mosix as it was then (spring 2001) in the summer of 2001 we got a firm offer from that VC to create a commercial Mosix entity."

GNU-Friends Interviews Karl Berry. GNU-Friends has interviewed Karl Berry, long time TeX guru, who shares his thoughts on open-source software as well as a recipe for Hungarian pork chops. "Typography and letterform design have been innately interesting to me for as long as I can remember. In the 1980's, TeX and Metafont were just hitting their stride, and Kathryn and I designed and typeset numerous books and other random items with them. Don Knuth's projects are always fascinating on many levels, and it was natural to get pulled in."


Linux watch counts down to launch (ZDNet). ZDNet reports on IBM's latest Linux watch, which is to make an appearance at CeBIT. "Linux 2.4 runs on a 32-bit RISC processor, the frequency of which varies from 74MHz to 18MHz to help save power. By tinkering with Linux, IBM has reduced the amount of memory required to run the operating system. In turn, this has helped increase the battery life to six hours. IBM has predicted all-day battery life will appear in a year or so."

Are You a Linux Waif? (Linux Journal). Linux Journal asks twelve questions designed to reveal the Linux waif. "Does your dad's license plate read ILUVLNX or LNXROX or LNXRULZ, etc.? Does the other car's plate read IH8MS?"

Section Editor: Forrest Cook

March 14, 2002


 Main page
 Linux in the news

See also: last week's Announcements page.



Building a Two-Node Linux Cluster with Heartbeat (Linux Journal). Linux Journal's C T Leung illustrates the process of setting up a two node High Availability Linux cluster with Heartbeat. "When node1 (the primary server) goes down, node2 will be take over all services from node1 by starting the same IP alias and all subsequent services."

2001 LinuxQuestions.org Members Choice Award Winners. LinuxQuestions.org has posted the results of its Members Choice Awards. Check it out to see which Linux applications are the most popular.

Video of lecture by Alan Cox and Dick Porter. The BT Ignite Web Services Annual Lecture was held in Swansea, Wales, on March  5; the speakers, talking about "Doing things differently - Linux past, present and future," were Alan Cox and Dick Porter. A video of the lecture is now available on the web in several formats.

Linux Optimization and Fine Tuning (Linux Journal). Linux Journal shows how to optimize a Linux machine by tweaking the kernel, services, compile options, and window system.

Alphabetical Directory of Linux Commands (O'Reilly). O'Reilly has published an online version of its Alphabetical Directory of Linux Commands, also available in paper form.


International Beer Day II (Gnotices). The second International Beer Day, to be held after the GUADEC conference, has been announced.

Zope BBQ 2002. The Zope BBQ 2002 will be held on April 11 and 12 in Berlin, Germany.

Open Source Software for e-Government. The Cyberspace Policy Institute of The George Washington University is presenting several demonstrations of mature Open Source programs in use at the Census Bureau. The demonstrations will be held in Arlington, Virginia on March 19, 2002. (Thanks to Tony Stanco.)

KDE Presence at CeBIT 2002. KDE will be present at the CeBIT 2002 conference in Hannover, Germany on March 13-20. They will be showing off KDE 3.0, Konqueror/Embedded, and KOffice 1.2, among other things.

Events: March 14 - May 9, 2002.
Date Event Location
March 14 - 16, 2002Embedded Systems Conference(Moscone Center)San Francisco, California
March 14 - 16, 2002O'Reilly Emerging Technology Conference: P2P, Web Services, Wireless, and Beyond(Westin Hotel)Santa Clara, CA
March 21 - 22, 2002Annual Conference of Open Source Content Management Systems(OSCMSC)(Swiss Federal Institute of Technology (ETH))Zurich, Switzerland
March 22 - 24, 2002Linux Event 2002, Italy(Terminal Crociere di Livorno)Livorno, Italy
April 3 - 6, 2002The Association of C & C + + Users Spring Conference(ACCU)(Heritage Motor Centre)Warwick, England
April 4 - 6, 2002GNOME Users And Developer European Conference(GUADEC)Seville, Spain
April 11 - 12, 2002Zope BBQ 2002, EuropeBerlin, Germany
April 24 - 27, 2002Federal Open Source Conference(Ronald Reagan Building)Washington DC
April 29 - 30, 2002Samba eXPerience 2002(Hotel Freizeit)GŲttingen, Germany

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Section Editor: Forrest Cook.

March 14, 2002



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

March 14, 2002

From:	 Xavier Bestel <xavier.bestel@free.fr>
To:	 letters@lwn.net
Subject: Software Patents: France Accuses EC of Misleading e.Europe
Date:	 07 Mar 2002 16:12:48 +0100

A government publically opposes software patents, and you write only 2
lines in the commerce section of LWN ? I was hoping this would have
generated a bit more comment from your part. Letting the software
patents pass or not in the EC *is* important.

