[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news
 Back page

Other stuff:
Daily Updates
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

If somebody invited you to see one of the biggest Linux systems on the planet would you go? We didn't have to think long about that one, [cluster boxes] especially since the system in question (NOAA FSL's "Jet" cluster) is in our home town. This system, put together by HPTi, consists of 276 Alpha-powered nodes in its first phase; it is used for numerical weather modeling applications. What we saw can be found in this feature article, along with some pictures of the system. Have a look to see how a state-of-the-art Linux supercomputer is put together and what it is used for.

IBM is installing a Beowulf cluster at the University of New Mexico. This cluster is claimed to be the largest such in the world, and the 24th fastest supercomputer overall (though the Jet cluster may yet surpass it in its later phases). This cluster is called "Los Lobos," which may cause confusion with the longstanding LoBoS (Lots of Boxes on Shelves) cluster running at NIH. Los Lobos will eventually be part of a nationwide network of such clusters, managed as a large "virtual cluster" and made available to researchers. (See also: articles in Wired News, LinuxPlanet, News.com, and from Reuters).

Both of these clusters highlight an increasingly obvious point: traditional supercomputers are in deep trouble. Old-style "big iron" remains unmatched for some tasks, but it simply can not compete with commodity hardware clusters in processing power for the money. For universities, most companies, and many governments there is simply no choice: the only way to get high-end supercomputer performance is via a cluster system.

Companies like HPTi and IBM have seen the money to be made in this area, and are pursuing it vigorously. Expect others to join them. With luck, this activity will lead to more free clustering software as well; the current state of the art is still somewhat primitive. Current clusters tend to run a relatively small number of highly specialized applications; future clusters should be easily usable in a more general way.

One step in that direction might be found in this announcement from Mission Critical Linux. They are preparing a cluster system which is aimed at the financial market. As a result, their PR talks about things like data integrity and high availability. The product will be available (as a two-node cluster) in June.

While Linux clustering still has some ground to cover, there is little doubt that it will get there; the market forces are that strong.

The CyberPatrol case. CyberPatrol is a web-filtering package sold by Microsystems Software, Inc. Included in the package is a list of sites to be blocked; this list was encrypted via a proprietary, closed-source scheme. As is often the case with such schemes, it was poorly done and easily cracked. Two hackers, Eddy L. O. Jansson and Matthew Skala, broke the scheme, and wrote a little utility that people could use to actually look at the CyberPatrol block list. A full analysis of the scheme is available; among other things, it uses an encryption key that is all of eight bits long.

People immediately had a field day, of course, playing with the list. As might be expected, many sites have been blocked for reasons that are, say, unclear. But Microsystems Software and its parent Mattel are not amused. They have hit the courts in an attempt to block the spread of the "cphack" program. Predictably once again, they have succeeded only in calling attention to cphack and spreading it all over the net. It's the DVD story all over again.

They are also sending subpoenas to sites that have put up the software, or that have even linked to it. Among other things, they want lists of everybody who might have downloaded cphack. So much for privacy; hit the wrong link and you can be reported, by court order, to a hostile corporation.

The CyberPatrol people are basing their actions on the reverse engineering clause in CyberPatrol's license. They have sold inferior software that is alleged to protect children; now they want to make it illegal to reveal just how bad that software is. The hood of this car is truly welded shut; it is against the law to look inside to see what you bought.

Companies like Mattel are making the case for free software in a way that the Free Software Foundation can only dream of. Every case like this one - and be sure that there will be more of them - drives home the point: proprietary software restricts freedom in increasingly dangerous ways. It really is a matter of basic freedom. As software plays an ever-larger role in all our lives, do we really want to trust ourselves to something we can't even look at?

(See also: the PoliTech CyberPatrol page and the OpenPGP.net censorship page).

Feature Article: MaxOS Linux. When we heard of yet another Linux distribution, MaxOS Linux, we started routine enquiries to get an idea of the purpose of the distribution and the people behind it. This feature article, MaxOS: A New Linux Distribution from the Ground Up, plumbs into those issues and more in a look at this new distribution out of the frozen north.

Netcraft: Apache now at 60%. The latest Netcraft survey is out. This one shows Apache running on just over 60% of the web for the first time; all of the other major web servers have fallen in market share.

Pre-registration for the CLIQ. Attendees for the Colorado Linux Info Quest are urged to pre-register for the conference by mail or via the secure online registration system. The latest press release anticipates an uncomfortable crowd the morning of the show. "... getting all those people registered in time to catch the keynote will be difficult, even with our automated registration system." Also, credit card payments will only be accepted for pre-registration. Check or cash will be required the day of the event.

Inside this week's Linux Weekly News:

  • Security: Process hiding in Linux 2.3.X, news, reports and updates.
  • Kernel: 2.3.99-pre surprises, who maintains the ethernet drivers?
  • Distributions: Bochs x86 freed, CLE 0.9, deepLinux, ZipSpeak, SuSE 6.4.
  • Development: NEdit 5.1 now free software, GUADEC declared a success.
  • Commerce: Caldera Systems goes public, Linux stocks go down, Asynchrony's pseudo-open source scheme.
  • Back page: Linux links and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

March 23, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Security page.


News and editorials

Process hiding in the 2.3.X kernel series? Pavel Machek posted a note to BugTraq about possible process hiding in the 2.3.X development kernel series. Pavel Kankovsky forwarded this concern to the security audit mailing list pointing out that the vulnerability had come about as a result of work done to close the kernel against pid recycling attacks.

Some background: /proc/NNN inodes in 2.3 keep a pointer to task_struct (earlier versions used a pid computed from an inode number to look up that pointer during every fs operation). This makes /proc in 2.3 resistant against pid recycling attacks because old fds would always access the original zombified task_struct (that is garbage collected when its reference count drops to zero). Unfortunately, it makes /proc vulnerable to these attacks put upside-down: because the old task_struct pointer is stored in the inode, new fds access the old process as well until the kernel gets rid of the inode but this will not happen until all old fds are closed.

This concern was originally posted to linux-kernel, but garnered no response as of yet. A bit of careful thinking will be needed to fix this problem properly without reintroducing the older vulnerability or creating yet another new one.

Obstacles to Cryptographic Code Exportation Lifting. This LinuxMall article responds to the governmental relaxation regarding cryptographic export regulations. "While encryption restriction and patent law issues are not completely resolved yet, the playing field with the rest of the world is levelling. Better still, the Open Source and Cryptographic software communities are finally seeing real progress in these areas."

Developers Blasted on Security. Rich Pethia, director of the Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburgh, blasted software developers for marketing flawed software in an address to a Congressional panel covered in this Wired news article. "Pethia did not criticize any companies by name in his prepared statement to the panel." Very tactful of him ...

Building a Robust Linux Security Solution (Network Magazine). Here's a Network Magazine article on building secure Linux systems. "If you want to grant your remote users VPN access to your Linux gateway, but you don't want to install (or maintain) IPSec software on their laptops, you are in luck: PopTop is a freely available Point-to-Point Tunneling Protocol (PPTP) server that can act as an end-point for VPN sessions from standard Windows desktops." (Thanks to Flemming S. Johansen).

Security Reports

abuse.man web manager kit. abuse.man is a perl-CGI script for managing virtual hosts. A vulnerability in abuse.man has been reported which can allow both remote and local users to execute arbitrary commands on the webserver. The manufacturers website has been notify. Disabling abuse.man or patching it to use relative links instead of absolute paths is recommended, but no patch has been provided.

FreeBSD posted advisories this week for the orville-write port, (local root compromise) and lynx, (remote execution of arbitrary code). They provide a simple workaround for the orville-write port, but recommend removing lynx from the system altogether. "The lynx software is written in a very insecure style and contains numerous potential and several proven security vulnerabilities (publicized on the BugTraq mailing list) exploitable by a malicious server."

Lynx problems were most recently discussed in the September 23rd, 1999 LWN Security Summary, at which point SuSE and Yellow Dog Linux provided updates for this program.

Exploits for the pam-0.68-7 package are being passed around for both Red Hat 6.X and Mandrake 6.X. RPMs for pam-0.68-10 have been around for two months, guys. If you have not already updated, you need to do so now. A note to people using automated tools such as autorpm for installing Red Hat updates: Red Hat has not been linking new updates into the older directories, just providing links to the latest directory in their advisory. As a result, your tools may not be picking up all the updates that they need. The updates for pam-0.68-10 and usermode-1.18 are examples of this.

The Apache project: Jakarta Tomcat. A serious bug has been reported when Tomcat and the Apache web server are used together in order to serve Java Server Pages and Java servlets. Tomcat 3.1 beta 1 has all required fixes applied.

Commercial updates. Cisco has issued an advisory concerning their Secure PIX Firewall concerning its handling of FTP server and client commands which can lead to inappropriate connections being made across the firewall. A fix has been made for its handling of FTP server commands, while the FTP client issue still being worked on. For additional information, check out the BugTraq thread on Extending the FTP "ALG" vulnerability to any FTP client. Note that other firewall products are also likely vulnerable.


The following issues have been previously discussed, but new updates have been made available for them in the past week.

mh/nmh. See discussion in the March 9th, 2000 LWN Security Summary.

mtr (multi-traceroute). See discussions in the March 16th, 2000 LWN Security Summary.

dump/restore. See discussion in the March 9th, 2000, LWN Security Summary. This is the first distribution update seen for this problem.

Overall, updates for specific Linux distributions appear to be coming more slowly, not more quickly. Of equal concern, the updates that are coming out are not getting installed (witness the pam discussion above). As a result, we are all losing ground as far as security is concerned.


Shaft DDOS tool analysis. An analysis of shaft, yet another distributed denial-of-service tool like Trinoo, TFN, Stacheldraht, and TFN2K, has been made available by Sven Dietrich at the NASA Goddard Space Flight Center and others.

Security Audit FAQ update. An updated version of the Security Audit FAQ has been released. Jeff Graham asked people to note in particular that the address for FAQ submissions has changed to lsap@demit.net.


Call-for-Papers RAID 2000. A last Call-for-Papers for the RAID 2000 conference has been issued. Deadlines start on March 31st, 2000.

Call-for-Papers ACSAC. The call-for-papers for the 16th Annual Computer Security Applications Conference (ACSAC) has been released. ACSAC will be held December 11 - 15, 2000, at the Sheraton Hotel, New Orleans, Louisiana. Deadlines for papers, panels, tutorials and case studies come up in May.

Section Editor: Liz Coolbaugh

March 23, 2000

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Miscellaneous Resources
Comp Sec News Daily
Linux Security Audit Project
Security Focus


 Main page
 Linux in the news
 Back page

See also: last week's Kernel page.

Kernel development

The current development kernel release is 2.3.99-pre2. This patch includes integration of the new netfilter code, many architecture-specific tweaks, USB updates, and a number of other small changes.

There is a 2.3.99-pre3 prepatch (a pre-prepatch?) available, in its seventh version as of this writing. The patches are actually beginning to look like something from frozen code: this one is made up mostly of a lot of little fixes. There is also a new "hotplug" master configuration option (which controls PCMCIA and other such technologies), 3Dfx Banshee/Voodoo3 frame buffer support, nVidia Riva framebuffer support, a master configuration option for WAN devices, a USB Mustek MDC800 digital camera driver, Sun 3x support, an IEEE-1394 update, a PCMCIA Xircom Tulip ethernet driver, IDE layer tweaks, and a partial merge of NFSv3 client support.

As part of the process of getting 2.4 out, Alan Cox has posted the latest 2.4 jobs list.

The current stable kernel release is still 2.2.14. The latest 2.2.15 prepatch (2.2.15pre15) was released with a comment of "Ok this should be it. I hope." We'll see.

Will 2.4.0 be a "brown paper bag" release? Here's a Technocrat posting that raises that fear. "However, major packages won't compile on it. UDF has serious bugs, causing kernel hangs. In the 2.3.99 stage, the entire filesystem directory tree and initialisation code is being heavily re-written. The kernel configuration code is being re-organised. That is NOT where a program needs to be, when it's just about to be released as a stable package."

It is true that a number of major changes have gone into the kernel in recent times. But nobody (except this LinuxGram story) thinks that the current code will be released as 2.4.0. The quality of what goes out depends very much on the current shakedown period. The more people who test out the 2.3.99-pre kernels and report on their experiences, the better the end result will be.

The addition of master configuration options for broad subsections of the kernel code is still going on, and creating a bit of confusion. 2.3.99-pre1 added the CONFIG_IDE configuration option; if this option is not set, the entire IDE subsystem is compiled out of the kernel. A number of people are evidently missing this option when upgrading, then wondering why their systems don't boot anymore. When upgrading to the 2.3.99-pre kernels, pay attention to the new options.

A new reiserfs patch is available, see the announcement for details. The reiserfs debate continues, with its proponents still hoping to get it into the 2.4 kernel. The reiserfs folks seem to be reaching some sort of understanding with the VFS people, which is a good sign. The latest issues have to do with how reiserfs interacts with NFS; evidently it should work OK for now, but planned changes in the future could change that situation.

Ethernet disconnect. Donald Becker's name is known to just about anybody who is familiar with the kernel code. He has singlehandedly written a large parcentage of the ethernet drivers in the system. Chances are that this web page came to you by way of one of his drivers. Donald's work also did a lot to get the early Beowulf clusters off the ground. It is safe to say that he is one of the founding fathers of Linux.

It is thus unfortunate to see Mr. Becker increasingly isolated from - and in conflict with - the kernel development community. The loss of an important kernel developer seems likely. This state of affairs is the result of a conflict in working styles between Donald and most of the rest of the kernel developers. It's an example of how managing open source development is not always as easy as it might seem.

Donald likes to maintain his drivers separately from the kernel. They have their own web page, mailing lists, and release cycles. Donald's drivers are explicitly portable across kernel versions, so that even very old kernels can run modern versions of the driver if need be. His preferred mode of operation would be to simply drop new versions of the drivers into the kernel occasionally as releases dictate. He is unhappy that the driver API has changed a lot (as it has), making cross-version portability difficult. He also seems disgruntled that one of his API changes got rejected in favor of a different implementation.

Linus, instead does not like this mode of operation at all. He always prefers to see small, incremental changes to code that he can understand (and modify or reject if he thinks it's right); getting a whole new driver in one chunk does not suit him. He claims that keeping the driver development separate deprives it of a whole community of testers; putting driver changes into the kernel more often will get them exercised by everybody who installs new kernels, and not just those on the driver development lists. Linus doesn't like to see drivers filled with backward-compatiblity code, and does want to see them updated quickly to new interfaces. Finally, Linus has no qualms about changing interfaces and requiring such updates - the alternative, according to him (and many others) is a kernel that slowly fills with cruft and old, broken interfaces and becomes unmaintainable.

The reason that this issue is coming to a head (again) now is that others, such as Jeff Garzik of MandrakeSoft, have essentially taken over as the maintainers of some of Donald's drivers. To some it may look like a sort of power grab. But the developers involved feel that something had to be done, since the drivers in the kernel simply were not working.

The situation almost looks like a code fork. Donald has his versions off in one corner, while the kernel code is proceeding in a different direction under new maintainers. Depending on your point of view, it could look like an unfortunate rift caused by personality and work-style differences, or like an open source project reacting to fix something that wasn't working. Either way, it is hard on some of the people involved.

The shared memory changes are still causing problems, as reported last week. The main difficulty is an interface change; before it was possible to attach to a shared memory segment that had been removed (as long as you had its ID), the new implementation does not allow this. Anybody who has actually had to work with the unpleasant SYSV shared memory interface knows how easy it is to clutter up the system with dead shm segments that persist forever; the ability to delete them up front is a nice feature.

The latest victim of this change would appear to be XFree86 4.0, which takes advantage of this feature to avoid leaving segments around in the case of an unplanned exit. The number of complaints has been such that it appears, as of this writing, that the old behavior will be restored in 2.3.99-pre3.

The mount-time ext2 block/inode checks are going away if this patch by Ted Ts'o goes in. The check is a simple integrity check performed at mount time; it's why Linux seems to take so long to mount a disk. It has been possible to override the check for years with the check=none option, but that is not the default. The thinking now is that the check serves no useful purpose - fsck does a much more thorough job. So, in the interest of faster boots and smaller kernel code, the checks look like they are on their way out.

Overcommitting of memory by the Linux kernel continues to consume massive amounts of linux-kernel bandwidth, though very few of the participants at this point are actually developers. Memory overcommitting was covered in the March 9 LWN and not much has changed since then. One exception is the creation of the strict memory project, which hopes to inspire the creation of a patch which disables memory overcommitting.

Other patches and updates released this week include:

  • modutils 2.3.10 has been released by Keith Owens.

  • SUBTERFUGUE 0.1.9 was released by Mike Coleman. It would appear that the kernel patch portion of SUBTERFUGUE is being integrated into the 2.3.99 series, so it should be a part of 2.4.

  • Jun Sun of MontaVista Software has announced the availability of a tool for the measurement of interrupt latencies.

  • iptables 1.0.0 alpha, the user space side of the new firewalling and masquerading code, has been released. There is also a new set of HOWTOs to go along with this release.

Section Editor: Jonathan Corbet

March 23, 2000

For other kernel news, see:

Other resources:


 Main page
 Linux in the news
 Back page

See also: last week's Distributions page.


Please note that security updates from the various distributions are covered in the security section.

MandrakeSoft frees the Bochs x86 emulator. MandrakeSoft, parent of the Linux-Mandrake distribution, has announced their purchase of the Bochs x86 emulator and its subsequent release under the LGPL. In addition, Kevin Lawton, lead developer for both Bochs and the Plex86 project, a free alternative to VMWare, has joined the MandrakeSoft team. He will be continuing to move forward with the development of Plex86, now with access to the code base for Bochs to speed his team's implementation. "MandrakeSoft recognizes the value brought to our Linux users, by offering them an open source way to concurrently run Windows or other PC operating systems", commented Jacques Le Marois, President of MandrakeSoft.

This is certainly a wonderful example of a commercial interest paving the way for the "Right Thing" to happen. It could also be done without money, but in this case, it will happen faster and more easily with the commercial support. In the end, we will all benefit from another free software application with extensive potential uses.

Chinese Linux Extension 0.9 released. Version 0.9 of the Chinese GNU/Linux Extension has been released. This patch brings Chinese language capabilities to much of the Linux system, including GNOME and KDE; the latest version adds a lot of stuff, see the announcement for details. (Thanks to Chih-Wei Huang).

CLE is a GPL'd project, currently optimized for Red Hat and using RPM, but with a Debian port underway. Although not a distribution in and of itself, at least not yet, CLE is included in some Chinese distributions to provide full Chinese support right out of the box.

Along that same lines, Donovan Software has announced its own 64-bit Chinese Linux Distribution, covered in this (Singapore) Business Times article. The new distribution will be called the Chinese Penguin64. A website for the distribution was not provided, though it is supposed to be available for download from http://www.penguin64.org. Although it is not specified in the article, it seems likely that the Chinese Penguin64 distribution is for the UltraSparc platform, as opposed to the Alpha platform or other 64bit systems. This is a conjecture based the information on the website.

Rick Collette starts deepLinux. Rick Collette, formerly the guy behind the SPIRO-Linux distribution, has announced the launch of his new venture, deepLinux. DeepLinux will be primarily focusing on the OEM market, but will include embedded projects involving game systems and network appliances.

ZipSpeak, a Talking Linux Distribution. ZipSpeak, an "Easy-to-Use, Talking Linux Distribution", has been announced. "ZipSpeak is a talking mini-distribution of Linux for blind and visually impaired people, based on version 7.0 of the ZipSlack distribution and version 0.08 of the Speakup screen reader. ZipSpeak is designed to be easily installed on an existing MS-DOS or Windows system, so that the user can start using a talking Linux system with a minimum of difficulty."

When The Big Boys Come To Town (MacDiscussion). Here's a MacDiscussion column about the arrival of new distributions for the PowerPC. "Both Debian Linux and SuSE Linux have in the works distributions that will run on all PCI or better powermacs and various other selected PPC machines. This is where things get interesting. You see, Linux PPC and Yellow Dog Linux are relatively new upstart companies when it comes to the Linux world, and they just do not have the corporate power and user base that both Debian and SuSE boast."

Of course, using the word "corporate power" in conjunction with the volunteer Debian project may seem a bit strange, but given that VA Linux, SGI and O'Reilly have issued joint Debian CDs, it is actually accurate. It will be interesting to see if distributions that are tied to a specific non-Intel platform will continue to thrive as the larger distributions expand their platform support. Note that they very well may continue to survive ... the availability of more manpower to support applications on their platform will help them and companies that heavily depend on a particular hardware platform may find they get better support from a company that also uses their platform exclusively.

LinuxWars: Distribution War III.2 (AboutLinux). AboutLinux has updated its Distribution War article to include Corel's distribution.

Bastille Linux

Bastille Linux update. Bastille Linux 1.0.4.pre4 has been released. This contains only minor fixes for this security hardening script for Red Hat Linux. We also noticed that we missed the opportunity to announce Spiro-Bastille, a similar script for Spiro Linux adapted from Bastille Linux.

Caldera OpenLinux

OpenLinux e-Desktop Preceeds Caldera IPO (TechWeb). According to this TechWeb article Caldera e-Desktop 2.4 is supposed to have hit the shelves yesterday. "The latest operating system product to ship from the Provo, Utah-based Linux developer packages a browser-based administration utility, office productivity applications, Internet configuration tools, MetaFrame client capabilities, and beefed-up security." (Thanks to "jhb").

Check out the Commerce Page for more coverage of the Caldera IPO.

Debian GNU/Linux

Sun donates Sparc system to Debian. The Debian Project has received a donation of an UltraSparc 60 dual-CPU system from Sun, accompanied by a large storage array.


Macmillan ships Linux-Mandrake Secure Server 7.0. Macmillan has announced that Linux-Mandrake Secure Server 7.0 is now shipping.

Red Hat Linux

Red Hat 6.2 beta (piglet). A lot of people are having fun playing around with the ISO image for the beta version of Red Hat 6.2, available from several different sites, including sunsite.unc.edu. If you decide to check it out, remember, this is beta software and definitely has bugs! You should also subscribe to the piglet mailing list to report problems and get help with this distribution. To subscribe, send an email message to "piglet-list-request@redhat.com" with the subject "Subscribe", then send your messages to "piglet-list@redhat.com".

Slackware Linux

Slackware Devel forum. Slackware has added a new forum to their website: Slackware Devel. " Drop in and give us your two cents on what you'd like to see in Slackware, see what kind of progress we're making on various projects, and generally feed us lots of input. We like input."

New -current version. Courtesy of the new developer forum, we have an announcement of another slackware-current update. "The big one this time is a glibc 2.1.3 package".

SuSE Linux

SuSE Linux 6.4 release coming early April. SuSE has announced that version 6.4 of its distribution will be released on April 3 in Germany, and "approximately two weeks later" elsewhere. SuSE claims great improvements in its YaST administration tool. 6.4 will also include XFree86 4.0 as an optional package for those who want to play with it.

Eye2Eye: Dirk Hohndel of SuSE Linux, Part II (ZDNet). ZDNet UK continues its talk with SuSE's Dirk Hohndel. "I see Windows 2000 as a big chance. If you look at the administration interface, everything changes. Many old applications don't work anymore. So, if a company is considering moving to Windows 2000, they're considering retraining their staff... moving to new applications. That is the point in time when we need to talk to them."


Not dead, just in a coma .... Matthew Franz posted a note explaining the quiet period in Trinux development and offering updated and new packages for Nmap, Ngrep, Zombie Zapper and Nstreams.


TurboLinux releases IA-64 distribution. TurboLinux announces that an early-release version of its IA-64 distribution is available for download.

TurboLinux unveils system for Intel's Itanium chip (News.com). News.com reports on TurboLinux's IA-64 distribution. "Even Microsoft is paying attention; it was one of the companies that downloaded the TurboLinux OS, said Lonn Johnston, TurboLinux vice president of corporate communications."


WinLinux 2000 ships. WinLinux 2000 is now shipping. WinLinux is a distribution which can run on top of Windows.

Section Editor: Liz Coolbaugh

March 23, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 Linux in the news
 Back page

See also: last week's Development page.

Development projects

NEdit 5.1 released under the GPL. Many people working in the scientific community are familiar with NEdit, a multi-purpose text editor for the X Window System. This editor, while freely available, was formerly tied up in a licensing arrangement that prevented Linux distributions from any desire to package it with their systems. Meanwhile, though, NEdit continued to provide intensive support for development in a wide variety of languages with a graphical interface that made it useful for just about any other task, as well. Now the red tape has been cut and NEdit can join the free software community. We haven't taken a look at it yet, but the feature set is extremely promising.

Application of the Week: vigor (Linuxcare). Linuxcare's application of the week this week is vigor. "While you try to get work done with vigor, the paperclip pops up random sayings inside dialog boxes. Of course, you can't continue editing your file until you click the 'OK' button and dismiss the dialog box. Some of my favorite random sayings are, 'Vigor: a compelling argument for pencil and paper,' 'Vigor: because hell was full,' and 'Vigor: putting new limits on productivity.'" (Thanks to author Brett Neely, who says "Sorry this article was a bit late. The paperclip kept interrupting me as I wrote the article!").


Netscape's Gecko PR. Netscape has issued a press release saying that the Gecko HTML rendering engine is being adopted by a number of companies, including IBM, Intel, Liberate, NetObjects, Nokia, Red Hat, and Sun Microsystems. "Netscape Gecko is revolutionary because it gives Web developers maximum power to create more powerful Web content and Web applications. It is open source, allowing individual developers to tailor it to their own use, and is designed to operate across multiple platforms, so that it can be deployed on the widest possible range of devices. In addition, Gecko is considerably smaller than the engines of traditional browsers. "

Simultaneously, they also announced that the beta for Netscape version 6, their new Gecko-driven Internet browser, would be made available to the public in the next 25 days.

For a reaction to the latest announcement, check out the comments on Mozillazine or this CNet article.


EduWare for KDE mailing list. A new mailing list has been started by KDE developer Uwe Thiem to allow teachers and programmers to get together and start coordinating projects aimed at education.

LinuxForKids has started a logo contest, for the artists of all ages. Entries are due by April 22nd and prizes are mentioned but not specified.

Linux Professional Institute newsletter. Here is the latest weekly newsletter from the LPI. They have some big news to report this time around: their "exam 102" is now complete, and will be available on April 17. This completes the LPI's exam development for its first level certification. They have also begun development on their second certification level.

Certification and the Linux Professional Institute (LinuxPower). LinuxPower interviews Evan Leibovitch about the Linux Professional Institute. "We can't stress enough that certification, in itself, is only one element in a person's skills assessment. No certification program takes the place of reference checking or thorough interviews. Anyone who hires/contracts someone solely based on certification, ours or anyone else's, is likely to be dissatisfied."


Open Game Source looks at Beasts. Open Game Source looks at the game 'Beasts', which is not currently under development. "Every gamer, who has been playing for a couple of years, fondly remembers some of his old games. Invariably game programmers attempt to recreate these classics. Beasts is Kevin Turner's remake of one such game. Like many older games the premise is simple yet captivating. 'Push the blocks around and squish the beasts.'"

Heavy Gear II is on the way. Loki Games is now accepting pre-orders for Heavy Gear II for Linux, their first Linux game to support 3D-Audio using OpenAL. It is expected to start shipping on March 31st, 2000. "Get ready for the ultimate in mech experiences: a thrilling combat adventure pitting robot against robot in the distant future is waiting for you. Pit squads of your best mechanized warriors against the enemy to save Terra Nova -- but sheer firepower won't be enough. Use your guile and wits to get behind enemy lines and use your resources to their fullest, before it's too late... " (Thanks to Michael Simms at TuxGames.)

Shadowbane RPG petition. Shadowbane, the first massively-multiplayer online RPG by Wolfpack Studios, is scheduled for release this summer on the Mac and PC platforms. Wolfpack Studios is apparently following the Shadowbane for Linux Petition with interest, since providing a Linux version is a possibility. If you would purchase a copy of Shadowbane for Linux, adding your name to the petition will likely help.

Beta release of the COG Engine. The first beta release of the Cycon Online Gaming Engine (COG) has been announced. "The COG (Cycon Online Gaming) Engine is an Open Source project aimed at simplifying the creation of online video games."

Hand Helds

Piloting Your Palm With Linux (Web Review). Here's a lengthy Web Review article on how to use a Palm Pilot with Linux. "Palm Pilots are not intended to be your sole computing platform, but instead are designed to be satellite devices for when you're away from your desk. And if your desk features a Linux box (or any brand of Unix, for that matter), you'll be pleased to know that the Palm Pilots are well supported on this platform."

High Availability

LinuxFailSafe Seminar. The first LinuxFailSafe seminar for the open source LinuxFailSafe High Availability project has been scheduled for March 31st, 2000, in Westminster, CO. Developers from SuSE, SGI, TurboLinux, Red Hat and Mission Critical Linux are expected to attend. Due to the timing and proximity to the Colorado Linux Info Quest (CLIQ), we are hopeful that many of them will also attend the High Availability BOF at the CLIQ the next day, Saturday, April 1st.


Samba Kernel-Cousin. The latest Samba Kernel-Cousin covers issues through March 16th.

Wine Weekly News. Well, we had problems getting through to Wine headquarters this evening, so we are linking to the Wine Kernel-Cousin instead. From what we've seen in previous weeks, the two are actually identical. So if you can't get to Wine headquarters, trying rolling over to Linuxcare and checking there instead.

Network Management

OpenNMS.org launches. The Open Network Management Software project has put out a press release announcing its existence. "In three weeks since OpenNMS.org went on-line, more than 275 contributors have joined the consortium, more than 350 people have downloaded the source code, the website has received 5,000 page hits a day..."

Of course, we first announced OpenNMS.org on March 9th, 2000.

Office Applications

HancomLinux develops Chinese word processor (Korea Herald). Here's an article in the Korea Herald about a new Chinese word processor for Linux. "HancomLinux unveiled the beta version of its "Wenjie" program yesterday for Chinese users. Its final version will be marketed from early April after completing tests with 1,000 Chinese users, the company said."

Siag Office 3.3.0. An updated version of the Siag Office Suite has been released. This GPL'd suite includes the spreadsheet Siag, the word processor PW, the animation program Egon, the text editor XedPlus, the file manager Xfiler and the previewer Gvu. The new version is minor, but we wanted to remind people of this package. If you are reviewing free software office packages, Siag should be on your list for consideration. The reports back that we've heard have been mixed, but the issues are somewhat stylistic. Siag was not designed to be a drop-in replacement for people accustomed to the style of the Microsoft or Corel offices suites, but may suit some technical users just fine.

AbiWord Weekly News (March 22nd). This week's AbiWord Weekly News reports good news for namespace support, the LaTex exporter and the Danish translation.

On the Desktop

KDE Development News (March 18th). The latest edition of the KDE Development News covers March 13th through March 18th, 2000. New KDE Icons, experimental Red Hat RPMs, a new programming book for KDE 2.X and more are covered.

More KDE news can be found in the LinuxUK Weekly KDE Roundup, by Jono. "It's good to see a non-core developer's perspective on what we are doing :)", commented Mosfet. Speaking of which, his site, http://www.mosfet.org/, has gone through a nice remodel and he welcomes comments. We like the new design, ourselves, since it makes it easier to link back to specific items that he puts together.

Gimp slides from GUADEC. Sven & Mitch have made available their slides from their Introduction to the Gimp talk at GUADEC. It includes information on upcoming Gimp 1.2 features. (From

GUADEC is over!. The GNOME Users and Developers Conference in Paris was declared much fun and a great success. Havoc Pennington covered the event in this week's Gnome Summary. It appears that a lot of important decisions were made at the event: a nine-person Gnome steering committee was appointed and a Gnome Foundation is being created. " All decisions will still be discussed on gnome-hackers or gnome-devel-list as appropriate. That is, the committee will basically just gather information and maybe come up with proposals, it won't be actually making decisions."

Also in this week's Gnome news was the issuance of the first Telsa Gwynne Bug Crusher Award to Jason Leach. "Telsa wrote in to nominate Jason Leach as the bug-fixing hero of the hour. Jason cleaned a number of pesky gnome-core and gnome-applets bugs out of bugs.gnome.org in a very short timeframe; moreover they were the kind of spit-and-polish bugs that really need to get fixed to give GNOME that finished, professional look."

Search Engines

ht://Dig update. Geoff Hutchison wrote in with another development update for the ht://Dig search engine. He reports that they're still working on squashing a few reported bugs for version 3.2.0b2, which will be coming out shortly. Recently, the subject of indexing double-byte/Unicode documents came up again. Though the main developers still have their hands full, they agree that they'd help anyone interested in working on this. A proposal will likely go up on CoSource.com in an attempt to solicit some interest. Last, a series of "architecture overview" documentation has started to help ease the learning curve for interested new developers, with about one new write-up a week. The documentation is archived at http://dev.htdig.org/internals/.


Website Development

Zope Enterprise Option to go open source. Digital Creations has announced that its Zope Enterprise Option package will be released as open source. ZEO was formerly a proprietary add-on to Zope that enables the creation of distributed servers. Thus, ZEO allows Zope-based servers to scale across both processors and continents. It's another great contribution from DC, and can only help encourage the continued success of the Zope platform.

Zope 2.1.6 released. Zope 2.1.6 has been released. It fixes a few problems created by last week's 2.1.5 release, which contained security updates. An upgrade is recommended.

Zope Weekly News. Here's this week's Zope Weekly News, by Mike Pelletier. It covers the new zope releases, and mentions the new Spanish translation of the ZWN.

Section Editor: Liz Coolbaugh

March 23, 2000

Project Links
High Availability

More Information



Development tools

The GNU Fortran 95 project. Toon Moone wrote in to point us at the GNU Fortran 95 project. These folks intend to take the successful g77 code and update it to the latest Fortran standard. They have a way to go yet, but never underestimate the determination of a Fortran programmer. There is code downloadable now, but don't expect it to gracefully handle your Fortran 95 code quite yet.


Blackdown Java3D 1.1.3 API. The Blackdown team announced the release of the Java3D 1.1.3 API (RC1) on March 10th.

The Tritonus Java Sound API. Version 0.1.90 of Tritonus, the Java Sound API implementation for Linux was release on March 18th. New features include the Java Sound API 1.0 interface, full integration of the mp3 decoder, full-duplex recording that works and lots of new MIDI features.

Javascript 1.5 Release Candidate. Javascript 1.5 has reached the release candidate stage.

Simon Phipps, IBM's XML and Java Evangelist. IBMDeveloperWorks has published an interview with Simon Phipps, proclaimed "XML and Java Evangelist" for IBM. "I'm still looking for the source of the quotation that an American president once said: "It is easiest to persuade a man of that which is obvious." We're not telling the industry to use TCP/IP, Web servers, Java, and XML. We're observing they do use these technologies, that they do fit together, and that there is one unifying philosophy underlying them: making things work in a connected world. And we're just going out and doing it."

Multi-threading in Java programs. Neel V. Kumar talks about how easy it is to develop and use threads in Java programs. "Using multiple threads in Java programs is far easier than in C or C++ because of the language-level support offered by the Java programming language."


Perl 5.6 RC3. Release Candidate 3 for Perl 5.6 has been announced. This summary describes the changes since RC2.

Perl drives the US Census Gathering. Perl News reported on the use of Perl in the US Census Bureau. "Lisa Nyman of the U.S. Census Bureau wrote in a note to the Perl advocacy list that 'The Census 2000 Internet Form is a great example of a government agency implementing essential (Constitutional even) operations with perl.'"

PerlMonth #10. The latest edition of PerlMonth is out, complete with a new column by Jeff Boes.



No Python-URL this week. Dr. Dobbs' Python-URL apparently did not make it out the door this week. To get your Python fix, step on over to Daily Python-URL. No big announcements this week, but lots of nice links to interesting discussions.


Dr. Dobbs' Tcl-URL. This week's edition of Tcl-URL promises "All the Tcl, none of the Blarney.."

First European Tcl/Tk User Meeting. The first European Tcl/Tk User Meeting will be held in Hamburg-Harburg on the 15th and 16th of June, 2000. Registration is open and a preliminary schedule is available.

Section Editor: Liz Coolbaugh

Language Links
IBM Java Zone
Perl News
Daily Python-URL

 Main page
 Linux in the news
 Back page

See also: last week's Commerce page.

Linux and business

Caldera Systems went public, after a short delay, on March 21. The stock, which was offered at $14/share began trading at $26 and closed at $29.44. It thus registered a 110% gain on its first day. This gain, of course, falls far short of those turned in by companies like Red Hat, VA Linux, and others. Some people are certainly disappointed by that. But this result should not be seen as disappointing in any way. Consider:
  • Caldera went public during a market that is hostile to technology stocks in general, and Linux stocks in particular. On the day that Caldera went out, VA Linux fell below $80 and Red Hat went below $60 - both small fractions of their peak values.

  • Caldera's IPO had been the subject of a fair amount of less-than-friendly press coverage. To say that it lacked the hype that some of its predecessors had would be an understatement.
In that context, Caldera put in a respectable performance. Interest in Linux companies, and in this company in particular, remains high enough to more than double the (already raised) initial price on the first day. Not bad.

(See also: Caldera's press release announcing the IPO).

Do depressed Linux stock values signal the end of the party? One could easily tend toward pessimism. LWN's Linux Stock Index, which peaked at over 200, is now below 120. VA Linux systems is down below a quarter of its peak value; Red Hat, Cobalt, and Andover are below half their peaks. It must be hard times in the world of Linux business.

Or maybe not. One could just as easily say that the stock values of last December were an irrational aberration and that some sort of reality is now returning to the field. Was Red Hat ever really worth almost $20 billion? The values of most Linux stocks are still high in any sort of absolute terms. If they had reached their current values from below, how many people would really be disappointed?

The return of reality can only be a good thing. Linux will not take over the world tomorrow. No one company will ever dominate the Linux market. It makes no sense to value Linux stocks so highly, and it distorts a lot of things. It attracts companies like LinuxOne. Maybe now Linux company CEO's can dream a little less about becoming instant billionaires and get on with the business of making their companies actually work.

New Linuxcare S-1 filing Linuxcare has submitted a new S-1 (IPO) filing ending a period of silence from that direction. There is little exciting to be found therein - the price range remains $11-13. The new filing does much more strongly emphasize that the director and officers will own 57.7% of the company; states that they are now approved to use the LXCR symbol; lists, among the risk factors, that the widespread use of the term "Linux" could cause confusion; removes references to agreements with Creative Computing, Informix, and Viviance; removes the staff list showing their prominent developers; and lists expiration dates for their big contracts (all in 2000).

SourceForge - with a twist? A site called Asynchrony.com has announced its existence. Asynchrony seems to think that it can harness open source style software development methodologies for proprietary projects; it seems that perhaps they do not entirely understand what makes open source work.

Asynchrony hosts development projects, much like SourceForge does. Only, in most cases, the source code is kept proprietary; only developers who have been accepted into the project have access. Each developer is assigned a number of "shares" in the project. If and when the project makes money, it gets paid back to the developers based on how many shares they have.

Marketing and sales are handled by Asynchrony. The company also, crucially, claims ownership of all code hosted on its site.

Asynchrony may well establish itself as a way to publicise and recruit developers worldwide for proprietary projects - there might just be a market there. But, despite its pretensions, it is not hosting anything that looks like an open source development process. It is simply providing outsourcing for a number of aspects of the proprietary software business. Too bad they feel the need to splash "Linux" all over their press releases.

Corel announces first quarter results. Corel has announced its first quarter results. They lost $12.4 million on $44.1 million in revenues. The announcements includes a prediction that similar losses will prevail for the next couple of quarters as well. The press conference was characterized by an almost whiny performance by CEO Michael Cowpland, who wanted to know why his company was expected to make money when all those other Linux companies, with high market capitalizations, didn't have to.

Corel has also announced that WordPerfect Office 2000 for Linux is now shipping, and will show up in stores in early April.

TurboLinux developing custom Linux for Chinese Space Agency. TurboLinux has announced that it is developing a custom version of its distribution for the China Aerospace Corporation. No word on what will make this custom version special.

Troll Tech to preview embedded Linux GUI. Troll Tech has announced the preview of a new graphical user interface development library for embedded systems. The library evidently provides the Qt interface to applications, but runs without the X window system. There is no mention of licensing in the press release.

Lineo acquires Moreton Bay. Lineo has announced that it is acquiring Moreton Bay, an Australian firm that does a lot of virtual private network work.

SGI announces digital media SDK. SGI has announced the availability of its digital media software development kit, which works with Irix and Linux both. "dmSDK provides a bridge to enable digital media developers to migrate their applications to Linux."

eSoft and Intel sign network appliance deal. eSoft has announced a deal with Intel to provide its Linux-based "redphish" software for Intel's "Entry-level Communication Applicance Reference Design" platform. Together the two will be marketing the software to OEMs as a ready-to-go system.

'Jini in a Nutshell' released. O'Reilly and Associates has announced the release of Jini in a Nutshell. They have put one chapter on the net for those who want to sample the book.

SCO announces new corporate structure. SCO has announced a corporate restructuring that will, it claims, better enable it to pursue Linux opportunities (among other things).

In a separate release, SCO also announced that its second quarter results will be "significantly lower" than expected. They blame the post-Y2K period for their problems...

Teamware Office for Linux 5.3 Edition 2. Teamware Office is a commercial product from Fujitsu that has been ported to Linux and is available on a free trial basis. Checking out the product comparison page, it has an interesting list of features, including its own web server, backup softare, billing software and more. Not all features are currently working on Linux, but if you've been stymied in your Linux transition by the absence of an equivalent for a proprietary package in these areas, you may want to take a look.

Some folks were amused by the Perl OS spoof we mentioned in the March 9 LWN. In a "truth is stranger than fiction" move, a company called Aestiva has announced a thing called "HTML/OS" - claimed to be the first operating system for the web. "Development is done with HTML, the "Hypertext Markup Language" documents which form the basis for all Web sites. This kind of focus on the Web cannot be accomplished with conventional operating systems since they are hardware-centric, not Web-centric." Upon a closer look, HTML/OS appears to not be an operating system at all, but another processing language which can be embedded into web pages. Sort of like PHP, except that the language is BASIC... But it does run under Linux.

Section Editor: Jon Corbet.

Press Releases:

    Open Souce Products:

  • Interphase has announced the availability of Linux drivers for its fibre channel adapters. An (unspecified) open source license is claimed for these drivers.

    Commercial Products for Linux:

  • Adaptec has announced that its Ultra160 SCSI controllers are supported under Linux on IA-64 systems.

  • Agate Technologies, Inc. (FREMONT, Calif.) announced it will soon be releasing its next generation new HotChip, a "hot swap" IDE Plug & Play ASIC (Application Specific Integrated Circuit) chip with software driver, to support the Linux operating system on Intel-based systems.

  • Bowstreet (San Francisco) announced the Bowstreet Business Web Factory 2.0, a B2B platform that lets companies grow their businesses on the web.

  • Digi International Inc. (MINNEAPOLIS) announced the availability of its DataFire SYNC 2000 Driver Development Kit (DDK).

  • GNUware announced the release of PackageIT! 1.0 containing the over 500 megabytes of Linux programs in RPM format for use on most any Linux machine supporting RPM.

  • I-Link, Inc. (DRAPER, Utah) announced GateLink open-API programming platform, a "pioneering step in IP Telephony communications".

  • Linux Technologies (KANSAS CITY, Kan) announced its suite of packaged open source desktop software applications. Applications are available in several categories including office, business, scientific, network, graphics, games, and multimedia.

  • Mortgage Builder Software has announced the availability of its loan origination system for Linux.

  • A company called Multiple Zones has announced the opening of its online Linux store.

  • QAD announced immediate availability of QAD MFG/PRO version 9.0 enterprise applications for Red Hat Linux 6.0.

  • WZIS Store now has WZOLE 4.0N for Linux/X86 (the N means non-commercial). WZOLE stands for Wei Zhong Oriental Language Environment, and this version is free of charge for non-commercial and personal use.

  • Zapex Technologies (MOUNTAIN VIEW, Calif.) introduced the ZL-330 Linux-based MPEG-2/Dolby encoder for satellite, video server, Digital Video Broadcast (DVB), and cable applications.

    Products Using Linux:

  • EBIZ Enterprises Inc. (SCOTTSDALE, ARIZONA--OTTAWA, ONTARIO) announced its new line of dual boot workstations based on the Corel LINUX OS and Microsoft Windows 98. When turned on, the new dual boot systems initially start in Corel LINUX OS, with a menu-driven option to work in either the Corel LINUX OS or Microsoft Windows 98 operating system.

  • EBIZ has announced a new line of server systems - with TurboLinux installed - that will be available from TheLinuxStore.com.

    Java Products:

  • Compuware Corporation (SAN JOSE, Calif.) announced the introduction of NuMega DevPartner 2.0 Java Edition.

  • Insignia Solutions (FREMONT, Calif.) announced that its has joined the Digital Video Broadcast (DVB) Project to market its accelerated Jeode platform as the premier Java solution for digital set-top box and television applications.

  • Java World (SOMERS, N.Y.) called IBM's Java Developer Kit 1.1.8 for Linux the "Best Free Product".

  • Level 8 Systems, Inc. announced Geneva Message Queuing for Java.

    Products with Linux Versions:

  • AltaVista Company (PALO ALTO, Calif.) announced the immediate availability of AltaVista Search Engine 3.0 for e-business.

  • Cohesion Systems, Inc. (WOODSIDE, Calif) announced a new product and pricing structure for their database driven design capture products for Verilog/VHDL, Analog/Full Custom IC, and PCB design environments.

  • ConnectCom Solutions, Inc. announced the shipment of its AdvanSys ASB3950U2W "two-in-one" Ultra2 Small Computer Systems Interface (SCSI) board. Drivers are available to support Linux.

  • Cycore (SAN MATEO, Calif.) announced the release of Cycore Cult3D 5.0, which delivers the ability to insert 3D graphics into any Microsoft Office or Adobe Acrobat (PDF) document.

  • Firstwave Technologies, Inc. (ATLANTA) announced support of Oracle database technology and the Linux and Unix operating systems for Firstwave eRM, a web-based suite of customer/partner relationship management applications.

  • Hewlett-Packard Company (SAN FRANCISCO) unveiled the HP Garage Program. The HP Garage Program, supports start-ups in building, running, marketing and financing their businesses.

  • ITtoolbox (PHOENIX) announced the launch of Open IT Exchange (OpenITx), a new Internet community hub that lets IT professionals collaborate with each other.

  • JNI Corporation (SAN DIEGO) announced it has started shipping the FibreStar FCE2-6410 and FCE2-6412, dual-port PCI-to-Fibre Channel host bus adapters for use in storage systems, servers and other devices.

  • JPHI America Inc. (MINNEAPOLIS) announced the launch an upgraded version of its SuiteResponse CRM (customer relationship management) solution, Service 5.01.

  • McAfee (SANTA CLARA, Calif.) announced it is shipping new versions of the McAfee VirusScan product for e-businesses and consumers.

  • Neoware Systems, Inc. (KING OF PRUSSIA, Pa.) announced that its new NeoStation 3000C and 2300 information appliances have been awarded prestigious PC Magazine Editors' Choice awards.

  • NetCentrex (SANTA CLARA, Calif.) unveiled its NetCentrex Platform, a 100% IP Telephony solution.

    Partnerships, Investments and Acquisitions:

  • Actuate Corporation announced it has acquired EnterpriseSoft, a developer of Java software products. Actuate plans to support customers and resellers developing applications based around the Java and Linux platforms.

  • Digital Island, Inc. (SAN FRANCISCO) announced that Linuxcare, Inc. uses its network services to deliver customer support to Global 1000 companies.

  • Eagle Wireless International, Inc. (LEAGUE CITY, Texas) announced the acquisition of etoolz, Inc., a San Antonio-based research and development organization specializing in the development of innovative Java and Linux-based hardware and software technologies for the communications industry.

  • Elfstone Software (ROYAL OAK, Mich.) announced a partnership with Frank Kasper and Associates, a distributor of Linux software.

  • HotDispatch.com (SAN JOSE, Calif.) launched a new online developer support service with IBM developerWorks, a fast, free online resource dedicated to developers focused on open industry standards.

  • Interphase Corporation (DALLAS) announced that LAND-5 Corporation has selected Interphase PowerSAN adapters to provide Fibre Channel SAN connectivity for networks running the Linux operating system.

  • Lineo, Inc. (LINDON, Utah) announced an agreement with Coresoft Technologies to deliver a Linux-based computer telephony solution.

  • Merlin Software Technologies Inc. (ALTAMONTE SPRINGS, FLORIDA) announced an agreement with Italsel, the leading software distributor in Italy. Italsel will distribute Merlin's PerfectBACKUP+ Linux backup and crash recovery software to its retail channel.

  • Microtest, Inc. (PHOENIX) formed a strategic alliance with the Tokyo Electro Acoustics Company (TEAC) to market a new line of network attached storage appliances. TEAC's Data Storage Product Division (DSPD), responsible for continental Europe, will embed Microtest's DiscZerver technology in its new network attached optical servers.

  • Moreton Bay LLC and Progressive Systems, Inc. announced their joint development of an embedded firewall appliance solution based on the Progressive Systems Phoenix Adaptive Firewall, which is both ICSA and Linux Labs certified, and the Moreton Bay NETtel embedded Linux Internet VPN router.

  • Pervasive Software Inc. (AUSTIN, Texas) announced that it has signed a distribution agreement with Abits Software to distribute Pervasive's Tango 2000 e-business application development software and Pervasive.SQL 2000 database in Latin America.

  • Renegade Inc. (TAMPA, Fla.) announced that it has become a Business Partner-Value-Added Reseller for Caldara Systems, Inc.

  • A company called sTupidPC has announced that it has received approval as a Red Hat reseller.

  • Worldwide Online Corp. (Toronto) announced that the company will join IBM's "Service Provider for e-business" initiative of IBM PartnerWorld, an initiative developed to enable the next generation of Service Providers.

    Linux products at work:

  • InfoExpress (Los Altos, CA) released this press release about Sybase using the InfoExpress VTCP/Secure virtual private network (VPN) solution which runs on Red Hat Linux 5.2.

  • HostPro (NAMPA, Idaho) announced it is using the Cobalt RaQ 3 server appliance to provide web hosting.

  • Neal Nelson & Associates reported that Alcatel used its Linux-based test bed to put all of Alcatel's products through high stress, real-life testing in a controlled lab environment.

  • Unify Corporation (SAN JOSE, Calif) and Honeywell Security Products announced that Honeywell Security Products NexSentry StarGaze received an award. NexSentry StarGaze is a next-generation security management system developed using Unify's application development environment for Linux.


  • 1mage Software, Inc. (ENGLEWOOD, Colo.) announced the appointment of James J. Capeless to its Board of Directors.

  • Integrated Software & Devices Corporation (SAN JOSE, Calif.) a provider of embedded Linux, Royal Linux and VxWorks software solutions, announced that Art Swift has joined the company as its president and chief operating officer.

  • nStor Technologies (SAN DIEGO) announced the appointment of Jonathan Ash as Vice President Marketing.

  • OMNIS Technology Corporation (SAN CARLOS, Calif) announced that Bryce J. Burns, an experienced software operations executive, has joined its board of directors. Mr. Burns currently heads the Business Planning and Release Management Group of Novell, Inc. Previously, Burns served as executive vice president and chief operating officer of Caldera Systems, Inc.

  • Piranha, Inc. (DALLAS) announced two appointments to Piranha's Board of Directors and the assignment of Nathan McClintock as President of Piranha's wholly owned subsidiary Zideo.com. Piranha, Inc. is a digital workflow technology company providing data compression technology, created on the Linux operating system.


  • Andover.Net (ACTON, Mass.) announced its network of sites now has more than 3,000,000 unique visitors and over 60,000,000 page impressions on a monthly basis.

  • Arkeia Software (CARLSBAD, Calif.) announced that it has expanded its reseller network to now include online software vendors specializing in the Linux operating system.

  • Gannett Media Technologies International (Cincinnati) a systems integrator and software developer serving the printing and publishing industry, announced the completion of 19 Linux-based Digital Collections DC3 L-Systems.

  • The Linux Business Expo has put out this press release talking about the companies that will be exhibiting at the conference in April.

  • Maximum Linux has put out this silly press release drawing attention to its April 11 launch date.

  • Navarre has announced that it distributed 33% of all Linux software sold in the second half of 1999.

  • Netgem (NEUILLY-SUR-SEINE, France) announced new records in revenues for its second year of commercial operations. Netgem's technology operates on a Linux-based open software platform and a thin-client access device.

  • Sair Linux & GNU released this newsletter which recaps several of their more recent press releases.

  • SmartForce has announced a series of Linux training courses aimed at Linux Professional Institute and RHCE certification.

Section Editor: Rebecca Sobol.

March 23, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Linux in the news page.

Linux in the news

Recommending Reading

LinuxPlanet ran this review of Napster clients for Linux. It's a good discussion of why more openness would be good for the music industry in general. "...without bootlegs, the Grateful Deal and Phish would be playing the blues in some dumpy bar in South San Francisco. Indeed, with the band's official support of sharing performances, it could be argued that the real source of everything Open Source is the Grateful Dead."

The Atlantic writes about software quality or the lack thereof. "The current version of GNU Emacs, version 20.5, comes with many, many additional features -- you can more or less run your computer with it. But -- this is a key point -- you can remove the bells and whistles without breaking the program. By contrast, Microsoft's purpose in expanding Windows is to clamp the new pieces and the old into a seamless whole. Indeed, an important issue in the Microsoft antitrust trial is whether Internet Explorer can be extracted from Windows without crippling the rest of the operating system" (Thanks to Phil Austin).

The American Prospect has run a special issue with several articles on open source. These include Storming the gates by Nathan Newman and Innovation, Regulation, and the Internet by Lawrence Lessig. "The law in open code means that no actor can gain ultimate control over open-source code. Even the kings can't get ultimate control over the code. For example, if Linus Torvalds, father of the Linux kernel, tried to steer GNU/Linux in a way that others in the community rejected, then others in the community could always have removed the offending part and gone on in a different way. This threat constrains the kings; they can only lead where they know the people will follow."


Here's USA Today's take on the Caldera IPO. "Industry watchers say that while the market for Linux is still strong, the field is getting crowded, and most Linux companies are unprofitable and have meager revenues. Investors are growing cautious about the prospects for companies that sell what is essentially a free operating system."

News.com looks at Caldera's IPO. "Despite the performance differences, Caldera plans to follow in the footsteps of other publicly traded Linux companies that have used their high stock valuations to acquire other firms in an effort to expand as quickly as possible..."

Here's another News.com take. "While those prices represent an 80 plus percent increase, the company's share price has yet to jump in initial trading like shares of rival Red Hat, the first Linux seller to go public, or fellow Linux companies Cobalt Networks, Andover.Net and VA Linux Systems. Whether or not this means the investor momentum behind Linux is fading, there likely will be a great deal of speculation and analysis over the stock's performance today."

ZDNet chimed in with this article about the delay in Caldera's IPO. "The raised range of Caldera's five million shares signals strong demand for the offering, which may enjoy the Linux euphoria that vaulted Red Hat (Nasdaq: RHAT) and VA Linux (Nasdaq: LNUX) shares."

Here's an Upside column which is skeptical about many current IPOs, and Caldera in particular. "Caldera could have a great future eventually, once it proves itself. Right now, I don't think Caldera is ripe for an IPO. It was really formed in its current state in late 1998 and still has not finished building its management team. If it didn't have the Linux buzzword behind it, I sincerely doubt it would be going public now."

News.com reports on Caldera's IPO process. "That schedule means the IPO likely will take place the same day Caldera releases a new version of its desktop edition of Linux, called eDesktop. The version is part of a two-tier strategy Caldera is taking with its software, aiming one version at servers and one at client computers."

Here's the Deseret News' take on the Caldera Systems IPO. "David Menlow, president of IPOfinancial.com, an IPO newsletter for individual investors, said Caldera is 'at the upper end of the stocks we expect to do well at the beginning.' But, industry insiders agree Caldera will have to do more than make a good first impression."

ZDNet UK sneers at the Caldera Systems IPO. "Put simply, there's nothing terribly distinguishing about Caldera, which is why we're in for a potential so-so IPO. VA Linux and Red Hat have gobbled up much of the mind share, and there may not be room for many more players. Caldera said growing a brand is one of its biggest priorities. And it will need a strong brand to rise above the noise."


Upside takes a look at MandrakeSoft. "MandrakeSoft, the company Duval, Lemarois and a few other inside developers built up to take advantage of this phenomenon, has followed a similar trajectory, adding 50 employees in the less than a year. If anything, the company's quick ascent is a sobering indication that the Linux operating system market may be the easiest online marketplace to crash since amateur pornography."

LinuxMall.com looks at the new BSDi. "While highly complimentary, [BSDI marketing director] Rose takes a more challenging tone; he hopes to see BSDI supplant Linux as an operating system by 2001. He gave away no plans to 'steal' people from Linux and acknowledged that many developers write code for both. Instead, he wants to present a 'more compelling case' than Linux in terms of higher visibility, technical support and better services."


Here's News.com's take on the Los Lobos cluster. "Though UNM and its partners in the National Computational Science Alliance intend to use LosLobos for scientific purposes, IBM has its own, more commercial agenda. It believes LosLobos will help researchers adapt this 'cluster' approach to running IBM software for business tasks such as email, database hosting, instant messaging or e-commerce..."

News.com looks at the Netpliance Linux hack. "Netpliance didn't appear to be too worried about the hacks, either. Instead, they're thinking about tapping into the kind of engineering expertise that's hard to hire at start-up companies. 'We are interested in putting together a program to collaborate with the Linux community that essentially harnesses their knowledge,' said Munira Fareed, a spokeswoman for the company."

Here's an article on LinuxMall.com looking at a new Internet TV product. "This year, the Irish can witness every minute of the fashion atrocities Americans commit in their name, thanks to a company based in France called NetGem. NetGem uses a Linux-based open software platform and a thin-client access device to bring the Internet, email, and all the news fit to post to Irish consumers through a box they already have in their homes--the television."

The Ottawa Citizen looks at Corel's latest results. "[Corel CEO Michael Cowpland] urged analysts and shareholders to be patient while waiting for revenues from new Linux-based products, though he admitted the timing 'is not easy to nail.' 'It's not really affecting the values of all the other companies in Linux so I don't see why we should be the only company that has to be currently profitable when none of the others are.'"

News.com looks at VA's latest acquisitions. "VA Linux plans more acquisitions to bolster its Linux computer line, its services and its programming talent, [CEO Larry] Augustin said. Linuxcare, a seller of technical support and consulting services for Linux planning an initial public offering next week, would make sense as an acquisition, but 'I don't think we've had any detailed discussions,' Augustin said."

Here's a TechWeb article about Linux in electronic business applications. "In a CRN survey of 200 solution providers, 49 percent said they will be deploying more e-business solutions on the Linux platform. Forty-one percent said their Linux deployments will stay the same, 8 percent said they were not sure and 2 percent said they expect to deploy fewer e-business solutions on Linux."

For those who haven't already seen it, here's the New York Times article about IBM and Linux. "Yet IBM's strategy can succeed only if Linux, which is distributed free, does become a genuine alternative to Windows or Solaris, thereby putting real pressure on their prices. And Linux has a long way to go.... Even IBM, which plans eventually to use Linux as its unifying Unix platform (shelving AIX), says Linux's true ascendance may not come for five years or so -- until Linux is built up to become more powerful and reliable." (The New York Times is a registration-required site). (Thanks to Marty Leisner).

This osOpinion column sees some potential pitfalls ahead for Linux. "In the United States, a manufacturer of a product ultimately assumes liability for the product that it sells. But in the case of GPL'ed software, no one can be held accountable for the case in which the use of the software results in the loss of life or damage to property or goods. A court might well decide that the use of Open Source software is illegal in the U.S. since no one can be held accountable."

The geeks are taking over, according to this Andover.Net column. "Money begets power and power begets money...and money begets money and power...well, you get the idea. But what of character? Geeks have always been outcasts, tormented, approached with everything from disdain, to fear, to indifference, to not approached at all. Now, suddenly, praise and power fills the void forever left by a lack of nurturing." (Thanks to Cesar A. K. Grossmann).

The Electronic Frontier Foundation has issued an alert for further comments on the Digital Millenium Copyright Act (DMCA). "The US Copyright Office in the Library of Congress has the job of ensuring that implementation of the DMCA does not negatively impact legitimate activities that should remain exempt from DMCA's prohibition on 'circumvention of technological measures that control access to copyrighted works.' The Copyright Office is asking for public comments on its proposed rules and, in this instance, for 'reply comments' on previous comments submitted in an earlier round of testimony." The comment deadline is March 31, 2000. Check it out and help if you can. (found on Slashdot)

AboutLinux did a followup on Microsoft's "seeUthere case study", which profiled a company that had a hard time with Linux. "While I am certain that they had reasons for the design decisions they made, I believe the major portion of their delays would have been eliminated by a different choice of tools, and were not per se a result of choosing Linux; but more due to design and implementation decisions."

ZDNet UK suggests that Microsoft may start giving away Windows CE given all the pressure they are feeling from Linux in the embedded arena. "Microsoft needs to tread cautiously, however. If the company were to claim that making Windows CE available to embedded licensees for free is equivalent to making it open source, then it would incur the wrath of open source advocates. Microsoft rival Sun Microsystems found this out the hard way when it initially attempted to equate its Sun Community Source Licence with the GNU public licence."

As quoted in Wide Open News: in an answer to a question from the audience at Esther Dyson's PC Forum, Steve Ballmer managed a little praise for Linux. "Without elaboration, Ballmer said Microsoft sees Linux as a serious competitor. 'We'll meet in the marketplace,' he said. 'And that will be a better thing for both us and for the Linux community.'"

Here's an article (in German) in MSNBC.de about the German Koordinierungs-und Beratungsstelle fur Informationstechnik, a governmental advisory panel, which has recommended the use of Linux in the German government. English text is available via Babelfish. (Thanks to Berthold Seidel).

Here's a Wired News article about AOL's shutdown of the "Gnutella" project's web site. "After installing the program, users would connect to other 'servant' computers, creating a chain of participating users. This architecture would allow for one-to-one or many-to-many connections, and makes it difficult for administrators to block the software, which occurred recently with Napster on college campuses."


Here's an article on the LinuxMall.com site about the use of Linux in the Beacon School in New York. "There are still other benefits to using an Open Source program. [Beacon School admin Chris] Lehmann says the kids at Beacon learn much more from Linux than computer programming. The Open Source philosophy seems to be contagious."

Doug Loss and Pete St. Onge of SEUL talk about using Linux in education in this Freshmeat editorial. " One of our big dreams is that LUGs around the world will create educational outreach programs where they adopt local schools or school districts and provide the maintenance and support the schools will need. This would be beneficial to the LUGs too, of course, since they'd be creating enthusiastic new users by making Linux work smoothly for the schools. A local LUG/school relationship could make for both stronger LUGs and stronger schools, besides making Linux advocacy easier."

This week's Linuxcare "Dear Lina" column is about automatically starting up programs at boot or login time. "Debian calls the ~/.xsession file when startx, xinit, or xdm is launched, so you can have a consistent X environment. Kudos to the Debian folks for this one!"

LinuxMall.com has put up this article on getting a Linux-related job. "Don't expect to get a job using Linux in a bank, a manufacturing company, or a major retail chain. While you might get lucky, the market isn't quite there yet."


Jesse "I always said Linux would be successful" Berst now talks about the skeleton in the Linux closet. He raises the fragmentation attack again, and talks about declining stock values as well. "Now come rumblings that Linux may not be able to sustain that momentum. That it may become another niche OS like Unix, from which it is derived. Incompatible versions -- or forking -- may jeopardize its standing in the IT community. Wall Street is already retreating."

Here's one of those Linux will fragment articles; this one is by ZDNet's Charles Babcock. "Linux advocates, such as evangelist Chris Dibona at VA Linux, and some analysts, say these doubts are unfounded. There are hidden disciplines working beneath the sometimes anarchic surface of the open source code movement to keep Linux from forming competing branches."


LinuxPlanet reviews ThinkFree Office. "ThinkFree's service premise is simple: give users free software that runs on any platform and provide free Internet-based storage. Now a user can run the application on almost any PC and files can be stored and downloaded from the Internet. This means that users of any operating system--including Linux, which is explicitly supported by ThinkFree--can access office applications remotely without having anything installed locally." (Thanks to R. McGuinness).

A potential poetic epitaph for our current age? Thomas Scoville presents a poem, "Howl.com". "I saw the best minds of my occupation destroyed by venture capital, burned-out, paranoid, postal, dragging themselves through the Cappuccino streets of Palo Alto at Dawn looking for an equity-sharing, stock option fix ..." (Found through EGR.)

Silicon.com has found some "experts" to say that Linux is not secure. "Clive Longbottom, strategy analyst at Strategy Partners, agreed with his analysis, saying the problems are preventing its adoption in secure areas. He said: 'Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available.' He added that the issue could lead to proprietary versions of Linux being developed."

Section Editor: Rebecca Sobol

March 23, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Announcements page.



LinuxLinks.com has announced the launch of its "Linux Reviews" page, which provides reviews of Linux software packages.

LinuxMonth has posted a pair of brief articles on adding shortcuts to your desktop and more ways to add shortcuts to your desktop. They also have an article about the Red Hat Package Manager (RPM).

Linuxvision.com presented SHEBA, "The Complete Arabic/English Enterprise Global Web Solution" on a Linux server.


Donnie Barnes has posted the story of Linux Expo on the web. It covers the history of the event, and why it isn't happening this year. "So, it needs to have its name changed and be moved. Some say that there are also too many technical conferences like this per year and that situation isn't good for Linux. All of a sudden it does start to sound like it shouldn't really happen, at least not this year."

The real news is at the end of the document: Linux Expo is merging with the Atlanta Linux Showcase.

The Extreme Linux Workshop will be held as part of the Atlanta Linux Showcase next October. A reminder call for papers has gone out; there is now less than a month before the April 17 deadline.

Web sites

Linux Valley launched an updated Italian Linux Portal at LinuxValley.it.

EBIZ Enterprises Inc. announced the addition of the "LinuxWired Classifieds" service for www.LinuxWired.net.

User Group News

The Central Ohio Linux Users Group (COLUG) will meet on Wednesday, Mar 29th. In this meeting Paul Hostetler continues the RPM March Madness.

March 23, 2000



Software Announcements


Package Version Description
<bigwig> 1.2 High-level programming language for developing interactive Web services.
abcde 1.0.5 A better CD encoder.
ac3dec 0.6.0 A free Dolby Digital (AC-3) decoder for unix
ACE 5.1 Object-oriented C++ class library and framework
afbackup 3.2.4 Client-server backup system
Algae 0.2.1 A C++ matrix math library.
ampd 2.0a A MP3 playlist daemon.
analog 4.04 WWW logfile analysis program
AniTMT 0.02 A flexible application to create films.
AOLserver 3.0rc1 A multithreaded, Tcl-enabled, dynamic Web server.
Apache Jetspeed 1.0 An OpenSource GroupWare/Portal
apachedb 0.10 Logs Apache transfers into a mysql database.
APSEND 1.53 TCP/IP packet sender
apsfilter 5.2.0 Intelligent line printer input filter
arla 0.32 A free AFS client and server for Linux, *BSD and others.
Artix Freebies 1.0 A collection of console tools for working with images/graphics.
Astroconst 2.0 Astrophysical constants header files.
aumix 2.3 Color text mode sound mixer with GPM support
BAIM 0.6a A BitchX AOL Instant Messenger plugin/module.
Bash 2.04 sh-compatible command language interpreter
BASHISH SR1.1 A modular Bourne-shell theme engine.
Bastille Linux 1.0.4.pre4 A comprehensive hardening program for Redhat Linux 6.0.
bdist 0.9.3 Build distribution file containing all relevant files in a programming project
BibleTime 0.23 A bible study program for KDE
BLT 2.4p A 2D plotting extension to TCL/Tk.
Bluetail Web Prioritizer 1.0.1 Policy based user prioritizing Web proxy
bonnie++ 0.99j Hard drive/filesystem benchmark program.
BRU [tm] Backup & Restore Utility 16.0 A backup solution for Linux and UNIX.
Bug Squish 0.0.0 Squish bugs before they suck all the blood out of your arm.
BW whois 2.3 A whois in perl that works with the newly mangled whois system as of 1 Dec 1999.
CCView 0.2.1 C++ project and class viewer
cdb 0.75 A package for creating and reading constant databases.
cddump 0.2 A CD-R and CD-RW backup utility similar to dump/ufsdump.
cdrecord 1.8.1a03 Allows the creation of both audio and data CDs
CD_Aud 1.00 A CD-ROM audio-playing class for C++.
cgilib++ 0.1.0 A CGI library for C++.
checkout 1.0 Allows checking in/out from your desk with a reason.
ClanMecha 0.1.1 A 2D multi-player mecha-genre platform game using ClanLib.
class.DBI 0.3.1 A PHP DBI class.
Classifieds 0.1b A simple Perl CGI implementation of online classifieds.
Cmp3 2.0-pre5 Console frontend to mpg123. Easy interface, playlists, background mode.
code2html 0.8.9 Converts a program's source code to syntax highlighted HTML
CodeCommander 0.3.25 Multi language programming IDE.
cog 0.06 A themeable and modularized homepage for an intranet.
Comanche 2.0b2 Multiplatform configuration manager for the Apache web server
Common C++ 0.9.2 A portable environment for C++ threads, sockets, etc.
Continuous Mode for XEmacs/Emacs 0.3 An (X)Emacs minor mode for the Continnuous Change Management system.
CoreLinux++ 0.4.12 A set of C++ class libraries to support common patterns in software development.
Corewars 0.9.7 A simulation game.
Coyote Linux 031300-SNAP A single-floppy distribution for sharing an Internet connection.
CPC4X 0.20b Amstrad/Schneider CPC 464/664/6128 Emulator
CrossWords For Linux 0.0.5 Games in Javascript for learning concepts and definitions.
CRU[tm] Crash Recovery Utility 2.1.8 An automated crash recovery utility.
Crypto++ 3.2 C++ Crypto Library
cstream 2.0 dd(1)-like tool, precise bandwidth limiting/reporting, fifo support
ctheme 0.8.4 A console palette tool for themes and effects.
ctm.pl 0.12b Type map generator for Apache 1.3.x mod_negotiation
curl 6.5.2 Command line tool for getting data from a URL
cursel 0.0.2 An interpreter for a character GUI.
Curses::Widgets 1.2 Widgets for Curses and Perl
cwmtx 0.1.1 C++ Library for matrix, vector and quaternion math
Dac2mp3 0.03 CD ripper and mp3 encoder.
DBOX 2.02 BBS package, email server.
DeCSS 0.06 A script to remove Cascading Stylesheets (CSS) from HTML pages.
DejaSearch 1.8.5 DejaSearch is a frontend to DejaNews, the leading Usenet archive
Denemo 0.5.0 A GTK+ musical score editor.
Distmp3 0.1.6 Distributed mp3compressing
divine 0.7.2 automatic IP configuration detection for laptops
Download Area 2.2 Pack of CGI scripts that makes specific
dwun 0.7e Controls PPP link by client requests for connection
Easysoft SQLEngine Provides heterogeneous access to multiple local and remote data sources.
ECLiPt SSH Shell 0.9 Simple graphical SSH frontend.
eLauncher 0.1 Emulator front-end for multiple emulators.
ELOFW 1.1.1 An easy firewall, transparent proxy, and masquerade configuration script.
envelope 0.60 Envelope Printer
etherape 0.3.1 etherman cloneto graph net activity in real time.
Etherboot 4.5.5 Source code for making TCP/IP boot ROMs to boot Linux and other OSes
Expresso Framework 1.03 A library of extensible Java components for building Web applications.
ez-ipupdate 2.2.1 utility for updating the dynamic DNS service offered at http://www.ez-ip.net
ezweb 1.5 A Web interface for administering ezmlm mailing lists.
Face Designer 0.11 A Java 1.2 app to eaily choose Emacs font-lock attributes.
FACHODA Complex demo.alpha Fast air combat simulator
FDNS 0.1 Small utility to fix annoying delays when you can't reach your DNS.
feh 0.7.0 Fast image viewer / indexer / montager which uses imlib2.
Fentun 1 Tool for extracting winmail.dat.
ferit 0.0.3-000320 Simple web spider library and client
File Check Daemon 0.9 Checks for new files and moves them once they are stable.
Filesystems HOWTO 0.7.4 HOWTO about filesystems and accessing filesystems from several OSes.
FilterProxy 0.10 A filtering proxy server.
FIPRA 0.65c A system to log high loads of network traffic at the IP level.
FlashCount 2.0 A phone cost counter.
for2html 1.3 A FORTRAN-to-HTML translator and cross-references generator.
freq 1.0.0 A lastlog analyzer.
FriBidi 0.1.9 A free implementation of the Unicode Bidi algorithm.
Frost 0.5.0 C++ multi-method support.
Fusion GS 1.33 Telnet BBS-like system.
fwdengine 0.1-alpha A transparent packet forwarder.
FXPy 0.99.118 Python interface to the FOX GUI library
gaim 0.9.11 GTK based AOL Instant Messenger
Galway 0.41 Guile-gtk HTML Editor
Gameboy Development Kit 2.92 Development kit and C compiler for the Nintendo Gameboy
gASQL 0.5.2 A frontend to administer a Postgres database.
gbrctl 0.0beta A GNOME Bridge Configuration utility.
gd 1.8.1 A library used to create PNG images
GDancer 0.2.0 A dancing Space Ghost XMMS plugin.
gen3img 0.2 Generates three different sizes/qualities for images.
Generic NQS 3.0.9 The Leading OpenSource Batch Processing System For UNIX
GeneWeb 3.03 A genealogy program with a Web interface.
gentoo 0.11.13 Two-pane filemanager using GTK+, 100% GUI configurable
get-pictures .7 A script that uses gphoto to grab images off of a digital camera.
getmail 1.08 A fetchmail replacement with reliable Maildir or mbox delivery, in Python.
getpg / UW-IMAP 0.56 A patch for UW-IMAP to authenticate users against a PostgreSQL database.
gfontview 0.3.4 Font Viewer
Ghetto Edit 0.1 A ghetto map editor for use with the TileLib game library.
Gifsicle 1.17 Command-line tool for creating, editing, and optimizing GIFs and animations
gimp-print 3.1.2 Print plug-in for the GIMP and GhostScript driver for Epson printers.
GLAME 0.1.30 A generic and easily extensible audio processing tool and sound editor.
Glide Voodoo3/Banshee drivers for XFree86 3.3.x 2.60-16 Glide 2.x/3.x Voodoo3/Banshee drivers for X-Free 3.3.x
GMonsters 0.0.3 A little monster-breeding game for GNOME.
GnomeTV 0.1 TV & Teletext viewer for GNOME.
Gnospam 0.0.1 A GNOME frontend for Slaktool.
GNU parted 1.1.3-pre1 A partition editor, for creating, destroying, resizing and copying partitions.
Go 1.0 A system for rendering graphics with Java and C++.
GotMail 0.1 A Perl script to fetch mail from a HotMail account.
GPM 1.19.0 A mouse server for the console and xterm.
gptf 0.1.1 A GNOME frontend to Ping, Traceroute, and Finger.
grdb 0.0.3 Applies gtk theme colors to Xt/Motif/Tk apps
gred 0.6.2 A small, easy to use terminal-based text editor for Unix.
Groovy Java Database 0.1.2 A Java object-oriented database
Gsysboard 20000316 GTK+ application which show informations in real time about the system.
GTK+XFce 3.3.2 Easy-to-use and easy-to-configure environment for X11
GtkFortune 0.32 GTK+ Based frontend to Fortune
GTKML A proposed XML markup language for describing GTK user interfaces
gtraffic 0.12 A sliding block puzzle for GNOME
Gutenbook 0.1.9 The original Perl/GTK+ application for reading Project Gutenberg Etexts.
gxhost 0.8.0 GTK xhost interface
Half-life Admin MOD 0.78 A plugin mod to Half-Life.
Half-life Server for Linux Half-life Dedicated Server for Linux
hash127 0.70 A library for fast, secure secret-key message authentication.
HeadSlasher 1.1.1 GTK Slashdot headlines reader
HHexen 1.3 A hacked version of linux Hexen
hOpla 1.0.1 A link beetween XML savefiles and postgreSQL databases.
HtmlHeadLine.sh 0.7 Script that automatically fetches news headlines.
htsserver 0.5.7 Server application of the multiplayer trading game Holsham Traders
Hu-Go! 1.2 A PC engine emulator.
ICRADIUS 0.13 Powerful cross platform radius server
ics.el 0.4.0 Emacs mode for internet chess server interactions
IDS 0.2 CGI that produces image galleries on-the-fly.
Infinity Exploit Scanner 3.11 Beta A CGI script for remote exploit scanning.
Infinity Port Scanner 2.0 Beta A CGI script for remote port scanning.
IP Filter 3.3.12 TCP/IP packet filter
IPAD 0.12.00 Intelligent vector drawing package
ipcalc 0.14 Tool for calculating simple network parameters.
iptables 1.0.0alpha A Linux kernel packet control tool.
IRMP3 0.4.2 Multimedia Audio (mp3) Jukebox; optional IR remote control, LCDisplay, keypad
iVote 0.2 A Web-based visual poll/image voting system.
J.O.O.D.A. 0.3.15.H2O3 Java-IDE with nice features
JavaCore 0.0.1 A core dump facility for 100% Java applications.
JavaHelp 1.0 A script for fast searching among heaps of javadocs.
jCIFS 0.1 Implementation of SMB/CIFS in Java
jClimber's Diary 0.8 A Java app for storing climbing routes.
JDxpc 0.0.2 dxpc, written in pure Java.
Jellybean 0.04 A Perl Object Web server.
joyd 0.0.5 Execute programs via joystick.
jProc 0.0.3 CGI and a Java applet that present some of /proc data in an HTML interface.
Jungle Monkey 0.1.1 A distributed file-sharing program.
kaw_pop_applet 0.30 Notifies you when new mail has arrived at a POP account.
kcd 4.16.1 Directory change utility.
KDist 0.1 Keep multiple copies of your data files on separate hosts.
Kgutenbook 0.5.5 KDE port of the perl app gutenbook, to download, and read etexts from Gutenburg
KImap 0.1.3 An IMAP email client for KDE.
Kiosk 0.90 A WWW Based MySQL database manager
KIsdnmon 0.3 Monitoring tool for ISDN users.
knc 0.5 A KDE based filemanger
Kpp 1.16d An RPM SPEC file utility.
KRunning 0.3.2 A database manager for your private running events
Ksetiwatch 0.4.1 SETI@home monitor and work unit manager
KSI Scheme 3.2.1 An implementation of the Scheme programming language
KTamaga 0.6.2 The KDE-Tamagotchi-emulator
LANdb 0.90.2 Your entire network in a Web-based database application.
latd 0.0.2 A LAT terminal server daemon.
LDAP Explorer 1.13 PHP3 Application
leafwa 0.2.0 Web-based administration for Leafnode
libjsw 1.1 A UNIX joystick wrapper library and calibrator.
libnatl 0.0.2 A network audio tuning language (NATL) parser.
LibPenguinPlay 0.1.1 A game utility library.
libpng 1.0.6
libradio 0.3.5 A simple, easy to use C library to control FM Tuner cards
librhttpr 0.5.5 HTTP request library
libshout 1.0.1 A library for streaming to icecast.
libshout-perl 0.96 A Perl interface to libshout.
libslaktool 0.0.1 A Slackware package library.
Linuxconf 1.17r7 Sophisticated administrative tool
LinuxTaRT 3.00 Feature-rich email signature generator
Liquid War 5.3.0 An original multiplayer game; your goal is to eat the other player's fighters.
Literate Perl 0.001 Literate Programming for Perl
lojteng 1 A Lojban ASCII-to-Tengwar converter.
LoserJabber 0.1 livejournal.com online journal client.
LxA 0.0.7 Linux appliance construction set.
LxDoom 1.4.3 Enhanced Linux port of the classic fps Doom
Lynx 2.8.3dev22 Fully-featured, text-based World Wide Web browser.
MadHouse Forum Manager 1.08.0 A flexible forum manager.
magic VLSI layout magic 6.5.2 VLSI layout utility
maildir-bulletin 0.61 A bulletin delivery/undelivery for Maildir format message store.
MAMECAT 0.39 A MAME emulator front-end.
MDB Tools 0.1 Tools for reading Microsoft Access MDB files
meminfo 2000.03.16 report memory and swap information
MemoPanel 2.2 A tiny memo applet on the GNOME panel.
MetaKit 2.01 Structured storage database library in C++, with Tcl and Python interfaces
Metronome 0.1.0 A midi-based metronome in GTK+.
mifluz 0.14.0 Full text indexing C++ library
MIT Scheme 7.5.5 A programming environment for Scheme.
mMosaic 3.4.14 Web browser for X11
modutils 2.3.10 Linux module utilities
mod_auth_nds 0.4 NDS authentication module for Apache
mod_extract_forwarded 1.0 Extract and process the X-Forwarded-For header.
mod_layout 1.2 Layout module for Apache.
mondo rescue 0.88-devel-0320 Generates bootable rescue CD ISOs.
moodss 8.13 Modular Object Oriented Dynamic SpreadSheet
Morphon XMLEditor 1.0 beta 5 Editor for XML files
moRT 20000319 tail for XWindow
Mount Linux Olympus 0.1 An advanced graphical administration system.
MP3c 0.25 Audio-CD to MP3-Converter, with use of CDDB. Included GUI and cmdline-support
MP3html 1.3.7 Make configurable listings of MP3s based on their ID3v1 tags
Mp3toHtml 0.1.3a Indexes MP3s into linked HTML-pages.
MP3VoiceControl 0.1.0-BETA voice-controlled MP3 jukebox
mpatrol 1.1.2 A library for controlling and tracing dynamic memory allocations.
mrtg-ntap-probe 0.3.1 A Probe for Network Appliance NetCache server and Network Appliance Filer
mscompress 0.2 A (de)compression utility for files compressed by Microsoft compress.exe.
MTXL 1.4.8 A media changer control program for SCSI tape changers, jukeboxes, etc.
MUDix 2.3 Mud client.
muh 2.05c Full-featured IRC bouncing tool
myPHPCalendar 03152000 Build 2 A Web-based PHP calendar.
MySQL 3.23.13a SQL (Structured Query Language) database server
MyThreads-Links v0.5.6 Yahoo like links manager writen in PHP/MySQL
nail 9.0 A MIME-capable version of the Berkeley Mail user agent.
NCPweb 0.1.1 Web-based frontend to the ncpfs utilities for Linux
NEdit 5.1 Advanced multi-language programmers' text editor.
Nessus 0.99.8 A free, open-sourced and easy-to-use security auditing tool
NetPBM 8.2 The classic image manipulation/conversion utils
NFC Chat 0.9.3 Extensible client/server chat program written in Java.
nhtsclient 0.5 An ncurses-based client for the multiplayer trading game Holsham Traders.
NOCOL 4.3 System and network monitoring software
noflushd 1.8.3 Daemon that sends idle disks to sleep (for kernels 2.2.11+)
nss_ldap 106 LDAP Nameservice Switch Module
Nucleus XFonts 0.70 A fixed width font package for X
OBAS 0.93c Web-based bibliography maintainer
Obsequieuem 0.3.0-pre1 Network based MP3 RTP/multicast streaming jukebox
ODBC-ODBC Bridge Provides ODBC access from Unix to remote ODBC data sources
oDns 0.1 Php/Perl/MySQL-based frontend to the BIND 8.2 name server.
oMail-Webmail 0.91.3 Webmail solution based on qmail and optionally vmailmgr.
OpaL Mirror Tool 0.1.3 Web mirror tool
OpaL RPM Automation Toolkit 0.1.0 Automates the process of upgrading and installing rpm-packages.
Open Telephony Server 1.0.1 Middleware & tools to develop telephony applications
OpenMuscat 0.1.1 High performance probabalistic search engine library.
OpenNaken 1.20 Tcl/Tk client for Naken Chat
opennap 0.22 An open source Napster server.
OpenSSL 0.9.5a Beta 1 The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
ORBit-Python 0.1.3 Python bindings for ORBit.
Oregano 0.14 Schematic capture and circuit simulation application
Outlook2Ical 0.2 Convert MS Outlook Caledar to Ical (.calendar).
PACT 0.8 SNMP accounting tool.
Pan 0.8.0 beta 1 Gnome/GTK Newsreader
pcmcia-cs 3.1.13 A complete PCMCIA or 'PC Card' support package for Linux.
pdid3 0.99 MP3 ID3 tag editor for GNOME.
perlbeat 0.3.0 A Perl tool to add beat-time to your Web site.
perl_metrics 0.01 A script to produces metrics about perl code.
pgp4pine by Marcin Marszalek 3.5 Bash script that allows using PGP under PINE
phpftp 1.1 A Web-based FTP client.
phpSched 0.6b Schedule creation and maintenance for shift based departments
phpTopsites 1.2 A Topsites script written in PHP for MySQL.
PhpWiki 1.03 A WikiWikiWeb clone written in PHP.
PicMonger 0.9.1 Scans Usenet newsgroups for UU- or MIME-encoded binaries and decodes them.
PikView 0.8.0 An image viewer.
PinePGP 0.12 PGP and GnuPG filters for pine for both PGP 2.6.x and 5.0
playlist 2.1.1 Generates lists in plaintext and HTML for a directory tree of music files
PMail 0.5.2 GNOME/GTK/Python email client
Pong 3D 0.8.3 An OpenGL Pong clone.
Postal 0.50 SMTP and POP benchmark suite.
PostgreSQL 7.0 beta2 Robust, next-generation, Object-Relational DBMS(ORDBMS)
PowerPak 2K0316 An attempt at a high-level game SDK
PresTiMeL 0.6 A tool to create HTML presentations.
Pscript 1.6 Postscript to HTML conversion and presentation software.
pvmsync 1.2.4beta1 Extends POSIX-like synchronization mechanisms to a Linux Beowulf cluster
pycmail 0.0.7 An incoming mail sorter written in Python.
pyle 0.1.8 A WikiClone.
PyNcurses 0.2 A Python binding for ncurses.
python-utmp 0.1 Python modules for working with utmp.
QextMDI 1.0 beta2 cross-platform GUI library extending Qt with MDI functionality
QHacc 0.4.1 A personal finance application.
Qpopper 3.0fc1 POP3 server
QScheme 0.3.3 Really fast, small and easy to interface Scheme interpreter
Quake3: Arena and Demo 1.16n The test version of Quake3: Arena
quftp 1.0.3 Command line FTP client with queueing
qwen 3.03a Energy levels and wave functions of semiconductor quantum wells.
Random Poetry Generator 0.1 A fortune-style program that prints random (bad) poetry.
Randsig 1.2.0 Small random signature generator using taglines.
readline 4.1 A set of functions for use by applications that allow users to edit command line
Realmlifes 0.08 A fantasy world simulation game with AI
RearSite 1.5 Tool for updating personal www pages
Record Management 0.8.1 Program to manage large sound carrier archives (LPs, CDs, MP3s, singles, ...).
Report Magic for Analog 1.31 Create tabular reports and graphs from Analog web statistics.
Resin 1.1.b6 JSP (Javaserver Pages) engine
Revolution IRCd 0.0.1 Fully RFC-compliant IRC daemon
RIMPS 0.06 Web-based MP3 server.
Robust Audio Tool 4.1.8 An RTP audio conferencing and streaming application.
rol_demo 0.03 Modeling package for interactive 3D graphics.
ROX-Filer 0.1.18 Drag-and-drop based filemanager.
RPNCalc 0.9.2 A reverse-Polish-notation scientific calculator for KDE.
RTP 1.0.1 Real time plotter
Sambaconfig Edit your smb.conf file with you web browser. CGI scripts & C++ source code.
Scan4Virus 0.19 Qmail-specific virus scanner wrapper (MacAfee, Trend and Sophos)
Scintilla 1.23 Source code editing component and tiny IDE for Win32 and GTK+.
SciTE 1.23 Small syntax styling editor for Win32 and GTK+
SDPGTK C++ wrappers for GTK+ and XML-based user interfaces.
searchbox 0.4.1 A Perl script to add a search box to a Web page.
SETI@Home Client 2.4 Distributed SETI data-analysis client
Shadowlands Forum 1.9.4-devel16 Low-resource, robust, friendly telnet chat server with authentication
Shag 1.0 Single Homed Alternative Gateway
sidtools 0.9.1 A collection of small tools to be used with sids.
SlashWatch 0.9 A PHP news-grabber from news sites, stored in a MySQL Database.
SMSLink 0.44b Client/server gateway to the SMS protocol
smtm 1.0.0 A flexible Perl/Tk stock ticker and portfolio tool.
Smurf Sound Font Editor 0.49 Sound Font editor
Snap 0.02a A Perl-based console Napster client.
Snort 1.6 Libpcap packet sniffer/logger/lightweight IDS
Sp0rk 0.0.3 A PHP application for news and fileserving.
Spong 2.7-alpha2 Simple System/Network Monitoring
Spruce 0.6.0 Simple email client coded for X with the Gtk widget set
ss5136dn 1.3 Driver and Utilities for SST 5136-DN family of DeviceNet interfaces.
stats.cgi 3b Perl script for web site statistics
StripCmt 0.1.1 Strips comments from C, C++, and Java source code
SUBTERFUGUE 0.1.9 Framework for building tools that observe and play with the reality of programs.
Sunshine Commander 0.1.0 Crossplatform, consolebased FileManager
Survey CGI Mike's 0.1b A simple Perl script for taking surveys on Web pages.
tclPov 0.3.2 POVRay frontend for rendering POVRay scenes.
Teamware Office for Linux 5.3 Edition 2 Groupware for Linux - Mail, Calendar, Library, & Discussion Forums.
The Cycon Online Gaming Engine 0.90 Online Gaming Authoring System
ThoughtTracker 0.5.2 Knowledge base application storing arbitrarily linked notes.
TiK 0.80 Tcl/Tk version of AOL Instant Messenger
TileLib 0.1 Allegro graphics library for tile based games.
TinyMAZE 2.6a An online game server.
tixinfo 0.6.6 Get some information about your system.
TkCommander 0.6.9 Yet another Norton Commander clone, written in Tcl/Tk.
TORCS 0.0.16 A 3D open racing car simulator.
ToutDoux 1.1.9 A project manager.
Trestlemail 0.5 Automatically redistributes multi-drop Fetchmail
Trustix Secure Linux 1.01 A secure Linux distribution for servers.
twin 0.2.4 A text-mode window manager and terminal emulator.
Two Kernel Monte 0.1.0 Linux loading Linux on x86.
ucspi-tcp 0.88 TCP client-server command-line tools.
UESQLC 0.7.2 Universal Embedded SQL Compiler for C++
ULW 0.6 Analyze custom Apache logs for hits by User-Agent and Remote-Address.
Uptime Client 4.11 Keep track of your uptime and compare it with other hosts.
UserIPAcct 0.7f Per User IP Accounting for the Linux Kernel
UW-IMAP/Linuxconf VDM 4.7b WU-IMAP with support for Linuxconf Virtual Domain Mail
VARMon 1.0.0-0.4 A RAID management tool.
VeteScan 03-21-2000 Bulk Vulnerability Scanner
Virtual X68000 X68000 emulator
Visual REGEXP 1.2 A Visual representation of regular expressions.
Voxel Engine 1.0.0 A C++ voxel landscape renderer for Linux/SDL and Win/DirectX.
VP Toolkit 0.3.50 An Internet client/server C++ library.
vphotoalb 0.92 aA Web-based virtual photo album.
Webalizer 2.00-07 Web server log analysis program
webgrep 2.4 HTML check and search utilities
websh 3.0b1 A rapid Web application development environment.
webtrace 0.2 A Perl script that generates a graphical output of traceroute.
WeirdX 1.0.10 A pure Java X Window System server
WiredView 0.0.1 An OpenGL network traffic monitor.
wmpinboard 0.99.1 Window Maker pinboard dock-app
wmseti 0.3.3 Windowmaker dockapp for your SETI@home statistics
wxWindows/GTK 2.1.14 GTK port of the cross-platform wxWindows C++application framework class library
X-CD-Roast 0.98alpha5 A program-package dedicated to easy CD creation underLinux
x10mp3 0.1.0 Control XMMS with X10's Mp3Remote.
X2 5.0.2 AfterNet's powerfull IRC channel services
xbreaky 0.0.3 A breakout game for X.
XDBM 1.1.0 Database Manager designed specifically to hold XML data
Xenophilia GTK+ Theme Engine 0.4 Improves the default look and feel of the GTK+ widget set
xIrc 2.3.2
XMail 0.37 An SMTP/POP3/popsync/finger server.
Xmame/xmess 0.36rc1.1 The Unix version of the Multiple Arcade Machine Emulator
xml2 0.2 XML and HTML processing tools.
XQF 0.9.4 QuakeWorld/Quake2 server browser and launcher for Linux/X11
XShipWars 1.33f Space oriented highly graphical network game system.
Xtheater 0.2.5 GTK-based MPEG-1 video & video/audio player
XVoice 0.8.1 Enables speech to text for many X applications
Yams 0.6.2 An e-commerce package written in Perl and utilizing a MySQL database.
Yaunc 0.03 Yet Another Uptimes.Net Client.
YAWM 0.0.1-a3 A clean, intuitive window manager.
YAWMPPP 1.1.2 Yet Another Window Maker PPP dock applet
Yet Another Mail Manager 0.7.5 A Java email client.
zap 1.3 A Perl wrapper for rm.
zimg 2.5.1 zimg - Display 2-D data of arbitrary format
ZipCracker 0.1.1 Cracks password protected zip archives with brute force(TM)
ZipSpeak 7.0-1 A talking mini-distribution of Linux for visually impaired people.

Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news
 Back page

See also: last week's Back page page.

Linux links of the week

Here's your chance to check out Microsoft Rat Head Linux 6.2 on www.microsoft.eu.org. "Due to the horrible licensing in Linux, we have to make the source of some of our extensions to the Linux operating system, such as the bluescreen module, available to all our customers, and permit them to re-use it. Like GNU, though, we demand that you call any redistribution of Linux containing our modifications Microsoft/Linux or Microsoft/GNU/Linux instead of just Linux." (Found on Portalux News).

In a more serious vein, the CounterPane Cryptographic Article Database is the definitive collection of current literature in the cryptographic field. Abstracts are available for the papers, and many (if not most) are available in their entirety. There is much Linux-related material there.

Section Editor: Jon Corbet

March 23, 2000



Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 16 Mar 2000 19:51:03 +0000
From: Adam Rice <wysiwyg@glympton.airtime.co.uk>
To: woods@ucar.edu
Cc: letters@lwn.net
Subject: Re: Stallman interview

In a letter to LWN, you wrote:

> You *can* think of free software in those terms, but the reality is
> that only the religious fanatics actually do.
*I* think of free software in those terms, and I take great offense at being
referred to as a "religious fanatic". I have come to accept the ethical
argument for free software after many years of using it and listening to the
philosophy of Richard Stallman and others. If you'd spent any time on free
software mailing lists, you'd realise that thousands of people much smarter
than you or I have come to the same conclusion.

Of course, I don't use the ethical arguments at work, but fortunately "it's
free" is remarkably effective by itself.

> I particularly dislike people who imply that there is something evil about
> being paid to develop software or to make a profit from developing
> software.

Please go to http://www.gnu.org and read everything there, particularly the
philosophy section, before spouting your mouth off and showing your

> Not all of us are trust fund babies, some of us have to worry
> about putting food on the table.

I found this particularly offensive. Richard Stallman has sacrificed more
than you can possibly imagine to preserve the freedom and the joy of sharing

You don't have to agree with the free software philosophy to use it. We are
not tyrants. But please, at least do us the courtesy of trying to understand
where we are coming from.

Adam Rice -- wysiwyg@glympton.airtime.co.uk -- Blackburn, Lancashire, England
Date: Thu, 16 Mar 2000 08:01:28 -0500 (EST)
From: glouis@dynamicro.on.ca
To: letters@lwn.net, woods@ucar.edu
Subject: lwn letter

Greg Woods wrote, in this week's lwn:

> Here at work, I would like to introduce Linux into our environment,
> but to do that, I can't argue the open source religion, or my
> managers will look at me like I'm nuts. I will have to present
> practical arguments about capability, reliability and cost savings.  
> *That* is what they will listen to.

Certainly.  I was lucky; late in 1994 I put up a Linux box as the main
gateway when our company first went on the Internet, and I never had to
argue: the capability, reliability and cost saving were all so obvious
as to make argument unnecessary.  Had it been otherwise, the open-source
ideology (it's not a religion per se) would have influenced no-one.

> I particularly dislike people who imply that there is something evil
> about being paid to develop software or to make a profit from
> developing software.

Being paid to develop software is something most of the open-source and
even of the free-software folks hope for; not many of them would buy
into your claim that they call it evil.  Making a profit from developing
software is fine too.  I think what many of those people regard as evil
is taking developed software, charging a high price for it without
providing adequate support, without fixing bugs in reasonable
timeframes, and without otherwise making sure that there is some market
value in it; and by legal restrictions preventing the users from taking
any steps of their own to correct those defects.  I rather sympathize
with that moral stance, though I have for much of my own working life
been paid to develop software, and do not consider myself to be or to
have been evil as a result.

> I would say that if enough value is present in closed source
> software to make it worth the price they are asking, I'll buy it. If
> there isn't, I won't.

Fine if you can tell.  A cautionary tale:  A company for which I work
paid big bucks for ERP software in 1997.  ERP (Enterprise Resource
Planning) is complex; a thorough test is scarcely possible prior to
purchase.  When installed, the software (which had seemed to be suitable
based on demos and on interviews with other user companies) rapidly
proved to be a crock of oats that had already been through the horse.  
Much of its functionality was inaccessible to the users, owing to
software defects that the vendor was "fixing," apparently on a timescale
of years; the VAR wanted us to pay them consulting rates to assist in
debugging.  In due course we wrote that one off, mounted a much more
skeptical, critical and (we thought) thorough evaluation, bought and
installed a second ERP package, and this time we're much happier --
except that we can't run an MRP requirements calculation: it locks up in
an endless loop and generates thousands of bogus job recommendations
till the run is cancelled.  It appears, after many hours of diagnostic
effort on our part, that the product we bought can be run in any
environment other than ours.  MRP runs with an NT server, with a SCO
Unix server, on a standalone Win98 test system -- but it fails on the
high-end operating system for which we bought the ERP software, on which
it was claimed that the software was supported.  I don't think that (at
least on this second occasion) a lack of due diligence contributed
significantly to the dilemma in which we now find ourselves: buggy
software, no prospect of rapid resolution of our showstopper problem,
and no way to take action ourselves to find and correct the software
defect.  Open source would have provided us with that latter option, as
well as with access to other user/developers whose experience and
expertise could have contributed to a solution.

Caveat emptor, you say?  That worked in Roman days, when the commodities
were reasonably inspectable and the playing field was level.  Today's
closed-software emptor -- unless he's a Fortune 500 company -- has no
reasonable way to evaluate the product really thoroughly before buying,
and no reasonable recourse when the purchasing gamble fails.  The only
safe assumption, therefore, is that closed source entails a high risk of
failure that has to be factored into the cost-benefit analysis to which
you allude.

| G r e g  L o u i s                    | pgp:  keys.pgp.com        |
|   http://www.bgl.nu/~glouis           | id glouis@dynamicro.on.ca |
| "Knowing what thou knowest not is, in |  2BC6 4F5A 6657 FF4E 9FBC |
|   "a sense, omniscience" -- Piet Hein |  5DAA 2304 76A9 CCA6 5B45 |

Date: Fri, 17 Mar 2000 05:08:46 +0000
From: Ruben Leote Mendes <etruben@ua.pt>
To: letters@lwn.net, woods@ucar.edu
Subject: Re: Stallman interview

This is a comment on the letter written by Mr. Greg Woods published in
Linux Weekly News.

In that letter Mr. Woods wrote:
> In a recent online interview, Richard Stallman was quoted as saying:
>   "That movement studiously avoids mentioning idealistic concepts such
>   as freedom and community, and as a result most of the
>   newcomers have no idea that you can think of free software in those terms."
> You *can* think of free software in those terms, but the reality is
> that only the religious fanatics actually do.

I am very thankful that some "religious fanatics" as you call them put their
time and effort working to make sure that we gain freedom or that we keep
the little freedom that we still have. 
If it weren't for Stallman and the free software movement there would be no
Linux today and we would all be stuck with non-free solutions.

> Sure, if I have a chance to, and should I ever develop something worthy 
> of it, I would want to contribute back to the open source community, but I 
> am in no way *obliged* to do so.

No one is forcing you to do so. What Stallman is requesting is that the
people behind the movement talk about freedom so that newcomers are aware
that freedom is one (in my opinion the main) characteristic of our software.
Then they can think about it and decide if software freedom is important for 
them or not.

> I particularly dislike people who imply that there is something evil about
> being paid to develop software or to make a profit from developing
> software.

Stallman doesn't think that being paid to write software is evil and the
proof is that the Free Software Foundation hires programmers and pays them
to develop software and documentation. That last time I looked they even
had a web page that companies can use to post job openings for free software 

> Not all of us are trust fund babies, some of us have to worry about putting 
> food on the table.

I think there is enough evidence already that you can make money writing 
free software. I don't think I have to provide any references, just scroll
up and read LWN. 

Ruben Leote Mendes - etruben@ua.pt
From: Collins_Paul@emc.com
To: letters@lwn.net
Subject: Use of the term "viral" in refernce to the GPL and FDL
Date: Thu, 16 Mar 2000 07:26:33 -0500

The use of the term "viral" with reference to the GPL (and now the FDL) is
unfair and prejudicial.

The GPL is not a virus.  The GPL is written the way it is because otherwise,
others would be able to take away freedoms that you explicitly grant when
you choose to use the GPL.

If you don't like the GPL or the FDL, don't use it.

The choice is yours.


Please note that I speak for no-one but myself.
Date: Fri, 17 Mar 2000 13:09:37 -0500
To: letters@lwn.net
Subject: Virii, Mr. Garfinkel, and users with bad habits
From: Zygo Blaxell <zblaxell@genki.hungrycats.org>

Linux viruses do not need to install themselves as root; simply getting
normal user privileges under Linux is quite enough to be a very successful
and damaging virus.  Remember that Melissa worked without any privileges
except those necessary to run itself, look up email addresses in a
directory, and send email to them.  "Unprivileged" Unix user accounts
have all those privileges and more.

Most unsophisticated (read: non-paranoid) users have the same basic
bad habits that can undermine the security of any operating system.
These users do not understand the requirement for minimal privileges, nor
do they understand the requirement modify their own behavior accordingly.
When I explain the concept of minimal privilege to new users, most of
them agree that it's a good idea in principle, but few will actually
stick to that principle in practice. =20

This is the acid test:  If you were given some amazing new program
without source code or other strictly technical mechanisms for auditing
and controlling the behavior of the program, would you _absolutely_
refuse to use it except in isolation on a stand-alone, non-networked,
dedicated piece of hardware?  If your answer is no, you are a potential
virus host, and probably a DOS threat to the Internet at large to
boot--shame on you!  If your answer is that you would go to the local
used computer vendor and buy a $50 Pentium system with no network card,
just to run the one application in the isolation it deserves, there's
hope for you yet.

Unfortunately, Linux is mostly as vulnerable to virus problems as the
Microsoft operating systems we all love to hate.  Linux is based on a
30-year-old security model which assumes that the user of the system is
the primary security threat, and a threat to other users of the system.
This used to be the case when the ratio of users to applications was

Today, the ratio of users to applications is one-to-many.  Most machines
have only a single user (or 1.5 users if you count root separately)
and run dozens of different applications by different authors with
different levels of security awareness.  Sadly, the applications
themselves are now usually the greatest security threat, and a thanks to
the Internet they are a threat to other systems as well as other users.

Future operating systems must take this threat into account by
implementing access controls based not only on the user's credentials,
but also those of the application itself.  Java, with all its intrusive
type checking, code verification, and restricted linking features, is
ultimately the right idea, although not the best possible expression
of that idea.  Capabilities flags in the Linux kernel are the same idea
expressed at a different level in the application->library->OS->hardware
heirarchy.  These mechanisms need further development and better
integration by Linux distributors before we will see significant benefit
from them.  Attention marketing types:  Fear of viruses could provide
user-level demand for progress in this area.  Hint.  Hint.  ;-)

Virus detectors will never go away until all software is perfect
on its first release, all hardware never fails, and all users are
trustworthy; however, the virus detection industry as we know it today
will radically change.  We should expect generic virus prevention and
containment features (e.g. automated binary cryptographic signature
checking and much stricter and more fine-grained access controls) to
become part of the operating systems and applications we use; however,
when these systems fail (and they will always fail, sooner or later),
we'll still need some kind of virus detection software to assess the
level of damage and/or assist with cleanup after the root cause of the
problem has been eliminated.

[Insert horrible vision of future versions of Windows bundled with
Microsoft Virus Explorer here...]

Opinions expressed are my own, I don't speak for my employer, and all that.
Encrypted email preferred.  Go ahead, you know you want to.  ;-)
OpenPGP at work: 3528 A66A A62D 7ACE 7258 E561 E665 AA6F 263D 2C3D

Date: 20 Mar 2000 22:25:17 -0000
From: Eric Smith <eric@brouhaha.com>
To: letters@lwn.net
Subject: Clive Longbottom's Linux security claims

On March 20, LWN Daily referenced Silicon.com's finding that "Linux is
not secure", and specifically quoted Clive Longbottom's statement that
"Security needs to be built into the architecture of the operating
system.  This cannot happen if your source code is publicly available."

This statement demonstrates that Mr. Longbottom has no clue whatsoever
as to what makes systems secure.

It is the case that security vulnerabilities in Linux distributions are
found regularly.  The same is true of closed-source operating systems.
Fixes for vulnerabilites are issued regularly for both open-source and
closed-source operating systems.  I've only seen one article comparing
response times from the detection of vulnerabilites to the issuance of
fixes, and it showed that in most cases the fixes for open-source
operating system were available sooner than for closed-source.

The availability of source code does not inherently make an operating
system more secure.  But it does allow the security to be audited by far
more people than will audit a closed-source operating system, and it
allows for far more people to offer fixes for vulnerabilities.

One might expect that with a closed-source operating system, even if
potential vulnerabilites exist, they might be less likely to be found.
However, if you look at Microsoft's track record, it is clear that they
have suffered from *more* detected vulnerabilities than Linux or BSD

Mr. Longbottom's preference for closed-source operating systems appears
to be based on the concept of "security through obscurity".  Almost all
professional security experts agree that security through obscurity is
not very good security at all.  A proper security system or protocol is
secure even though attackers have intimate knowledge of how the system

I wonder if Mr. Longbottom would make similar claims about Sun's Solaris
operating system, for which source code is also available (although it
is not "free software" or "open-source" as those terms are normally

The same Silicon.com article quotes Malcolm Beattie of Oxford University
Computer Service as saying that "the open source nature of the OS [...]
is actually its best defence."  Mr. Beattie obviously has a much better
grasp of the nature of system security than Mr. Longbottom.

Eric Smith
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds