Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials

Microsoft disclaims any responsibility - its customers are evidently beating down its doors screaming for software that is insecure by design. But wasn't one of the shortcomings of free software supposed to be that there is nobody to sue when things go wrong? Billions of dollars of damages generally are a clue that something, somewhere has gone wrong. Microsoft's denial of any responsibility puts the lie to the claim that proprietary software comes packaged with somebody to go after for damages. It also guarantees that this all will happen again - as it has happened other times. The whole thing is pathetic to a degree that defies belief; no wonder that Phil Agre was moved to write that "Microsoft shouldn't be broken up. It should be shut down."

Events such as this tend to bring out smugness and condescension in Linux users. We don't have those sorts of problems, after all. It is fair to say that no self-respecting open source project would intentionally put out software which would run code from random users on the net. And when such a problem is found, free software developers almost always take (moral, though not financial) responsibility quickly and race to get a fix out as soon as possible. We live in a different world, and can only look in confused wonder at people who tolerate an environment where viruses are a routine problem.

Thus MandrakeSoft puts out an advisory on how Linux-Mandrake (and all other distributions) are not vulnerable. "Software viruses are programs that can infect poorly-secured computer operating systems and applications. Machines running the Linux operating system have never been infected by a virus yet." And Evan Leibovitch writes in ZDNet: "How many times do users of Windows need to be kicked in the head? It's as if we have a community of people who, upon discovery of 'kick me' signs attached to their backs, do nothing -- and then complain when they eventually do get kicked."

But life is not quite that simple.

It is true that Linux is highly unlikely to be caught by such a simple, email-borne bit of nastiness. But nobody would claim that Linux systems are 100% free of vulnerabilities. A suitably talented malware author who wanted to shoot down some of those smug Linux people would not have that hard of a time creating an embarrassing incident.

Consider, for example, the vulnerabilities in bind 8.2. Fixes were available back in November, but, according to this CERT advisory from last week, there are many sites on the net which have not applied those fixes. Many of those are likely to be systems where the administrators do not even realize that bind is installed and running. There are certainly numerous people out there who are sufficiently talented and malevolent to write a worm which would exploit those holes and propagate itself over the net. It would not catch any site with aware administrators or a decent firewall, but it could still make a large splash. It could put Linux advocates on the defensive in a hurry.

So we're best off remaining humble. We have a far better platform, one which will never support a whole anti-virus industry. But perfect security will continue to elude us for the foreseeable future. Best to keep working in that direction and let the results speak for themselves.

Feature: Beyond free software in Japan. Thanks to ChangeLog founder Maya Tamiya, we have this feature article looking at two Japanese projects which stretch the traditional boundaries of open computing. The The Open Hardware Palmtop Computing Association has developed a palmtop system with the entire design being available under the GPL. It runs Linux, of course.

Then, for something completely different, there is the Open Source Toys Project. After all, cuddly penguins are interesting to more than just Linux hackers...

Red Hat changes direction. When Red Hat filed for its IPO just under a year ago, one thing that was emphasized in its business plan was its web portal. Selling Linux CDs wasn't where the real money would be - instead, it would emphasize other things, like services and the web. Recent events show that things seem to not be working out in quite that way.

For starters, Red Hat has laid off most of the staff from its Wide Open News site, and will cease doing original writing there. Instead, Wide Open News will simply repackage content from its partner sites (such as Salon). So the news business appears not to be going very well. Meanwhile, about the only other "portal" element to have come online is the Red Hat Marketplace, which has been up for less than a month. A year after the IPO filing, the Linux web portal turf looks to be strongly held by companies like VA Linux Systems, rather than Red Hat.

Instead, according to this press release, Red Hat is now in the venture capital business. "Red Hat Ventures" will make investments of $500,000 to $2 million in new, open source-related companies; investments have already been made in Sendmail, Inc., Rackspace.com, and e-smith. The more cynical among us could say that Red Hat, rather than figuring out a way to make money from its investors' capital, is hoping that some of these younger companies can do it instead. It's also true, however, that such investments can help improve the value of Linux (and Red Hat's distribution), give Red Hat early access to cool new developments, and pave the way for later acquisitions.

Meanwhile, Red Hat continues to sell lots of Linux CDs and related products. Some things haven't changed.

Inside this week's Linux Weekly News:

• Security: Feature: The trouble with redirects.
• Kernel: What's in Caldera's kernel; USB needs devfs?
• Distributions: University Linux distributions unveil.
• Development: A round-up of this week's development news and reports.
• Commerce: The Free Standards Group
• Back page: Linux links and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and editorials

Widespread, scary web security problem. The folks at Digital Creations have turned up a problem in how the web handles authentication that has widespread implications. Hostile web pages can be crafted which can cause your browser to take actions under your name on web sites where you have authenticated yourself. Various types of authentication-oriented services - such as web mail, web administration, brokerages, etc. - can be vulnerable to this problem. Obvious fixes are not in sight. Please see this LWN feature for an overview of the problem and how it works.

The Nexus Project initial release. The Nexus Project, being a "maximum security" distribution which grew out of the Kha0s project, has announced its first public release. Nexus seems to be taking a very server-oriented approach; the distribution does not emphasize desktops or ease of use. They intend to produce a capability-based system, perhaps they will be one of the first Linux distributions to really use capabilities. They also apparently plan to distribute software primarily in source format, rather than use a binary package system.

How apache.org was cracked. Here is a description of how apache.org was cracked this last week. The summary, for those who have not already seen it: the site was cracked though some poor configuration choices for its FTP server. The apache server itself was not compromised. (Found on Kuro5hin).

Security Reports

pam_console. Michal Zalewski and Benjamin Smee pointed out problems with the pam_console PAM module which can allow a user to sniff passwords, execute commands as the user on the console and more. This will impact any PAM-based distribution and has been confirmed on Red Hat 6.0-6.2. No fix for the problem has been reported as of yet.

glibc resolver weakness?. One thread this week on BugTraq started with a report of a weakness in the glibc resolver code. Salvatore Sanfilippo reported that the resolver routines in glibc versions 2.0 through 2.1.3 generate a random ID which is used to match requests with queries. This random ID turns out to be fairly predictable In addition, the resolver routines silently discard non-matching IDs. This leaves the server open to, potentially, a variety of DNS-based attacks, though those attacks are currently theoretical.

DBMan. The shareware, cgi-based DBMan script from Gossamer-threads.com provides a full featured database manager built on a flat-file ASCII database with a web interface for adding, removing, modifying or viewing records. A design error in the script allows it to be used to improperly display environment and setup variables. Check the relevant Security Focus vulnerability database entry for more details.

BSD reports

NetBSD unaligned IP panic.NHC Research posted an advisory to BugTraq reporting that NetBSD 1.4.2 and prior versions could be remotely crashed by the receipt of a packet with an unaligned IP Timestamp option, making them vulnerable to a remote denial-of-service attack. NetBSD has responded with a confirmation of the problem and kernel patches for NetBSD 1.4.1 and 1.4.2. Note that this problem only impacts the Sparc and Alpha platforms; other platforms such as i386 and m68k are not affected.

FreeBSD reports. Three FreeBSD advisories were released this week, involving the following "ports". Workarounds or fixes are provided/recommend for each.

• gnapster
• golddig (X11 game)
• libmytinfo

Commercial vulnerabilities

Listserv mailing list manager. An exploitable buffer overrun has been reported in the Listserv web archive software. Listserv is a popular commercial mailing list manager that runs on a variety of platforms, including Linux. An exploit has been published and an update to Listserv is reported to be available from L-Soft. Send email to support@listserv.com for more information.

Vulnerabilities have been reported with the following hardware:.

• Cayman 3220-H DSL Router
• UltraScripts UltraBoard 1.6
• Intel Corporation NetStructure 7110.0 and Intel Corporation NetStructure 7180.0
• Netopia R9100 DSL Router 4.6.2

Updates

openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.

This week's reports:

• Caldera
• Yellow Dog
• Independence

• Red Hat (June 27th)
• Linux-Mandrake (June 27th)

gpm improper permissions handling. Improper permissions handling in gpm was discussed in the March 30th LWN Security Summary.

This week's updates:

• Independence

• SuSE (April 6th)
• Red Hat (April 20th)
• Linux-Mandrake (April 20th)
• Slackware (April 27th)

piranha. Issues with the piranha packages were covered in the main editorial of the April 27th LWN Security Summary.

This week's updates:

• Yellow Dog

• Red Hat (April 27th)
• Independence (April 27th)

lisa. LISA, Caldera's non-graphical systems administration tool, contained several tmpfile handling problems in versions prior to 4.1. An upgrade is recommended. Note that this advisory was posted on April 26th, but not previously reported in an LWN security summary.

• Caldera

ircii buffer overflow. On March 10th, a remotely exploitable buffer overflow was reported in ircii, an irc client, with all versions prior to 4.4M. Check the April 6th LWN Security Summary for our first report of this problem or BugTraq ID 1046 for more details.

This week's updates:

• Yellow Dog

• SuSE (April 6th)
• Red Hat (April 6th)

imapd buffer overflow. New imap-4.5 packages containing a backport of the buffer overflow fixes in imap-4.7 were uploaded into the Debian stable tree.

Resources

SecureBSD 1.0 Preview Release. The initial announcement for the SecureBSD 1.0 Preview Release calls it "Kernel-based security enhancements for FreeBSD". Check this description for more details.

siphon. A beta release of siphon, a passive network mapping tool, has been announced.

Events

FIRST conference reminder. May 12th is the registration deadline for the 12th Annual FIRST conference, if you want the early registration discounts. FIRST is being held June 25th through the 30th in Chicago, Illinois, USA.

May/June security events.

May 14-18, 2000. EuroCrypt 2000, Bruges (Brugge), Belgium.

May 14-17, 2000. 2000 IEEE Symposium on Security and Privacy, Oakland, California, USA.

May 22-25, 5000. SANE 2000, Maastricht, The Netherlands.

June 12-14, 2000. NetSec 2000, San Francisco, California, USA.

June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA.

June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
Linux Security Audit Project
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The recent development kernels still appear to have severe memory management problems - at least for some users. Reports of the kswapd thread using 70% or more of the CPU are common. There is increasing interest in simply backing out a number of the recent memory management changes in the hope that things work better again for the short term. Meanwhile a number of hackers are working toward better memory management in the future. In particular, Andrea Arcangeli's classzone patch has gotten a number of good reviews.

(Andrea, by the way, will be speaking at the May 16 Bay Area LUG meeting in San Francisco).

The current stable kernel release is 2.2.15, released on May 7. Alan Cox has moved forward with 2.2.16pre2, which contains quite a few fixes and updates already. Andrea Arcangeli, meanwhile, has released 2.2.15aa1, which enhances the 2.2.15 kernel with quite a few goodies, much of which (big memory, large file support, raw I/O) is backported from the 2.3 series.

What's in your kernel? The Linux kernel is said to be the grand unifying factor which keeps all Linux distributions at least somewhat the same. But, as it turns out, the distributors do not ship kernels direct from Linus - each applies its own patches and tweaks. Last week we looked at the Linux-Mandrake 7.0 kernel; this week instead we grabbed the kernel source package for Caldera's eDesktop 2.4. Here's what we found:

• The base kernel is 2.2.14. They have included, however, what appears to be a slightly trimmed version of the 2.2.15pre5 patch.

• Added goodies include streams (needed for NetWare?), the 3DFX driver, the EMU10K (SB Live!) driver, the RAID patch, the ACPI power management patch, and the big memory patch.

• Other tweaks include a patch for compiling with gcc-2.95, a PPP update (from 2.3.7 to 2.3.10), the big IDE patch, an update to the C-Media sound driver, and some Sparc tweaks.

• They also tweak logging to send less to the console, and added a console driver which puts the system immediately into VGA mode ("Since strongly inspired by VGA hardware, this is quite ugly code").

Caldera's kernel is thus relatively lightly patched. The one thing there that's perhaps unique is the streams patch, for which most Linux distributions (and users) have little use.

Should USB require devfs? Universal Serial Bus devices are by their nature dynamic - they come and go whenever the user inserts or removes a plug. The USB development team has implemented the USB device filesystem (or "usbdevfs") as a way of keeping up with what the user is doing. Usbdevfs is a dynamic filesystem which tracks the state of the USB; as devices are added, a corresponding entry shows up in usbdevfs (customarily mounted on /proc/bus/usb).