Ok, this government is French, and you're a Colorado-based company, so
it's not that intersting for you.
Moreover in France there'll be soon presidential elections, which make
popular declarations more frequent. But hey, this means a governing body
is acknowledging that life would be better without these patents ?

I thought this deserved a bit more attention than the fact that
StarOffice didn't change its status.


PS: Frenchies are often angry at something. I don't know if it's genetic
or constitutionnal. Long live LWN !
From:	 ketil@ii.uib.no (Ketil Z. Malde)
To:	 letters@lwn.net
Subject: digital rights and wrongs management
Date:	 07 Mar 2002 09:24:32 +0100


While it is of course important for legislators to look after
businesses and business models that constitute the pillars of their
society, it should also be a priority to look after the citizens.

As a parent, I perceive cars and traffic is a threat to the safety of
my children as much as unrestricted software is a threat to
copyrights.  And, unless legislators openly will insist that the
profits of media businesses are more important than the lives of
children, I propose that all cars and other vehicles are fitted with
speed regulators that make it impossible to break speed limits.  

An organisation, say the Parents' Auto Control Management AssociatioN,
will license auto manufacturers and maintenance shops, and of course
perform unannounced raids to ensure that they comply with the

In order to avoid people tampering with speed control devices,
cars should be sealed, and maintenance should only be performed by
PACMAN-approved shops. Since we have 25 year imprisonment as
punishment for writing software that /can/ be used for copyright
infringement, I suggest at least fifty years is appropriate for
illegal vehicle maintenance, that is, opening the hood by anybody
without a license.

Sounds fun, doesn't it?

If I haven't seen further, it is by standing in the footprints of giants
From:	 David Brownell <david-b@pacbell.net>
To:	 letters@lwn.net
Subject: SSSCA vs freedom
Date:	 Thu, 07 Mar 2002 12:29:48 -0800

In your March 7 issue you wrote:

> The problem is that free software is seen by many of these
> people as a sort of circumvention device. Systems with freely
> available source can not be relied upon to enforce other
> peoples' claimed digital rights. 

As the saying goes, "Your right to swing your fist ends
where my face begins."  But the SSSCA proponents
don't want to accept that type of limitation.  They don't
believe that copyright is a similar balance between
"competing" interests.  Or that copyright was created
with an agreement to enlarge the public domain when
the copyright expires -- in the near term. (*)

As more of society produces information (sometimes,
but not always, by synthesizing it from many sources),
rather than being pure consumers of pap from ever-larger
media conglomerates, both government and media have
started to act on a perceived threat to their plutocracy.
Imagine if a Free people were ever to notice the
level of corporate and governmental autocracy that's
afflicting them ... and decided they didn't like it?

Oh no -- there might be democratic change.  That's
a clear threat to this plutocratic society, and must
be prevented.  Our American Way is threatened!!
(Ignore that other American Way behind the curtain.)

- Dave

(*) Copyright originally expired when people who helped
    make the work valuable, but did not get copyright,
    might be alive to create "derivative works".  Today
    there are even more of those people ... music fans
    are what make bands popular (but notice the session
    artists never get copyright), employees are what
    enable corporate production, and so on.

From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 letters@lwn.net
Subject: AOL and/for Linux
Date:	 Tue, 12 Mar 2002 10:51:34 -0500
Cc:	 robin@roblimo.com

In a NewsForge piece linked from Tuesday's daily section, an AOL
employee is quoted thus on the topic of an AOL client ever appearing
for Linux:

 As far as an AOL client for Linux, one Linux-using AOL employee says,
 "How many Linux people do you know personally who would sign up for AOL
 if we had a Linux client? I don't know a single one, myself. I have an
 account with another ISP I use at home with my Linux box, and probably
 wouldn't use AOL from home even if I could."

While I could make a snotty comment about how this illustrates how AOL
employees miss the point almost as often as Microsoft employees do,
it will be more productive (thought less satisfying :-) for me to
*make* the point, which is that it's not the *"Linux people"* that
we're after there, silly.

We're trying to make it possible for some of those vaunted 30 million
subs to *finish* renouncing Microsoft, and move *to* Linux instead --
assuming one of the current crop of "Linux for d*mmies" distros makes
the grade -- because, obviously, viral as it is, AOL will be the reason
that a lot of those people *don't* switch; it's not worth running Wine
just to get AOL, no matter how good OpenOffice is...

