Other stuff:
Contact us
Archives/search
Links
Calendar
Daily Updates

Recent features:
- Review: Red Hat 6.0
- The Mindcraft Report
- BitKeeper - not quite open source
- Alan Cox interview
- 1998 Timeline

Here is the permanent site for this page.

Leading items

Please see our Linux Expo page for our coverage of events at the conference, and pointers to coverage from others as well. Included are stories on network traffic control, the LinuxCare "Simply Supported" poster, keynotes, competing certification agencies, Zenguin, the homeless Pacific HiTech models, and more...

All is not perfect with Linux Expo, however. It is clear that the event is suffering somewhat from the competition from the LinuxWorld Expo. In particular, there was a significant amount of grumbling among the vendors on the exhibit floor. Many of them did not feel that they were getting the sort of interest that they had hoped for - especially from people who might actually end up buying things. This feeling contrasts strongly with that at LinuxWorld, where the vendors were ecstatic. Unhappy vendors is a dark omen for Linux Expo; it suggests that many of them might not be back next year.

Nothing is written in stone, but it seems unlikely that Linux Expo will be able to recapture its former position as the primary trade show for Linux. LinuxWorld has the funding, publicity and momentum at this point. Over the next year, LinuxWorld will bracket Linux Expo with two separate events, one on each coast. In the future, LinuxWorld will likely be the place where people go to see the glitz, make deals, and shake hands.

So where does that leave Linux Expo? The organizers of Linux Expo may want to consider adjusting their focus to take better advantage of their strengths:

• Linux Expo draws a higher level of technical content. Many of the talks were leading-edge and very good. The Extreme Linux events were worth the price of admission on their own.

• Linux Expo is a more community-oriented event. Consider the birds of a feather (BOF) sessions at LinuxWorld: they are few in number, all at one time, tightly controlled, and already set in stone for August. LinuxWorld seems explicitly designed to minimize the amount of unstructured interaction between participants - it is a highly scripted event. Linux Expo, instead, encourages informal gatherings and interactions; as such, it is a far better forum for organizing communities.

This all suggests that Linux Expo should aim at being the premier technical and community event for Linux. More technical content is called for - including perhaps a stronger set of tutorials and the addition of workshop sessions. Build on the success of the Extreme Linux track with more specialized, leading-edge tracks in the future, preferably without the registration surcharge. Finding a way to bring in development projects - which can not generally afford booth space - would be a great move. LinuxWorld may be the place you go to shake hands, make deals, and hear product pitches. Linux Expo can be where you go to find out what is really going on, participate in the process, and get your questions answered.

Responding to Mindcraft. Dan Kegel wrote in to report on performance improvements that have been in response to problems demonstrated in the Mindcraft report. "So far, three serious kernel performance problems that caused Apache to do poorly on Linux have been identified and partially resolved. Most recently, an SMP scaling bottleneck was found, and a three-line patch was posted that quadrupled performance on one test (erasing the SMP penalty)." More information is available.

What we are seeing here, of course, is that the yelling is done, for now, and the Linux community has gotten serious about fixing the problems that do exist.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News

There are a few such projects out there, most of which are in the embryonic state. Jon Lasser started things off with a description of a secure distribution project to be done as a project of SANS. His thinking at this point is to start with Red Hat's distribution and tighten security from there.

Alexander Kjeldaas pointed out a couple of obscure, older efforts to make a secure distribution. He also made the point that starting from a distribution like Red Hat is probably a bad idea; it is better to build a secure system from the beginning. In any case, enough of the system will have to be different that starting from an existing distribution does not necessarily buy much in the first place. Alexander gave a list of features a secure system would need to have, relying heavily on cryptography, capabilities, and other techniques.

Rik van Riel revealed that he is currently being paid to produce exactly such a distribution. Le Reseau netwerksystemen intends to create a high-security distribution, then to make its living through service contracts with users throughout northern Europe. They are still at an early stage, having not yet decided which distribution to start with, if any.

So it appears that such a distribution will exist before too long. The benefits should be widespread, since many of the features of a secure distribution will eventually filter back into other distributions.

Security Reports

Updates

Red Hat has announced a new set of Netscape packages that include version 4.6. Some of the 4.6 changes included security fixes, so they are recommending that all users install the new version.

Resources

How script kiddies work. Know your enemy III is a white paper put on by Lance Spitzner which describes just how script kiddies obtain root access on systems they are able to penetrate.

Hints from SecurityPortal. Here's a set of basic security tips for Linux put out by the folks at SecurityPortal.

Events

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Alan Cox has also put out 2.3.3ac3 with a separate set of small changes. Alan had originally said that the "ac" patches were going to go away now that 2.3 is active, but that does not appear to have happened yet.

The current stable release remains 2.2.9. There are a few reports of glitches with this version, but as a whole it has held up better than some of its predecessors.

Kernel hacker Theodore Ts'o is going to VA Linux Systems in June, as announced at Linux Expo last week. He will be working full time on file systems and other goodies for Linux.

SGI will be releasing their XFS file system for Linux under some (unspecified) open source license. See their press release for the details and hype. XFS promises to bring to Linux all kinds of "enterprise" capabilities that people have been asking for: high performance, large file support, journaling, etc. If all goes as expected, Linux will have acquired something good. Thanks are due to SGI for this gift.

