Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

There is one point from the review that is worth repeating here: both of the books reviewed will shortly be obsolete. The 2.3 kernel development series has replaced the ipchains mechanism with the new "netfilter" package, which is better in all respects. While much of the information contained in the firewalling books will remain valid; the actual discussion of how to set up firewall rules will show its age as soon as the first 2.4-based distribution hits the shelves.

Obsolescence is, of course, the fate of much Linux documentation. A great deal is happening with Linux, and keeping up with the changes is difficult. However, if there were a book on Linux firewalling available under an open content license, chances are somebody would already be at work updating it for the new kernel. It would actually have a chance of being current when the new kernel comes out.

This may be the point that eventually pushes publishers toward more open licensing of their books. Closed, proprietary, paper-only books simply are too hard to keep current in the fast-moving open source world.

A cooperative group has been formed to develop open source customer relationship management (CRM) applications. This group (OpenSourceCRM.org), which announced its existence this week, is sponsored by a handful of companies, including VA Linux Systems.

OpenSourceCRM's first product is not necessarily something to cheer about: it's an "outbound email promotions system." If it becomes a delivery mechanism for spam people will not like it, whether it is open source or not.

The interesting thing about this announcement, however, is what it suggests for the future. Much open source software has been developed by individuals by companies, each pursuing their own interests. Consortiums of companies, thus far, have taken a lower profile in open source development. This is likely to change as the next wave of companies jumps into open source.

There are numerous industries that could be well served by suites of open source, industry-specific software. Think of hotel management, restaurants, broadcasting, etc. If the software is sufficiently well done, it would be a win for the industry as a whole. It seems almost inevitable.

Some steps in this direction can be seen now. The OpenSourceCRM group is one such. There are the Free Practice Management and FreeMed initiatives in the medical industry. But this is just a tiny beginning. There is probably a good living to be made for a company that can establish itself as a coordinator for this type of project.

Amazon.com does it again: the web retailer has been awarded yet another patent. This time around, it claims patent rights for its affiliate program - which is much like many other such programs on the net. Advanced technology like "referral links" is now proprietary. Given Amazon's record so far, it is to be expected that other web-based retailers will start getting friendly letters from Amazon's lawyers.

Tim O'Reilly has come out strongly against the Amazon patents. He argues the points well; there is not a whole lot we can add. The O'Reilly Network has also created a software patents page with resources and news on this subject.

LWN, meanwhile, has decided to withdraw from the Amazon.com affiliate program. We'll be looking at ways of replacing it in the near future; in the meantime the Amazon links on our book reviews page will be going away shortly.

(See also: News.com's article on the affiliate network patent).

Colorado Linux Info Quest update. The speaker line-up for the Colorado Linux Info Quest is now complete. The latest announcement is the addition of Scott Draeker, CEO of Loki Software. He'll be talking on "Free Software, Beer and Games". Keep an eye out ... we have five additional speakers that we'll be highlighting in the next week or two.

Inside this week's Linux Weekly News:

• Security: truly open source security software?
• Kernel: /proc, devfs, and magic files
• Distributions: cLIeNUX, SPIRO-Linux founder departs
• Development: Mozilla M14, PostgreSQL V7.0 beta
• Commerce: Updated IPO filings from Caldera and Linuxcare; are Linux stocks a good buy?
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

One of our readers, Alexandre Dulaunoy, pointed out that the license for ITS4 is not compatible with the Open Source definition from OSI because it explicitly restricts the use of the software for revenue generation. "Use by individuals and non-profit organizations is always allowed. Companies are permitted to use this program as long as it is not used for revenue-generating purposes."

Clearly RST chose to release the source code for ITS4 in order to show their confidence in their own code, to facilitate bug fixes and maybe even to accept improvements from others, but not in order to help produce a world where all software is free. This is their right. However, they should be strongly encouraged to call their software "source-code-provided", not "open source", or the value of that term will be diluted.

Another example of this comes with the announcement of the "open-sourcing of the Linux Tripwire product". The question of whether or not the product will truly be "open source" is unanswered. The product itself will not be released until Q3 2000 and no licensing information for it is yet available. One reader expressed a concern that Tripwire, Inc. may not understand the implication of releasing the source code for the Linux Tripwire product under an open source license. If the source code truly becomes open source, there will be nothing to prevent anyone from porting it to other operating systems, including, for example, NT, where Tripwire, Inc, currently generates revenue from selling its commercial, closed source version.

It is early days to point fingers. Tripwire is an excellent product and we hope to see it released under an actual open source/free software license, especially given the current backing of Caldera/Red Hat/SGI/VA Linux for this project. Having this type of integrity-validation tool as part of a base Linux distribution will be a "very good thing". The point is that calling a product "open source" should not be done until the license for it is available for scrutiny, and then only if it meets the Debian Free Software Guidelines or the Open Source Definition.

For more information on the Tripwire announcement, check http://www.tripwire.org or this ZDnet article on the announcement.

This week's discussion topics. SSH security was a major topic on BugTraq this week, particularly in reference to combining SSH with X forwarding and agent forwarding. The issue is that, in cases where you are using an SSH client to connect to an untrusted server, or to a server that may have been compromised, the X forwarding feature of SSH will make you much more vulnerable. OpenSSH has now disabled X forwarding by default. You can do the same by using "ssh -x". It is probably a good idea to always run without X forwarding enabled unless you know you need it.

For more SSH information, you might want to check out SecurityPortal's second SSH article. This one focuses on OpenSSH. (Thanks to John Villalovos.)

Security Reports

Apache 1.3.12 released. Apache 1.3.12 was released on February 25th. It contains fixes for the `cross site scripting'' security alerts described in advisories from CERT and Apache.org. An upgrade to this version is highly recommended.

Security hole in ht://Dig. The ht://Dig search engine has a security hole which can allow a remote intruder to read files on your system that you did not wish to export. Version 3.1.5, just released, closes this hole; an upgrade is recommended. See the alert for details. A full security audit of ht://Dig is now being started. Anyone who wishes to help with them can contact them at htdig3-dev@htdig.org.

Distribution updates for ht://Dig:

• Debian
• FreeBSD
• SuSE

Please note that our mention of the Debian update on the daily page this week contained an incorrect URL, pointing to an earlier Debian update to htdig from last December. Our apologies. If you checked the update via the daily page, you may wish to double-check it here.

Remote vulnerability in nmh. Versions of nmh prior to 1.0.3 can be made to execute arbitrary commands via the mhshow command. Check this note for more details.

• Debian

Buffer overflow in dump. The dump command contains a buffer overflow, according to Yong-jun, Kim.

Another MySQL update. The latest version of MySQL contains fixes for the remote access vulnerability, discussed in the February 10 LWN security page. Distribution updates for MySQL have been released from:

• BROKEN LINK SuSE (old)
• Caldera (old)
• FreeBSD

Resources

ITS4 1.0.1 released. Here is the announcement for ITS4 1.0.1.

Nessus version 0.99.6. A new development version of Nessus, a remote security scanner, has been announced. Upgrades are recommended for anyone using an older version of Nessus.

Saint 2.0 beta 1. Speaking of security scanners, a new beta release of Saint has been announced.

Secure-Linux patch. 2.2.14 version 2 is a new version of the Secure-Linux patch, updated for the 2.2.14 kernel.

Events

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

There is a 2.3.49 pre-patch available. It includes more work on interrupt handling; a new bonded network driver; USB enhancements for IBM cameras, Pegasus ethernet, and Wacom tablets; a rework of the Reva frame buffer driver; and a new "big reader" spinlock mechanism.

Those interested in the interrupt work may want to look at this rather technical message from Ingo Molnar on what has been done. Essentially, the work is aimed at increased performance and scalability, especially on multiprocessor systems.

The current stable kernel release is still 2.2.14. The 2.2.15 pre-patch is up to version 2.2.15pre12. This version of the patch is intended to lead to the final cleanup; Alan intends a pre13 toward the end of the week, and the real 2.2.15 kernel sometime next week, "if things go OK."

Announcing: the Linux Console Project. James Simmons sent out this announcement for a new project which seeks "to design a new multihead console system for linux." There had been some discussion in linux-kernel about the status of the current console driver (which appears to be unmaintained) and the desirability of some new features - like different video modes for each virtual terminal. The project already has a shiny new SourceForge page; Mr. Simmons would like to have something ready to merge into the 2.5 development series at an early date.

Devfs, /proc, and magic files. Back in 2.3.46, a new driver (by Tigran Aivazian) showed up which provides the (somewhat scary) ability to rewrite the microcode in Intel P6 processors. If you want to mess with the internal wiring of your processor, just load the appropriate module (wiring this driver into a monolithic kernel would be a risky thing to do) and shovel your new microcode into /proc/driver/microcode. All there is to it.

This driver drew a number of immediate complaints. The ability to hose your processor doesn't seem to bother people; the real sticking point is the creation of another magic file in /proc. What is coming out is that quite a few people really do not like the proc filesystem at all, and do not wish to see more capabilities added to it.

What are the problems with /proc? Common gripes include: it has gone past its initial scope of providing process information; it is bloated and slow; the files and their formats are not standardized and subject to frequent change; the internal API is convoluted; the use of ASCII strings requires applications to do too much parsing; changes to permissions on /proc entries are not persistent; and so on. /proc's detractors are especially annoyed that it is increasingly hard to run a system without /proc. Once upon a time, /proc was supposed to be an optional feature.

One suggestion that has been made is that the microcode update driver should move to devfs instead, now that devfs is in the kernel. At that point, it would be necessary to use devfs to make use of this driver. That has upset a number of people; you see, devfs is supposed to be an entirely optional feature. Devfs author Richard Gooch has always stepped very carefully around that issue until now; his more recent words on the subject have drawn some criticism.

This issue will be difficult to resolve in a way that satisfies everybody. Anything that makes devfs mandatory for system operation will draw fierce opposition. While /proc is a bit messier than it should be, changing it will prove difficult - many applications depend on its current form. Nonetheless, some sort of more coherent approach to the "magic files" interface to the kernel will become necessary at some point. That sort of interface is just to convenient to get rid of. Expect to see this fight come back again.

Other patches and updates released this week include:

• Version 1.0.2 of the Timpanogas Netware file system imager has been released.

• Marc Mutz has released version 0.2.0 of the Linux Encryption HOWTO.

• SGI has released version 1.1 of its built-in kernel debugger.

• Netfilter 0.90.4 has been released; this may well be the version that goes to Linus for inclusion into the 2.3 kernel tree.

• Brad Hards has announced version 1.0.2 of the Linux USB Guide. This version is much improved (and is up to 77 pages); it includes a new device driver programming section.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• Linux 2.5.x Porting help

Other resources:

• Kernel Source Reference
• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

Browsers

Databases

Gaming

Education

Interoperability

Office Applications

LyX Development News (Mar 1). The LyX Development News for March 1st is now available. This is the second issue of what is planned to be a fortnightly feature (twice a month as opposed to bi-weekly). One feature, among many, that was good to see -- a Hebrew patch has gone in, the beginning of what is hoped to be general support for right-to-left languages.

The AbiWord Weekly News (Feb 23). Last week's AbiWord Weekly News mentions that they've got Tinderbox up and running, continuously recompiling the code on various platforms. Meanwhile, the code base has been transitioned to using IETF style language codes, a major change, and support for Polish has been added, bringing the language support count up to 15.

The AbiWord Weekly News (Mar 1). This week's edition covers topics including the word count dialog, UI design, bug status, list support, a project of the week report and a very nice wrap-up for the month of February.

GnuCash 1.3.0. A new version of GnuCash has been announced. This release marks "the switch from Motif to Gnome [sic] for the GUI toolkit", plus additional features.

PostgreSQL v7.0 Beta. The beta version of PostgreSQL 7.0 is now available for download. Features in the new version include the implementation of foreign keys (except for partial match foreign keys), an overhaul of the optimizer and an updated version of psql, their interactive terminal monitor. "This release shows the continued growth of PostgreSQL. There are more updated items in 7.0 than in any previous release." (Thanks to Vincent Lin.)

On the Desktop

This week's GNOME summary. Here is this week's GNOME summary by Havoc Pennington. Among the topics covered are the new GNOME master plan and the latest word from Eazel.

Announcing KDevelop version 1.1final. The 1.1final version of KDevelop has been announced. This version contains several new features and many bugfixes. It is intended to be the last release for KDE 1.1.2. Then the effort will go into KDevelop 2.x (which will work on KDE 2.x).

Science

Last, but not least, "The FreeGIS Team is proud about the fact that the venerable Frank Warmerdam joined the CD editorial board. He is an experienced Geospatial contract developer and represents a company in the OpenGIS Consortium. He also maintains libgeotiff."

Website Development

Section Editor: Liz Coolbaugh

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

The March 2000 edition of the Linux Gazette. According to the announcement for the latest version of the Linux Gazette, the new edition contains articles on GIMP-Perl, Smalltalk on Linux and process cloning in C, which you may find of interest.

Java

KITTEN JavaScript Validation Library 1.0. The KITTEN JavaScript Validation Library was announced this week. The license for the library is marked as "freeware", an ambiguous term.

OpenMap 3.4. A new version of OpenMap, a "JavaBeans based toolkit for building applications and applets needing geographic information", has been announced.

Perl

PHP

Python

Tcl/tk

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

• Here is Caldera's amended S-1 filing. Details to be found in this huge legalese document: the offering will be 5 million shares, priced at a (low) $7-9 per share. There will be just over 38 million shares outstanding overall. They brought in $500,000 in revenue over the last quarter, losing over $5 million.

  The amended filing continues to talk about Caldera's intended "directed share program." Up to ten percent of the initial offering will be reserved for this program, which will be managed by Wit Capital. Opening a Wit account will be necessary to participate. There is also mention of a separate program to offer shares to "international participants." It's still not clear when this program will actually be implemented.

• Linuxcare has submitted this amended S-1 filing (640K of legalese). Added details include that they will be offering 4.5 million shares at $13-15 each; there will be 30 million shares outstanding overall. Thus they are selling 1/7 of the company, a slightly larger piece than one sometimes sees with these high-tech IPOs. The financial figures are updated through the end of 1999; the total revenue is $1.5 million, a threefold increase over their performance through September (which was on the initial S-1). Their losses exceed $21 million. Their top three customers (Motorola, Sun, SGI) provide 55% of their income.

  There is still no mention of a directed share program in Linuxcare's filing (which does not mean they do not intend to implement such a program).

The actual IPO dates will not be known for a while yet; the offerings are likely to take place sometime in April.

Are Linux stocks good buys? As the next round of Linux IPOs nears, investors must surely be wondering about the quality of the investments they represent. Consider: Red Hat has fallen to just over a third of its peak value (in January), and VA Linux Systems is only worth a third of the value it hit on its first day. Some of the sparkle has clearly gone out of these stocks.

Of course, these things are all relative. Both companies still have quite high valuations for their size and revenues. If Linux Mania hadn't happened, and both stocks had reached their current valuations from below, few people would probably be disappointed.

As things are, however, anybody who bought VA on its first day - or almost any time thereafter, for that matter - is not likely to be happy about the investment. Investors looking at the upcoming IPOs would do well to keep that in mind. Linux stocks are not necessarily a good buy at any price, be careful out there.

Ericsson's cordless screen phone. Ericsson has announced its "Screen Phone HS210" product - a Linux-based telephone with a touchscreen that can be used for email, web browsing, etc.

TurboLinux made a number of announcements this week, including:

• This announcement that its distribution will be offered as an option on Dell servers and workstations in Hong Kong and China.

• A bundling deal with Merlin Software Technologies that will get Merlin's products shipped with the TurboLinux distribution.

• The appointment of T. Paul Thomas as the new President and Chief Operating Officer of the company, replacing founder Cliff Miller (who remains CEO). Thomas was previously the President and CEO of Artisoft. Those who are into speculation will certainly note that an IPO is usually preceeded by the assembly of a new management team designed to appeal to investors...

Procom to release NetBEUI stack to Linux Community. Procom Technology has announced that it will release its NetBEUI implementation under an open source license. "The NetBEUI stack comprises a significant body of code and several man-years of effort, and will be posted with the instructions and tools necessary for integration with Samba.... 'This is our way of giving back to the community whose technology serves as the foundation for our NAS technology,' said Alex Razmjoo, Procom's President and CEO."

VA Linux Systems reports second quarter revenue. VA Linux Systems has reported that its revenues for the last quarter were $20.2 million, "up 537% from the same quarter last year." $300,000 of that was professional services revenue; they turned in a total loss of $8.4 million.

See also the transcript of VA's analyst conference call on the results. Among other things, VA claims that SourceForge now hosts one third of all known free software development projects.

Section Editor: Jon Corbet.

Press Releases:

Open Souce Products:
• Centura Software Corp. went live with its first open source data management solution for Information Appliances. Centura's db.linux is available for downloading and for collaborative development on OpenAvenue's hosting site at http://www.openavenue.com/db.linux.

• Corel has announced that the development of its print services library will be hosted on SourceForge.

• Futureware 2001 announces KQuick. KQuick is an open translation system to translate words between languages, resolve acronyms, lookup numbers. KQuick is the first User-Interface of the *Quick system. Other user interfaces, such as Gnome (GQuick), will follow. KQuick is offered under the GPL.

• MandrakeSoft announced Linux-Mandrake 7.0 PowerPack edition, now available at local retailers and through mail-order in the US.

• Orasoft has officially released version 1.0 of their Oracle ObjectManager. This is significant because of the lack of client access software on the Linux platform compared to that of lesser platforms. Object Manager makes Linux a viable client in addition to it's usual role as server. Object Manager uses the Gtk+ toolset, and is released under the GPL.

• R3vis Corporation has announced the release of its "OpenRM Scene Graph API" product under the LGPL; it can be downloaded via SourceForge.

• Webb Interactive Services Inc. announced the formation of Jabber, Inc., a subsidiary focused on the commercialization of an open source, XML-based instant messaging platform.

  Commercial Products for Linux:

• Blue Wave Systems Inc. announced that its ComStruct line of communications processing building blocks now supports the Linux operating system.

• C-bridge Internet Solutions, Inc. announced the expansion of its company-operated C-bridge University. Four new learning centers will open nationwide and abroad, and 14 new courses, including programs in Linux and XML will be offered.

• Computer I/O Corporation announced the release of the Easy I/O Server, a Linux-based network I/O server.

• Diversinet Corp. announced that its client Software Development Kit has been extended to Linux and Unix formats.

• EST announced BRU Backup & Restore Utility v.16.

• I-Link, Inc., an enhanced voice/data service provider, announced support for the Linux operating system.

• I-Logix unveiled plans to launch a strategic initiative designed to drive the advancement of the Linux market and support the growing demand for Linux-based embedded applications. They also announced a strategic partnership with MontaVista Software to support MontaVista's Hard Hat Linux embedded operating system as a target for code developed in its Rhapsody application development platform.

• Image Power, Inc. introduced a Linux image viewer for FaxPC that supports JBIG2 image decoding plus a variety of other file formats. The first version of this new viewer is available at the FaxPC Web site and supports Red Hat, Debian, Caldera, SuSE and Slackware versions of Linux.

• Impera Software Corp. announced the release of the PowerBox product, a 2U rackmount server. While this product can support various Linux distributions, it has been specifically designed for Red Hat Linux and is RedHat certified.

• Insignia has announced that its "Jeode" Java platform will be included in Lineo's Embedix SDK product.

• Level 8 Systems, Inc. announced the availability of Geneva XIPC for Linux, a message-oriented middleware software product specifically designed for the Linux platform. Red Hat, Inc. will include a demonstration version of Geneva XIPC on the next release of the Red Hat Linux Application Library CD.