-- jr 'anywhere he wants' a
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")
From:	 Bo Grimes <vgrimes@rr.com>
To:	 letters@lwn.net
Subject: Elcomsoft
Date:	 Tue, 12 Mar 2002 17:16:10 -0500

> Burton said that the Internet is an international, "ambient" realm,
> meaning that it is "everywhere and nowhere" and that it "transcends the
> idea of being only physical." Therefore, he said, conduct that occurs on
> the Internet is "extraterritorial" of U.S. laws, specifically the
> Digital Millennium Copyright Act, the 1998 law that Elcomsoft is charged
> with violating.  Wouldn't it be nice if this view were upheld by the
> court?

While I am a big supporter of open source software and freedom of speech,
there's no reason to be mesmerized by vacuous arguments.

One can not legally make harassing phone calls or send anthrax in the mail,
so why should one be able to send harassing emails or computer viruses? Cracking
a password to get a credit card number is no different than picking a pocket
to get it. If you break cyberspace and space-time down small enough, eventually
they consist of the same particles.

Communication or acts through one media that uses electrons (Internet) is
no different than others that also use electrons (phone) or waves (voice).
The question of legality shouldn't rest upon which means are used to accomplish
the act but the act itself.

If it's simply a matter of speech, fine, but why should all "conduct" be
above the law simply because the cables and lines used (the same ones used
to transmit cable TV and phone calls) run through many different countries?
From:	 Leon Brooks <leon@brooks.fdns.net>
To:	 Eric Smith <eric@brouhaha.com>
Subject: Choice comments
Date:	 Thu, 7 Mar 2002 21:41:40 +0800
Cc:	 Linux Weekly News <letters@lwn.net>

Eric Smith wonders (http://lwn.net/2002/0307/letters.php3):
> No one is forcing [Microsoft] to use GPL'd software.  It's simply
> another choice.  Of course, Microsoft doesn't want people to have
> choices, but isn't it strange that they complain that choices are
> available to them?

Meanwhile, Craig Mundie, representative of a convicted monopoly 
(http://www.sun.com/executives/perspectives/bad.html), software pirate 
(http://www.ensignuk.com/news/industry_news/110105.htm) and confessed outlaw 
pontificates (http://zdnet.com.com/2100-1104-847303.html):
> Rather than form a federation with Microsoft and work with what
> we had already created, there was this notion that the world
> should be offered an alternative

Three important things come from this: ONE - CHOICES

After Mundie's statement, there's really not much left to debate in terms of 
whether Microsoft really wants choice. There _is_ scope for discussing the 
kind of choice. We could beat around in the bush a fair bit, weighing up 
alternatives, but I'll cut straight to the chase:

Microsoft only wants choices it can control, and it can't control the GPL.

Now, the ``form a federation with Microsoft'' part... sure, let the sheep 
form a federation with the wolf, but it'll be on the wolf's terms, and 
involve a constant supply of mint sauce. We've seen words like those before 
in many compensation cases. It's all about control.


The history of William Henry ``Trey'' Gates III shows that what that boy is 
all about, has been all about since at least his teens - and so what his 
company is all about - is control. And that's a major Achilles' heel, because 
anyone so fixated on something can be controlled themselves.

Bill's been extremely fortunate that the only real challenge to that control 
has been benevolent and decentralised Free Software. If a powerful competitor 
like Larry ``hair's-breadth from being richest'' Ellison could push Bill's 
buttons so hard, a few years of corporate Judo would see Microsoft totalled.

Microsoft seems to be dying of a thousand mostly self-inflicted cuts anyway. 
Call it karma, Divine judgement, whatever, their constant breaking of the 
Golden Rule is coming back to bite them ever harder - enough to hurt.


A bigger question than the fate of Bill's flagship is: do you want to base 
your business around a company which continues to lie to and mislead friends, 
partners, enemies, courts, employees and stockholders freely and with 
apparent indifference? Are you happy with the well-dressed, confident rep 
from MCS, or is it time to look at history to see what Microsoft's real place 
for you is? Does your future lie with a lone potential corporate Titanic, 
or with a rich selection of standard, interoperable components?


The GPL is about control, too. Corporate control is doled out from on high, 
after being sucked to to the center, like a black hole. The Free Software 
milieu is less regular, ranging from dictator to ogliarchy to solo to chaos, 
and the structures frequently change. Control is dispersed.

The pivotal control issue is that the GPL makes and _keeps_ available not 
only a large number of applications and comprehensive development tool sets, 
but a large number of working examples and jumping-off points. Where a viable 
Free and standard solution exists in a market, the playing field is more 
level, it is much more difficult to justify an overpriced, overcontrolled 
proprietary solution. Witness the path of SCO and in lesser degree Sun.

This is precisely what Microsoft don't want. They are a battleship fighting 
in an age of air supremacy, and can't push a button and magic themselves into 
a carrier. They've seen cruisers sunk and sinking and they're panicking.

Cheers; Leon
Eklektix, Inc. Linux powered! Copyright © 2002 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds