Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

"While the Windows world is all too accustomed to dealing with delays and vapourware, the Linux camp had until recently enjoyed a fairly regular nine- to 12-month update cycle. But at the current rate of development, Linux 2.4 may not reach final status until October."

Of course, in the usual style, nobody has ever committed to a delivery date for the 2.4 kernel (with the amusing exception of Colin Tenwick of Red Hat Europe, who felt entitled to tell the world that the kernel would be released at the same time as Windows 2000). Nonetheless, Linus has made noises in the past about a Fall 1999 or (later) a Q1 2000 release. Not only has that not happened, but it seems clear that 2.4.0 will not be forthcoming until sometime this summer at best. This kernel is coming out later than its developers had wanted.

It is true that free software projects are often poor at putting out releases in a timely manner. Yet advocates claim speed of development as one of the advantages of free software. As evidenced by the ZDNet article, some members of the press are starting to see an inconsistency here.

The problem - if there is a problem - is not with the speed of development. It is instead with the ability to produce stable releases quickly. New capabilities get developed and bugs get fixed quickly, but it can take a long time to package up those developments for general use. One can think of a few reasons why the stable release process seems to take forever:

• Proprietary software often ships with known bugs, often very serious ones. No self-respecting free software project will package up buggy software as a stable release. High standards are a great thing, but meeting them takes longer.

• Creating a stable release takes a great deal of discipline - the project has to simply stop adding shiny new features for a long time. The 2.3 development kernel has reworked the block and network driver API, added devfs, and thrown in many other features - all after an alleged code freeze. All of the stuff that went in at a late date is worthwhile, but it all delays the stable release.

• Stabilizing software for release involves quite a bit of relatively uninteresting, detailed work. It is probably true that a subset of free software developers have little interest in this kind of work. It is more fun creating exciting, new features, and, after all, the development releases work great for them. Nonetheless, this is probably a minor factor at most.

A more predictable release schedule for important free software components would be nice, but it is hard to imagine many cures to the "problem" that would improve things overall. Imposing deadlines on software development is usually a mistake, and the free software community has been good at avoiding them. Free software ships when it is ready, and that is the way it should be.

Software Carpentry Design Contest finalists. The Software Carpentry contest has announced its finalists that will go to the last round of judging. The contest is trying to spur the development of replacements for some well-known development tools; the entries at this point consist of proposals for new tools. There is no code available - yet.

Three of the finalists in the "Build" category, which is intended to produce a replacement for the venerable "make" program, have taken a similar approach. Rich Miller's PyMake, Steven Knight's sccons, and Tom Tromey's SC Build all turn the traditional makefile into a Python script. Doing things in this way makes the parsing easy, and adds a new type of procedural power and extensibility to the build process; it also turns configuring the build process into a Python programming exercise, which may not appeal to everybody. Sccons adds the concept of "environments," which replace the variable definitions in makefiles; they make it easy to build things in multiple ways, or to define build parameters (flags, installation locations) on a system-wide basis. Sccons also defines "scanner objects" which automate the process of setting up dependencies.

Black by David Ascher and Trent Mick takes a different approach. The makefile becomes an XML data structure defining the system to be built, the rules to use, dependencies, and so on. The authors recognize that "XML is a terrible user interface," however, and have thus specified a graphical interface for Black as well. It includes intelligence that allows it to set up most of the build process automatically; in addition to figuring out dependencies, it can find which source file defines the main program and make a guess at the name of the executable from that.

In the "build configuration" category, two of the entries (BuildConf by Vassilis Virvilis and SapCat by R. Lindsay Todd) have essentially defined an updated version of autoconf. Both of them require the developer to specify how the program is to be built as well, leading to a degree of overlap with the "build" category. Stefan Knappmann's ConfBase, instead, takes the form of a globally-available knowledge base which is used to generate makefiles. It includes an interactive approach, where build "problems" are fed back into the system in an attempt to find a remedy in the knowledge base. Only David Ascher's Tan explicitly addresses the overlap with the "build" category; it is intended to be used along with Black. Thus, like Black, it works off an XML database (explicitly patterned after the Windows registry) which describes system features, available tools, etc.

There are also four entries in the "Track" (problem and issue tracking) category that are worth a look. Four finalists were selected for the "Test" category as well, but the contest organizers have decided not to award a prize in that area for now. Apparently they want to reopen it after reworking the requirements to better inspire the sort of entries they would like to see.

The above descriptions are necessarily overly short; they overlook a number of interesting features in each of the entries. Interested folks are encouraged to look at the actual proposals on the Software Carpentry site.

The Microsoft breakup proposal. There is actually not much to add to the debate on this topic that we have not said in the past. It's worth pointing out, however, that nothing is likely to happen along the lines of a breakup for years. Both sides seem determined to fight until the bitter end, with the result that a lot of time will be spent in the courts. People wanting Office on Linux will have to be patient.

As an aside, another example of the Microsoft way of doing business was passed on to us by Jeremy Allison. It seems that Microsoft has finally made available its "embrace and extend" changes to the Kerberos protocol - sort of. You can only get the information in the form of a self-extracting executable file, which puts up an intimidating "click wrap" license first. It seems that the Kerberos extensions are presented as a trade secret, and can not be passed on - or implemented in open source software. If Microsoft allows others to implement the extensions, it will be via licensing agreements. So much for open standards.

Inside this week's Linux Weekly News:

• Security: SSH 2 support in OpenSSH, a new DDoS tool, this week's security reports.
• Kernel: Resize2fs to be released; a look at the Linux-Mandrake kernel.
• Distributions: Tucows distribution download statistics, Debian test cycle begins.
• Development: Another look at gnucash, miscellaneous development updates.
• Commerce: Gartner's latest, Layoffs at Linuxcare, Andover.Net acquisition changed, VA acquires Precision Insight.
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

OpenSSH now supports the SSH 2 protocol. It was August 28th, 1998, when SSH Communications announced their license for ssh 2.0.8. That license restricted all commercial use of ssh 2.X without a licensing agreement. As a result, ssh 2.X was not widely packaged for Linux and more attention has been paid to tracking issues in ssh 1.X than ssh 2.X.

Thanks to the OpenBSD team, that has all changed again. The OpenBSD Journal reported last Thursday that OpenSSH now supports the SSH 2 protocol and is still backwards compatible with SSH 1. One advantage of the SSH 2 protocol that the OpenBSD Journal mentioned was its use of DSA instead of the patented RSA algorithm. In addition, the newer protocol was intended to be more secure, or at least better designed, than its predecessor.

Analysis of mstream DDoS tool. David Dittrich has published an analysis of mstream, another distributed denial of service tool for which the source code was recently released. Check it out for information on the signature of this most recent attack.

David's analysis finished up with two strong recommendations. The first was a call for more training for systems administrators. "First, and fundamentally, intruders will tend to have an even greater advantage over unskilled system administrators. It is becoming ever more important that systems administrators -- Unix, NT, whatever -- have training as a primary task, not a luxury or burden to be avoided." This recommendation is up against some tough competition. Due to the current shortage of good technical staff, businesses are demanding systems that are easier to administer ... which generally leads to them being administered by less skilled staff.

He also called for systems administrators to actively deal with and learn from intrusions, rather than just reinstalling and moving on. "Second, incident response and forensic investigation may be made more difficult, if not impossible, as the simple "solution" that the unskilled Unix administrator will take is to give up and just re-install the operating system. This ill-advised choice of action destroys any evidence that may exist on the system and sets the system up for a subsequent intrusion because the same security precautions they did not take before the incident will usually not be taken this time either." This comment, also wise, is likely to continue to get lost in the pressure to get back up and running as soon as possible and get back to other work. In other words, both these recommendations are good, but are unlikely to be used unless companies start taking security seriously enough to hire adequate staff to handle both their normal systems administration needs and the demands of good security.

CERT advisory on bind vulnerabilities. The Computer Emergency Response Team has put out this advisory regarding continued exploitation of vulnerabilities in older versions of bind. Fixes were made available months ago, but, apparently, many sites have not installed them. Now might be a good time to check your systems and be sure that all of them that are running bind have been upgraded. (And note that, depending on your distribution, you may be running it without having explicitly set it up).

SuSE libsafe analysis. Marc Heuse posted another brief analysis of libsafe, explaining why SuSE does not plan on integrating it into their system. "I can not remember a vulnerability in a network service for the last year which this tool would have prevented. Therefore: as long as this tool is not enhanced to also protect open/fopen calls against symlink/hardlink/pipe attacks, several more buffer overflow types, system/exec* function protection etc. it is not useful to use this tool." (Thanks to Fred Mobach.)

Security Reports

Linux kernel knfsd vulnerability. A vulnerability in the knfsd daemon leaves a host system vulnerable to a denial-of-service attack that can bring down the NFS service, reports Chris Evans. This impacts both the 2.2 stable tree and the 2.3 development tree. A patch against Linux kernel 2.2.15pre19 has been made available and is included in his note.

Note that the Red Hat kernel update we list here fixes this problem, plus others, including the IP masquerading vulnerability we discussed on March 30th. SuSE also responded to the recent security reports, but is waiting for the "any day now" release of 2.2.15 to provide updated packages. Last, but not least, please remember that the installation of a kernel update will always require care and attention.

• Red Hat (follow instructions carefully!)
• SuSE (no new packages yet)

SuSE: Gnomelib buffer overflow. An exploit for a buffer overflow in Gnomelib has been posted to BugTraq and confirmed to work on SuSE 6.3 and 6.4. A workaround, according to the SecurityFocus vulnerability database, is to remove the setuid and setgid bits on all Gnome based executables. Red Hat 6.X, Linpus 6.3 and Debian are reported not to be vulnerable. SuSE has acknowledged the problem, warning that the issue depends on the version of Gnome and may therefore impact older releases of other vendors. They indicated that a fix should be forthcoming soon.

Remotely exploitable hole in Sniffit. Sniffit, a widely-used packet sniffer, has been reported to contain a remotely exploitable buffer overflow, affecting version 0.3.7beta and all prior versions that log mail headers. A minor change to the source code is given that should fix the problem.

Gnapster: arbitrary read file access. Gnapster 1.3.9 has been released and contains, along with other bugfixes and changes, a fix for a vulnerability that can allow a user to view arbitrary files on the system.

Commercial software

Cisco Vulnerabilities. Cisco IOS, which runs on a variety of routers, is vulnerable to a denial-of-service attack if the router has a web server running on it. Cisco has acknowledged the problem and provided a work-around. They will provide a formal advisory when they have a full fix available.

In addition, many commands documented to require elevated privileges are actually usable without them, according to this report from Fernando Montenegro. The report includes configuration commands that can be executed to resolve the problem. He also indicates that Cisco's Product Security Incident Response Team has confirmed the issue and approved the recommended workaround.

Updates

SuSE cron/aaabase.We mentioned in last week's issue that a problem had been reported on SuSE systems where a cron job installed by default allowed any file on the system to be deleted, via a /tmp file link. The SuSE package involved is called aaabase. Here are the distribution responses to the problem.

• SuSE, updated packages
• Slackware, same package name, not vulnerable

Qpopper fgets vulnerability fixed. Qpopper 3.0.1b2 has been released and contains a fix for the qpopper fgets() vulnerability mentioned in last week's Security Summary.

Resources

nmap security scanner version 2.50. A new, stable version of the nmap security scanner has been released. This is the first stable release in slightly over a year and contains many new features.

Phrack number 56. Phrase number 56 is now available via in HTML format, tar file or via FTP.

HeavySecurity.com launches. The Heavy Security Group has announced the launch of its HeavySecurity.com "security portal."

Events

May/June security events.

May 14-18, 2000. EuroCrypt 2000, Bruges (Brugge), Belgium.

May 14-17, 2000. 2000 IEEE Symposium on Security and Privacy, Oakland, California, USA.

June 12-14, 2000. NetSec 2000, San Francisco, California, USA.

June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA.

June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

2.3.99-pre6 turned up some problems with memory management that cause poor performance under some types of loads. Memory management hacker Rik van Riel has put out a patch to fix some of the problems; pre7 should presumably work better.

The current stable kernel release is still 2.2.14. Alan Cox tells us that the current 2.2.15pre20 patch, with a "one-line change" will be the real release, once Linus recovers from moving to a new house and has the cats and children settled down. It may well be out by the time you read this.

Update: 2.2.15 was released just as LWN went to "press." As soon as release notes become available, we'll post a note on the LWN daily updates page.

2.0.39pre4 has been released by David Weinehall. No word on when the real update for this ancient kernel will come out.

Resizing of ext2 filesystems is now available with free code. Way back in May, 1998 Ted Ts'o announced that he had written an ext2 resize utility under contract with PowerQuest. After a period of time, resize2fs was to cease being proprietary software and would be released under the GPL. That period of time has finally passed. The ext2 resizer will be part of e2fsprogs 1.19, which will be released "real soon now." A beta version can be found via the e2fsprogs web site on SourceForge; back up your disk first, though...

Automatic mounting of devfs remains a topic of discussion, after Richard Gooch put out a don't blame memessage regarding the change, which was inserted last week by Jeff Garzik. The final solution looks to be the addition of yet another configuration option which controls whether devfs is mounted automatically at boot.

Mr. Gooch has been busy in general, having released devfs v165, v166 and v167, along with devfsd 1.3.6, 1.3.7, and 1.3.8.

What's in your kernel? The Linux kernel is typically presented as the constant, unifying component that is the same in all distributions. Many distributors, however, ship heavily modified kernels with their products. As the first installment of an irregular series, LWN took a look at the Linux-Mandrake 7.0 kernel to see what they did to it. Here's what we found:

• The base kernel in this distribution is 2.2.14. Interestingly, the source package actually contains 2.2.13, with the 2.2.14 patch being applied at build time.

• A number of disk- and filesystem-oriented patches have been applied, including support for multi-session CD's, a large IDE patch from Andre Hedrick, a patch tightening directory permissions, and Supermount, of course. The kernel source package also includes the ext2 compression patch, but it is not actually installed into the kernel that gets built.

• The lm_sensors hardware monitoring patch has been added. There is also an updated eepro100 ethernet driver, the raw I/O patch, a PCI bus patch, the IP virtual server patch, the RAID patch, a patch raising the maximum number of processes to 2560, a Pentium III support patch, the big memory patch set, and some scheduling tweaks.

• The ALSA 0.4i sound drivers have been added in, as has the emu10k (SB Live) driver.

• The Mandrake kernel also includes the binary-only PCTel winmodem driver.

• Some "Solar Designer" security patches, such as a non-executable stack, are included but are only applied when building a "secure" kernel. The secure kernel is used when one of the higher security levels is selected at installation time.

A number of little adjustments are there as well, for a total of 41 different patches. Plus, of course, they put in the Mandrake boot logo. A number of the patches are credited to either Red Hat or SuSE.

Overall it's a pretty straightforward kernel, with a lot of little fixes and a few additional features (RAID, Supermount, ALSA, big memory...) added.

Other patches and updates released this week include:

• Jeff Garzik has announced a preliminary release of his "kernel compatibility layer," designed to ease the backporting of 2.3.x drivers to older kernels.

• ReiserFS 3.6.5 beta has been released. The ReiserFS folks are steadily working through their issues; it still doesn't work, however, with NFS.

• A new version of the Netfilter HOWTO suite has been released by Paul Rusty Russell.

• Version 0.7 of aboot, the secondary bootloader for Alpha systems, has been released by David Huggins-Daines.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• Linux 2.5.x Porting help

Other resources:

• Kernel Source Reference
• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

Statistics, Statistics and Statistics. MandrakeSoft has announced that Linux-Mandrake came out at the top of the ISO download statistics at Tucows.com for both February and March.

Here are the statistics on which they based their claim:

   February                 March
Linux-Mandrake     46%   Linux-Mandrake      31%
Red Hat            27%   Corel               28%
Corel              15%   Red Hat             14%
Debian              3%   Debian               6%
SuSE                3%   Caldera              6%
Slackware           3%   SuSE                 5%
Caldera             3%   FreeBSD              4%
                         Stormix              2%
                         Slackware            1%

   April
Red Hat            31%
Linux-Mandrake     29%
Corel              22%
Debian	            5%
Caldera	            4%
FreeBSD             3%
SuSE                3%
Slackware	    2%
Stormix             1%
Yellow Dog Linux    1%

The really startling note from the three months worth of data, still a small sampling, is the lead that the two RPM-based distributions have on the rest of the pack. It will be an interesting trend to watch.

On another note, we learned a bit about how such statistics can be swayed by small details. For example, the Phat Linux distribution does not have an ISO download, being only available as a large executable file that is run from a Windows installation. It doesn't impact the ISO download list, as a result, but is responsible for a whopping 34% of the non-ISO file downloads by volume. By number of files downloaded, since the entire distribution consists of only one file, they don't even show on the chart. Without knowing more about the structure of this distribution, these figures would seem highly anomalous.

Microsoft tactics benefit Japanese Linux distributors. If you are using a computer in Japan, you may have already installed or received a system pre-installed with Windows, before you move to running Linux on it. If so, you've paid, in part, for high quality commercial fonts to support Japanese. However, people who've contacted Microsoft to check have been told that it is not legal to use these fonts with an operating system other than Microsoft, even by the same person on the exact same computer.

In discussing various issues with Maya Tamiya of http://ChangeLog.net, we learned that this has ended up benefitting Japanese Linux distributors (though not necessarily the end-user). The freely available fonts are currently just not good enough to provide adequate support in Japan, she noted. Commercial Japanese distributions have benefitted as a result, because end-users expect and need the commercial fonts that are therefore bundled with Linux.

In the long run, the consumer is the one that is losing, since they are potentially forced to pay multiple times for the same commercial fonts. This adds weight to the need for more and better freely-available fonts.

Corel Linux

Corel makes donation to Dallas schools. Corel has announced the donation of 2000 copies of its Linux distribution and WordPerfect Office 2000 to the Dallas school district.

Corel Linux voted best new product at FOSE. Corel announces that its Linux distribution was awarded "best new product" in the "End-User Software" category at the Federal Office Systems Exposition.

Coyote Linux

Coyote Linux 1.20pre3.The latest version of Coyote Linux, 1.20pre3, is a bugfix-only update. Coyote Linux is a single floppy Linux distribution that provides routing/firewall services for targeted at home users.

Debian GNU/Linux

Debian Test Cycle begins. After announcing the removal of 16 packagesfrom frozen on May 2nd, due to release-critical bugs, Richard Braakman officially announced the start of the First Test Cycle. If successful, a decision on a release of Debian potato could happen within the next few weeks. If it is not, then another test cycle will be started.

Lilo in frozen. The question was asked whether the new Lilo, which removes the requirement that the kernel lie within the first 1024 cylinders, would be included into the new version of Debian before its release. The answer, according to Petr Cech, is "yes".

Debian GNU/Hurd

Linux-Mandrake

MandrakeSoft to bundle Enlighten's user management tool. MandrakeSoft has announced that it will bundle Enlighten's "User Management Tool" with the Linux-Mandrake 7.1 distribution.

Slackware Linux

Slackware-current updates. Updates to slackware-current this week include gcc-2.95.2, perl-5.6.0, vim-5.6, lilo-21.4.2 (removing the 1024 cylinder restriction), and a host of other small updates.

SuSE Linux

SuSE announces distribution deal with Ingram. SuSE has announced a distribution deal with Ingram Micro, a large wholesale distributor. This arrangement should help to get SuSE's distribution into a lot more stores.

TurboLinux

TurboLinux 6.0 Workstation: A First Look (AboutLinux). AboutLinux reviews TurboLinux 6.0 workstation. "TurboLinux 6.0 installed a fairly vanilla Gnome setup - in this regard it is somewhat similar to Corel Linux - and they both may have a point. Does it really help a new Linux user to have their desktop cluttered with many icons?"

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

Gnucash 1.3.6 has all of the basics that one needs to track finances under Linux. It handles several types of accounts, including stocks and credit cards. The double-entry system it uses will look a little strange to users of other packages, but if you think of "expense accounts" and "income accounts" as being "categories" it all comes together just fine. The account reconciliation mechanism works well, and there is a separate little program which will keep stock prices up to date. The QIF import capability has seen a great deal of work. There is also a check printing capability that your editor has not tried out.

That said, those who are contemplating moving over from Quicken or some other such package need to be prepared for a rougher existence. Gnucash is not yet at the level of those applications in either features or ease of use. Those without a bit of an "early adopter" mindset may want to wait until the 1.4 stable release comes out.

Speaking of stability, your editor was able to make it crash only once. As it turns out, the problem had been fixed even before the report got sent in.

There's no end of missing features. It remembers names of payees, but none of the other information (amounts, accounts) that goes along with them. As a result, more typing is needed than one would like - especially for recurring, split transactions. There is no support for scheduled transactions (i.e. the mortgage payment) yet. It doesn't really understand loans. Some cleverness is needed to enter things like reinvested long-term capital gains distributions on mutual funds. The reports are still rudimentary. And so on.

Gnucash could benefit from some concentrated user interface work as well. You can get auto-incrementing check numbers, but you have to ask for it each time. Most checkbook registers put the check number first, but the gnucash register starts with the date. If you mistakenly type the check number into the date field, you get a date like "May 4, 20003843", which gnucash happily accepts. Creating accounts - something one has to do a lot of - could be easier. There are two "open" icons on the main window with different functions. And so on.

In other words, it's a work in progress. There is every reason to believe that gnucash will continue to progress quickly. Meanwhile, it is ready for those who are slightly adventurous, or who place a premium on working with free software. Gnucash past that critical point of development a little while back - it is clearly going to be successful.

Probotics releases robotics code. The folks at Probotics have announced the release of their robotics code under the GPL. This code is mostly useful, of course, for programming the robots that they sell, but there's likely to be good stuff that can be used beyond that context as well. (Thanks to Alexandre Dulaunoy).

Application of the Week: gkrellm. The Linuxcare application of the week this week is gkrellm. Having found this application, Brett Neely is apparently never going to live without it again. "Apparently influenced by the sci-fi movie 'Forbidden Planet,' gkrellm essentially gives you the headlines of your system's health... gkrellm gives me the kind of information that would normally require a barrage of commands. It gives me the time and date; graphs for CPU activity, process load, disk I/O activity, and eth0 traffic; available resource meters for memory, swap, and disk partitions; the number of new emails in my inbox; and my system's uptime."

Browsers

Two new Mozilla chat channels. #mozui (for Mozilla UI discussion) and #mozl10n (for Mozilla localization) are two new channels that have been added to irc.mozilla.org, according to MozillaZine.

Mozilla mini-track at O'Reilly conference. A Mozilla mini-track is being planned for this summer's O'Reilly Open Source Software Convention . Speakers will include Mike Shaver, Frank Hecker, Ben Goodger, Alec Flett, Mitchell Baker, Mike Ang, Rob Ginda and Paul Everitt.

Education

SEUL/edu Linux in Education Report. The eighteenth SEUL/edu Linux in Education report talks about Linux in Latin American schools. The SEUL/edu folks will also be present at Linux Canada in Toronto.

Games

The Chopping Block (Worldforge). This month's issue of The Chopping Block is now available. The Chopping Block is a newsletter/magazine covering the Worldforge project, which is developing a complete system for massively multiplayer online roleplaying games. This month's edition contains a 3D tutorial on light and reflections, a developer chat and three short stories. In addition, Aloril reviews the arguments for moving the license for Worldforge from the OPL to the GFDL+GPL.

Interoperability

Kernel Cousin Samba. The April 27th edition of the Kernel Cousin Samba covers temperamental NT logins, problems with the pam_ntdom module, exchanging exchange, continuing problems (though fewer) with Windows 2000 support in Samba 2.0.7pre4 and a patch to support symlinks with smbfs.

Wine Weekly News. This week's Wine Weekly News reports a new Wine snapshot, 20000430, the first snapshot to be released under the X11 license. Unicode support and the wine resource compiler were also topics for discussion this week.

Office Applications

AbiWord 0.7.9.A new version of AbiWord, version 0.7.9, has been released. It contains some new features and both major and minor bugfixes. Overwrite mode, for example, is now available, and page margin support is now included.

For more information and development news, check out this week's AbiWord Weekly News.

Siag Office 3.3.4. Siag Office 3.3.4 has been released. Changes include updates to the German and Spanish translations, faster scrolling and more efficient screen updates.

Tradeclient 0.2.0 released under the GPL. The Personal Information Manager (PIM) tradeclient has now been released under the GPL, as of their latest 0.2.0 release, reports Gnotices. Comments to the announcement seemed generally favorable and indicate that it is a good start, even without IMAP support.

On the Desktop

KDevelop 1.2 released. Gnome support has been added to KDevelop 1.2, released today, along with many other features. We've heard a lot of good things about KDevelop, so it is great to hear that it will now support both the Qt and Gtk libraries, preventing the need for reinvention of the wheel.

German Gnome home page. A German Gnome home page has been created by Gnome hacker Martin Baulig. It currently contains a list of Gnome events in Germany.

Konqueror website. The KDE team proudly announced the unveiling of the Konqueror website, the definite place to find information about Konqueror, KDE's new replacement for kfm. Konqueror is a web browser, file manager, universal file viewer and even a customizable application. Screenshots for the various capabilities are available.

New KWin Style - Modern System (mosfet.org). Mosfet has committed his new C++ KWin style engine, dubbed "Modern System". Screenshots are provided.

Response to O'Reilly 'Motif is not Dead' article. On April 6th, O'Reilly published an interview with Antony Fountain, co-author of Volume 6B: Motif Reference Manual, 2nd Edition, which talked about his opinion of both Gnome and KDE. KDE Core Developer Richard Moore published a response to what he felt were inaccuracies or errors in that article on April 28th, entitling his response "Motif Is Dead, but the body is still twitching". It does a good job of refuting some of the claims of the original author, at least from the KDE perspective.

Website Development

Data-Driven Sites with Midgard (WebTechniques). Web Techniques walks through setting up a web site with Midgard. "Content is separated into style (layout management), structure (host management), and raw material (content management). This clear demarcation offers many opportunities to delegate responsibilities for each part of the site. In addition, full integration of the PHP3 scripting language makes it easy to extend Midgard in powerful ways." (Thanks to Henri Bergius).

Section Editor: Liz Coolbaugh

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

C++

OpenGL Class Library 0.0.1. The initial release of the OpenGL Class Library has been announced. It is available under the GPL. "The OpenGL Class Library is intented to be a set of C++ classes, available through static and dynamic libraries, that will allow the developer to create OpenGL applications using C++ quickly. This includes the ability to create multiple windows and assign individual events to them. In addition, other useful functionality will be included that will allow images (.bmp, .raw, .tga, etc.) and 3d object format files (.3ds, .asc, .dxf, etc.) to be loaded in a platform-independant way. "

Java

IBM Linux JDK 1.3.0. IBM Developer Works has put out an early release of the IBM Developer Kit for Linux, Java 2 Technology Edition. "Version 1.3.0 Early Release (Early Release Developer Kit) is a software development kit that can be used to build Java applications on Linux. The Early Release Developer Kit includes development tools, the IBM Java Runtime Environment for Linux, sample code and Java source files."

The Real-Time Specification for Java. A real time extension to the Java Language Specification and the Java Virtual Machine Specification has been issued by the Real Time Specification for Java Experts Group (RTJEG), chartered under the Java Community Process and JSR-000001. The specification is currently available in PDF format for download.

Why Java seems doomed to fail (osOpinion). Here's an osOpinion piece on why Java doesn't seem to be going anywhere. "In all honesty I'd like to consider Java, but the fact that my development team would be unable to deploy on Linux - our primary server platform - makes it a no go."

Perl

Yet Another Perl Conference (yapc). Registration for this year's yapc conference is now open. It will be held June 21-23 at the Carnegie Mellon University in Pittsburgh, PA, USA. The yapc conference is distinguished by being "driven from the bottom up, organized by and for perl users -- a grassroots conference".

perl5-porters for April 25th through April 20th. The perl5-porters report on Perl development activity is back up and running. Activity is gearing up, with one major bug in perl 5.6 reported and patch provided. Perl 5.6.1 may not be too far out.

Python

Dr. Dobb's Python-URL. Python-URL is back, with a weekly look at postings on the comp.lang.python mailing list. My favorite: Martijn Faassen's story of the "really early days of Python".

Tcl/tk

Double Tcl-URL. This week, two editions of Tcl-URL came out back to back. Here are the Tcl-URL for May 1st and May 2nd. An administrative note indicates that they plan to return to a more predictable schedule.

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

Gartner Group: ISV Enthusiasm for Linux: A House Divided . The Gartner Group's latest pronouncement on Linux has to do with the interest of independent software vendors. "By 2005, Linux will be among the top three to four ISV porting priorities for 60 percent to 65 percent of ISVs, but will not dislodge current top-tier operating system platforms (0.6 probability). From 2000 on, no more than two to three Linux distributors will be financially strong enough to be accepted as broad enterprise operating system vendors (0.7 probability)." (Found in Portalux News).

Layoffs at Linuxcare. Linuxcare has laid off a substantial portion of its workforce - by one report, 80 people, or about 35%. The company itself isn't talking much about what is going on, so there's not a whole lot of hard information around. It seems clear, however, that Linuxcare has the dubious honor of being the first open source downsizing. One can only wish that it will be the last.

This move does not mark the end of the road for Linuxcare. The company remains positioned in area that should prove lucrative, and (one can assume that) it still employs many well-known Linux developers. Linuxcare played the IPO game, and lost. Without the influx of cash from an initial offering, belts had to be tightened. Linuxcare is positioning itself to go a longer than expected route with the resources that it has.

Meanwhile, it's official: here's the withdrawal letter filed with the SEC by Linuxcare cancelling its IPO.

Changes in the VA Linux/Andover.Net deal. When VA announced that it was acquiring Andover.Net, part of the deal was a $60 million cash payment to Andover's stockholders. The deal has been criticized by many, but this payment was singled out for particularly harsh treatment. No more. The two parties have announced that the deal has been changed to an all-stock exchange. The official reason cited is "tax concerns"...

For those wanting more information, here's a registration statement filed by VA Linux Systems as part of its acquisition of Andover.Net. If you're curious about the details of the deal, you'll find all of the answers there, though you will have to dig through a lot of legalese to get to them.

Officers at Andover.Net will do well - some or all of their options will vest immediately on completion of the merger. On the other hand, Andover stockholders subject to the holding period will still have to wait until that period is up before they can sell their new VA stock.

(See also: this brief Reuters article about the change in terms).

VA Linux Systems acquires Precision Insight. While we're on the topic of VA acquisitions: on Precision Insight's web page is the following notice: "Precision Insight Inc. has merged with VA Linux Inc. PI's management and its entire engineering team have remained with the company and will continue to support open source development as they have while at PI. This merger adds a significant graphics, video, and multi-media development and support capability to VA Linux." VA has not yet released any information on this move.

PI works with XFree86, providing support services, developing video drivers, and so on. They developed a number of video drivers for Red Hat, and are currently working on the Direct Rendering Infrastructure with support from Red Hat and SGI. They list Darryl Strauss, David Dawes, and Brian Paul as part of their development team.

With this acquisition, VA adds greatly to its graphics capabilities, and to its development staff in general. PI is a group of sharp people; this could prove to be a very good move on VA's part.

Andover.Net announces new magazine. Andover.Net has announced a new print magazine called "Open," which will launch in August. It will offer trade-rag style free subscriptions; signups are already possible at the OpenMagazine.net web site.

Bluepoint signs agreement to develop embedded Linux system. Bluepoint Linux Systems has announced the signing of an agreement with Shenzhen Debole Electronics Development Ltd. to develop an "intelligent housing system" which will handle functions like "security alarm; automatic water, electricity and gas meter reading; appliance control (5 ports minimum); subdivision fee collection; information broadcasting; Internet connection; Internet-based remote management; E-Commerce Service; and touch screen with at least 50 Chinese display." There is apparently already an order in place for 6000 units.

Miracle Linux press release. Thanks to Maya Tamiya, we now have an English translation of the press release announcing the creation of "Miracle Linux" -- the new distribution startup being created in Japan by Oracle, NEC, and TurboLinux.

Open letter to Congress on immigration reform. A group of prominent technology figures, including Linus Torvalds, has sent an open letter to Congress asking it to make it easier for immigrants to get green cards. As of a little while ago, at least, Linus was still waiting for his...

Inprise/Borland board requests update of fairness opinion in Corel merger. Inprise has announced that its board of directors has requested that its advisor take another look at the merger deal with Corel. The deal looks increasingly in peril - this is the Inprise board, and not just a couple of dissident members, that is showing signs of having cold feet.

Troll Tech and Inprise/Borland collaborate on Linux GUI. Troll Tech and Inprise have announced a deal wherein Inprise will use the Qt toolkit in its Delphi product.

Perforce offers SCM System for IA-64 Linux. Applications for the IA-64 are already beginning to show up - before the hardware is available. Perforce has announced the availability of its software configuration management system for TurboLinux's IA-64 port.

LinuxMall CEO on Microsoft split-up. LinuxMall.com has issued a press release with CEO Mark Bolzern's opinion on the proposal to split up Microsoft. "Bolzern said no matter what happens in the Microsoft case, the end result will show that people are tired of the operating system dominance of Microsoft, and Linux will continue its rapid increase in marketshare and importance as a viable alternative operating system for businesses and individuals."

Amazon opens Linux store. Amazon.com, heedless of its current difficulties with the Linux community, has opened up its own Linux software store. The store's offerings currently seem somewhat incomplete: its distributions section is missing SuSE and TurboLinux (and all of the smaller distributions), the word processors section features only Corel, etc.

Section Editor: Jon Corbet.

Press Releases:

Commercial Products for Linux
• Agate Technologies, Inc. (FREMONT, Calif.) announced the release of its HotData Shuttle hot swap IDE Plug & Play solution, designed to support Linux on Intel.

• Exabyte Corporation (BOULDER, Colo.) announced record-setting test results for Mammoth-2 (M2) throughout Linux testing. Testing was completed under the Linux Tape Device Certification program through Enhanced Software Technologies Inc.

• FlexiInternational Software, Inc. (SHELTON, Conn.) announced that their latest release 4.3 of FlexiFinancials under Oracle 8i will offer support for the Linux operating system.

• Metro Link Inc. (FORT LAUDERDALE, Fla.) released the Metro-X 4.3.5 High-Performance Graphical Display Server for Linux/x86, Linux/Alpha, Linux/PowerPC, and FreeBSD/x86.

• Tux Games announced Theocracy, a real-time strategy game from Ubi Software.

• VA Linux Systems, Inc. (SUNNYVALE, Calif.) announced the release of VA SystemImager 1.0 software for automatically installing, configuring and updating large numbers of Linux systems in Internet server farms and clusters.

  Products Using Linux

• CSP Inc has announced a new line of clustered systems based on Apple Power Mac systems and Terra Soft's Black Lab Linux.

• Cybernet has announced the forthcoming (June) availability of its Linux-based virtual private network server suite.

• OnCore Systems has announced an embeddable version of Linux with extra support for real-time tasks.

  Products with Linux Versions

• Avant! Corporation (FREMONT, Calif.) announced extension of its Nova-ExploreRTL product for automated checking of HDL coding guidelines to allow user definition of custom or proprietary rules. Red Hat Linux 6.0 is among the supported platforms.

• Castelle (SANTA CLARA, Calif.) announced FaxPress 6.2, the latest product in its FaxPress product line.

• DCS (NEW YORK) announced AdaSTAT, an automatic metric reporting and restrictions checking tool for Ada95. GNAT 3.13, an open source Ada95 development environment, was used for development.

• FreeDesk.com (ST. PAUL, Minn.) announced that its users are now able to access their own hard drives and directories from any computer, anywhere through the FreeDesk website.

• GeoQuest (HOUSTON) announced the launch of its LiveQuest application service provider solution in Calgary, Canada.

• Group 1 Software (LANHAM, Md.) announced the release of GeoTAX 2.0, the first fully integrated geocoding application for tax jurisdiction assignment.

• Group 1 Software (LANHAM, Md.) announced it is including the PLANET Code as a bar code option in DOC1, its electronic document composition system.

• HIARC Inc. (ANAHEIM, Calif.) announced that its HSM (hierarchical storage management) software now supports the Ultrium (high-capacity) LTO (linear tape-open) technology.

• Intel Corporation (AMERICAN FORK, Utah) released version 6.1 of Intel LANDesk Server Manager and Intel LANDesk Server Manager Pro, management solutions.

• Moscape Inc. (SANTA CLARA, Calif.) announced GateScope, a new class of signoff tool for large, cell-based ICs that virtually eliminates noise errors prior to tapeout.

• Panasonic and SCM Microsystems, Inc. (MILPITAS, Calif. and LOS GATOS, Calif.) announced that SCM's USB to SCSI Intelligent Cable supports Panasonic's 5.2GB DVD-RAM drive.

• ParaSoft (MONROVIA, Calif.) announced the release of CodeWizard v3.1, their advanced error prevention tool for C and C++.

• Persistence Software Inc. (SAN MATEO, Calif.) announced Dynamai, "application-aware caching software" for live business content.

• PowerQuest Corp. (OREM, Utah) announced DriveCopy 3.0.

• Rational Software (LEXINGTON, Mass.) announced a new version of the Rational Suite family of products, for the development of Internet software.

• RedCreek Communications, Inc. (SAN JOSE, CA) announced the Personal Ravlin II, a hardware platform designed specifically to connect remote office users and teleworkers to broadband services, while preventing the security risk inherent in persistent "always on" Internet connections.

• SanDisk Corporation (SUNNYVALE, Calif.) introduced new additions to the family of ImageMate card readers for CompactFlash, SmartMedia and MultiMediaCards.

• V-ONE Corporation (GERMANTOWN, Md.) announced SmartGuard, a network security solution for medium sized businesses.

• VideoPropulsion, Inc. (SLINGER, Wis.) announced that the Company has added Red Hat Linux 6.1 software drivers to the range of platform support for its entire line of VDOPro DVB (Digital Video Broadcast) solutions.

• Zaxus (SUNRISE, Fla.) introduced a new WebSentry PCI security module.

• Ziatech Corporation (SAN LUIS OBISPO, Calif.) launched its Ketris family of carrier-class infrastructure-provisioning solutions designed specifically for Internet data centers.

  Java Products

• RSW Software Inc. (WALTHAM, Mass.) introduced EJB-test, to test the scalability and functionality of Enterprise JavaBeans (EJB) middle-tier applications.

  Partnerships

• Agfa Monotype Corporation (WILMINGTON, Mass.) announced an agreement with Corel Corporation to license its Albany and Thorndale fonts for inclusion in WordPerfect Office 2000 for Linux and Corel LINUX OS.

• ABS Computer Technologies will be bundling Corel Linux with its systems, according to this announcement from Corel.

• eSoft has announced a deal with Hewlett-Packard Company's Complementary Products division in South Asia to license eSoft's software suite and distribute it on HP hardware platforms, which will then be sold throughout South Asia.

• GraphOn has announced a deal with Corel wherein GraphOn will be distributing Corel Linux and WordPerfect Office 2000 for Linux in China.

• Gridware, Inc. (SAN JOSE, Calif. and Neutraubling, Germany) announced that its Codine/GRD advanced computing resource management software has been selected by NVIDIA Corporation as the foundation for a Linux-powered, tightly-clustered, heterogeneous computing environment it is building to handle the EDA processing requirements for its next generation of 3D graphics processors.

• Imsys AB (UPPLANDS VASBY, Sweden) announced it has joined EEMBC (EDN Embedded Microprocessor Benchmarking Consortium). uC-Linux and the embedded Linux kernel subsystem are listed among Imsys' products.

• Intel and its Dialogic subsidiary (PARSIPPANY, N.J.) announced it has signed a letter of intent with eOn Communications Corporation in which the two companies plan to work together to develop advanced Linux-based solutions for the communications market segment.

• Linux NetworX, Inc. (SANDY, UTAH) announced a partnership with Alpine Consolidated, LLC, a company that works with emerging businesses to obtain financing and execute strategic growth plans.

• Lynx Real-Time Systems, Inc. and Intoto, Inc. (SAN JOSE, Calif.) announced the availability of Intoto's USBStack for the LynxOS. USBStack is an off-the-shelf USB host protocol software solution. LynxOS is a Linux-compatible real-time operating system.

• Merlin Software Technologies International Inc. (ALTAMONTE SPRINGS, Fla.) announced an agreement with Minnesota based Frank Kasper & Associates (FKA), to supply Merlin's PerfectBACKUP+ Linux backup and crash recovery software to its world-wide distribution channel.

• Metrowerks (AUSTIN, Texas) announced it is a founding member of the Embedded Linux Consortium.

• Newlix Corporation (OTTAWA) announced a strategic relationship with 3D Microcomputers Wholesale and Distribution to market its Newlix OfficeServer, a Linux-based network operating system.

• Newlix Corporation and Look Communications Inc. (OTTAWA) announced a marketing partnership to promote the use of Newlix OfficeServer.

• Pervasive Software Inc. (AUSTIN, Texas) announced that as a member of Red Hat's ISV Partner Program, Pervasive has provided 30-day trial versions of Tango 2000 Application Server and Pervasive.SQL 2000 Server, for the Red Hat Linux 6.2 application CD.

• TeamLinux announced that it is sponsoring a new LinuxMall.com online forum called "Ask Linus".

  Investments and Acquisitions

• Lineo has announced the receipt of $37 million in investments from over a dozen companies.

• Linux NetworX, a subsidiary of Alta Technology, has announced the receipt of $2 million in venture funding from the Canopy Group.

• OpenSales, Inc. (SAN MATEO, Calif.) announced that it has secured $10 million in Series A financing.

• TeamLinux Corporation (Austin, Texas) announced the acquisition of Austin- based Three-Sixteen Technical Services.

  Financial Results

• Andover.Net, Inc. (ACTON, Mass.) reported revenues of $2.8 million for the quarter ended March 31, 2000.

• eOn Communications Corp. (MEMPHIS, Tenn.) announced third quarter results would be lower due to a shortfall in revenues caused by a slowdown of non-Linux based equipment sales.

• Inprise/Borland Corporation (SCOTTS VALLEY, Calif.) announced financial results for the first quarter of fiscal year 2000.

• Magic Software Enterprises, Ltd. (OR YEHUDA, Israel) reported record sales and earnings for the first quarter of 2000.

  Linux At Work

• Alta Bates (OTTAWA, Ontario), part of the Sutter Health network in Northern California, recently chose the Loran Kinnetics management appliance to monitor their network day and night. Selection criteria that most interested Alta Bates' technical staff included Kinnetics' powerful capabilities, use of the Linux operating system, and its ease of use and deployment.

• VistaSource, Inc. (WESTBORO, Mass.) announced that the Good Samaritan Society (GSS) will deploy their Applixware Office for Linux v5.0 nationwide to 2,500 users across 240 sites.

  Personnel

• Piranha, Inc. (DALLAS) announced the appointment of Roe VanFossen to Piranha's Board of Directors.

  Other

• eSoft has announced that its stock has begun trading on the NASDAQ National Market - it had been traded before on the Small Cap Market.

• This IDC Latin America survey shows Linux use increasing in Latin America.

• Sitestar Corp. (ENCINO, Calif.) announced that its Linux-based ISP division has surpassed the 5,000 customers level.

• uniView Technologies Corp. (DALLAS) announced an initial contract of $20 million for a new set top box (Z Box) based on the Linux uniView model.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Upside has posted a lengthy article which may well be the definitive summary of Microsoft's problems. "Microsoft's value proposition was that an Intel-based system running Windows NT was a much less expensive proposition than a semi-proprietary Unix running on non-Intel hardware. Linux, however, beats Microsoft at its own game, offering a highly customizable, standards-compliant operating system at a fraction of the cost of a comparable Windows NT system. Sadly, it's not clear whether Microsoft fully understands the nature of the Linux threat."

Business

News.com looks at Embedded Linux firms. "Another difference between the companies is in royalties--the fee a company pays to sell a device using the software. Lineo charges royalties for Embedix, its version of Linux for gadgets. MontaVista won't charge royalties but will charge for use of software development tools and technical support. Support contracts cost between $5,000 and $10,000 a year depending on depth and responsiveness."

Here's an article in News.com about Red Hat's plans to get into the home appliance market. "The move marks the first major expansion of Red Hat's version of Linux outside its server stronghold. However, trying to enter the home networking market pits Red Hat not only against Microsoft's Windows, but also against other Linux companies such as Lineo."

This News.com article is about RealNetworks' use of Mozilla code in a version of its media player. "Whatever RealNetworks' intentions for Web-browsing capabilities, the company's participation in the Mozilla software development effort is a big win for the organization."

Here's a brief article in Wide Open News about the layoff at Linuxcare. "The company had been expanding its workforce as part of an IPO ramp up, but the withdrawal has forced the company to reexamine its spending and its strategy. Without the expected cash infusion, Linuxcare has had to tighten its belt."

This week's Linsider stock summary is up. "You'll get a variety of opinions as to whether a split is a useful remedy for the problems Gates and Co. have caused, but one thing is for sure: the final word on this is still a year or more away. And for Linux advocates, that's good news. See, in the long run it doesn't really matter what the Government does legally to Microsoft. What matters is that the microscope is on Microsoft for an extended period, allowing other players to move more quickly into competitive positions."

Here's a lengthy Upside article covering the Piranha vulnerability, the change in the VA Linux/Andover merger terms, and the proposed French open standards law. "Despite the glowing endorsement of both free software and the principles of software liberty, free software advocates such as Richard Stallman gave the overall text of the law mixed reviews."

News.com looks at the FreeNet project. "Others say Freenet, if it is able to get out of its early stages, could be the final nail in the coffin for organizations trying to prevent online piracy. Since Freenet is wholly decentralized, there is no central company to sue for copyright violations. And because each 'node' is encrypted, and users anonymous, it will be nearly impossible to track down any individual pirate or pirated work."

ABC News has an article about Eazel. "Windows and Mac users should feel comfortable with Eazel. The current pre-release version, called Nautilus, features large, finely shaded icons, and windows that look like a cross between Macintosh, Windows and Netscape." (Thanks to Jay R. Ashworth and Ketil Malde).

Linsider ran this column on software testing in the open source world. "Reading about Red Hat's recent troubles with its Piranha release I was struck by a thought: Linux, as a whole, lacks a formalized testing organization. In 20 years of development, having worked for 7 different companies ranging in size from a 5 man startup to the behemoth that is Samsung, this is the first time I've seen software released to the world with no formalized testing applied."

Here's TechWeb's take on Red Hat's Piranha problem. "Chris Rouland, director of X-Force at ISS, Atlanta, said he does not believe the back door was installed with malicious intent, but the vulnerability does reinvigorate the debate between open source and closed source software."

Salon looks at several companies that have been hit by the fall in tech stock prices. "Red Hat's IPO was widely considered a validation of the commercial potential of Linux. But its stock price slide is now hailed as proof that there is no money to be made in the entire Linux sector."

Here's a LinuxPower article which looks at the whole Netpliance iOpener affair and tries to convey an understanding of what the company is up to. "When you see something you believe in succeeding it's natural to get worked up about it. Sometimes this kind of passion can lead to actions that seem wild or irrational to people outside of the group. When Netpliance changed their Terms of Service or poured epoxy on the board, they were reacting to a threat to their vision. Regardless of what we may have thought about these actions we have to put them in the context of a group of people working very hard to achieve some goal and then having that dream threatened."

The Red Herring reports on a talk by IBM VP Irving Wiadawsky-Berger. "Mr. Wiadawsky-Berger's zeal for Linux even spills over into IBM's labs, he notes, where IBM is developing a Linux-based watch with speech recognition."

The "Jet" cluster at NOAA (covered in LWN last month) staged its formal unveiling on April 26. Some local coverage of the event may be found in the Rocky Mountain News, the Boulder Daily Camera, and the Denver Post.

Government Computer News has also posted an article about Jet.

Microsoft Breakup

U.S. News contemplates the effects of a Microsoft breakup on Linux. "Linux, an operating system available free online, has been a runaway success on the Internet, where it runs 30 percent of sites. But even its founder, Linus Torvalds, is disappointed at its puny 4 percent market share on desktop computers, the machines folks use at home and at the office. That's because Linux can't run the most popular software programs used with Windows, especially Microsoft Office, which includes Word and spreadsheet Excel. Without Office, Linux doesn't have a prayer of a chance on the desktop."

Here's a San Francisco Chronicle column arguing that a breakup of Microsoft may not be sufficient. "In other words, it's not obvious that enough users are likely to adopt Linux in the near term to create a market large enough to induce the new Microsoft-descended applications company to develop Office for that platform -- even if the company makes its decisions strictly on the basis of its own economic self-interest, without regard to its former OS colleagues."

News.com looks at the possible effects of a Microsoft breakup. "On the other hand, current makers of Linux office software such as Corel, Applix' VistaSource or Sun Microsystems' StarOffice would face a fierce new competitor already established as the standard. Netscape might not be the standard Linux browser. And Windows Media Player might give RealNetworks' RealPlayer even fiercer competition."

This Reuters article ponders the possible effects of a Microsoft breakup on Linux. "'Linux is on track to beat Microsoft regardless of what the Justice Department does,' said Larry Augustin, chief executive of VA Linux Systems Inc. , a developer of systems and services optimized for Linux in Sunnyvale, Calif. 'I think that separating the company into an applications piece and an operating systems piece though, could significantly accelerate that, particularly since the applications piece of the company would have a strong economic incentive to port Office to Linux,' Augustin said. 'If Microsoft Office ran on Linux immediately we would see Linux with a 10-15 percent share of the desktop operating system market,' he added."

FUD and Counter-FUD

Here's another piece of old-time ZDNet FUD of the type we've not seen for a while. "What amazes me the most is that open source has gained so much momentum without showing any goods. It's a dot-com-all hype and speculation and no fundamentals. It's like an onion in a bushel of apples. Someone might notice that it looks and tastes different, but peel away its layers, and there's nothing there."

Red Hat's Bob Young responded in this article. "John, you are welcome to continue to insist that this open-source movement cannot continue to succeed. Just don't try to claim it isn't succeeding. With partners like Dell, Oracle, IBM, Compaq, SAP, Computer Associates, Netscape, Intel and thousands of others, and the large and rapidly growing market share figures shown above, this thing is big and getting bigger."

Evan Leibovitch compares Richard Stallman and John Taschek (author of the first article) in this ZDNet article. "John Taschek, meet Richard Stallman; two sides of the same coin, attacking the open source movement from opposite sides. Despite the polarity of their otherwise unrelated assaults, their arguments unwittingly combine to prove what a genius Linus Torvalds really is."

More Opinions

Computer Currents seems mystified by the interest in Linux. "Linux, despite becoming very well-known more than two years ago, has become nothing more than an experimental novelty among desktop operating systems, and is rarely used for any server application besides Web service. Its growth may have stagnated while still in the single-digit percentage range. Yet people flock to Linux classes, even though its spread in corporate IS, and the corresponding career opportunities, are only a future possibility."

Here's a ZDNet column, ostensibly about the Piranha vulnerability, that brings back memories of the Good Old Days of ZDNet's Linux coverage. "The appearance of a security issue at a time when users are still asking for more applications is unlikely to bolster the fortunes of Linux stocks, which tumbled faster and farther than general technology issues in April. Quality assurance and security aren't the only issues: Outside of a few suites, there is a lack of widely available office software; consumer versions of the OS are relatively untried; and open source code's open-ended nature - with many developers working on different parts of the system - makes some information technology (IT) managers nervous about its predictability."

Open Software Law - France Liberation has posted this article (in French) about the proposed French open software law. It's a sympathetic piece. For non French-capable readers, the Babelfish translation is relatively readable. (Found in Portalux News).

Thanks to Stefane Fermigier, we have an extensive list of all press coverage of the proposed "open software" law in France (as described in last week's LWN). Check out Stefane's list for more articles - in more languages - than you could ever read...

Resources

FirstLinux has posted a series of articles with the theme "I've installed Linux: What Next?" The articles cover topics like email, web surfing, graphics, and more.

If you've never set up a network before, this article from Gianluca Insolvibile is intended to get you started.

This week's Dear Lina column takes a look at at the file command and cable modems.

Interviews

Slashdot has posted their interview with Richard Stallman. "Warning: The interview below contains mature concepts and strong opinions. It may not be suitable reading for easily-angered readers whose views conflict with Mr. Stallman's."

Olinux.com.br interviews Pradeep Bhanot, the director of Linux marketing at Oracle. "Oracle's primary focus is on Linux as a server OS. Oracle wants to see Linux succeed as an OS as it offers customers openness and superior TCO. There is strong developer and customer demand for Linux. There have been over 200,000 downloads of Oracle products on linux from our developers site at http://www.technet.oracle.com."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

May Linux Gazette available. The May issue of the Linux Gazette is out.

Tutorial on the GNU Privacy Guard.  Kuro5hin has put up a tutorial on the GNU Privacy Guard (GPG). "Congratulations. You now have a pair of keys. One is private, and one is public. Think of them as a birth certificate, library card, and drivers' licence rolled into one."

Book Review: APC Linux Pocketbook  Adam Jenkins, a member of Linux Users of Victoria, has posted a book review of the APC Linux Pocketbook. "This book is aimed at intermediate Windows users who would like to try Linux and want a little guidance, but are prepared to refer to manuals themselves once they're started".

Linux Laptop-HOWTO  The Linux Laptop-HOWTO is a HOWTO covering laptop related Linux features, such as installation methods for laptops (via PCMCIA, without CD drive, etc.), laptop hardware features and configurations for different (network) environments.

Events

• Linux Expo 2000
  Thursday 1st June - Friday 2nd June in London Olympia
• European Linux Conference
  Thursday 1st June
• Linux 2000 UK Linux Developers' Conference
  Linux for the Enterprise
  7-9 July Hammersmith, West London
• Open Source in Education Conference
  25-26 July at Birmingham University, UK

TheLinuxStore.com and EBIZ Enterprises Offer Free Seminar  TheLinuxStore.com and EBIZ Enterprises Inc. announced a series of free seminars aimed at business executives and Linux enthusiasts. The first will be held Friday, June 9 at The Buttes Resort, 2000 Westcourt Way, Tempe, Arizona.

LinuxFest in Independence, Virginia.  LSNet, a North Carolina based ISP, sent us this announcement about a LinuxFest to be held Saturday, June 24, 2000 in Independence, Virginia.

O'Reilly's Open Source Software Convention.  O'Reilly sent this announcement for this year's Open Source Software Convention, in Monterey, CA July 17-20 2000.

7th International Linux Kongress call for papers. The 7th International Linux Kongress will be held at the University of Erlangen on September 20-22, 2000. The call for papers has gone out; submissions are due by the end of May.

Web sites

User Group News

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

The Linux for Laptop Computers (or LiLaC) site is maintained by Werner Heuser, author of the Linux Laptop HOWTO. It is a comprehensive source of information on issues with laptop systems, and contains what must be the definitive list of working PCMCIA cards.

Section Editor: Jon Corbet

Letters to the editor

Date: 27 Apr 2000 20:35:24 -0000
From: Eric Smith <eric@brouhaha.com>
To: letters@lwn.net
Subject: Linus on kernel debuggers

Linux Weekly News of 27-Apr-2000 reports:

    Linus has long had a dislike for interactive kernel debuggers. His
    position is that they lead developers to fix symptoms; he would rather
    they stare at the source and come to an understanding of the real problem.

Yeah, user-space GDB is a real drag also.  Too many programmers use
debuggers as a crutch, when it is obvious that simply staring at the
source code is *so* much more likely to result in true enlightenment.

I always hate it when the hardware guys use logic analyzers,
oscilliscopes, and simulators to find bugs in their designs.  Obviously
the correct way to verify or fix hardware designs is to stare at the
Verilog code and schematics until your eyes bleed.

And when my car's engine is making a funny noise, I'm apalled when the
mechanic actually looks under the hood and finds the problem
immediately, rather than spending a few days thinking about what could
cause that sound.  It's hard to believe that using methods like that,
anyone could develop a true understanding of what's going on in there.

Engineers today rely way too much on fancy-shmancy tools to help with
their tasks.  Back in the old days, we only had printf(), and WE LIKED IT.
So what if it took weeks to fix obscure kernel bugs that with better tools
could be found in days; the important thing is the process, not the results.
Just like the "new math".

Of course, good engineers don't use time-saving tools like compilers,
either.  If the program is worth writing, it's worth writing in
assembler.  Or better yet, toggling in binary via the front-panel switches.
(It's not a proper computer unless it has front-panel switches.)


Seriously, though, I don't understand why Linux thinks that debuggers
"lead developers to fix symptoms".  I've used both kernel- and
user-space debuggers to find many hundreds of bugs, and in the vast
majority of cases have been able to fix the underlying problem, not just
symptoms.  It's not at all obvious how having an additional tool and
source of information can make it more difficult or less likely to
develop an understanding of a problem.

Eric

From: LucFrench@aol.com
Date: Thu, 27 Apr 2000 05:34:05 EDT
Subject: Re: soft tissue
To: allan@stokes.ca
CC: letters@lwn.net

Allan Stokes wrote:

> It's exactly the same when look at the bone yard of proprietary encryption
> algorithms broken and ignore the "soft tissue" of proprietary encryption
> which hasn't been broken.  Or as most people assume "hasn't been broken
> yet".  Which is exactly what the dinosaur people assumed about the kinds of
> fossil fragments they had not yet found.
>
> Perhaps someday the mathematics of "provable security" will be invented and
> they will look back at some of the proprietary work done today and discover
> that some of it was actually warm blooded after all.

I think I can make a statement that any professional cryptographer will agree 
with:

If your encryption method (be it an algorithm, the underlying random number 
generator, or the program itself) must be kept secret in order to be secure, 
it is insecure.

The reason most cryptographers dislike proprietary algorithms boils down to 
this. (There are some wrinkles and qualifications to that statement, but not 
many; and there are some other problems, dealing with trust and generic 
attacks.)

I'd also like to point out that "Hasn't been broken yet" is the status of all 
computer based encryption algorithms, both open and closed. It's similar to 
all scientific theories' status of "Hasn't been disproven yet".

As to the possibility of a Unified Security Theory, such a thing is quite 
frankly impossible. It's too complicated to go into in a letters column, but 
boil down to the fact that 'secure' and 'insecure' are qualitative, rather 
then quantitative, terms. Quantifying either requires complete knowledge of 
all possible attacks; and from here we get into circular logic.

BTW, the cold-blooded dinosaur theory came about because all known lizards 
are cold blooded, and dinosaurs were clearly big lizards; therefore, 
dinosaurs were probably cold blooded. The syllogism was flawed only because 
of an unknown assumption (lizards don't have to be cold blooded). You've used 
a flawed syllogism as well, that because Assumption A and Assumption B look 
alike, and Assumption A has been proven false, Assumption B must be false as 
well.

Just as a final note:

> Of course, anyone dumb enough to trust someone who spends too much time
> alone in a dark room deserves what they get.  But that doesn't mean they
> were wrong.  People spend too much time forming opinions about what is
> technically possible (we don't know) and then end up misplacing the emphasis
> which belongs entirely on the social issue of what kind of development
> processes we choose to trust.

Actually, the underlying assumption is closer to "if you are hiding 
something, you may have reason to be hiding something, and since we don't 
know what you're hiding, we are therefore unable to trust you". *THAT* is why 
it's so important that encryption methods be open, and known vulnerabilities 
be listed; else, how can I, Strawman Consumer In Need Of A More Secure 
Computer Then What I Have Now, trust that you, Strawman Encryption Expert 
Trying To Sell Me Something, are being honest?

This is what is driving people to open source for security in the first 
place; if you have the code, implementation flaws are easy to spot (assuming 
the code isn't some kind of hairball), and back doors are hard to put in 
(bogus stories involving fish of a South American persuasion notwithstanding).

Thanks
Luc "Jude the Secure" French

Date: Thu, 27 Apr 2000 12:46:24 -0500
From: "John J. Adelsberger III" <jja@wallace.lusArs.net>
To: letters@lwn.net
Subject: "Warm blooded security"

In his letter dated April 21, Allan Stokes points out(validly) that
lack of peer review and general understanding does not necessarily
imply insecurity of an encryption algorithm.

He fails to make the point that is crucial when you need a working
system on a deadline in the real world: there is no provable
security today, and at this track, the rules are a little strange:

1) Betting on the underdog does not inrease the payout if you win; all
   winning bets pay the same.
2) The fact that my horse wins does not necessarily imply that yours
   will lose.
3) Despite 1 and 2, there are still underdogs and favorites.

Under those circumstances, betting on an underdog is all loss and no
gain.  Certainly, it would be wrong to disparage researchers into
unknown areas of math, whether crypto or otherwise - but deploying
their research prototypes as production systems is a most brazen
sort of foolishness, and trusting an algorithm that is unknown to
most of the research community over one that has been widely 
examined is even worse.

-- 
John J. Adelsberger III				ETAONRISHDLFCMUGPYWBVKXJQZ
jja@lusars.net

From: nride@us.ibm.com
To: ghaverla@freenet.edmonton.ab.ca, letters@lwn.net
Date: Thu, 27 Apr 2000 11:55:34 -0600
Subject: Printing in Linux



The UNIX printing model is dreadfully lacking. Certainly you can find out
that you have some printers out there by looking in the printcap file, but
what do you know about those printers? The whole printcap concept was
designed in the days when your printer could handle raw ASCII and not much
else.

If you look at the archetecture of more "Modern" operating systems, there
is a well defined API for printing. A device manufacturer codes a driver to
that API and the applications use that API to render their jobs. Thus, all
applications use the same rendering API, and the same rendering API can
render to PostScript, PCL or whatever other printer language the printer
uses.

Contrast this to UNIX where the application has to implement its own
rendering routines or use a third party library. If the user wants to print
to a PCL printer and his application only does PostScript, he's out of luck
or has to use GhostScript. GhostScript effectively becomes the printer
driver for many people and PostScript becomes the rendering API. While this
state of affairs isn't too bad, it's not too good either. If you can cover
PCL and PostScript, I'd guesstimate that you'd be covering about 90 to 95
percent of the printers out there.

As for finding out attributes of the printer (How to use those extra paper
trays, etc) Adobe has a Portable Printer Definition format for PostScript
printers and Microsoft has a Generic Printer Definition format for PCL
printers. You can code a "Driver" outside the application to read these two
formats and add headers to your jobs and you'd be doing pretty well. The
Printer Working Group (www.pwg.org) is working on an XML based printer
definition format, as well. There's room for a lot of cleverness in
building interfaces from files in these formats.

For approaches that involve actually building the correct archetecture, I
know of a couple of projects underway. There is an open API called XPRT
which looks kind of interesting. You send X commands to a server and it
renders a printing language. Xfree86 4.0 seems to have some XPRT support.
The Gnome people seem to also be working on an API which I assume you'd
have to use Gnome to take advantage of. Personally, I'd like to see an open
solution which doesn't lock you in to a particular environment while it
brings UNIX printing up to date.

--
Bruce Ide      nride@us.ibm.com

IBM PSC Driver Development

To: letters@lwn.net
Subject: Printing is definately below-par
From: Alan Shutko <ats@acm.org>
Date: 27 Apr 2000 10:04:46 -0400

Gordon Haverland stated that printing on Linux is perfectly fine.
Unfortunately, he's missing a lot of fundamental points.

While it is true that you can simply pass stuff off to LPR and
something will come out the printer, there's a lot of other stuff that
printing apps need to know that has never been a consideration of lpr.

First, the current Linux "printing system" gives no information to
apps of the fonts available.  While X can do this, you would need to
install fonts in two places.  X only provides bitmaps, so you can't
pass outlines to the printer unless you write your own font subsystem
and require that fonts be installed there.  (You'd also have to do
this to gain additional metric information that isn't available via
X.)

How do you ask lpr what sizes of paper are available, or tell it to
collate and staple output jobs?  You can't.  How do you select the
tray?  You can't.  While some of these problems are fixed in LPRng for
certain printers using certain filtering systems, other problems
remain.

-- 
Alan Shutko <ats@acm.org> - In a variety of flavors!

From: "Corfield, Richard" <RICHARDCO@POLK.CO.UK>
To: "'letters@lwn.net'" <letters@lwn.net>, 
Subject: Re: Printing and Re: WordPerfect "review"
Date: Thu, 27 Apr 2000 12:53:14 +0100


I'd agree that the existing print system under UNIX is very strong. Its
standardisation on 
PostScript as a printing language should make life a lot easier for software
developers, users and administrators alike. 

	Software developers because they only need write drivers for
postscript

	Users because they can always preview output, and manipulate it with
tools such as GS, GV and mpage.

	Administrators because they can redirect output to any printer
knowing that its in a language that the printer driver can understand. They
can also filter it on the way (mpage for example). The job is only
translated from Postscript at the last minute.

My experiences with some other printing systems seem to confirm these
advantages. Its a pain when you can't preview output and its a pain when you
can't print to a printer because you can't find the driver disk to set up
your wordprocessor to be able to create jobs for it. Its also a pain when
one version of the OS has a printer driver with mpage like functions and the
version I work on doesn't so I can't print two sides on one from my desktop.
Under Linux you can apply mpage to any print queue regardless of the type of
printer on the end of it.

The only problem with the system is that the word processor has no knowledge
of what the capabilities of the printer are. This causes me problems at
times because my printer cannot handle small margins and some programs try
to print into them so some edges can be lost. 

What seems to be needed is a way for the word processor to find out what
paper sizes and margins the particular printer supports, whilst keeping the
advantage of a printer agnostic printing language and without bringing in
all of the problems with a certain other system when you do this.
For example I find it annoying when I load a document into a word processor
to find that it has been "Changed" because my word processor has a different
default printer to the original author's.

Perhaps an extension to lpd or lpr or lpstat could allow the word processor
to find things like paper size, margins and perhaps colour capability. Then
the only problem is what happens when you try to print a document on a less
capable printer than that intended by the original author, and you're not
using something like LaTeX where it doesn't really matter too much.

Certainly something that must happen is that this must be solved correctly,
rather than just
copying the solution from somewhere else, warts and all.

 - Richard.

<Standard Disclaimer: All oppinions my own and not those of my employer, or
probably 
 anyone else in my office for that matter>

Date: Tue, 2 May 2000 21:10:33 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: Tammy_Cavadias@zdcommunity.com
CC: letters@lwn.net
Subject: http://www.zdnet.com/zdnn/stories/comment/0,5859,2555159,00.html

... the Taschek column on Open Source.

Was that op-ed?  If so, it should have been slugged.  If not, it's
shoddy journalism.

[Looks again]  Ok, it's commentary.

Is it ZDnet's intent to reduce readers' opinion of its worth by
running commentaries that are obviously based on factually incorrect
premises and incomplete research?  *I* could write opinion columns too
(and I do, my weblog address is listed below), but that doesn't mean
anyone would read them...

A major fraction of the Internet depends completely on open-source
software, written well before the term was coined. BIND (name
service), sendmail, (mail transport), perl (CGI scripting, among other
things) and Apache (>55% of all publicly accessible webservers) are
just the most visible examples.

If this column wasn't a troll, then I must cast my lot with the people
who'll be ignoring ZDnet completely if it's going to publish writing
of this caliber.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     
The Suncoast Freenet
Tampa Bay, Florida     http://baylink.pitas.com                +1 888 806 1654

Date: Sun, 30 Apr 2000 04:30:10 -0700
From: Jim Dennis <jimd@starshine.org>
To: Microsoft.atr@usdoj.gov
Subject: Protocols, APIs and File Format Libraries 

Hi,

 As a long time observer in this industry (having done stints in
 tech support, quality assurance, development, and systems administration)
 and as a writer and industry journalist (having written one book on 
 Systems Administration, a few articles for various magazines, and an
 online technical support column) I'd like to comment on the 
 possible measures that you will take vis a vis the Microsoft case.

 (Duh!  That's what this e-mail address is for, isn't it?)

 Obviously we'd like to arrive at a solution which is remedial,
 punitive, and deterrent.  

 I don't believe that a breakup and ongoing regulation of Microsoft's
 business will achieve these goals.  Unfortunately any ongoing regulation
 of their company is likely to be mired in bureaucracy and hampered as
 it becomes increasing politicized.  It will be interesting to see how
 future administrations will meddle in these affairs.

 The set of measures that I believe would offer the greatest remedy
 to consumers and industry participants while acting as a fitting 
 punishment to Microsoft and possibly even deter future monopolists
 would be to require that Microsoft fully document their protocols
 (networking), APIs (programming interfaces) and file formats.

 These elements of their software are necessary to achieve
 interoperability.

 They are also the very elements that Microsoft has obscured and changed
 in order to stifle competition and thwart innovation throughout the 
 rest of the industry.

 Furthermore I'd recommend that the only form of acceptable documentation
 for these software standards would be a set of functional "reference
 implementations" of the necessary utilities and libraries to perform a
 the core operations of each protocol, call each API function, or 
 read, parse and manipulate each file format.  These reference
 implementations would have to be published in true "open source" form and
 subject to a FREE license --- which which specifically allows commercial
 and proprietary derivative works by third parties.  (I would not recommend
 the GPL --- a BSD like license would be more appropriate).

 I'd also recommend that the court should require that these
 implementations be delivered in a timely fashion, that they be in ANSI standard C
 and/or C++ programming languages, that they must compile on non-MS operating
 system platforms (pick three --- Linux, FreeBSD, Solaris, etc) and
 non-Intel (x86) hardware.

 A reference implementation is the only adequate documentation which can
 be accepted in this case --- since any other form is subject to endless
 subjective legal wrangling and interpretation which would necessarily 
 cross the disciplines of computer science and jurisprudence.  

 A reference implementation would also include a compliance suite.  It
 can be unequivocably and objectively judged.  Either it compiles and
 demonstrates interoperation with Microsoft's own software, or it fails and
 Microsoft can be fined, enjoined from releasing new products, etc.

 Of course Microsoft would be required to deliver such a suite for their
 existing operating systems and applications suites.  This would be
 required to be done in a timely fashion.  

 More importantly: The court should hold that Microsoft much continue to
 publish such reference implementations for all future upgrades and
 products. For future upgrades and products it would be reasonable to
 require that these reference implementations be published prior to software
 release and tested immediately.  Micrsoft could then be enjoined from
 distributing new products and new revenue generating upgrades of their
 existing products until their products are judged to be in compliance
 (interoperable) with their own published reference standards.

 I believe that this approach has a number of advantages:

	* Objective criteria
	* Respect of Microsoft's legitimate intellectual property
	* Freedom to innovate
	* Low cost to the Federal Government
	* Little requisite regulatory burden
	* Promotion of both the competing commercial software 
	  industry interests and the open source and free software
	  movements (and other consumer interests).
	* Low public perception of meddling and bureacracy
	* Academic and educational benefits

 Note that this plan does respect Microsoft's rights to its intellectual
 property.  It doesn't require them to publish or provide any access
 to the source code of their current and future products.  These 
 reference implementations can be completely independent or they can be
 functional subsets of Microsoft's code.

 It also allows Microsoft to continue to modify their software
 (operating systems and applications) and to freely "integrate"
 and separate these products for their own business interests.  However,
 it does so in a way that ensures that other companies can make 
 competing products, enhancement utilities, etc.  It also ensures
 that the U.S. Federal Government, international interests, and other
 parties will be able to maintain their document, networking and 
 internal software infrastructures regardless of what Microsoft does
 with their future products and upgrades.  (Indeed with these reference
 standards you significantly reduce the risks associated with use of 
 proprietary software in general).

 Regardless of any breakup, and in addition to any regulatory 
 oversight and punitive fines that you impose on Microsoft I 
 recommend that you do the rest of the country some tangible 
 good by requiring reference standard implementations of all 
 networking protocols, application programming interfaces and 
 file formats that Microsoft uses to "integrate" their clients
 to their servers, and to interface their applications with their
 operating systems, and to sort and interchange their documents
 configuration data, account and management databases, etc.

 Thanks.

--
Jim Dennis                                            
jdennis@linuxcare.com
Linuxcare: Linux Corporate Support Team:           
http://www.linuxcare.com

Date: Wed, 03 May 2000 13:09:52 -0400
From: walt smith <waltech@bcpl.net>
To: letters@lwn.net
Subject: several fundamentals

Dear LWN readers,

Distributions are proliferating like mosquitos
in spring.  The basis for being in business and
obtaining funding for doing so has almost always
been that money is to be had from service, and not
sales of the basic (software) box.  I disagree.

However, service appears to be a necessary reason in order
to achieve funding for Linux companies to exist.  The
Microsoft empire is largely based on sales of (software) box's
at a reasonable price.  I believe their prices, historically,
have been reasonable. Many Linux boxes are approaching
the same price basis.  There is the caveat that the
sink and entire kitchen are thrown in with the box.  In other
words, sales of the box are significant and important, and should
be recognized as such. I feel more notice of this is necessary.
--
I had an interesting experience recently. It should
prove valuable to marketing psychologists. After actually
spending some loot on a Linux box off-the-shelf, I had
a revelation. Like many,  I'd borrowed Linux CD's,
and also downloaded free Linux from the Internet.
When I went to "retailer", I knew I was purchasing "free" software.
Why ?  It wasn't free!  But it was the feeling of getting
something free and paying a little for the tiny manual and
box.  The convenience of the CD !!  ? or was it?
Nope!  It was the feeling that, even free, that the box wasn't a sole
source product. I knew the product would be upgraded "soon",
but so what? it was cheap ($29).  I knew it was free if I
really wanted it to be free!  I knew if I didn't like it, I had a
choice of multiple different packages with the same underlying
function and commonality (/lilo/, /usr/, ext2fs et. al)!!  ..all
free or shelved at competitive prices!  It was a feeling of buying
into a community;  that same feeling non techies have buying
Nikes or Windows.  And I knew it was ALL there - no additional
$$ for a wordprocessor, compiler - Jeeze! I even had multiple
selections.
--
I read on LWN that the new 2.4 kernel isn't due until possibly Autumn.
This is a shame!!  One of the Hallmarks of Linux is the *continuous*
improvement.  Waiting beyond some magical number isn't good for
me psychologically nor a significant part of the Linux community.
I understand the tradeoff  for the stability that many (larger
corportaions)
require.  Perhaps there's too much concern? PLEASE! this is not a swipe
at Alan or Linus!!!  I'm  concerned about the market momentum, and I
don't
have a solution.
--
One last prediction.  SGI has moved in the right direction to adopt
Linux.
If they were a company with diversified products, it'd be even better.
I believe neither SGI, nor Sun can continue as they have been: major
changes
are coming.  This might mean the names SGI and Sun disappear, like DEC.

regards,

Walt Smith, Baltimore