Other stuff:
Contact us
Archives/search
Calendar
Linux Stocks Page
Daily Updates

Recent features:
- Gaël Duval interview
- LinuxWorld
- Touchphone
- Linux Expo Paris
- Red Hat's IPO filing
- Eric Raymond interview
- Linux Expo '99
- Review: Red Hat 6.0
- The Mindcraft Report
- BitKeeper - not quite open source
- Alan Cox interview
- 1998 Timeline

Here is the permanent site for this page.

Leading items and editorials

However, freely distributable and exportable is not necessarily the same as DFSG-compliant. Debian developers found several sections of the DNSsafe license restrictions that violated the DFSG. In particular:

The DNSsafe software cannot be used or distributed separately from the BIND software. You only have the right to use it or distribute it as a bundled, integrated product.

The DNSsafe software can ONLY be used to provide authentication for resource records in the Domain Name System, as specified in RFC 2065 and successors. You cannot modify the BIND software to use the DNSsafe software for other purposes, or to make its cryptographic functions available to end-users for other uses.

If you modify the DNSsafe software itself, you cannot modify its documented API, and you must grant RSA Data Security the right to use, modify, and distribute your modifications, including the right to use any patents or other intellectual property that your modifications depend upon.

Essentially, though, the wording of the license is not the issue. As opposed to the rest of BIND, the DNSsafe code itself is simply not free software. Due to the US patent held by RSADSI (now Security Dynamics), any implementation of the RSA algorithm used in the US is subject to RSADSI's patent claim. The license makes it useable and redistributable for both commercial and non-commercial activities, but not part of the wealth of truly free software.

How should this be handled? Well, Debian developers apparently initially contacted ISC and got the impression that nothing could be done about the issue. However, when we passed on David Conrad's comments that creating a branch of BIND that did not contain the RSA code might still be an alternative, they were very interested. This sounds like the best possible solution to the problem, since Debian developers are willing to lose some functionality to keep the software they use totally free. Now we have to wait to see if such a code branch is technically feasible for ISC to create and maintain.

It is in all of our interests to have BIND, which is such an important piece of software for Linux within the Internet, remain both well-maintained and free, at least in some incarnation, without having to wait more than a year for the RSA patent to expire.

SCO strikes again. SCO may have been making friendly noises regarding Linux recently, but, according to this page on X/OS, they are up to the same old stuff in Europe. Here, X/OS dissects a bulletin sent out by SCO in Belgium, the Netherlands, and Luxemburg which attacks Linux in many ways. An interesting read. For example:

• "Linux at this moment can be considered more a play thing for IT students rather than a serious operating system in which to place the functioning, security and future of a business. Because Linux is basically a free-for-all it means that no individual person/company is accountable should anything go wrong, plus there is no way to predict which way Linux will evolve."

• "Currently there are over forty distributions of Linux competing with each other and as a result there is no single standard. Potentially, this means that software written for one system will not work on another. Therefore it makes more sense to buy a commercial operating system like UnixWare or OpenServer."

Red Hat's SEC-mandated silent period is now over. They immediately came out with a set of announcements, which are covered within this issue of LWN on the Distributions and Commerce pages.

LWN was able to get an interview with Red Hat's Donnie Barnes. The discussion wandered over such topics as what will be done with Red Hat's pot of money, how they view "value-added" derivative distributions like Linux-Mandrake, the community stock offering, and more.

Is Sun/StarOffice good for Linux? Bruce Perens raises concerns about StarOffice in this editorial. "Could Sun be building ammunition for its next war? StarOffice may also be an attempt to gain long-term control over the Linux desktop market. By releasing an almost-Open-Source office suite, Sun may be attempting to reduce the demand for an entirely-Open-Source office product."

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News

• TechWeb
• CNN
• Wired News
• Christopher Young, Linux Enthusiasts and Professionals, Florida

For a relatively balanced reaction, check out this editorial from NTBugTraq editor Russ Cooper. While willing to accept Microsoft's response, he points out that the fact that the second key exists makes the system highly insecure.

In theory, you create your own CSP to replace Microsoft's supplied CSP (implementing whatever you wanted in it, say boosting 40-bit to 128-bit), modify the second key to one of your own, install your CSP over Microsoft's, and fire up any application that uses CryptoAPI. The signature will fail Microsoft's verification, pass yours, and everything should work as if you had a U.S./Canadian version.

Fortify for Windows NT (I'd sure love to see that implemented, anyone up for the challenge?)

It also means the encryption you use on your system could be compromised in the same fashion, assuming it relies on CryptoAPI (hasn't this been called for by the U.S. President's commission?).

Lest open source be considered a panacea for all security problems, though, remember both the number of security bugs that continue to be found and fixed in open source software, such as those reported this week. It is good to have the source, it is good to find and fix bugs, but that is not always enough. For another take on the issue of trust, check out this article by Ken Thompson in 1995 [Thanks to Dave Stevens].

On the side of the conspiracy theorists, it is interesting to link up this week's disclosure with this Wired News article, first mentioned in our May 20th Security Summary, where a report to the European Parliament's Science and Technology Options Assessment Panel (STOA) mentions a possible backdoor in Lotus Notes and other software, introduced in cooperation with the NSA. Whether or not you believe the rumors of backdoors in commercial software, it appears that high level officials in Europe are certainly willing to give them credence.

Security Portal featured an article on Secure Linux Distributions this week. They give brief summaries of the work currently going on with kha0S, Secure Linux and Bastille Linux, talk about the differing goals of the distributions and happily mention that Secure Linux, based on Debian, and Bastille Linux, based on Red Hat, will be coordinating with each other.

Security Reports

For the longer term, it seems the ProFTPD may have a rocky future. It has a new maintainer, which is fine, but there are apparently some concerns that the design of ProFTPD is such that securing it is not going to be an easy task. ProFTPD has such a rich feature set, though, that people are likely to take on the task anyway.

RH 6.0 shadow passwords. Under Red Hat 6.0, locking and then unlocking an account with the "passwd -l user" and "passwd -u user" commands can result in the addition of a control character to the end of the password field in the shadow password file. Red Hat has acknowledged the bug and Mihai Ibanescu has posted a patch for it.

Dynamic DNS is vulnerable. Although a note to this effect was posted this week to Bugtraq, it should be noted that Dynamic DNS is known to be inherently insecure and always has been. Solutions are underway, but not yet available. If you are concerned about security, avoid Dynamic DNS for the present.

Commercial software vulnerabilities. A problem was reported with the WatchGuard Firewall default configuration.

Updates

• Caldera
• Debian
• Red Hat
• Yellow Dog
• SuSE

They also provided an update for the vulnerability in amd. See last week's issues for details on that.

Red Hat has announced an updated set of XFree86 packages for the 4.*, 5.* and 6.0 distributions. This update includes some security fixes, and should probably be applied.

Resources

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Debian Alerts
Red Hat Errata
SuSE Announcements

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.12. Some problems are still being reported with this kernel - in particular, there still appears to be a memory leak problem that tends to turn up on systems running inn. As of this writing, the developers are still trying to chase that one down.

Trouble with 2.2 - sort of. In the August 19 issue of LWN we reported that RAID 0.90 was being folded into the 2.2.12 kernel. A week later we had to update that report and note that the RAID patches had been pulled back out. Why? Too many people objected to such a large change - which requires new user tools - going into a stable kernel minor release.

Now it appears that the NFS server patches will suffer a similar fate. These patches, developed by H.J. Lu and others, are absolutely necessary for sites doing serious NFS service with Linux systems. Heterogeneous environments, in particular, frequently turn up problems with the stock 2.2 NFS server. The patches add no new functionality, they just make the server actually work. But they require recent versions of the user space tools.

Serious users of both RAID and NFS have been applying these patches by hand for as long as they have been using the 2.2 kernel. A number of distributions also ship versions of the kernel with the patches applied. The natives on linux-kernel are starting to get restless. These patches are considered necessary by many just to get a working system. Why do they not find their way into the mainstream kernel?

There seem to be a few problems here:

• The 2.2 kernel shipped too early. Given just how long we all waited for that kernel, it may seem a bit strange to say that it should have taken longer. But the point is that 2.2 shipped with certain capabilities - such as NFS service - in an essentially nonworking state.

• It did not help that NFS was without a maintainer for much of the 2.1 series.

• The Linux user community is increasingly intolerant of disruptive changes in the middle of a stable kernel series. Minor updates to a stable kernel are supposed to just work. Given the environment out there, where an occasional kernel security problem is bound to turn up and require fixing, this point of view can not be ignored. People who are using Linux systems to get real work done do not want to have to go through a disruptive upgrade just to close a hole.

It thus seems that stable kernels, increasingly, will have to remain truly stable. Even important changes get blocked out at minor release time.

So how does the kernel make progress in this environment? The recipe would seem to be more frequent major releases, each of which contains a rather smaller set of changes. If stable kernels are truly stable at (or shortly after) their release, and a new release is not more than two years away, people can calmly wait for larger changes to be integrated.

The 2.3 feature freeze, first promised for almost a month ago, still has not been announced. If a 2.4 release - which can contain working RAID and NFS implementations - is to happen before the end of the year, this freeze needs to happen soon. If it's not already too late.

Big memory and Raw I/O. LWN first reported on the "big memory patch," which allows Intel-based Linux systems to address up to 4GB of memory, back in the August 19 issue. This week Siemens and SuSE, the sponsors of that development, issued a press release announcing the patch and pointing out that it got included into 2.3.15.

There is a remaining loose end or two, however, with the big memory patch. In particular, it breaks Stephen Tweedie's raw I/O patch, which was also recently added to the development series. The raw I/O patch allows data to be transferred directly between user-space buffers and a device. There is an obvious performance gain in some situations, since a copy through the kernel's buffer cache can be avoided.

Just as important, however, is simply avoiding the cache altogether. Caching some kinds of data is wasteful, since there will not be another need for it. Rather than improving performance, caching of such transient data has only the effect of forcing out everything else, leading to a sluggish system. Anybody who has had to wait for the window system to respond after a large program build or file copy has seen this mechanism in action. Caching can also be a problem when disks are shared between more than one system.

Why is there trouble with raw I/O in particular? It seems that quite a few devices out there are unable to address high memory - memory above 2GB. Attempts to tell such devices to move data to or from high memory can result in total failure at best, and a corrupted system is a distinct possibility. The kernel is careful to keep its own buffers in lower memory so that this sort of problem does not arise. But raw I/O uses user-space buffers, which can end up anywhere. For this reason, the big memory patch currently disallows any sort of raw I/O to high memory.

The solution in this case appears to be "bounce buffers." A bounce buffer is a kernel-space buffer which lives in low memory. When I/O is requested to a high memory page, and the device can not handle it, an intermediate copy is made via the bounce buffer. This technique defeats the "zero copy" aspect of raw I/O, but preserves the other advantages. It can also be implemented so that bounce buffers are only used when they are truly needed. A proper implementation with bounce buffers should not only solve the raw I/O problem, but it should also allow the page cache to exist in high memory.

Finally, when the day arrives that more than 4GB of memory can be supported, bounce buffers will become even more necessary. A lot of PCI devices out there do not handle 64-bit addressing and will need help at that point, even if they currently work with high memory. (Thanks to Stephen Tweedie, whose linux-kernel messages were ruthlessly plundered for this article).

A few other patches and updates released this week:

• Mikael Pettersson released version 0.6 of his performance monitoring counters patch; this version includes support for the AMD Athlon processor.

• Devfs v120 was released by Richard Gooch.

• David Skingsley released a Kallisto GPS card driver.

Section Editor: Jon Corbet

For other kernel news, see:

• Kernelnotes
• Kernel traffic
• Kernel Newsflash

See also: last week's Distributions page.

Distributions

Caldera

As might be expected, since the Lizard installation program was first introduced with 2.2, a lot of improvements to it come with 2.3. They promise auto-detection of almost every video card and many sound cards as well. Untended installations are also now supported. RAID support and Wine, for running Windows binaries, have been added to the base system.

The Lizard installer is now available for download, according to this announcement. Interestingly, they have chosen Troll Tech's QPL as the license for this software.

Debian

What needs doing before the freeze for Debian 2.2? Chris Lawrence, with some assistance from Martin "Joey" Schulze, discusses the major issues, outlining 10 goals for the latest release at the same time. His outlook is optimistic: "We're not in anywhere near as bad shape as when slink froze... we have working CD scripts, boot-floppies that sorta-work. We even have console-apt for the people who hate dselect. What's not to love? :-)"

GnuPG is coming. GnuPG is a free implementation of the OpenPG standard. Now that GnuPG 1.0 has been released, expect Debian to move quickly to using it for handling developer signatures. The use of PGP, non-free software, for this purpose has been a problem for developers outside the United States. In addition, of course, it has been irritating to Debian developers to have to use non-free software for such a critical function ...

A volunteer is needed to put together the release notes for the next version of Debian. Bob Hilliard posted a note indicating that he won't be able to do them this time around and asking for help.

For more Debian News, check out the Debian Weekly News for September 7th.

Mandrake

Red Hat

LWN labs tried to install Lorax on one of our sacrificial machines. The following should be regarded as a set of first impressions rather than a proper review...

• The Lorax announcement makes a big deal of the "Anaconda" installer. Those expecting something new and different will be disappointed, however; it's the same old Red Hat installation process with a few tweaks. One would think they could at least come up with a less gaudy color scheme... [Update: it turns out that Anaconda hides from FTP installs. We'll do another test soon in a mode that Anaconda likes; watch this space for more].

• An FTP install from a local server was performed. The installation, despite lots of nice autodetection later on, still requires that the network card be explicitly identified for network installs.

• For the canned configurations, there are now "GNOME workstation" and "KDE workstation" options.

• Fdisk is gone - the installation throws the user, willing or not, directly into DiskDruid. "Expert mode" might still provide fdisk - we did not check.

• The installer presses you to create at least one user account at installation time, though it appears to be happy if you bypass it. Pushing new users toward using a nonpriveleged account is a good thing, but people integrating Red Hat systems into existing networks will typically have no use for this step.

• There's a few new packages. We noticed things like cdrecord, freetype, gsl, heartbeat, jikes, the Padl LDAP modules for PAM and NSS, a bunch of PostgreSQL add-ons, xmms, and others. The other thing we noticed: the F1 option to get a package description during the selection process appears not to work.

• All of the questions are now asked before the package installation begins.

We would love to talk about how the system worked after installation. Alas, the install process put up a Python error about halfway through the package installation and quit. As, perhaps, a bit of deliberate whimsy, it printed "It is now safe to turn off your computer" on its way down.

Our summary: Lorax appears to be a minor upgrade to the 6.0 release; there is little in the way of breathtaking new features. Which is proper, after all, for a minor release. Once the rough edges are smoothed down, it should be a suitable successor to 6.0.

Slackware

SuSE

The ftp version of SuSE 6.2 has been announced. Mirror sites for downloading the distribution are also listed, though a quick check of the mirror sites indicates that the listing is not entirely up-to-date and 6.2 is not yet available on all the mirror sites.

Yellow Dog

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Lists of Distributions
Kernelnotes
Woven Goods
Known Distributions:
Apokalypse
Bad Penguin Linux
Bastille Linux
Best Linux (Finnish/Swedish)
Black Cat Linux (Ukrainian/Russian)
Caldera OpenLinux
CCLinux
Chinese Linux Extension
Complete Linux
Conectiva Linux (Brazilian)
Debian GNU/Linux
Definite Linux
DLD
DLite
DLX
DragonLinux
easyLinux
Enoch
Eridani Star System
Eonova Linux
e-smith server and gateway
Eurielec Linux (Spanish)
eXecutive Linux
floppyfw
Floppix
Green Frog Linux
hal91
Hard Hat Linux
Independence
Jurix
Kha0s Linux
KRUD
KSI-Linux
Laetos
LEM
Linux Cyrillic Edition
LinuxGT
Linux-Kheops (French)
Linux MLD (Japanese)
LinuxPPC
LinuxPPP (Mexican)
Linux Pro Plus
Linux Router Project
LOAF
LSD
Mandrake
Mastodon
MicroLinux
MkLinux
muLinux
nanoLinux II
NoMad Linux
Peanut Linux
Plamo Linux
PLD
Project Ballantain
PROSA Debian GNU/Linux
QuadLinux
Red Hat
Rock Linux
RunOnCD
ShareTheNet
Skygate
Slackware
Small Linux
Stampede
Stataboware
Storm Linux
SuSE
Tomsrtbt
Trinux
TurboLinux
uClinux
Vine Linux
Xdenu
XTeamLinux
Yellow Dog Linux

See also: last week's Development page.

Development tools

Guile

Java

In fact, the Java 2: Port Status page confirms this.

Big news! We've made significant progress with the problems plaguing the native threads implementation. Some core parts of the native threads library have been reimplemented to better utilize Linux threads. We also believe we have discovered why interrupts were being "lost", and understand how to work around the problems.

Java Advanged Imaging for Linux moved forward a step. The Blackdown team has been licensed for access to the source code and a first pass at the port has been done. It will be made available for downloading as soon as it validates properly.

A Native-Code JDK1.2 Profiler has been announced.

Perl

Perl.com is requesting Monterey trip reports, to add to those they already have. They also ran a story on the conference, by Brent Michalski.

Python

The Front Range Pythoneers is a new Python User Group starting up in Northern Colorado. Check out their announcement for directions to the first meeting.

A Python class for dealing with RPM files was announced by Morten Kjeldgaard. It should be useful for any of a number of system administration tasks.

Tcl/tk

Section Editor: Liz Coolbaugh

Development projects

GnuPG

Gnome

In particular, this week's issue talks a bit about the Sawmill window manager, a candidate for "coolest" Bonobo component, along with the weekly wrapup on commits and software releases.

GNOME Configuration Files is the title of a new whitepaper in development by Miguel de Icaza. It talks about the configuration files behind Gnome, where to find them and what to do with them.

Harmony

High Availability

Also popping up this week was the issue of FHS compatibility for the heartbeat code. Alan has outlined plans for bringing the software into compliance and asked for comments.

ht://Dig

On a related topic, Geoff also talked a bit about plans for adding support for multibyte characters. Check out his message for more details.

KDE

Midgard

This week's Midgard Weekly Summary covers a lot of future development plans for Midgard.

Mozilla

Wine

Zope

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

• Gateway has become the latest mainstream PC vendor to offer pre-installed Linux systems. Their systems come with, of course, Red Hat, for a $229 fee. So far, only the "ALR" server series is available with Linux. Press releases on this subject were put out by both Red Hat and Gateway.

• The opening of the Japanese office has been announced. It will be headed up by Masanobu Hirano, who previously was the leader of Hyperion Japan, a proprietary software firm. A Japanese version of Red Hat 6.0 is due out from this office in October (distinct, now, from the Laser5 distribution which comes out next week).

• An announcement has been made that the Burlington Coat Factory will be purchasing support from Red Hat for all of their in-store systems. Burlington has stated in the past that it had no need for support contracts; the question is thus raised: what changed? Since the terms of the support agreement are not public, we may never know.

• V-One announced an "Internet Extranet Server" product which is essentially Red Hat Linux with a set of added virtual private network software.

Red Hat's stock price promptly headed for the sky, peaking at over $135 per share on Wednesday, September 8 before falling back somewhat. Investors clearly think Red Hat is going somewhere.

Red Hat also announced "Lorax," a beta version of the 6.1 release. Lorax is covered on the Distributions page.

Cosource.com racks up first success. Cosource.com has announced the completion of its first sponsored open source development project - an enhancement to the XFCE desktop environment. The work is done, the developer has been paid, and Cosource has a proof - even if small - of its business concept.

Press Releases:

Hardware and Software Products:
• Caldera Systems announced that their "Lizard" installer is now available for download. Interestingly, they have chosen Troll Tech's QPL as the license for this software.

• Knox Software and Cobalt Networks announced the availability of Arkeia software for Cobalt RaQ and Qube family of products.

• Mylex Corporation announced that VA Linux Systems has incorporated Mylex RAID controllers into its entire line of Linux servers.

• RiverSoft announced a new release of its OpenRiver network management product. Version 2.2 of OpenRiver will include Linux support.

• Sangoma has several announcements including PCI based S514 Card availability, WANPIPE versions 2.06 and 2.07 for Linux 2.2.x, and more.

• Tech Soft America announced the availability of its "Hoops 3D Application Framework" for Linux. As part of the port, the framework has been integrated with the Qt toolkit.

• Total Impact announced that it will integrate its TotalMP technology with IBMs PowerPC Open Platform (POP) motherboard to form a PowerPC based Linux system.

  Other Stuff:

• GBdirect announces more updates to their Training Pages web site.

• Right Now Technologies announced Right Now Web 3.0. Right Now Web is used by Caldera Systems to manage technical support.

Section Editor: Jon Corbet.

See also: last week's Linux in the news page.

Linux in the news

PC World has run a lengthy article about PC operating systems; included therein is a substantial section on Linux. It has problems in spots (it says, for example, that you essentially can not order a computer with Linux installed), but covers a lot of ground. "As Windows users, we were dumbstruck by OpenLinux's reliability: In a month of use, we experienced only two application crashes, neither of which brought the operating system down. In fact, we never had to reboot the OS."

Robert X. Cringely rides again with Why Microsoft and Intel both lost ground this week to the open source movement. The article, examines the acquisition of StarDivision and the end of Windows NT on the Alpha processor. "Compaq will still be using the chips in their Tandem Himalaya servers. Samsung is also designing Alpha motherboards that fit PC models. What's more, the AMD Athlon chip runs on the Alpha EV6 processor bus, allowing the potential reappearance of Alphas in mass-market CPU boards. But what operating system will nearly all of these Compaq and third party machines be running? Thanks to Microsoft this week, nearly all of them will run Linux." (Thanks to Larry Davison).

Sun and StarOffice:

The Economist covers Sun's plans with StarDivision. "By acquiring Star Division, founded in 1985 by Marco Borries, then aged 16, Sun is taking direct aim at Microsoft's Office, which includes word processors and spreadsheets. This cash cow, which generates about 40% of Microsoft's revenues, is now threatened by Sun's promise to give away Star Division's much-admired competing product, StarOffice, which can work alongside Microsoft applications and also runs on Linux and Sun's own Solaris operating system."

Nicholas Petreley looks at Sun and StarOffice in this InfoWorld editorial. "But I am actually quite ambivalent about the possibility that Sun could cause irreparable damage to Microsoft Office as a product. I happen to prefer StarOffice 5.1 to Microsoft Office 2000, but I don't want to see innovation in the office-suite market grind to a halt the way it did in the browser market. Notice how Netscape's browser has stagnated ever since it stopped making the company any real money. Microsoft hasn't done much with IE, either, at least not since it came close to feature parity with Netscape Communicator."

allNetDevices sees big things in Sun's plans for StarOffice. "Our prediction: StarOffice will spur growth of handhelds and thin clients and will become the leading application suite for those devices. That, in turn, will lead to erosion of Microsoft Office's market share on the desktop." (Found in OS News).

Red Hat:

Here's a Reuters article about the latest craziness with Red Hat's stock price. "In addition, influential Wall Street brokerage Goldman Sachs initiated coverage of Red Hat with a market outperformer rating, saying it was well-positioned as Linux open source software becomes mainstream, and that its share price wasbenefiting from a scarcity of opportunities to otherwise invest in Linux."

News.com reports on the billionaires of Red Hat. "Red Hat founder and chief technical officer Marc Ewing, age 30, owns 9.088 million shares in the company, while CEO Robert Young owns 9.081 million shares. At $108 per share, Ewing holds Red Hat stock worth $981 million while Young holds a stake worth approximately $980 million. Should the stock hit $110.11, both will be billionaires."

AsiaBizTech reports on Red Hat's Japanese office. "The company is proceeding with the work of converting the latest version of Red Hat Linux6.0 into Japanese, and is expected to put it on the market in October 1999, at the latest. It says that it will provide a free-of-charge upgrade service to the Japanese version of Red Hat Linux6.0 for users of the Japanese version of redhat Linux5.2, which has been available from Itsutsubashi Research Co., Ltd."

News.com interviews Red Hat's Marc Ewing. "Any time you're sort of slacking off or saying you're thinking of taking a day off our president says, 'You know, I'll bet Bill Gates is working today.'" (Thanks to Alberto Schiavon).

Also in News.com: this article about the deal with Gateway and the new Japanese office. "Red Hat's decision to set up its own international office is a change of direction for the company, which previously had partnered with Itsutsubshi Research to develop and market Red Hat Linux for Japan. 'They had asked for more money than we wanted to pay,' said Red Hat spokeswoman Melissa London. 'We wanted to work together but realized wasn't going to work out. They wanted huge amounts of money.'" (See also last week's LWN for more info on the Japan office and Itsutsubshi Research).

TechWeb covers Bob Young's talk to the New York Linux Users Group. "'We feel sympathy for Microsoft.... Because of our visibility, the volume of support requests are going up.'"

Sm@rt Reseller ran this article about the Red Hat trademark blowup. "While new gray-market distributors of commercial Linux binaries can be expected to complain loudly about this re-enforcement of Red Hat's trademark and products, the development is music to the ears of official Linux resellers."

Joe Brockmeier of the Linux Mall sounds off on the coverage of the Red Hat trademark issue. "I don't think that the press has really been reporting the truth, here. Red Hat's policy isn't new, but every story makes out like it has only been this way since Red Hat went public."

Hardware:

EE Times looks at Nokia's new mobile TV/Internet product. "Nokia's MediaScreen, with an embedded computer running the Linux operating system and a GSM phone used as a return channel, was shown in action as both a portable device within a booth and as a mobile unit installed in a car that could be seen cruising the IFA exhibition halls."

Some motherboard manufacturers are considering more direct support for Linux, according to this Computer Reseller News article. "Elitegroup Computer Systems Inc., Fremont, Calif., plans this summer to unveil a low-cost Linux PC system featuring a motherboard integrated with software and hardware specifically for use with Linux."

Other Business:

General Motors is considering putting Linux into 7,500 dealerships, according to this ComputerWorld article. "David E. Hutka, operations manager of GM Access, the dealership network, told Computerworld senior writer David Orenstein that the automaker is considering a move from Windows to Linux only because of how much the Microsoft Corp. operating system taxes server hardware."

Linux in a three-piece suit is a lengthy set of business case studies in ComputerWorld. "Like any integrated oil company, Amerada Hess Corp. lives and dies by the quality of its seismographic analysis. Its proprietary 3-D analysis software used to run on expensive AIX-based, IBM RS/6000 SP2 computers in the company's Houston offices. Now it runs on Linux, installed on 96 network-clustered Dell Computer Corp. workstation Model 410 machines."

This brief IT-Director.com article suggests that HP may be about to drop HPUX and fully adopt Linux. "The proposition is simply this: at the moment Linux lacks a number of scalability functions. It scales in the sense that it has been implemented on configurations with 32 nodes and more, but such implementations are far from fully tailored and tuned. The question then is; who is going to step forward and try and fill this gap and, more importantly, will it be Hewlett-Packard?" (Found in NNL).

Linux makes inroads into Windows/Unix territory says the Australian Financial Review. "Office products supplier Corporate Express, for instance, uses Linux for its e-commerce and EDI operations, while TAB Queensland runs Linux on 1,000 computers for branch communications and in its phone-betting call centres."

Linuxcare isn't in a hurry to do its IPO, according to this News.com article. "Instead, [CEO] Sarrat is busy signing Linux-support contracts so the company has a solid revenue stream before launching an IPO. Linuxcare, which provides technical support and training for Linux, is raising enough in corporate investments 'to have enough flexibility to pick our IPO time whenever we want next year,' he said. What's going on here--sober, rational thought in the midst the hype that surrounds Linux?"

Here's a Reuters article (in TechWeb) about Corel's stock price (yet again). "Owned largely by retail investors, the stock can rise or fall based on gossip circulating in chat rooms. Interest in Linux will continue to have an impact as investors learn more about the technology's market potential."

Will Linux replace Windows? asks the Philidelphia Inquirer in this introductory article. "For some area companies, it already has." (Thanks to Dave Lugo).

Reviews and Comparisons:

Here's a News.com article comparing Caldera Systems and Red Hat. "Caldera and Red Hat may be similar in some ways, but their product focus is different. Where Caldera has chosen to focus on relatively unsophisticated users, Red Hat sees big opportunity in expanding into ever more powerful servers. That could change in coming months, with the release of a new version of Caldera Systems' Linux aimed specifically at servers."

Salon Magazine looks at the pains of installing Linux on laptop systems. "It's just no fun to buy a new IBM Thinkpad and then discover that no matter how good a hacker you are, you simply can't get the built-in modem to work with Linux."

PC World provides a set of second steps with Red Hat Linux - things to do after the installation. "Unlike a certain operating system out of Redmond, Washington, Linux offers a remarkably stable and secure platform. Unfortunately, any computer connected to the Internet will--at some point--attract trespassers. And a standard Red Hat installation provides online thugs with plenty of ways to hack into your system."

AboutLinux looks at the effects of optimization settings on AMD Athlon performance. "...by following the optimization settings shown in the article, you can get up to 73% improvement on some types of code."

OS Opinion Editorials:

• SCO and Linux by John Zedlewski.
• Trying to "Scale" the Linux Mountain by Gary Rodgers.
• MSOfffice.com: ain't holdin' my breath by Xavier Basora.
• The suits don't yet get it by Xavier Basora.
• The NSA and Microsoft, or the State of the Individual by Xavier Basora.
• Linux: Save Government Million$ by Scott Billings.
• It's time to offer new Linux branding. by Marc Rassbach.
• Thinking about Linux by Scott Billings.
• Speech Recognition: Freenix and Windows at a desktop crossroads by J. Maynard Gelinals.
• Bill Joy or the proprietor's ambivalence towards open source by Xavier Basor.
• Another way to make money by making your code free by Andrew Newman.

Finally:

Here's a CNN article remarking on the lack of glitz at Linus Torvalds' LinuxWorld keynote. "The truth is, of course, that the Silicon Valley style wouldn't suit Linux any more than a tie-dye T-shirt would suit Oracle style magnate Larry Ellison. In fact, such glitzy launches and buzzword-infested speeches are the antithesis of everything Linux has come to represent -- namely, grassroots software developers making products for the community, not profit."

The Boston Globe casts doubt on the future of Linux by comparing it to Java and quoting a lot of Microsoft executives. "Plainly there's no need to mourn for Java's fate. But its success as a sort of welding tool for computer networks is a long way from the early visions of Java partisans. Talk to Microsoft executives and they'll tell you that a similar fate awaits Linux. Charles Fitzgerald, director of business development in Microsoft's software development unit, says the Linux hype has already peaked." (Found in Slashdot).

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

Events

OSDI 2000, the fourth Symposium on Operating System Design and Implementation, will be held in October of 2000 in San Diego.

Miranda Page Tiemann, daughter of Cygnus founder Michael Tiemann, was born on August 29. Congratulations!

User Group News

USCLUG Fall Semester InstallFest Details:
When: 1999-09-09, 11am-5pm
Where: TSC-206, University Park Campus Los Angeles
URL: sclug.usc.edu/installfest.html

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

An extensive collection of system administration material (tutorials, resources, etc) can be found at sysads.com.ph.

Section Editor: Jon Corbet

Letters to the editor

From: Mike Richardson <mike@quaking.demon.co.uk>
To: letters@lwn.net
Subject: Exporting Office Suites to Browsers
Date: Thu, 2 Sep 1999 13:35:46 +0100

Ah! So, exporting software to users' machines has popped up again.
Personally, I rather think that it will submerge once again. Desktop
machines a pretty cheap, management like to have 'their' machine
with 'their' software and 'their' data, its more sexy, etc., etc.

But, maybe there is something here that can benefit the Linux (and
Unix in general) community at the expence of M$oft and Windoze.
I think we should distinguish two cases. First, there are the "home"
users who are distinguished by virtue of having relatively slow,
typically dialup, access to the InterNet. Exporting software is a dead
duck in this case - too slow and/or too expensive (either due to
connection times or pay-per-use).

The second case, though, is the "corporate" user. In this case there
is a high-speed permanant connection to the company servers. In
this case the incremental cost of using the exported software is
essentially zero; the company pays for it up-front and network
usage has little cost.

But! There is still the question of whether web browsers are stable
enough to trust with this sort of activity - and the answer is, they
probably are not.  But! But! In the Linux/Unix world, we don't have 
to worry about needing a web browser as the front end, we have
a perfectly good system already, viz X11.

So, my point is this. A lot of effort is going into KDE and Gnome at
the moment, and some truly excellent applications are appearing or
are in the pipeline. But, the packaging for them is essentially single-
machine. Maybe what we need here is some _explicitly_ client/server
based packaging ......

Just my two'n'sixpence worth
Mike Richardson

From: Greg Owen <gowen@SoftLock.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Security page and kernel modules
Date: Thu, 2 Sep 1999 10:56:45 -0400 


	I was a bit suprised to see no mention of the recent code postings
which allow intruders to use loadable kernel modules to hide their control
and presence in this weeks security page.  I learned about it this week
using Kernel Traffic item http://www.kt.opensrc.org/kt19990830_32.html#13.

	It seems to me there is a quick and dirty lesson here - if you have
a machine you want secured, use a static kernel and disable module loading.
I've done this in the past, but didn't know there was such a good reason!

	As always, thanks for the otherwise impeccable newsletter.

-- 
    gowen -- Greg Owen -- gowen@softlock.com

Date: Fri, 03 Sep 1999 01:56:07 -0400
From: Joe Drew <hoserhead@bigfoot.com>
To: editor@lwn.net
Subject: Caldera 2.3 under NDA

It sounds bad, but after I'd thought about it a bit it seems like it's
alright.
Ok, the GPL and other assorted Free Software licenses say "You've got
these rights, and you have to do these things in order to keep them."
But along comes Caldera, with its new packaging and distribution of
these pieces of Free Software. Caldera says "Ok, if you want to get your
hands on this CD you've got to sign this piece of paper which says that
you have decided to not exercise your rights under the GPL, and if you
do we can sue you into the ground and back." 
Seems ok to me.
-- 

Joe Drew
http://www.woot.net

"Larry Flynt is right!"

Date: Thu, 2 Sep 1999 16:32:49 +0200
From: Luca Berra <bluca@comedia.it>
To: letters@lwn.net
Cc: linux-lvm@msede.com
Subject: A petition to get LVM into the kernel

Good morining,
In the kernel page of issue 9902 concerning the linux-lvm petition Jon
Corbet states:

'... Attempting to replace those criteria with "special interest group"
pressure is not the way to get a better kernel. Hopefully those
wanting LVM in the kernel can discuss the matter with Linus and find
out what, if anything, is blocking that inclusion.'

Actually before deciding to make a petition we did.
in fact you'll find LVM in some of -ac patches.

The idea of the petition came when someone reported to
Heinz Mauelshagen the linux-lvm mantainer "that Linus wants to wait
before putting LVM into the stock kernel to see if enough people are
interested to have this."

We decided that having a document that summarizes the reasons why
we feel that LVM is needed in the stock kernel, and have it subscribed
by anyone who is interested was the best way to let him know.

Regards,
Luca
-- 
Luca Berra -- bluca@comedia.it
    Communications Media & Services S.r.l.