• LinuxPPC announced a Box Set for all new and current subscription customers. The Box Set includes the LinuxPPC 2000 CD-ROM set, a t-shirt, and printed manual.

• Lynx Real-Time Systems, Inc. announced that PacketStream's Synchronous Packet Streaming (SPS) solution will run on the LynxOS real-time operating system (RTOS) and BlueCat Linux operating system.

• MoJo Designs announced that the Eyelet GUI has been ported to Motorola's 68K and Intel Corporation's x86 processors. The royalty-free embedded graphical user interface is now available for five processors and six operating systems. Besides Linux the the following Real Time Operating Systems are supported: pSOSystem from Integrated Systems Inc. (ISI), Precise/MQX from Precise Software Technologies Inc., uCOS, eCos from Cygnus Solutions and LynxOS from Lynx Real-Time Systems, Inc.

• NETsilicon and and their Linux development partner, WireSpeed Communications Corporation, have announced the availability of Net+Lx, a port of uCLinux to the NET+ARM system-on-silicon chip.

• Plesk, Inc. announced the release of Plesk Server Administrator v.1.2, which features a point-and-click interface to perform comprehensive server management tasks.

• Procom Technology put out a press release outlining how it will push deployment of Linux-based Network Attached Storage (NAS) technology.

• Progress Software Corporation announced the Developer Edition of its Progress SonicMQ Internet messaging server will support the Linux operating system.

• Rainfinity announced the introduction of a Linux version of its high availability Rainwall clustering solution for the Secure Virtual Network (SVN) architecture.

• TimeSys Corporation announced the TimeSys Linux Real Time System. "TimeSys Linux/RT actually extends the Linux kernel, rather than adding a proprietary non-Linux RTOS as an abstraction layer between Linux and the system hardware."

• TRISIGNAL Communications announced the availability of its Phantom Embedded Modem reference design for the Linux operating system.

• VariCAD, developer of one of the few professional CAD systems running under Linux. released VariCAD version 7. 3. - 0. 0

  Products Using Linux:

• ATEC Group, Inc. announced they are now authorized OEM reseller for Red Hat Linux. ATEC will offer its Nexar Empower series, with a choice of processors, including the Intel Pentium III, Intel Celeron, AMD-K6-2 and AMD Athlon, and Red Hat Linux.

• Microtest Inc. introduced FileZerver, a network appliance designed to meet the growing file storage and management needs of departments and workgroups, at the CeBIT.

• NETsilicon, Inc. announced the introduction of NET+Lx, a comprehensive embedded network connectivity system using the Linux operating system.

• Splash Technology, Inc. announced its first color servers for Canon digital color copiers. The Splash T200e, T200, and T240 are part of the new Splash T200 product line, which features a Splash-Linux architecture based on Splash's advanced compression and color technologies, combined with the Linux operating system and standard Intel processors.

• Splash Technology, Inc. announced the ColorPort for the DocuColor 2000 Series. The Xerox ColorPort was developed by Splash Technology and is part of a product line featuring a Splash-Linux architecture.

• uniView Technologies Corp. announced the introduction of its new entry level set top box, model uniView 110, which runs on the Linux operating system.

  Java Products:

• Espial announced Espial Architect 2.0. They claim to be "the industry's only rapid application development environment for PersonalJava".

• VSI (V-Systems Inc.) announced the immediate availability of Breeze XML Studio, a commercially available development environment that binds XML to JavaBeans.

• VSI (V-Systems Inc.) and Software AG announced a strategic alliance to integrate and distribute VSI's Breeze XML Studio with Software AG's X-Studio, which is the developer part of Software AG's XENON architecture for XML based applications.

  Products with Linux Versions:

• 8x8 Inc. announced the immediate availability of its Veracity Voice over Internet Protocol (VoIP) Software.

• Advanced Digital Information Corporation announced Linux support for their CentraVision File-sharing System.

• Argus Systems Group, Inc. announced its plans to develop a version of its PitBull security product line on the Linux platform. Products should be ready by the 4th quarter of 2000.

• BLAST, a supplier of automated file transfer solutions, has been chosen by software point-of-sale developer Synchronics as the communications engine for its CounterPoint V7.3 software.

• CodeGen, Inc. announced the availability of its SmartFirmware product on all Cogent Computer Systems development platforms.

• The Computer Systems Group (CSG) of Toshiba America Information Systems Inc. announced the M500D, the next-generation, entry-level server featuring dual-processor capability. Its compatible with most small to medium business networks, including Red Hat Linux 6.0.

• Cyclone Commerce, Inc. announced the newest release of its Cyclone Interchange Trading Engine. Version 2.3 expands platform support to provide Linux and AS/400 users with trading community development and management solutions.

• Easy Software Products announced the ESP Print Pro v4.0.4, a complete printing solution.

• eRedi, Inc. announced the release of expandable Network Attached Storage (NAS) Towers and Racks called ScalarRAID.

• FOCUS Enhancements, Inc. announced today that CoCom International, Ltd., is launching an Internet set-top box utilizing FOCUS' FS450 as its TV display technology. CoCom's Internet set-top box design is called Netmine.

• IBM announced the IBM WebSphere Transcoding Publisher, software that dynamically translates, or "transcodes," Web information, text and images, to a format readable on a variety of Internet appliances.

• Interstar Technologies offers free beta version of LightningFAX 6.5 for Red Hat Linux.

• Legato Systems, Inc. announced Legato GEMS Storage Resource Manager (SRM) and Legato GEMS SRM for Exchange, Web-based storage resource management solutions.

• Mylex, a subsidiary of IBM, announced the company showcased its latest Fibre Channel and Ultra 160 SCSI products at CeBIT.

• NetMorf, Inc. introduced SiteMorfer 2.0, a wireless e-business product that transforms e-commerce sites to wireless devices by integrating directly with a company's back-end data sources.

• OpenConnect announced the launch of its new Voodoo Engine Web server.

• Perle Systems Limited announced the addition of the new SX+ host card to the Perle Specialix "Direct Connect" product range.

• Platform Computing Corp. unveiled its newest version of the resource management solution, LSF 4.0.

• Quantum Corporation's DLT and Storage Systems Group's Snap Division announced the Snap Server 4000, a 120GB RAID 5 capable workgroup file server.

• Rogue Wave Software announced major upgrades for two of its top selling software packages: Threads.h++ and DBTools.h++.

• Sane Solutions, LLC announced the release of NetTracker 4.5, a new version of the NetTracker line of web site traffic analysis software.

• Secant Technologies, Inc. announced Extreme Internet Server, an application hosting environment for Internet and Application Service Providers.

• V-ONE Corporation announced that it has released SmartGate version 4.0. SmartGate client versions are available for Linux.

• Xybernaut Corporation announced it has been issued a U.S. patent for a "transferable core," which the company believes will radically change mobile computing.

  Books:

• O'Reilly & Associates announced the 2nd Edition of Volume 6B, Motif Reference Manual", a complete programmer's reference for the Motif toolkit.

• O'Reilly published a new book on The Perl Database Interface, better known as the Perl DBI, called "Programming the Perl DBI", by Alligator Descartes & Tim Bunce.

• Prentice Hall PTR announced the launch of its Open Source series. Titles include:
  • Linux Desk Reference, by Scott Hawkins.
  • Linux Network Administrator's Interactive Workbook, by Joe Kaplenk.
  • Linux System Security, by Scott Mann and Ellen Mitchell.

  Partnerships, Investments and Acquisitions:

• Computer I/O and Montavista Software have announced a partnership to produce easily-programmed embedded I/O systems, based on Montavista's real-time distribution.

• EarthWeb's dice.com announced that it has signed an agreement with Go2Net to exclusively provide the dice.com job search engine and other content throughout Go2Net's computer and career channels. dice.com already powers the job areas of fourteen Web sites including RedHat.com, UserFriendly.org, 32BitsOnline and PenguinApps.

• EBIZ has announced a deal with Corel that will result in Corel Linux being bundled on systems sold at TheLinuxStore.com.

• eConnect has entered into a strategic alliance with Empire Financial Group Inc. to offer the Instant Cash Trading Account system that utilizes an ATM card with PIN. Customers will get an eCashPad+ which attaches to their PC keyboard. Then triple encrypted transactions can be routed from the user's PC to a regional ATM card bank system for approval via an eConnect/RGTecq Linux Transaction Server.

• Fujitsu Siemens Computers announced that it is to partner with Argus Systems Group. One part of the partnership has Argus working with Intel and Fujitsu Siemens Computers on the implementation of security products for Fujitsu Siemens Computers' forthcoming IA-64-based Primergy servers running under Linux.

• IKON Office Solutions announced an agreement with Splash Technology for exclusive North American distribution rights to the Splash T Series color server line.

• Lineo Inc. announced that it joined the Extend the Internet (ETI) Alliance, founded by emWare Inc.

• Maxspeed Corp. announced it has received $14.2 million in mezzanine venture financing from Westbury Equity Partners, Walden International Investment Group, Champion Consulting Group, and other investors.

• Midnight Cafe's Gamers Depot has signed on as the first gaming affiliate for the Maximum PC Network.

• Opera Software and Ericsson have announced that Ericsson's (Linux-based) HS210 "Screen Phone" will incorporate the Opera web browser.

• Perle Systems Limited released details of plans for the distribution of its enlarged range of network and server connectivity products, following its acquisition of Chase Research Limited. Perle's product support UNIX/Linux and Windows NT.

• Red Hat, Inc. and ODS Networks, Inc. announced that they will work together to complete Red Hat certification and the design of a hardened Linux operating system for use with ODS' SecureCom family of Internet Security products.

• SGI and SuSE have announced their intention to work together to bring SGI's clustering technology to Linux.

• ThePlanet.com announced that they have received $2.35 million in venture capital funding from Interfase Investments, LP, an Austin, Texas-based venture capital firm. ThePlanet provides managed dedicated hosting on leading hosting platforms, including Sun Solaris, Linux, and FreeBSD and hosts over 1,000 Web sites on its proprietary ServerMatrix architecture.

• VA Linux Systems, Inc. announced the launch of its Linux Solutions Partner Program for independent software vendors and independent hardware vendors.

  Who is using What:

• Advanced Management Solutions announced that iPool has selected the AMS REALTIME suite of enterprise project and resource management software to help manage its development programs. AMS REALTIME will run on Red Hat Linux Version 6.0 at iPool.

• Digital Island, Inc. announced that Tripwire, Inc. is using its global network services to sell enterprise security solutions over the Internet.

• GameCom and AMD have announced the "Net GameLink" entertainment system. You have to look fairly far down in the press release to see that it is a Linux-based system.

• National Semiconductor Corporation announced that it has licensed Citrix Systems, Inc.'s Independent Computing Architecture (ICA) client software for the Linux operating system.

• Sumisho Datacom and Internet Pro Corporation have chosen RAS (Remote Access Server) products from Digi International Inc. to help build Linux-based Internet point-of-presence (POP) servers for Japan's fast-growing community of Internet service providers (ISPs).

• TurboLinux, Inc. announced that one of Japan's largest consumer e-commerce web sites is running on TurboLinux Server and a cluster of IBM Netfinity 5000 Servers.

• Unify Corporation announced that Nortel Networks has selected Unify's application development platform for the Linux operating system.

• VMware, Inc. announced that Informatica has deployed VMware software to support multi-platform application development.

  New Personnel:

• EBIZ Enterprises Inc. announced that Jean L. Francois has joined their management team as chief technology officer.

• Maxspeed Corp. announced the election of Joseph G. Fogg III to its board of directors.

• MontaVista Software Inc. announced the appointment of David Warner as chief financial officer.

• O'Reilly & Associates, Inc. announced that Jon Orwant is the new Chief Technology Officer.

• Terra Soft Solutions, Inc., developer of PowerPC Linux solutions, announced that Dave Herres will join Terra Soft as the Liaison to Federal Sales as well as serve as Chief Financial Officer.

• Terra Soft Solutions, Inc. announced their year 2000 Board of Directors: Chris Gulker, VP Marketing Montclare Technologies and a former Director for Apple Computer; Janet Logothetti, former market analyst for US West International; and Joel E. Allen, President Site-View.com.

  Other:

• EBIZ Enterprises Inc., owner of TheLinuxStore.com and other Linux sites, announced that information on their stock is now available on Linux Weekly News' (LWN) Linux Stocks Page http://lwn.net/stocks/. In addition to the LWN Linux Stocks Page, EBIZ stock information is also available on the Linux Quotes section of the recently launched CNET Linux Center.

• Evans Marketing Service announced that the expectation of deploying Linux apps by Development and IT Managers in large corporations increased by 75% during the last six months of 1999 and that the percent of companies running Linux increased by 95%.

• Hypermedia Communications Inc. announced the first wave of sponsors and advertisers for newmedia.com, a new site specifically for Internet architects. The site is divided into three information centers: business, design, and technology. Content is further indexed under topic centers, where content is catalogued under hot topic headings such as e-commerce, media distribution, Linux, and convergence.

• Linuxcare has announced the opening of its Japanese office (Linuxcare Kabushuki Kaisha) in Tokyo.

• NETsilicon, Inc. reported that revenue for the fourth quarter of fiscal 2000 ended January 31, 2000 rose 68 percent. The company has decided to invest in a new business initiative to develop and launch embedded networking system products based on Linux and Java operating environments.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

The San Jose Mercury has put up this look at Linus Torvalds. "'Without rivalry -- at least the potential for rivalry -- you don't get anything done,' Torvalds says. `So we've often had cases where there's been two people maintaining very similar kinds of things, and what ends up happening is that I often accept both of them . . . and see which one ends up getting used.'"

Eazel:

Here's an article in MacUser about Eazel. "When not one, but four, key members of the key team that helped create the original Macintosh operating system regroup in a company dedicated to a new user interface, it's worth taking notice. When the four declare that their aim is to produce a GUI for Linux that will be easier to use than either Windows or even the Mac OS, it's definitely worth finding out more." (Found in Portalux News).

Eazel continues to make headlines this week. In Prettying Up Linux, Wired reports that although the progress on a more user-friendly interface for Linux is very promising, it may take some time to get there. "Eazel's president and CEO Boich readily acknowledged a lot of the hurdles, estimating it will be between 12 and 18 months before all the pieces of a Linux consumer-friendly system fall into place."

Salon's take on Eazel is complete with a picture and has poked for the business model planned behind Eazel's involvement with free software. "Eazel has a two-pronged plan that includes not only providing a friendly interface for mainstream computer users, but also making a business out of facilitating easy software installation and automatic updates of the rapidly evolving operating system and the applications that run on it. Its business model is to offer these services on a subscription basis, says Christensen, general manager of online services. "

On the other end, they got a few more examples of what Eazel would like to bring to the end-user: "'Right now if I want to install a given package, it has to ask me lots of technical questions,' says Hertzfeld. 'Instead, it should be asking you these kinds of questions: What are your interests? What is your career? -- "I'm a math teacher," not "I'm a user of GLib 1.3.7,"' he adds."

VA Linux:

News.com reports on VA Linux Systems' quarterly results. "Analysts expressed concern over the company's plan to acquire Andover.Net, a Linux and programmer information site, for approximately $1 billion. 'It's a company with very, very small revenues, and you put a lot of money into it,' Lehman Brothers analyst George Elling told VA during the conference call."

Also from News.com: this look at the disappointing performance of VA Linux Systems' stock after its high-profile IPO. "The turn of events can be seen as both a possible harbinger of circumspection about the future of the Linux operating system among investors, as well a cautionary example of market excess. All initial public offerings with the best first day gain have largely tanked since 1994, according to Richard Peterson, an IPO analyst with Thomson Financial Securities Data."

The Motley Fool ran this column about VA Linux Systems' first earnings announcement. "If you questioned the company's valuation, however, this result validates the notion that their business model doesn't have sufficient income-producing potential to justify the $4.5 billion market cap, especially with the Linux market as crowded as it is. At about 225 times sales and 30 times book value, this baby's still got plenty of room to fall."

Other Companies:

The Kansas City Star reports on the investments in Atipa. "[Atipa CEO Jason] Talley said the $30 million investment would allow the company to go into a 'hypergrowth' mode and hire top industry professionals. In addition, 'strategic acquisitions are very important to us, and this will allow us to pay in cash if we have to,' he said."

News.com also looks at the $30 million investment in Atipa. "But perhaps the most important new support site will be in Silicon Valley, an office that will be run by Marc Torres, formerly head of SuSE's North American operations. In the next three to six months, Atipa hopes to have 20 people in the Silicon Valley office."

Here's a ZDNet article on the opening up of Tripwire. "The three Linux powerhouses [Caldera, Red Hat, and SGI] are partnering with TripWire to incorporate tightly the open-source TripWire into their server Linux operating-system lines. Expect to see TripWire security in each company's fall Linux release."

PC Week looks at Novell's upcoming announcements. "After nearly two years of talk, the Provo, Utah, company plans to pull the trigger on a broad Linux strategy at its BrainShare user conference in Salt Lake City next month. The centerpiece will be Novell's release of NDS (Novell Directory Services) eDirectory for Linux. The company plans to open some of that code base for the Linux community under its own open-source license, according to sources familiar with the plans."

Here's an article in the Arizona Republic about Red Hat; it's a fairly general piece. "The Red Hat name is now among the most recognized in the world of Internet software. Meanwhile, other companies, from giants like IBM to struggling start-ups, have discovered 'the Red Hat effect': Merely mentioning the North Carolina company's name in a press release can turn investors' heads and boost your stock price."

Upside looks at Cobalt Networks and the network appliance market in general. "Although industry analysts have long pegged appliance servers -- low-cost, single-purpose devices such as Web servers, file servers and database servers -- as the most natural growth area for the Linux operating system, [Cobalt CEO Steve] DeWitt is the rare businessman willing to bet his entire company on that premise."

Tucked away in this article in The Register about Corel, was this interesting tidbit: "Ventura Publisher - the grandpa of desktop publishing packages - was acquired by Corel in 1993 and has languished somewhat, although it still has its devotees and particular strength for handling large documents. It has not been a great money spinner in its own right, and was first tucked away as a module in Corel Draw, although a stand-alone version was subsequently produced. Cowpland said it has now been decided to release a Linux version, which could bring it to greater prominence."

Other Business:

Here's a column by Lawrence Lessig in The Industry Standard about Jack Valenti, the MPAA person behind much of the DVD mess, among other things. "Courts seem eager to grant the entertainment industry perfect control, quick to deny any space for fair use. It is apparently irrelevant that Linux users will lose access to DVD movies that they have lawfully purchased, or that Canadians will lose access to broadcasts to which their law grants them a right."

This Andover.Net column looks at the future of Linux in the light of the Windows 2000 release. "Increasingly, that high valuation will subject these firms to intense pressure to perform miracles. CEOs at these firms will be forced to try and grow at rates few firms have ever managed even in the most expansionary economic periods in history. Add to this the unique demands of the open source community and the stridency of many of that movement's advocates, and you have an almost unprecedented management problem. Few of the present pioneers look to have the kind of skills needed to handle a challenge of this scope." (Thanks to Cesar A. K. Grossmann).

MSNBC ran this introductory article which is surprisingly positive (if perhaps overly focused on the "free beer" aspect of Linux). "Windows 2000 has all the press, but the free operating system may be better for you."

MacDiscussion.com ran one of those columns criticizing Linus Torvalds for working at Transmeta. "Oh, did I just use the word 'capitalist' and 'Linux' in the same sentence? Apparently our good comrade, Linus Torvolds, decided that proprietary work is not such a bad thing after all. He may even make a little money. So we have the man in one hand shoving Linux code in your face, and in the other hand, which he holds tight to his chest, the blueprints of Crusoe. Is the man wrong or did he just discover what capitalism is all about?"

Interviews:

LinuxSecurity.com has interviewed David A. Wheeler, author of the Secure Programming for Linux HOWTO. "As far as development goes, currently one of the biggest security problems are buffer overflows. Thus, from a security point of view I'd suggest using a programming language that prevents buffer overflows; Python, Perl, Java, Ada, Eiffel, LISP, and lots of others fit that bill. [Otherwise] be sure to use libraries that defend you against buffer overflows and be especially careful with every line of code."

The O'Reilly Network interviews Matt Welsh. "I mean when I started writing documentation there was some pretty inconsistent documentation out there already, some Read Me's and FAQ's -- one of the most famous early documents was somebody had printed out a whole directory listing of every file on a working Linux system. He said, 'Well, I finally Linux to work, so here's the listing of where every file is on the system,' and it printed out to like 40 pages, right, of listings of just where the files were."

Upside has this interview with Steve DeWitt. "We think Linux is great. It's incredibly reliable. It's been an enormous enabler for us, but our vision for open source is much bigger than any particular operating system. We might see in the near future one of the major operating systems that is currently proprietary going open source. We think that would be a great thing."

Reviews:

Linuxcare has put up this article on the SuSE 6.3 upgrade. "It's fairly stylish, but for the life of me, I can not understand this fetish for graphical installation programs. Installing operating systems from scratch isn't trivial. Making it look easy, doesn't make it easy. This is why almost no computer users install from scratch... If Linux was being installed by mainstream computer factories, maybe we wouldn't need our installation programs to be all dolled up like a street walker on a Saturday night."

LinuxPower reviews TurboLinux 6.0 Workstation. "TurboLinux has ditched their old AfterStep based Turbodesk solution and adopted GNOME with Enlightenment 0.16 as their default desktop instead. This I think is a wise choice, since TurboDesk was beginning to show its age. I do think however that TurboLinux should have included the latest Gnome-compliant release of AfterStep in order for people who used TurboDesk under earlier releases to be able to keep the windowmanager they had gotten used to."

The O'Reilly Net has put up this review of Red Hat's 'Certified Engineer' course and exam. "Overall, I see the RHCE program as thorough, detailed, and concise, but not overly difficult. To their credit, Red Hat doesn't use tricks to mislead students, even on the debugging portion of the exam where subtle problems could have been inserted. The exam ensures that RHCEs are competent, informed, and thoughtful system administrators. As a hiring manager (which I've been) I would look on the RHCE certificate as a significant positive indicator of performance ability."

Linuxcare has inaugurated an application of the week column; the first one looks at Pan 0.7.6. "Pan is an open source, graphical newsgroup client for Linux. It is loosely modeled after Agent, a comparable application for Microsoft Windows."

ZDNet at CeBIT:

ZDNet UK has put up a series of articles inspired by events at CeBIT. They include:

• This one on Linux International's plans to split into a bunch of national organizations and set up an application database. "'One of the things we're doing at the moment is reconstructing Linux International,' says [maddog] Hall. 'We want to have a country division affiliated with the businesses and user groups in that country.'"

• This article on Microsoft's denial of a port of Office to Linux. "No. We will continue to develop for the best, most compelling operating system environment available. That is Windows 2000."

• Mobile Linux can't compete with Symbian - at least, according to Symbian. "The message from the Symbian camp is that MobileLinux, backed up by the hype that surrounds the Open Source OS, would first need to convince the development community it was a viable bet. Then it would need to beef up its wireless capabilities."

• Finally, a look at the Yopy, Samsung's Linux-based PDA. "This is the first in a new range of PDA devices from Samsung, all of which will be based on Linux. Samsung believes that the open source approach is vital for the device to attract developers to write applications for consumers."

How-to:

Freshmeat is carrying an editorial on how to report bugs by Simon Tatham. "Users like this are like a mongoose backed into a corner: with its back to the wall and seeing certain death staring it in the face, it attacks frantically, because doing something has to be better than doing nothing. This is not well adapted to the type of problems computers produce. Instead of being a mongoose, be an antelope. When an antelope is confronted with something unexpected or frightening, it freezes."

This week's Dear Lina from Linuxcare looks at managing accounts with ssh.

MS Office for Linux?:

MS Office for Linux is not likely according to this ZDNet article. Rumors had been circulating at CeBIT that such a move was being planned. "But a company spokeswoman today poured cold water over the idea. 'Developing Linux for Office is still not in our plans,' she said. 'Linux is still not viable and robust enough for what users need.'"

This osOpinion piece takes exception to the idea that Microsoft might release Office for Linux. "Perhaps more than anything else is the fact that if Microsoft made a Linux version of Office, they'd have to eat their own words. For quite a while, Microsoft has said that Linux isn't robust enough to replace Windows. If Linux could run Microsoft Office, that would be considered plenty robust for most people."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

EMUmail, creators of the EMU webmail engine, announced a program that would wave the setup fee for Linux based domain names added to its outsourced email system.

ibooks.com, publisher of online reference books, announced an integrated service for evaluating, purchasing and using digital reference books. ibooks.com has over 1,500 IT titles under license from industry leading publishers such as O'Reilly and John Wiley and Que. They also offers a number of free titles, including the full Linux Documentation Project (LDP).

The March 2000 Linux Gazette is out.

Events

The folks at SuSE have posted some pictures from their CeBIT booth.

We received this report from Bang!inux, the Linux Developer's conference being held in Bangalore, India. The report paints a picture of a conference with some interesting events, but marred by extensive use of Windows machines for presentations.

The Netproject folks have sent us this announcement of a set of upcoming seminars, some of which are oriented toward the use of Linux in desktop and mobile environments. These seminars generally take place in London.

The first-ever Geek Pride Festival has been announced. It will take place on April 1, 2000 at The Castle in Boston. The event will include speakers, a Quake tournament, a Stump the Geek trivia contest, and a Linux installfest.
(Found on the O'Reilly Network).

The Conference Announcement and Call-for-Papers for the Atlanta Linux Showcase 2000 has been released. Submissions for the Extreme Linux track are due April 17th, 2000, with other deadlines following. ALS 2000 will be held October 10th through the 14th, 2000, in Atlanta, Georgia, USA.

Web sites

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

One of the more interesting weblog sites out there is Hack the Planet by Wesley Felter.

Section Editor: Jon Corbet

Letters to the editor

Date: Thu, 24 Feb 2000 09:39:35 -0700
From: Bruce Ide <nride@uswest.net>
To: editor@lwn.net
Subject: UCITA Woes

Unlike the majority of the readership, I _LIKE_ UCITA. Before you ask me
if I'm on crack, let me explain why.

UCITA will kill proprietary software dead. It gets rid of the "Who do
you sue" FUD that is one of the last remaining bastions of the MS FUD
slingers -- every shrinkwrap license I've ever read denies that the
software manufacturer is responsible for damages more than $5. The
warranty laws in some states have forbidden this in some cases but with
a newly implemented UCITA to back up the shrink wrapped, those warranty
laws may end up playing second fiddle (IANAL but I play one on TV.)

No businessman in his right mind would allow the various licenseing
agreements into his business. Especially in the software industry, where
Microsoft might decide one day that Borland is violating some little
clause in their license and recall their software (for example.) When
your company competes against everyone and also provides the majority of
the software required to run a computer, it's like shooting fish in a
barrel. Twice. In the head. With an elephant gun.

I predict that within 5 years of widespread acceptance of UCITA,
proprietary software and licenses will be dead (Or at least coughing up
blood.) Businessmen will insist on the GPL and openly documented file
formats and they won't play unless they get them. This is a good thing
(And I'll finally stop getting those !%!@#$ Word attachments in E-Mail.)

At the same time, developers will still be in demand. The software world
won't stop just because propretary software does. We'll still be able to
make a good living doing custom software, software to sell hardware,
etc.

I can only hope that proprietary software companies don't realize the
potential consequences of pushing this software until it's too late and
they're all closing their doors.

-----
Bruce Ide                 nride@uswest.net

SOMEONE had to put all that chaos there!

Date: Tue, 29 Feb 2000 18:28:21 -0800
From: Rick Moen <rick@linuxmafia.com>
To: letters@lwn.net
Subject: Tripwire: Open Source?

Dear Ms. Coolbaugh and Mr. Corbet:

I note with interest your 2000-02-29 news item, "Tripwire goes Open 
Source".

The company press release in question -- and their FAQ at
http://www.tripwire.org/faq.html -- claims an "open-source" version will
be available in Q3 2000, but conspicuously fails to state under what
licence.  I hope they will clarify their intentions, and have written
them to inquire.

The history of Tripwire is interesting.  Contrary to the lwn.net story's
claim, Tripwire did _not_ originate under an open source model:

It was written by Gene Kim and Gene Spafford at Purdue's COAST Lab, with
copyright held by Purdue Research Foundation, and was among the many 
proprietary security packages widely _assumed_ (in error) to be free
software (like SSH after v. 1.2.12, COPS, SATAN, and PGP), because of
source-code availability.  But, like the others, it had permitted-usage,
USA-export, and patent restrictions.  Kim and Spafford then developed 
the code through v. 1.2 at COAST, at which time the project stagnated --
perhaps because of its restrictive licencing.

In 1997, Purdue Reseach Foundation (the code's owner) licenced exclusive
commercial rights to Gene Kim's new company, initially named Visual
Computing Corporation, then Tripwire Security Systems, Inc., and finally
Tripwire, Inc.  That company has released versions 1.3 through 2.2.1 as
proprietary, binary-only software (while furnishing source in an
"Academic Source Release" (ASR) variant subject to certain proprietary
restrictions).

The point is that Tripwire, Inc. may still be unclear on open-source
licencing -- as Tripwire has never used it, over its entire eight-year
history.  E.g, wording like the FAQ's statement that "There are 
currently no plans to make open source any of the other UNIX
versions..." makes one wonder if the company is aware that OSD-compliant
licences (http://www.opensource.org/osd.html) permit anyone to freely
port the code to additional platforms.

Additionally, one wonders what latitude Tripwire, Inc. will have in
deciding its licence -- since to my knowledge Purdue Research Foundation
still owns the underlying copyright, and has _not_ open-sourced its
property.

Meanwhile, the leading GPLed replacement for the proprietary Tripwire 
package, Rami Lehti's AIDE (Advanced Intrusion Detection Environment, at
http://www.cs.tut.fi/~rammer/aide.html) has already advanced to exceed
Tripwire ASR's capabilities, and of course benefits from the accelerated
development cycle characteristic of genuine open-source licencing.

In that sense, it would make sense for Tripwire, Inc. to genuinely
open-source its product, as that might help it to compete.

-- 
Cheers,                        My pid is Inigo Montoya.  You kill -9    
Rick Moen                      my parent process.  Prepare to vi.
rick (at) linuxmafia.com 

Date: Fri, 25 Feb 2000 07:32:13 +1100
From: Matthew Geier <matthew@arts.usyd.edu.au>
To: letters@lwn.net
Subject: Linux on the IA64


 Linux of course has a 5 year head start on being '64bit clean' due to
the efforts of Digital Equipment Corp. and the Alpha Chip.

 It must be  5 years ago now since I first booted Linux on my 21066
based 'noname' and thus joined the 64bit world. (That system is still
running...)

 I've joined in the mailing lists since the early days when most of the
device drivers in the linux kernel would not work on the Alpha due to
the different native word size, I've first hand seen the effects  of
sloppy programming that assumes sizeof(int) == sizeof(*int)
and the like. 

 UltraLinux bought the 64bit environment to the SunSPARC architecture
quite some time ahead of Solaris being able to do so.

 The Trillian project has the advantage over the others by 'standing on
the shoulders of giants'. In particular many of the problems with
applications not being 64bit clean in the open source world have been
cleaned up over the years as people tried to run the applications on
their 64bit platforms (Digital Unix at first, then Linux/AXP,
Linux/Usparc), patched the source and submitted the changes to the
developers who in most cases don't have 64bit platforms. The commercial
closed source world is going to have to find these problems on their
own. We can't examine their source code.

 It is probably a bad sign for 64bit IA64 Windows NT that over 5 or more
years of Windows NT being supported on DEC Alpha platforms, it never
operated in 64bit mode, but remained a 32bit environment, while both
Linux and Digital Unix on the same platform ran in 64bit mode. (And
while DEC built different systems for NT and Digital Unix, Linux is more
at home on the systems that were built for NT, than the higher end
machines intended for DU, which your average Linux hacker couldn't
afford!).

Date: Tue, 29 Feb 2000 13:29:55 -0800
From: Dan Kegel <dank@alumni.caltech.edu>
To: humbubba@smart.net, letters@lwn.net
Subject: cLINeUXn: ignores the LSB?

Just read LWN's mention of cLINeUXn, and
ftp://linux01.gwdg.de/pub/cLIeNUX/A____start_here
which states
  "cLIeNUX has a very non-standard filename hierarchy."

This would seem to make it incompatible with the LSB,
which means it won't be able to use software packaged
in the future LSB binary package format, and may suffer
from other subtle portability problems, since a fair
amount of software assumes that files are as specified
by the LSB.

Perhaps I misread the announcement, but given that
'cat' lives in /command/unix in your distribution,
I don't have much hope of that.

Am I the only one worried by this?
- Dan