Meanwhile, of course, work is proceeding on adding various capabilities to the ext2 file system: higher performance, large support, journaling, etc. Now that XFS is being dropped on our doorstep, does it make sense to go forward with this work? This question was asked on the kernel list this week, and was answered with a resounding "yes." Ext2 work should proceed, for a number of reasons.

For example, SGI has not yet said what license they will apply to the software. If the license does not play well with the GPL, XFS can not be part of the standard kernel. SGI still needs to pass through the code looking for patent and license problems; there is also the little detail of actually porting it to Linux. So it will be a while before we see any code. And if XFS requires substantial changes in other parts of the kernel, those changes have to be done to Linus's satisfaction.

Thus it has been predicted that a functioning, stable XFS in Linux is at least a year away. The ext2 work will be able to address needs far sooner than that. Ext2 remains, and is likely to remain the standard Linux file system (OK, it will probably be "ext3" when all the changes go in), and certainly development will proceed.

How to name USB devices? Development on the Universal Serial Bus drivers is reaching the point where developers are worrying about problems like: what name should a device on the bus have? USB devices are essentially anonymous things: they can come and go, and they can appear at different places in the bus topology at different times. So how do you manage to give the devices consistent names for the user?

A number of ideas were passed around, including somehow using devfs for this task. But Linus shut down the conversation by saying that the problem is essentially unsolvable and that there is no point in even trying. USB devices should just be assigned whatever name is first available when they are scanned by the kernel. It is not possible to do better than that, so there is no point in really trying.

For some sorts of devices, such as mice, Linus's preferred approach is to simply have a single logical device, even in situations where there are multiple physical devices. That, he hopes, will correspond best to what the user wants. For other devices (diskettes, printers, etc.) names are just assigned as the devices are seen. He states that the comings and goings of USB devices should be treated more like media changes than device configuration events.

There is not a consensus on this issue at this point, and there is talk of trying to somehow create consistent naming at the user level. In any case, the USB stuff is very young, so a lot of evolution is yet to happen.

Here's a useful resource: Linux 2.2 (mostly networking) is a web page dedicated to information about the 2.2 networking features. If you are looking for information on any of the many networking goodies included with 2.2, this page is a good place to start.

Other patches and releases of interest:

• Richard Gooch has released devfs v103.

• H.J. Lu has released knfsd 1.3.2.

• /dev/changer is a driver for CD changers which makes all of the discs in the device available in a virtual mode.

Section Editor: Jon Corbet

For other kernel news, see:

• LinuxHQ
• Kernel traffic

See also: last week's Distributions page.

Distributions

Debian

The consensus seems to be that a presence on the floor is important. A lot of people don't know what Debian is, and being there can help to change that. Nobody, however, was in favor of buying an IBM-size booth in the center of the floor... Maybe they could get Corel to help fund a presence in the future?

Chuck Peters will be the Debian liaison to the LPI certification program unless somebody objects strongly. Here's his posting on the subject. Debian would really like to see certification available free of charge, which does not quite fit with what the LPI is doing (they are aiming for as cheap as possible, but do not believe it can be free).

Reports from the Debian booth at Linux Expo were posted by John Goerzen. See his notes from Thursday and from Friday and Saturday. The Debian booth was a busy place...

A new Debian package manager is in the works which will eventually replace dpkg. Here is a pre-pre-announcement for the project; things are still quite vague at this point.

Debian will be probably adopting the Filesystem Hierarchy Standard (part of the Linux Standard Base) soon. Julian Gilbey, who is pushing forward the policy change, has posted a callfor people to start thinking about what changes need to be made to comply with the FHS, and how those changes will be done.

Policy moves. Joey Hess has posted the weekly policy summary describing current policy change initiatives and where they stand.

Enoch

Mandrake

But, in the end, can Mandrake survive as a prettied-up version of Red Hat? Some work on clarifying the goals and identity of this well-respected distribution seems to be in order.

Red Hat

Slackware

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Known Distributions:
Caldera OpenLinux
Conectiva Linux (Brazilian)
Debian GNU/Linux
Definite Linux
DragonLinux
easyLinux
Easylinux-kr
e-smith server and gateway
Independence
LinuxGT
Linux MLD (Japanese)
LinuxPPC
Linux Router Project
Mandrake
MkLinux
muLinux
PROSA Debian GNU/Linux
Red Hat
Slackware
Stampede
SuSE
Tomsrtbt
Trinux
TurboLinux
uClinux
UltraPenguin
XTeamLinux
Yellow Dog Linux

See also: last week's Development page.

Development tools

Perl

Perl in Cryptonomicon. Neal Stephenson's latest, Cryptonomicon, includes an encryption scheme called "Pontifex," and a Perl script which implements it. Both the script and an explanation of how the encryption algorithm works can be found at Bruce Schneier's web site.

Python

For Python GNOME hackers, new versions of gnome-python and pygtk have been announced.

Tcl/tk

Here is this week's Tcl-URL.

The Call for Papers for the 7th USENIX Tcl/Tk Conference has gone out. The conference is happening February 14-18 in Austin, TX; paper submissions are due by September 1, 1999. See the CFP for details.

A new version of Jacl and Tcl Blend has been announced. Mix your Java and Tcl like never before... See the announcement for more.

Section Editor: Liz Coolbaugh

Development projects

GNOME

GNOME-related releases this week:

• gnosamba 0.3.3, a GUI front end for Samba configuration. Formerly known as GtkSamba.
• gnome-libs 1.0.pre10, GNOME libraries. The real 1.0.10 release may well be out by the time you read this.
• GnomeICU 0.64, ICQ client.

KDE

Stephan Kulow announced that he has started work on a new speed/size optimization feature for the KDE configure scripts. Based on his preliminary analysis, this option has the potential to more than halve the size of the resulting binary as well as to significantly decrease CPU usage. Kurt Granroth has done a little analysis of his own.

KAbiWord. Andrew Wansink briefly announced that he has started work on a port of AbiWord to KDE.

This announcement sparked a little controversy, bringing about the realization that KOffice has been quite usable at several stages in the development, yet no interim user release has ever been made and the lone Freshmeat announcement dates back to last October. The fact that the KOffice codebase has now been ported to KDE 2.0 makes the matter of an interim release a little trickier. Fortunately for Debian users, and thanks to the formidable efforts of Ivan E. Moore II, debian packages for kde*-cvs and koffice-cvs will eventually be available.

A replacement for the Gimp? In light of various difficulties involved with a KDE interface for the Gimp, there is talk of developing a new easy to use and powerful image manipulation tool for KDE. Developers interested in such an effort should contact Michael Koch.

More KDE Quickies. In other news, the KDE team has made the move to the latest and greatest MICO 2.2.6; Bo Thorsen gave us this update on KodeKnight development; Antonio Larrosa announced and implemented a new controversial feature for Konsole and other applications: background transparency; Stephan Kulow declared -- and executed -- intentions of revising the KDE file hierarchy standards with an eye to enabling better compliance with the FHS; and finally, for a cheap laugh, you might want to see how aggressively the KDE developers have been porting over to QString in light of the Unicode support in Qt 2.0.

You, too, can own your very own KDE T-shirt with "Konqi" the dragon. See this page for details.

(Many thanks to Navindra Umanee for providing material for the KDE section).

Littlefish

Wine

Zope

Paul Everitt talked about Zope and venture capital at the Expo. Some coverage of the talk can be found in our Linux Expo coverage. The slides for the talk have also been posted on Digital Creations' web site.

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

• They aren't called Pacific HiTech anymore. Hereafter they will be known by the name of their distribution: TurboLinux. See this News.com article for more information. "'The company has grown out of its Pacific Rim roots,' said Lonn Johnston, vice president of TurboLinux operations in North America. 'We have larger plans and ambitions.'"

• IBM announced that it will "optimize" its DB2 database system for TurboLinux. DB2 will eventually be bundled with the distribution, and the two companies will work together on both sales and future development. IBM will also be providing support services for TurboLinux.

• They also announced the deployment of over 600 IBM Netfinity servers running TurboLinux at Kyoto Sangyo University.

A new Linux press release site. The folks at LinuxToday have launched a new site: LinuxPR.com. This site is dedicated to nothing but Linux-related press releases. Included is a submission mechanism so that Linux-related projects and businesses can submit releases without going through the regular distributors.

The fastest Java is on Linux. The latest Volano report is out. This report compares the network server performance of a number of different Java virtual machines on different platforms. The winner: TowerJ on Linux...

Tuxedo on Linux, finally. BEA Systems, Inc. announcedBEA Tuxedo and BEA WebLogic Server for Linux running on Intel Architecture servers. Tuxedo, in particular, has been long awaited by people building large distributed systems.

Fujitsu Software Corporation announced that it will launch C/C++ and Fortran development tools for Linux on June 30, 1999. These products expand upon Fujitsu's existing line of development tools for both the Intel and SPARC architectures.

More databases for Linux: Ardent Software, which has been hinting at a Linux port for a long time, has finally announced the upcoming availability of its UniVerse and UniData databases (though only for Red Hat 5.2). Shipping should start in June. (Thanks to Jerel Crosland).

StarOffice 5.1 is out. This release fixes the glibc-2.1 problems that prevented StarOffice from working on Red Hat 6.0 and some other distributions. It is also said to address some of StarOffice's performance and stability problems.

Software configuration management for Linux. Ede Development has announced the availability of its "AccuRev" software configuration management tool for Linux. One of the many Linux application gaps that draw complaints is software development tools; we are starting to see that area get filled in just like most of the others. $749 for a single-user license.

Press Releases:

• Penguin Computing, thin rack-mount Linux system.
• Corel, over 1 million download attempts for WordPerfect 8.
• Ebiz, high performance Beowulf cluster.
• e-smith, new reseller and development programs.
• internet.com LLC, acquisitino of MyDesktop network, including LinuxPlanet.com.
• Veribest, Inc., HDL tools available for Linux.
• WebTrends, WebTrends enterprise reporting server for Linux on the Red Hat 6.0 applications CD.
• Applied Information Systems and Business Logic Corporation formed a partnership to provide Linux applications. Their first effort is the XESS Spreadsheet for the Linux desktop.
• CRYPTOCard announced version 4.0 of its software token, the ST-1, is available and is now 100% Pure Java(TM) certified from Sun Microsystems. The ST-1 protects corporate networks by providing users with a unique, one-time password for each logon attempt. The ST-1 4.0 supports multiple platforms, including any Linux that supports the Java Run Time Environment (JRE) version 1.1.7 or greater.
• Cygnus Solutions, an open-source software development company, announced their Cygnus Professional Linux Developers Kit is available online to members of the Compaq Solutions Alliance (CSA).
• IBM announced that their Netfinity 3000 and 5000 servers have been certified for Caldera, SuSE, Pacific HiTech and Red Hat versions of Linux. The tests were performed by KeyLabs, an independent certification organization.
• IBM Deep Computing Institute announced open access to the source code for IBM Visualization Data Explorer(a), a software package used to analyze and create visual representations of data. Data Explorer will run on Linux systems and the source code will be available on May 26 at the Deep Computing Institute Web site.
• Killware is coming. Killware is a new novel by K. D. Kragen, dedicated to the Linux People's Revolution and Linux Users Everywhere.
• MTI Technology Corp. announced the Gladiator 2550 enterprise RAID data storage system, the first in a planned series of cross-platform, high-availability storage solutions designed for the Linux and Windows NT operating environments.
• ObjectShare announced VisualWorks Non-commercial 3.1 is available on the Red Hat Linux 6.0 application CD.
• Siemens Computer Systems announced the CELSIUS 420, CELSIUS 620 and 630 Intel-based workstations. CELSIUS workstations have been optimised for use with SuSE Linux.
• StarNet Communications Corp. announced a product that will allow Windows 98 users to run Unix and Linux applications in a multiple monitor Windows environment.
• Walnut Creek CDROM, Inc. announced that their software archive has surpassed the one terabyte milestone of files downloaded per day from a single server. The company is a supplier of the FreeBSD and Slackware Linux Operating Systems.
• Wise Solutions, Inc. teamed with Zero G Software(TM), Inc. to provide the InstallAnywhere(TM) family of software. InstallAnywhere can deploy software to multiple platforms, including Linux.

Section Editor: Jon Corbet.

See also: last week's Linux in the news page.

Linux in the news

• Network Computing has put out another one of those 'Is Linux ready for the enterprise?' articles. This one, however, is lengthy, reasonably well researched, and mostly positive. "Our findings? Not only is Linux ready for the enterprise, it currently occupies the enterprise--but not in the manner you might expect. Linux is not powering Oracle databases yet. It doesn't drive the financial services, and it usually doesn't sit at the heart of all system deployments. Instead Linux currently serves as the Swiss Army knife of networking." Worth a read. (Thanks to Mike Gerdts).

• Northwest Airlines is using Linux to run its new generation of flight simulators, according to this ComputerWorld story. "The Minneapolis company auditioned several vendors last year. Systems based on Microsoft Corp.'s Windows NT and IBM's AIX Unix were proposed, but [Northwest engineer] Aguglia and colleague Duane Sebens of Northwest's Hardware Engineering unit vouched for Linux as a choice capable of competing with more mainstream commercial operating systems."

• Lies, Damn Lies, and Benchmarks is the title of a Network Computing column trashing the Mindcraft report. "On Mindcraft's Web site, you'll find articles insisting that the company can't understand why the Linux community and others went ballistic upon learning that the tests were paid for by Microsoft and performed in its labs. The word clueless comes to mind. Mindcraft is now locked in a battle it can't win. The company is trying to save its name, but it's already lost on that point."

• The Washington Business Journal has run an article about free software with an emphasis on Zope. "'Zope is an excellent product, but its market niche is dominated by big players with deep pockets,' said Hadar Pedhazur, a principal in VIG who is also chairman of Digital Creations' board of directors. 'We couldn't outspend those companies. Going open source was a way of showing the world what the company can do in terms of innovation and ideas.'"

• Nicholas Petreley reviews Red Hat 6.0 on LinuxWorld. "I swear -- the people who created and customize[d] Enlightenment must be vampires. I've never seen so many dark, depressing color schemes, seemingly designed to make the text on the screen nearly indecipherable."

The Linux Expo got it's share of press coverage-

• Tech Sightings wandered the Linux Expo exhibition floor and was not entirely impressed. "The forlorn groups hidden away back on poverty row were Linux when Linux wasn't cool, and they, along with many other similar little bands, are why Linux is popular enough to attract IBM today. But every year, there are fewer non-profits at major Linux shows like Linux Expo."

• The (Raleigh) News & Observer ran this article about Linux Expo. Included is a nice picture of Jon Hall at the hot sauce challenge. "Some Linux companies declined to come to the Expo at all because of Red Hat's involvement. While listed as a platinum sponsor along with the German Linux distributor, S.u.S.E. Linux, and IBM, Red Hat also pays the salaries of the Linux Expo staff."

  See also this brief article about how Linux is tempting new users. "...more and more of us, as we upgrade to new machines, are going to start putting Linux on our older PCs to give it a trial run. Something tells me the Linux market hasn't even begun to take off."

Pacific HiTech has been in the news this week-

• Pacific HiTech is changing its name to TurboLinux, according to this News.com article. "'The company has grown out of its Pacific Rim roots,' said Lonn Johnston, vice president of TurboLinux operations in North America. 'We have larger plans and ambitions.'"

• InfoWorld covers the IBM/Pacific HiTech deal. "Terms of the agreement go beyond bundling DB2 and include optimized TurboLinux versions of IBM's WebSphere and other middleware products, which will be developed at a so-called virtual development lab."

Here are some articles about Linux in the business world-

• Network Computing reviews several web cache products. "Squid 2.0, a freeware solution, received our Editor's Choice award for its very flexible configuration, reasonable management utilities and superior performance." (Thanks to Michael Gerdts).

• Upside Today has an article about VA Linux Systems. "...as I surveyed the passing nameplates--Leonard Zubkoff, San Mehat, Mark Vojkovich, Geoff 'Mandrake' Harrison each a worthy banner recipient in the rafters of American Linux--it hit me that these names had marquee value. Each name represented a personal endorsement." (Thanks to "Chile Stew").

• The Australian Financial Review has an article about how IBM is adding the ability to run Linux applications to AIX. "'They're doing it in case one of the (Linux) developers comes up with a killer application,' said Bill Peterson, an analyst at Framingham, Massachusetts-based research firm International Data Corp." They also mention the TurboLinux/DB2 deal.

• CNN has an article about SGI opening up XFS. "So far, there are 24 flavors of Linux, none of which currently offer a journal file system, as opposed to all of the Unix vendors and Microsoft Corp., which do. According to analysts, the software is crucial for Linux in order to enter the corporate world, where reliability and 24-hour service are required."

• Computer Reseller News ran a brief article about SGI's plans to make their XFS file system available. "Silicon Graphics said its delay in offering Linux solutions has to do with operating-system limitations affecting the company's core technical computing base..."

• Here's a TechWeb article about the increasing number of Linux applications. "BEA Systems Inc. will offer a version of its Tuxedo distributed transaction processing software and WebLogic application server for Red Hat Linux 5.2. The move underscores how the Linux operating system is gaining mindshare in IT organizations."

• ComputerWorld covers the increasing number of development tools available for Linux. "A torrent of commercial application development tools is becoming available for Linux. But users said they aren't yet convinced that elaborate enterprise applications belong on the platform. And they said free tools fit the bill for smaller jobs."

• Wired News has an article about the 1 million WordPerfect downloads. "Corel, based in Ottawa, Canada, said that the number of downloads may be a sign of the growing use of Linux as a desktop environment." There are also notes about O'Reilly freeing up the Open Sources book, and about Atipa Linux Solutions, which is selling systems with VMWare installed.

• Here is an introductory article in Beyond Computing Magazine. "Open source is an attempt to set a new business model, one that would be more likely than the free software movement to attract a wide community of users. So far, open source has been very effective, enabling the creation of several successful open source products and businesses." (Thanks to David Andrews).

More on benchmarks-

• Here is a rather scornful article in WinInfo about the various "Linux vs. NT" benchmarks out there. "The controversial Mindcraft study--which showed Microsoft Windows NT 4.0 outperforming UNIX clone Linux by a wide margin--has been corroborated by PC Week and PC Magazine, which published the results of their own tests this week. And despite widespread disdain for the test within the Linux community, top Linux figures refuse to take place in a retest. It all adds up to an obvious conclusion: The truth is out there."

  There is actually a followup column by the same author, written after he had a conversation with Jeremy Allison. "...I've always said that Linux represents the most obvious threat to the Windows monopoly that's ever existed. I stand by that claim today, for both the desktop and the server." (Thanks to Paul Hewitt).

There are a variety of articles along the lines of Linux vs. Microsoft-

• Microsoft's "Linux evaluation" team is the subject of this article on Yahoo's UK site. "Microsoft remarks about Linux have become more pointed since August, when an internal memo suggested that it had reached a quality comparable to commercial software. Chairman Bill Gates, for example, recently characterised Linux as useful only for specialised computers." (Thanks to Bill Bond).

• Here's a News.com article about Microsoft's new "evaluation team" for Linux. "Though Linux has its fans and detractors, it's hard to deny that the Unix-like operating system is changing the computer landscape." (Thanks to Conrad Sanderson).

• Micosoft's plans for responding to Linux are the focus of this ZDNet article. "'When a competitor reaches a certain threshold, Microsoft starts to pay attention,' says Tony Iams, an analyst with D.H. Brown, a Port Chester, N.Y., consulting group. 'Linux has clearly reached that point.'"

and finally-

• ZDNet has run an article by Evan Liebovitch about Red Hat's price increase. "The Red Hat price boost is also helping the other Linux distributions, since it's causing Red Hat users to consider alternatives."

• Inter@ctive Week covers the linux.com debut. "Linux.com made its debut at 8 p.m. Tuesday and had 100,000 visitors in its first 30 minutes of existence..."

• The LA Weekly has a long article about Eric Raymond. "In the last year, this boyish-looking, unemployed 40-year-old who lives in a small Pennsylvania town has become, arguably, the most important voice in an exploding movement among businesses and engineers." (Thanks to Declan Malone).

• The BBC has an article about GNOME, including some dialog with Miguel De Icaza. "I don't think KDE has a future at this point, it's not completely free yet and it's bound to a single programming language in Unix." There is also some discussion of Richard Stallman and Tim O'Reilly. (Thanks to Alistair J Gunn).

• This week's UK Computing Magazine has a number of references to Linux, forwarded to us by David Killick:
  • Gnome paints a new face for desktop Linux
  • Novell goes native with Linux NDS
  • Sun helps Linux to run on Solaris
  • Linux takes a bite out of Apple
  • HP uses open source license for latest software technology

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

Are you a Gimp artist who would like a place to showcase your work? Or do you know such a person? Michael Hammel at TheGimp.com is looking for nominations for the "Artist of the Month." Here is a good chance to show off a bit; check out the requirements and send in the info if you're interested.

Events

Also on June 5 will be an installfest in Tübingen, Germany. Once again, see the announcement (in German) for more information.

For a retrospective on the South African Computer Faire '99, and the presence Linux had there, see The Linux Professional Association's site. This event was "the first time that Linux made a significant showing at any trade show in South Africa."

Stephen Adler has put up a detailed writeup of Donald Becker's talk to the New York LUG on May 19.

Web sites

User Group News

A Linux user is interested in setting up an Oahu LUG. Check out his note if you are interested in signing up.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

Linuxports.com is dedicated to commercial ventures with Linux in general. More specifically, it is the home for the Linux Consultants, Commercial, and VAR HOWTO's. The site has been recently reworked with an easy submission mechanism for those wishing to be listed in the appropriate HOWTO.

Section Editor: Jon Corbet

Letters to the editor

Date: Sun, 23 May 1999 22:49:08 +0200 (MET DST)
From: Tomasz Motylewski <motyl@stan.chemie.unibas.ch>
To: lwn@lwn.net
Subject: The Free Software Basaar


On the page: http://lwn.net/ you have
written about The SourceXchange and Cosource.com

But I feel that you should have mentioned an already working
institution of this type:

The Free Software Bazaar
http://visar.csustan.edu/bazaar/

I have been envolved in one of its projects, and I must say it was
great.

Best regards,
--
Tomasz Motylewski

From: schwarzma@healthpartners.com (Michael Schwarz)
Subject: PGP correction
To: editor@lwn.net
Date: Mon, 24 May 1999 14:15:22 -0500 (CDT)

I wrote a letter that was published in last week's LWN.

A number of people wrote me and LWN to correct what I stated.
While I was correct that PGP uses an RSA (of anywhere from 512 to
4096 bits) public/private keypair to encrypt a 128-bit IDEA
session key, I was dead wrong that an attacker would concentrate
on breaking the 128-bit key.

Why?

Two reasons.

1)	A 1024-bit RSA key is much easier to crack than a 128-bit
	IDEA key.  Why?  Because the attack on the RSA key involves
	trying pairs of primes.  The size of this problem is
	is *smaller* than the problem of trying every 128-bit key.
	A nice summary of the issues can be found at:

	http://axion.physics.ubc.ca/pgp-attack.html

	I've let this be a lesson to me.  Don't think because you
	know a little that you know it all!

2)	The second reason is that recovery of the public/private key
	pair gives you not just the one message, but every message
	encrypted with that public/private key pair.  Obviously, this
	is the holy grail.


For the record, a 128-bit key has 

    340,282,366,920,938,463,463,374,607,431,768,211,456

possible values.  My comment about "decades" was modest.  Further,
cracking IDEA isn't helped by TWINKLE.  TWINKLE speeds up the factoring
of primes, not part of the problem in cracking IDEA.

My thanks to the several people who e-mailed me to correct my
errors.  I just wanted to set the public record straight myself and
direct those people with questions (like me!) the above URL which
summarizes the issues neatly.

-- 
Michael A. Schwarz			| "If God had meant for man to
msNOchwarz@sSPAMherbtel.net		| walk, he would not have invented
					| roller-skates" - Roald Dahl
--------------------------------------------------------------------------

From: Matthew Benjamin <MBenjamin@comshare.com>
To: "'editor@lwn.net'" <editor@lwn.net>
Subject: KDE Wars Again?
Date: Tue, 25 May 1999 11:17:53 -0400


Miguel de Icaza's remarks about KDE were unfortunate.

GNOME has made great progress over the past year--moving, to be blunt, from
a promising kit Nick Pretreley couldn't get to work on his machine (around
February, 1999) to an environment he prefers (May, 1999).

From where I sit, though:

1. KDE has a very bright future.  It is the default desktop for, IIRC, at
least 5 packaged Linux distributions and the Corel Netwinder.  The
appearance that Miquel is not aware of this does not add to his credibility
as an OSS guru.

2. From a software engineering perspective, QT/KDE are very well designed.
I do see GTK's easy binding to many languages as a major strength--the best
purely technical reason to use it, in fact.  But it is not one that take
away from QT/KDE--far from it.  Miguel's apparent belief that implementing
in C connotes software quality--or even makes up for poor or uneven
implementation quality--does not add to his credibility as a software
designer.  GTK/GNOME's greater flexibility is one of _it's_ strengths, but
is not thereby a _weakness_ of QT/KDE.

3. From a user-interface design perspective, KDE is very well done.  It
merges ideas from many desktop enironments into a seamless whole that is
very ergonomic and effective.  At least one reviewer has said he prefers it
to the Macintosh.  The QT/KDE toolkit makes stable and visually consistent
applications very easy for novices to create.  Since KDE allows--but does
not require--a very Windows like UI style, the attractiveness of Linux/UNIX
to current Windows users is greatly enhanced--no small advantage to the
entire OSS enterprise, in my view.  

4. QT/KDE has been declared free by the maintainers of the Open Source
Definition, and OSI.  The KDE framework itself is fully GPL'd and LGPL'd.
No one is helped when the leader of one Open Source project lets himself be
quoted saying his Open Source competitors "aren't really free."  (I believe
that this violates a basic rule of Open Source etiquette, though I am not an
OSS anthropologist, and cannot make proclamations like this.)

5. The QT/KDE team has shown great leadership.  I think any fair reading of
history gives them credit, at the LEAST, with showing that a new,
from-scratch, world-class, UNIX user interface could be done at this late
date, and, most importantly, that it could be done as Open Source software.
No one can take that away from them--and I think it is unseemly to try.

6. I don't think that KDE developers engage in this kind of trash talk about
GNOME developers, quite the opposite in fact.  What motivates this behavior?
I'm sorry, I don't understand.  GNOME spokespeople should focus on
developing and documenting the strengths of their own approach (which are
many), and should be generous to their KDE competitors.  


Matt Benjamin


  


 

Date: Thu, 20 May 1999 11:36:52 -0400
From: Walt Smith <waltech@bcpl.net>
To: letters@lwn.net
Subject: the mindcraft challenge

Hi all,

I'm an occassional Linux user, not a developer.
I have gradually become educated in Linux and have
installed several systems and configured several
server/application tasks. I've also done the same
with Windows.  I agree that Linux may not be quite
truly ready for the desktop (at this time) and makes
a dynamite server.  That being said for perspective......

I like Linux as an alternative to MS for many tasks
and use both (win95).  Today, I read the
MS/Mindcraft challenge linked  by lwn.net.

It reads like a Clinton/Milosovic pamphlet.
(sorry- with the Kosovo thing, and having
read the Clinton transcripts, it seems
appropriate).

No matter the validity of a retest, the "results"
posted by Mindcraft will be way out of proportion.
Frankly, the way the challenge is written (along with
the comparison list of the previous test), it appears
the audience is a 3rd world country - or those souls
who are extremely limited in use of the OS's. Possibly
housewives or gardners who have zero interest in
such matters?  (corporate managers?) It looks to
me to be written by a plain huckster.  There is a
line between good solid American salesmanship
(with normal exuberance) and hucksterism.

While there was much I take exception to, I cannot
factually object on many technical items because of my
lack of direct experience. However, the statement that
"Linux" is slow to respond to the challenge is something
that I can't let go.  "Linux" did respond by instantly rejecting
the results of the test, asking for a another test, and stating
the conditions, which sound quite reasonable to me.

Simply because a date wasn't instantly agreed to -
(did Mindcraft propose a date?) doesn't mean that "Linux"
(implied- Linux Community) is slow.  It means the
challenge was issued to no one in particular at no particular
time.

LWN is correct - it's a trap; but an obvious one with
pure, biased, self-serving marketing propaganda and
attending publicity as the objective.  Marketing does
work, but in a free society such as ours, really
bad tasting soup that sells during the first few weeks
it's advertised eventually has no more buyers.

Untruthful unadulterated propaganda has a habit of
backfiring.

regards,

Walt Smith, Baltimore

Date: Tue, 25 May 1999 18:08:52 +0100
From: Aaron.Trevena@msasglobal.com
Subject: more flaws in NT v Linux pieces
To: thurrott@wugnet.com 

Paul,

Both PC week and PC magazine are more used to NT as they are from a 
PC/Home environment and don't really have the experience in servers 
that say Byte or Performance Computing have. The reporting style alone 
is as poor as the glossy ComputerAd's magazines, it is hardly in the 
same league as professional Journals.

This is shown even more clearly by a total lack of understanding when 
implementing the dynamic content benchmarks. Comparing threaded server 
extensions like ISAPI or NSAPI are totally different to CGI.

Linux and Unix have a variety of Servers but Zeus and thttp the 
renowned fastest web servers were not included in the test, while 
Apache have always made it clear that the aim is - sufficient speed to 
do the job well while providing reliability and extendability that IIS 
and other commercial servers cannot offer.

Zeus provides ISAPI support as well as a huge speed increase over 
Apache, yet this isn't even mentioned.

Not only were applications and servers missed out but even the most 
obvious unix's. SGI's IRIX is known to outperform NT using SAMBA, but 
wasn't included. Net/Open/FreeBSD the 'other' free unix (with original 
UNIX heritage) is not mentioned and neither is BSDI the high end 
commercial BSD unix designed exactly for networking and webserving.

The e-commerce tests were a joke comparing completely different 
techniques and systems. PHP, Zope, Chillisoft, EJB, oracle, db2 none 
of these were included in the tests but these are what professional 
application developers use.

Mod_perl - the Apache perl module that provides high speed perl cgi 
was not included nor velocis its commercial cousin.

The tests were poorly researched and ran for only 4 hours, Web uptime 
for UNIX is measured in hundreds of days so 4 hours is of very little 
value - what happens when arcserve on NT crashes and you are given the 
choice of rebooting NT or risking no backups -  I have seen it happen 
where I work. It would have been useful to see how well the machines 
were doing after 45 days, or 100 days with that consistant load.

The problem with journalists familiar with windows is that they don't 
know enough about UNIX or open source to do the right research (if at 
all), and Linux and OSS advocates have to point out the obvious to 
them. But then the readership of these magazines as well as the 
advertisers all of whom have a lot riding on NT want to hear how good 
it is and how they made the right choice.


With gaping holes and skewed facts that rather then being reported 
objectively by professionals, are crowed about when the magazines 
prefered vendor does well and whispered when they don't (see how it 
isn't mentioned outside of the numbers themselves how Solaris 
outperforms NT, or how SAMBA beats NT when serving NT clients in 
comparison to headlines screaming that NT is faster then Linux when in 
fact IIS on NT serves some types of webpages faster than Apache on 
Linux depending if you have expensive enough hardware and run 
different types of test - ISAPI v CGI) it is hardly surprising when we 
kick up a storm about it.

Aaron Trevena. 
Intra/Internet Developer & System Administrator (AIX,NT,LINUX)

nb: your reply would be much appreciated, this has been cc:ed to Linux 
Weekly News.

Date: Fri, 21 May 1999 12:59:20 +0100
From: Charlie Stross <charlie@antipope.org>
To: letters@lwn.net
Subject: On copyright, free software, and being Restrictively Unrestrictive

There's something of a row going on at present over the ideological or
political trappings of the FSF, and specifically the GPL. Various people
have been throwing accusations around ("Richard Stallman is a communist",
for example). Others are saying that the GPL is restrictive and is an
attack on non-open-soure software.

I think these people are completely missing the central point.  The free
software movement is like the little boy standing by the parade, pointing
at the Emperor, and shouting "but he isn't wearing anything!" The emperor
in question is, of course, our current notion of intellectual property.

Let's go and take a peek through the wonderful cinemascope time-viewer,
and replay some interesting bits of history,

Back before the Gutenberg revolution, if you'd suggested the concept of
copyright to anyone who was literate they'd probably have stared at you
as if you were mad. Copying information was a highly labour-intensive 
operation: a mass market for duplicated texts simply didn't -- and
couldn't -- exist. 

Patents -- or their forerunners -- existed, in the form of royal grants
to some individual or guild to have exclusive ownership of some tool or
mechanism for production, and the guilds had their secrets, but the
legal basis for ownership of trade secrets was different from the basis
we understand today: you owned one because the King said he'd hang
anybody else who muscled in on your turf (as long as you behaved
yourself and paid your taxes). The contemporary explanation of patent
rights would be incomprehensible, because the concept of a society based
on a social contract and mutual observation of rights didn't exist: there
was no mechanism whereby society (or its legislators) could agree to
grant rights to inventors in order to encourage their creativity.

Let's hit the fast-forward button a bit, and take the leap into the age
of enlightenment -- post-printing-press, post-monarchical. 

Duplicating texts had become a problem by the nineteenth century. Earlier
solutions included licensing printing presses, but in a society that
encourages free speech there's no obvious justification for that. A
situation arose where any aspiring novelist who published a book would
be vulnerable to unscrupulous printers copying their work and re-selling
it, pocketing the profits that accrued. Mass literacy brought its own
new social problems.

The solution to this problem was the idea of copyright; that the author of
a work had the power to grant a right of copying over it. A sensible
and moderate solution within the context of the time, because printing
presses were big and pirate printers could be tracked down and sued in
civil court.

A similar approach was taken to inventions; it was merely common sense
that an inventor who came up with a genuinely new innovation should have
the right to reap some profit from it before carpetbagging imitators
duplicated the idea and swamped the market. Patents originally were a
sign of progress; by protecting inventions they made it feasible to
publish details of them, rather than trying to maintain the secrecy
surrounding them. This in turn encouraged a climate of invention.
Secrecy, as we should all know, is one of the enemies of progress.

And now let's hit that fast-forward button again and jump all the way
to the present day.

The concept of copyright has been over-extended. From protecting an
individual author's rights to their work, it has been extended to
protect vast corporations. From covering published books and pamphlets
that some individual slaved over, it now covers what a Marxist economist
would call alienated labour -- the capital accumulation of information.
By extending copyright seventy years after the author's death our
legislators haven't done anything for their surviving families, but have
taken a large chunk of our common cultural heritage and handed it over
to faceless corporations who can dole it out on a commercial basis. By
extending copyright cover to music, the legislators have granted new
rights: the music industry in turn is concerned with constructively
extending their copyright in such a way that the consumers pay per
performance, rather than paying a one-off purchase fee related to the
recording medium. And so on.

The patent laws have also been shown to be defective. Software patents
run for the same 20-year period as normal patents: but in the febrile
world of software, 20 years covers as many generations as 75 years in
the automobile industry or 250 years in the construction industry.
Meanwhile, patent agency staff who are manifestly untrained for the task
grant patents on inappropriate inventions and things which simply are
_not_ inventions, such as the algorithms underlying public-key
encryption. By granting patents on mathematical principles, they are
hampering the growth of the industry rather than fostering it; it's as
if they had allowed some company to patent the refractive index of glass
and claim royalties from any other company producing materials that
shared that physical characteristic.

And so, we come to the free software movement: loudly declaring "but
your whole idea of copyrights and patents and selling something that can
be copied freely is a load of crap! Charge for support and services,
make the software itself free, and you won't have to deal with these
internal contradictions!"

Well, time will tell. Personally, I think the answer is a thorough
overhaul of copyright and patent laws, drafted not from the point of
view of the big multinationals (who want to be able to copyright
database schemas and patent mathematical theorems if it helps them make
more profits) but from the point of view of the original agreed social
goals -- to protect the writers (and programmers, and musicians) from
plagiarism, and to encourage the inventors to keep inventing and raising
our standard of living.



-- Charlie Stross

   (Linux columnist, Computer Shopper (UK))