Some readers may have noticed that usbdevfs sounds much like devfs, which is now part of the 2.3 development tree. The USB folks noticed that too, and have been merging usbdevfs into devfs with the goal of having just one dynamic device filesystem. It's an idea that would seem to make some sense.

Except that not everybody is thrilled with the idea of needing devfs to be able to use USB devices. Devfs remains controversial at best. But, more importantly, it is not at all clear when the distributions will start shipping kernels with devfs enabled. Even when they go with the 2.4 kernels, distributors may shy away from devfs for a while. Running devfs requires that a system be reconfigured in a non-trivial way; distributors will hesitate before requiring that of their users.

The merge of usbdevfs and devfs will probably continue. But there's also likely to be some sort of short-term hack that will allow systems to function with USB in the absence of devfs. The final destination seems to be clear, but not everybody wants to get there at the same speed.

Meanwhile, the latest USB 2.3.99 jobs list has been posted by Randy Dunlap.

Other patches and updates released this week include:

• Andreas Gruenbacher released an implementation of "extended attributes" storage for the ext2 filesystem. This patch implements the keeping of extra metadata with files on the system; its immediate use is for the storage of access control lists (ACLs). Andreas also posted some documentation on how the extended attribute implementation works.

• Devfs v99.13 (the backport of devfs to the 2.2 kernel) has been posted by Richard Gooch.

• Andrew Pam has announced the availability of the international kernel (crypto) patch for the 2.2.15 kernel.

• Christoph Hellwig posted a patch which makes the logical volume manager (LVM) work with devfs.

• A development version of a new Via 686A sound driver has been released by Jeff Garzik.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• Linux 2.5.x Porting help

Other resources:

• Kernel Source Reference
• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Distributions

News and Editorials

University Linux distributions unveil. Boston University unveiled BU Linux this week, a private Linux distribution based on Red Hat that has been tailored for the Boston University environment, with Kerberos, OpenSSH and other features preconfigured. Within moments of our mention of this distribution on the daily page last week, we received a note from Michael Katz-Hyman, pointing out Carnegie Mellon's Andrew-Linux. Andrew-Linux has been available since April of 1999, according to the documentation. The installation document for Andrew-Linux still refers to Red Hat 4.2.

A third University Linux distribution is CAEN Linux, from the College of Engineering at the University of Michigan. Similar to the other two, it is Red Hat-based. They've got a list of frequently asked questions and answers that is worth checking out. CAEN Linux was created and is supported by Chris Wing, also known for his work on 32-bit UID support for the Linux 2.4 kernel series.

One difference between these distributions: their public availability. Andrew-Linux is definitely available only internally to Carnegie Mellon. BU Linux is currently only available internally, but they have hopes that will change. CAEN Linux is available now.

To further discussion of University Linux distributions, Boston University is hosting a mailing list on the topic. To subscribe, send your request to uni-linux-l-request@bu.edu and put "subscribe" in the body of your message (majordomo).

We will certainly have to give up keeping a list of distributions in the right-hand column of this page if each and every University publishes their own version ... and they likely may, since it is a time savings for any major organization to tailor their distribution of choice to their own needs and then duplicate that exactly, rather than risk having a slightly unique version of Linux on each and every PC.

VA-enhanced Red Hat Linux 6.2. VA Linux, which has been known to distribute Debian Linux CDs in the past, has now announced a VA-enhanced Red Hat Linux 6.2. DaLinuxFrenchPage (in French) reports that the VA-enhanced version includes all the updates, plus cluster support, the watchdog kernel patch, and the latest version of Enlightenment. VA sports a comparison page where you can quickly see the additional packages, updated packages, kernel patches and bug fixes that they've added.

This does not necessarily mean a diminished support for Debian; VA has enough customers that may require Red Hat to justify their support of their own version. Making that enhanced version more widely available is certainly a reasonable step to take.

Number of Linux Distributions Surpasses Number of Users (BBSpot). This brief article from BBSpot takes a humorous look at the number of Linux distributions. "'We've been expecting it for some time,' Merrill Lynch technology analyst Tom Shayes said, 'but this is a little sooner than most expected. We've seen explosive growth in the number of Linux distributions, in fact my nephew just put out Little Tommy Linux 1.1 last week.'" (Thanks to Paul Hewitt)

The Embedded Debian Project. Announcing... the Embedded Debian Project. As the name suggests, this project seeks to help get the Debian distribution into embedded applications. It's not officially part of the Debian project, but plans to work closely with them. Their first project will be to put together a guide to embedding Debian as it stands today; thereafter they will head into extending the distribution to better address embedded tasks.

China Backs Red Flag Linux, It's Unofficial (IT-Director.com). We get occasional mail asking us for more information on Red Flag Linux and whether or not it has been officially chosen by China as the national Linux distribution. This IT-Director.com article tackles this question with an ironic answer. "This year the level of Linux usage in China is expected to double and it will be the home grown Red Flag Linux that prospers. In a very Chinese manner, the Chinese government is encouraging the use of Linux, while at the same time pretending not to." In other words, don't expect an official answer any time soon ... but draw your own conclusion.

Caldera OpenLinux

Updates for Caldera eDesktop 2.4. New packages for both dump and lisa have been posted to the Caldera update directory. The lisa update is reported to also fix problems with COAS under 2.4.

Caldera and Pervasive Bundle Tango. Caldera and Pervasive Software have announced plans to bundle Tango with Caldera OpenLinux eServer 2.3. The combination of the Tango commercial web infrastructure software and eServer is intended to give an easy-to-deploy, remotely manageable web platform. Tango includes the Pervasive.SQL 2000 Server database engine for Linux.

Conectiva Linux

Conectiva Linux Server 5.1 beta. Conectiva has announced the first beta of "Conectiva Linux Server Edition 5.1." It has a number of goodies, including a 2.2.15 kernel with the logical volume manager and ReiserFS patches, LDAP support, Stackguard-protected servers, and more.

Debian GNU/Linux

Debian Weekly News (May 2nd). This week's Debian Weekly News talks about Debian's first Testing Cycle, a possible new source package format, and a long thread on what to do next.

Debian at LinuxTag 2000. Debian is planning a booth for LinuxTag 2000, coming up June 29th - July 2nd, in Stuttgart, Germany.

GNU/Hurd

Kernel Cousin Debian Hurd. The May 10th edition of the Kernel Cousin Debian Hurd reports the auto-builder is now up and running, an important hurdle, the Hurd conference in Paris is on schedule for June 17th with over 150 people expected and a "fatfs" file system translator may be on the way.

LinuxPPC

Jason Haas returns to LinuxPPC. Jason Haas dropped us a note this week to let us know he was recovering well from his car accident and back to work at LinuxPPC. To prove it, we've started getting brief status messages from him. The latest: LinuxPPC has their new SSL certificate in place. "There was a slight delay between the time when our old SSL certificate expired and the new one renewed. However, users (buyers) can be assured that warnings about expired certificates were largely meaningless and that all connections made were still completely secure. The new certificate is now in place."

Slackware Linux

Changelog-current report. Due to problems with gcc-2.95.2 and the Linux 2.2.15 kernel, gcc-2.95.2, which was installed the week before, was removed this week in favor of egcs-1.1.2. The remainder of work this week included small bug fixes and upgrades for util-linux, biff+comsat, bsd-finger, gnu-pop3d, nettools and netkit packages.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

Orbiten Free Software Survey. The first Orbiten Free Software Survey is out. They looked at some 25 million lines of free software code, trying to get a feel for what its developer community looks like. They turned up some 12,000 developers working on more then 3,000 projects. The largest "developer" turns out to be the Free Software Foundation, with some 11% of the total; as the survey points out, the FSF got there because it tends not to credit its individual developers. The top 10% of the developers accounted for 72% of the code overall.

First public BitKeeper release available. According to the development status page for the BitKeeper source management system, the first public release of the code is now available. BitKeeper promises some good things for software management, and may well end up being used to manage the Linux kernel source. It's not 100% "open source" software, however; see this 1999 LWN feature on BitKeeper for details on its licensing. (Thanks to Jay R. Ashworth).

Li18nux draft globalization specification available. The Linux Internationalization Initiative has announced that its "Draft Globalization Specification" is now available for public review. They plan to have a final version out by August, and to have the distributions shipping with standard internationalization by the end of the year.

Browsers and mail clients

CSCMail 1.6 is out. A new stable version of CSCMail has been announced. CSCMail is a GPL'ed graphical mail client. Some of the responses from people who tried it out were quite positive. "Yup, I can agree to some comments, CSCMail rocks ! I tried StarOffice, Mahogany and some other's (i need a graphical one), but CSCMail beats 'em all.. "

MozillaZine news. Top headlines from MozillaZine this week include how to get involved in Mozilla Quality Assurance (QA) and a browser comparison chart from XML.com.

Databases

PostgreSQL 7.0 released. PostgreSQL 7.0 contains a large list of new features; see the announcement for the whole thing. It includes implementation of foreign keys, an optimizer overhaul, lots of fixes and cleanups, and much more.

Open source start-up to take on database market (News.com). PostgreSQL joins the list of Linux, Apache, PHP and other open source software products to be the primary product focus of a new company, in this case, a new subsidiary of Landmark Communications, Great Bridge. "The new company is trying to integrate smoothly with the open-source community responsible for the development of PostgreSQL, [Great Bridge CEO Al] Ritter said--in particular the six people at the core of the project. 'We don't want to take over the project. In our view, the real strength of open source is that the project is independent' of any one company, he said."

The Mystery of mySQL (O'ReillyNet). The O'Reilly Network looks at why people use MySQL. "One of the benefits of MySQL is simplicity. It doesn't carry with it some of the overhead of commercial databases. There's not as much to learn and not a lot of unnecessary features."

Education

LPI Weekly News (May 5th). This week's edition of the LPI Weekly Newsindicates that work on the Level II certification exam has begun and includes a new FAQ section. Check there for the status on non-English exams (not anytime soon), the beta testing cycle and what a Linux newbie can do to prepare for their first exam.

SEUL/edu Linux in Education report. This week's SEUL/edu Linux in Education Report looks at scientific applications and a number of other education-related issues.

Embedded Linux

MontaVista announces real-time scheduler for Linux. MontaVista has announced the release of a new scheduler for Linux which enables real-time performance in the standard kernel. A beta version is available now from MontaVista's web site.

Note that this scheduler drops transparently into the Linux system. "The MontaVista scheduler, which executes before the standard Linux scheduler, optimizes Linux process/thread scheduling by only examining and dispatching the highest priority real-time entity that is ready to run. Unlike the Linux scheduler, overhead for process selection is fixed, yielding extremely high performance. If no real-time entity is available for execution, or none has been specified as real-time, then scheduling falls through to the standard scheduler and fairness-based scheduling proceeds apace."

Games

Review: Heavy Gear II (LinuxGames). LinuxGames took a look at Loki Software's release of Heavy Gear II for Linux. "As has been pointed out before, Heavy Gear II has pushed, further than any other game, the limits of Linux as a gaming platform. It incorporates the hardware video acceleration, joystick support, and cross-platform networking. The result is a very solid conversion, and is in fact the first Direct3D game ported to Linux." (From Meerkat).

Interoperability

Wine Weekly News. The Wine Weekly News for May 8th mentions the release of a new Wine book: Wine Administrators Handbook by Michele Petrovsky and Tom Parkinson, plus the usual list of new features, bug-fixes and discussions.

Kernel Cousin Samba. The May 4th edition of the Kernel Cousin Samba is out; it includes a first look at Samba 2.0.7.

Law

Ready, Set, Post! (Law.com). Law.com ran this article about the OpenLaw project. "Of course, there's an obvious pitfall to public brief drafting -- the other side knows the arguments in advance. But Department of Justice lawyers who worked opposite [Lawrence] Lessig in the copyright case say that they were not regular visitors to the center's site." (Thanks to Jay R. Ashworth).

Medicine

Guatemalan Hospital to Run Linux. LinuxMedNews reports that Antigua's all-volunteer Hermano Pedro hospital will soon have its own Red Hat-based Linux network. Note that updates from Guatemala are being posted on the progress of the installation. "he hospital was built in 1680 and I'm writing this outside of the surgical suite which has stone arches to my right and a door opening onto a garden courtyard on my left. The first order of business will be to run Class 5 cabling throughout the building which by the looks of it will be tough going because everything seems to be made of stone."

Networking

OpenNMS update 1.7. This week's OpenNMS update reports the status of this project (which is building network management software) and indicates that the debate between using an Object database or a Relational database is still ongoing. Their wish list this week is for some database experts to join the project, presumably to help get this issue settled correctly. Also included was a great quote of the week:

"Upon going in to the local computer store and telling the customer service dude that my recent purchase didn't work, his surprised response:

'Did the sales guy tell you that this was supposed to work?'

Oooh. Guess I forgot to ask that question. Kinda thought that basic functionality would be included at no additional charge, but then again... "

Office Applications

LyX Development News. A new edition of the LyX Development News is now available. Check it out for information on the upcoming LyX developers meeting June 8 through the 12th in Stokke, Norway, a report on Allan Rae's LyX Presentation at the Queensland Chapter of the Australian Unix and open source Users Group Conference (QAUUG 2000), tips for presenting with acroread and more. Lyx is an open source document processor.

Abiword Weekly News. This week's Abiword Weekly News talks about QNX Development, focus fixes, code cleaning, and RTF import/export fixes.

Blurred Vision - Gimp's Blur Filters (Graphics Muse). Michael J. Hammel has written a Graphics Muse tutorial on how to use the various blur filters that will be packaged with gimp 1.2. "Pixelize does to an image what a bottle of tequila does to your head - makes things all blocky. Technically, pixelize is a low pass filter that operates on the color components of a region bounded by the width specified that is centered on the current pixel."

Gimp News reports .... The Gimp News reports that the Gimp Plug-in Registry now has a plug-in for saving psd files, an important capability for anyone that needs to share layers that can be imported into Adobe PhotoShop.

They also provide a link to Carey Bunk's archive of public domain photos, a useful resource.

On the Desktop

KDE Development News. Here is the latest KDE Development News, by Bill Soudan. It covers many areas, including the 2.0 release: expect it sometime around September.

This week's GNOME summary. Here is this week's GNOME summary, by Havoc Pennington. Top of the news this week is the availability of GNOME application templates in KDevelop...

evolution alpha available?. Dominator pointed out on gnotices that a pre-release of evolution appears to be available on the helixcode ftp site, though no official announcement has been seen as of yet.

KDE.com goes live. KDE news reports that the new KDE.com site went live on May 9th. In spite of the domain name, this is not a commercial site, but instead a community resource, providing searchable mailing lists, documentation, KDE headlines and other portal-like capabilities.

Web site Development

Apache 2.0 alpha 3 released. The third alpha release of Apache 2.0 is out. It is still considered a developer's release, but it may be of interest to those who want to see what the next major release of Apache has to offer.

The First Year of Midgard. Henri Bergius has drafted a look at the first year of Midgard. "It is now a year since Midgard 1.0 was first released on May 8th 1999. While the project has obviously been going on for a longer time than that (first mention of the project is on Bergie's personal Web site, dated April 25th 1998), the 1.0 launch was when the project became public."

Midgard Weekly Summary. This week's Midgard Weekly Summary came out a day early in order to mark the editorial transition from Henri Bergius, who has been the primary editor since its inception, to Ken Pooley, Emiliano Heyns and Ron Parker. The format of the newsletter has been changed to include short interviews, links to relative articles and discussions and a feature article exploring a Midgard-served web site.

XFree86

A new rendering model for X. Keith Packard has published a paper for this year's Usenix entitled "A New Rendering Model for X". It engendered a lot of enthusiasm from KDE's mosfet, who looks forward to the beneficial impact on KDE (and presumably other desktops ...). "Unlike current solutions, it is to be implemented on the X server without shared memory and does not require rendering inside the application then transferring the entire image to the server - a mess to do, slow, and not something I'm interested in. This is definitely the right way as far as I'm concerned, and will provide the backbone for an advanced canvas and anti-aliased text (font smoothing) for KDE. "

Section Editor: Liz Coolbaugh

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

Python and Perl for the IA64 processor. ActiveState, in partnership with Intel, has announced beta versions of Python and Perl for the Intel Itanium processor. ActiveState will also be provided support to early adopters.

Java

Sun's JAVA 2 version 1.3 released. Version 1.3 of Sun's JAVA 2 platform was announced on May 8th. Currently, though, the only platforms available run on Microsoft systems. Both the Solaris and Linux versions are in beta, with an expected release date "in June". Check out last week's Development Summary for a reference to IBM's early release version of JAVA 2 v1.3.0.

Developers Critique IBM's JDK 1.3 (LinuxMall). Here's a look at reactions to IBM's latest Java release on the LinuxMall.com site. "IBM has released its latest Java developer kit (JDK) for Linux, and early response on the development site suggests its popularity may soon obscure Sun's version. Sifting through the specs, and pondering the kit's various changes is not a light read, but probably is an important one to Linux developers and Java thrill seekers"

Perl

perl5-porters digest. The perl5-porters digest for May 1st through 7th indicates that a flame war this week has re-ignited the proposal to introduce light moderation to the list. No final decision has been made, yet. An guide to the p5p list has also been posted.

Meanwhile, perldoc and indexing was the most hotly debated topic of the week.

PHP

PHP News. Zend Technologies put out a brief PHP news summary, announcing the availability of PHP 4.0 RC2, now available for download from php.net and a new beta of the Zend Optimizer which is compatible with the PHP RC2 release.

Notes from the php.net site indicate that the RC2 release has CGI binary and ISAPI module included and MySQL support built-in.

Python

This week's Python-URL. This week's Dr. Dobb's Python-URL is out, with the usual great roundup of interesting events in the Python world.

Looking for a new maintainer for the Python Linux distribution. This discussion thread announces the need for a new maintainer for the Python4Linux distribution, while simultaneously asking if people still think there is a need for a separate Linux distribution to properly support Python. The post received only one direct reply, from someone who definitely used and appreciated the Python4Linux distribution, but was unable to volunteer to support it. (From Daily Python-URL).

Tcl/tk

Dr. Dobbs' Tcl-URL. This week's Tcl-URL contains the usual round of announcements and discussions from comp.lang.tcl.

Section Editor: Liz Coolbaugh

See also: last week's Commerce page.

Linux and business

LSB and LI18NUX join to become Free Standards Group. The Linux Standard Base (LSB) and Linux Internationalization Initiative (LI18NUX) announced that they have incorporated as the Free Standards Group.

Why does Linux need standards? Anyone who has ported applications from one type of system to another knows that it can be painful. Even supporting an application across several different Unix platforms is not seamless. Linux will fragment in that Beowulf clusters are very different from the small embedded devices. It should not fragment in such a way that an application written for one distribution will not run on any other distribution, given a similar hardware configuration.

The Linux Standard Base has been working to increase compatibility among Linux distributions since 1998. The Linux Internationalization Initiative has focused on software and application portability and interoperability in the International context. Together they can help to ensure that that application that you love will run on any Linux distribution anywhere in the world.

Members of the Free Standards Group's list of supporters include:
Atipa Linux Solutions, Caldera Systems, Corel Corporation, The Debian Project, Delix Computer, Enhanced Software Technologies, Inc., IBM, Linuxcare, Linux for PowerPC, Linuxmall.com, Linux Professional Institute, Metro Link, Open Group, Red Hat, Inc., SAP AG, SCO, SGI, Software in the Public Interest, Inc., Sun Microsystems, SuSE Linux AG, TurboLinux, and VA Linux Systems.

SCO put out this press release announcing their participation.

New Contracts for Linuxcare. Linuxcare may be reeling from their recent woes, but then again, maybe not all that much. They announced a couple of new contracts, this one with PFU Ltd. to provide in-depth Linux technical support for PFU engineers and expand PFU's suite of multi-vendor support and service offerings, and this one with Hitachi to jointly provide in-depth technical support in the development of Hitachi's Linux solutions.

VA Linux Professional Services Expands. VA Linux has announced the addition of over 40 engineers and managers to their professional services team. Part of the expansion appears to be from last week's acquisition of Precision Insight.

LinuxOne in Spain. LinuxOne has been awfully quiet lately...but they have just turned up in Spain. They are offering pretty much the same products and services - but in Spanish. (Found in BarraPunto).

New alliances this week.

• Corel and EBIZ have announced that they are going into the Internet service provider business together.

• Mission Critical Linux announced an agreement with TurboLinux to combine their high availability products and services to provide turn-key cluster solutions.

• VistaSource (the new company spun off from Applix) and Digital Creations have announced the launch of the VistaSource web site, which is powered by Zope.

DSP development under Linux. Hunt Engineering in the U.K. has unveiled its Linux for DSPs package, which supports Linux-based DSP code development for several boards. "The new package is expected to result in extensive deployment of Linux-hosted DSP systems." (Thanks to Lalith Panditharatne).

IA-64 Details On the Internet. Intel Corporation has released the Itanium Processor Microarchitecture Reference.

Press Releases:

Commercial Products for Linux
• Co-Design Automation, Inc. (SAN JOSE, Calif.) unveiled a new design and verification product line. There's a system simulator called SYSTEMSIM, which is complemented by SYSTEMEX, designed to transform abstract system descriptions to HDL code.

• Eicon Technology (LAS VEGAS, NEVADA) announced the forthcoming release of its EiconCardConnections for Linux software.

• Hewlett-Packard Company (CANNES, France) announced OpenMail Anywhere/WAP, a Wireless Application Protocol (WAP) interface for OpenMail 6.

• LynuxWorks, Inc. (SAN JOSE, Calif.) announced support for TimeSys Corporation's TimeTrace tool for the LynxOS real-time operating system.

• Neoware Systems, Inc. (KING OF PRUSSIA, Pa.) announced that its Eon Linux-based information appliance has received the highest rating by PC World Magazine in Denmark in a head-to-head comparison of Linux-based platforms from four leading vendors.

• Network ICE (LAS VEGAS) announced BlackICE Agent for Linux, a commercial intrusion detection system for the Linux platform.

• Spider Software (EDINBURGH, Scotland) announced that it has ported SpiderSTREAMS to Linux to provide a platform for the deployment of wide area communications protocols.

• VMware, Inc. (PALO ALTO, Calif.) announced the release of its latest desktop product, VMware Express for Linux.

  Products Using Linux

• Axis Communications (LAS VEGAS) announced the Bluetooth Access Point from Axis, which supports both data and voice services. The product platform is based on Axis' integrated system-on-a-chip technology and embedded Linux, which includes a Bluetooth stack for Linux developed by Axis and recently released under GNU General Public License (GPL).

• Bluepoint Linux Software Corp. (LOS ANGELES) announced that Downing Information Industry Corp. will preinstall Bluepoint Linux in the Downing server series.

• Cybernet Systems Corporation (ANN ARBOR, Mich.) announced two new product releases with enhanced features for its Linux-based NetMAX Internet appliance software line, the NetMAX Internet Server Suite and the NetMAX FireWall Suite.

• Digital Technology, Inc. (BEDFORD, Mass.) announced the latest addition to its family of script-based automated protocol validation test suites - development community. The test setup requires: A PC from DTI running Linux OS with a modified kernel.

• Einux Inc. (LAS VEGAS) announced the launch of the SLinux 1/2U High Density Cluster Server Array.

• FirstStar Networks, Inc. (CONCORD, Mass.) introduced the Policy Test System (PTS), a policy test system for Voice over IP (VoIP) call setup. The PST System is powered by a Linux system and comes in a 1U rack-mount configuration. The unit will be available in the 3rd quarter of 2000.

• LinuxSolve, Inc. (LAS VEGAS) showed its line of "immunized" secure Linux server appliances at Networld+Interop 2000.

• Loran Technologies, Inc. (OTTAWA, ONTARIO) announced the Linux and Java-based Kinnetics Management Appliance has been named a finalist in the category of Network Management for the NetWorld+Interop Conference Best of Show Award.

• Netcom Systems (CALABASAS, Calif.) announced new SmartBits network and Internet test systems, the TeraMetrics systems. Every TeraMetrics module features full wire rate data plane testing, an on-board Linux/Pentium-based platform providing an open architecture for control plane and application layer testing.

• Showstar Online.com, Inc. (NEW YORK) and its partner Worldlingo.com have joined forces to create a web-based e-mail system that offers extensive multi-lingual translation abilities.

• Technauts Inc. (CARY, N.C.) announced eServer.group, the newest eServer technology, featuring application-level clustering and load balancing for mail and Web servers on a Linux platform.

• VideoPropulsion, Inc. (NEW ORLEANS) showed its Linux Broadcast Server with DVP-5464, Zapex Encoder at the National Cable and Television Association's (NCTA) Cable 2K show.

  Products with Linux Versions

• AMD (SUNNYVALE, Calif.) introduced the PCnet-PRO Fast Ethernet controller.

• Apogee Networks, Inc. (LAS VEGAS) announced the availability of NetCountant/SP, a Network IP Billing and Account Management Solution for Content, Application, and Network Service Providers.

• Basis Technology (CAMBRIDGE, Mass.) announced the release of its Chinese Morphological Analyzer (CMA), a segmentation engine for search and retrieval of Chinese text. Source code is available.

• Belkin Components (LOS ANGELES) announced the OmniView Universal Serial Bus (USB) KVM Switch (F1D104-USB).

• Belkin Components (COMPTON, Calif.) announced the OmniView 2-Port Dual Access KVM switch (F1D201).

• BoostWorks (LAS VEGAS) announced the BoostWeb Optimizer.

• Broadcom Corporation (LAS VEGAS) introduced its integrated Internet Protocol Security (IPSec) processor chip for broadband networks.

• Computone Corporation (ATLANTA) introduced its IntelliServer RAS 2000 "Out of Band" Console Management Solution.

• Ecrix Corporation (BOULDER, Colo.) announced the VXA RakPak, a rack-mountable tape subsystem.

• EndRun Technologies (SANTA ROSA, Calif.) announced the completion of the development phase of their Praecis family of time and frequency products. They expect production quantities of the products to be available in the late third quarter time frame.

• Entera, Inc. (FREMONT, Calif.) announced TeraEDGE, standards-based caching software. For a limited time starting on July 1, 2000, a Linux beta version of the TeraEDGE software will be available for free download from www.entera.com.

• Entera, Inc. (FREMONT, Calif.) announced TeraCAST Pro, the most recent addition to the TeraCAST Server Product Family.

• GraphOn Corporation (READING, UK and MORGAN HILL, Calif.) announced its Bridges web-enabling software has been named as a finalist for Remote Access Product of the Year in the Networking Industry Awards 2000.

• Hewlett-Packard Company (PALO ALTO, Calif.) announced a program to deliver complete HP NetServer systems solutions to Internet and Application Service Providers (ISPs and ASPs).

• Manage.Com (LAS VEGAS) announced FrontLine e.M version 2 software, which allows service providers to replicate managed services and deliver them simultaneously to a virtually unlimited number of eBusiness subscribers.

• Netcom Systems (CALABASAS, Calif.) announced ScriptCenter, a platform-independent scripting tool.

• Perceptronics, Inc. (WOODLAND HILLS, Calif.) announced that it has expanded the IC3D Framework product line to provide real-time, multi-user online collaborative interaction with animation media.

• PowerCerv Corporation (TAMPA, Fla.) announced it completed validation of its ERP Plus software suite and officially became a member of the IBM Netfinity ServerProven program.

• Rainfinity announced Rainfront which consolidates multiple layers of firewalls, load balancing traffic management devices and other dedicated point solutions into one highly scalable Internet front-end platform.

• Storagenow.com (IRVINE Calif.) announced new promotional pricing for the MAST 9500 LVD/Fibre channel RAID solutions through the end of June 2000.

• Strategic Concepts, Inc. (BENTONVILLE, Ark.) released version 4 of Strategy5, which incorporates multiple enhancements for trucking, brokerage and logistics companies.

• UniComp, Inc. (MARIETTA, Ga.) announced the availability of its UNIBOL400 Version 2.07. UNIBOL400 reengineers IBM AS/400 applications to run on other platforms.

  Java Products

• IBM (SOMERS, N.Y.) promises a Java Virtual Machine that supports Java Standard Edition version 1.3 in a Linux version, by June.

  Training

• LPI is extending the 102 exam discount until May 31, 2000.

• ProsoftTraining.com (DALLAS) and GTSlearning announced a partnership that will allow GTSlearning to provide Certified Internet Webmaster (CIW) curriculum to GTS Partner companies throughout the world.

• RHCE2B.COM (O'Fallon, I.L.) unveiled the RHCE2B.COM web site, to help people learn about and study for the Red Hat Certified Engineer exam.

  Partnerships

• 3D Microcomputers Wholesale and Distribution (MARKHAM, ONTARIO) announced a strategic relationship with Newlix Corporation to distribute its Linux-based Newlix OfficeServer.

• Alpha Processor, Inc. (CONCORD, Mass.) announced separate collaborations with Object Computing, Inc. and Scientific Computing Associates to develop improved Alpha Linux products.

• Internet Appliance Inc. (FREMONT, Calif.) has been named a charter member of the Embedded Linux Consortium (ELC).

• Jabber.com, Inc. (DENVER) announced its participation in Lineo's Certified Embedix Partner program and that they have joined the Embedded Linux Consortium as a Corporate Executive member.

• LASAT Networks (COPENHAGEN, Denmark) entered into a three-way agreement with SONOFON and WM-data, under which LASAT's Linux-based Masquerade Internet Thin Server and SafePipe VPN Router products will be marketed by SONOFON and serviced by WM-data.

• Lineo, Inc. (LINDON, Utah) announced Lineo Partner Connect, a partnership program that tests and certifies third-party software applications on Embedix products.

• Pervasive Software Inc. (AUSTIN, Texas and OREM, Utah) and Caldera Systems, Inc. announced that Pervasive's Tango 2000 Application Server for Linux is bundled with Caldera's new OpenLinux eServer 2.3 server platform.

• Quadratec Software and Exabyte Corporation (RESTON, Va., and BOULDER, Colo.) announced a strategic alliance to provide Linux users with fully-certified, automated backup solutions.

• Rebel.com Inc. (OTTAWA, ONTARIO) announced an agreement in which Ingram Micro Canada will distribute Rebel.com's NetWinder OfficeServer product line.

• SolutionInc Limited and NeuroNet (HALIFAX, Canada & KUALA LUMPUR, Malaysia) formed a marketing partnership in which NeuroNet will act as a reseller for the SolutionIP Linux-based suite of server products.

• Tripp Lite (CHICAGO) announced its UPS line and PowerAlert UPS Management Software has been tested and certified by TurboLinux to install and run flawlessly using TurboLinux version 6.0 for both workstations and servers.

• TurboLinux, Inc. (SAN FRANCISCO) announced that it has joined the Developer's Interface Guide (DIG64) Working Group.

• UserLand Software (BURLINGAME, Calif.) Ariba, Commerce One, Compaq Computer Corporation, Developmentor, Hewlett-Packard Company, IBM, IONA Technologies, Lotus Development Corporation, Microsoft Corporation, and SAP AG jointly proposed to the Worldwide Web Consortium (W3C) a new protocol called the Simple Object Access Protocol (SOAP) that will allow new applications connecting graphic user interface desktop applications to Internet servers using the standards of the Internet, HTTP and XML.

  Investments and Acquisitions

• Silicon Motion, Inc. (SAN JOSE, Calif.) announced that it has closed a mezzanine round of private financing with GE Equity leading the round. The capital will be used for advanced research and development of LynxEM+, an integrated graphics subsystem designed for the Linux platform.

  Linux At Work

• Computalog Ltd. (CALGARY), a subsidiary of Precision Drilling Corporation, announced it is in the field testing stage of its new integrated data acquisition, processing and delivery system. An integral part of this system is the Wireline Communication System (WCS) which includes downhole tools transmitting data via high speed wire line telemetry to a Linux box on the surface.

• Insu Innovations Inc. (MONTREAL) is working with Pinkerton's of Canada Ltd. for the joint development and maintenance of Cyber-Surveillance Services. Insu will use Linux.

• The Franklin Institute Science Museum has chosen LinuxForce.net to provide a variety of computer services, according to this press release.

• SGI (MOUNTAIN VIEW, Calif.) announced that the National Foundation for Functional Brain Imaging (NFFBI) has invested in a 32-processor computer cluster based on the SGI 1400L server running the Linux operating system.

• VA Linux Systems, Inc. (SUNNYVALE, Calif.) announced that Promotions.com is powering its Web and application server infrastructure with over one hundred servers from VA Linux Systems.

  Other

• In a more-than-usually hyped press release, a company called "dLoo" announced that it's holding a party for the launch of its "BlueBox" product. BlueBox is apparently a package which enables the porting of Linux applications to Windows and MacOS systems.

• Open source company Eazel announced the company's appointment to the Red Herring's 'Ten to Watch.'

• Extended Systems (BOISE, Idaho) announced that CMP Media Inc. selected its ExtendNet 4000 as Best Network Appliance. The ExtendNet 4000 comes with Red Hat Linux.

• Gartner's Dataquest (REDWOOD SHORES, Calif.) reported that Oracle is the No. 1 vendor of database software, and of the 500,000+ copies of Oracle8i downloaded, 200,000 have been for the Linux operating system.

• Lutris Technologies, Inc. (Santa Cruz, Calif.) announced the opening of a new office in Watford, England, and added new board members and executive staff. "'The Open Source movement presents a unique opportunity for software companies and their customers to completely change the way they do business,' said [new VP] Mr. Kouvelas. 'Lutris has developed a sound strategy based on a belief that Open Source is a superior way to develop software and I'm excited to be a part of its execution.'"

• LynuxWorks, Inc. (SAN JOSE, Calif.) announced a name change. The company was formerly Lynx Real-Time Systems, Inc.

• MontaVista Software Inc. (SUNNYVALE, Calif.) announced the inauguration of the company's European headquarters in Paris, France.

• Rackspace.com (SAN ANTONIO) announced the opening of its office in Hong Kong.

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) announced its recognition as one of the Top 50 Public Companies in the Red Herring 100, an annual profile of leading public and private companies.

• Sm@rt Reseller announced it will change its name to Sm@rt Partner on June 5.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

ComputerWorld has put up this article about the merger of the Linux Standard Base project and the Linux Internationalization Initiative. "Some industry observers have long predicted a splintering of Linux into incompatible versions, but most analysts agree that there have been few signs of that so far. There have, however, been some serious compatibility problems - the most notable when Linux was switched to a different set of C libraries a few years ago."

ILOVEYOU - Apache Hack

CNN has reprinted a Nicholas Petreley article from LinuxWorld on the ILOVEYOU virus. "Put bluntly, most developers in the Linux community would not be stupid enough to create a program as insecure and dangerous as Outlook. And if anyone were foolish enough to do so in the open source community, such a design would not be likely to survive the peer review it would receive." (Thanks to Jay R. Ashworth).

Focusing primarily on the recent Apache hack and ILOVEYOU virus, Raju Mathur talks about the downside of standards, at least as far as security is concerned. "For example, the teardrop, boink and other ping of death attacks were so successful precisely because they exploited a standard: the Internet Protocol (IP, commonly mis-referred to as TCP/IP) stack."

News.com covers the break-in at apache.org. "Because of the comparatively mild damage and the fact that the intruders told Apache how their attack worked, Apache termed them 'white hats'--helpful hackers, not the more malicious 'black hat' category."

Legal Issues

Lawrence Lessig talks about the value of open source and the questionable value of software patents in this interview, subtitled The Democratic Promise of Open Source and the Patents that Might Drag it Down . "It is true that there hasn't been a legal test to GPL, but it is not fair to suggest that GPL is vulnerable to a legal test. One reason the absence of a legal test is a good sign is that in fact GPL does rest upon a pretty good legal foundation, which the Free Software Foundation, founded by Richard Stallman, has prepared a legal defense for." (Thanks to Phil Austin.)

Bruce Perens has put up an editorial on Technocrat about how free software will be hurt by those using tools like Napster to bootleg music. "...the widespread bootlegging of music by Napster users justifies, in many people's eyes, the way we're being prosecuted over our free software DVD players... I compare it to Tiananmen square. We are enjoying the short dance of freedom before governments come in with heavy weapons. And the worst thing about it is that we are giving them a good reason to do so."

This brief Newsbytes article looks at the ongoing battle between the Electronic Frontier Foundation and MPAA over DVD encryption. "While the MPAA and others say that the DVD encryption codes are trade secrets and should be treated as such, the EFF contends that not only do the DVD protocols not meet the minimum standard for 'trade secrets', but that the Website postings are a clear example of constitutionally protected free speech."

Linuxcare

Tim O'Reilly writes about the Linuxcare layoffs; the result is a lengthy article on how he thinks the free software services business will really go. "Linuxcare's initial business model involved a great deal of reliance on phone-based tech support and other low level services; they are now repositioning themselves for higher-level professional services such as creating private label versions of Linux. They are absolutely right to think bigger. The service opportunity is immense, but it isn't necessarily in the obvious places."

Upside reports on the layoffs at Linuxcare. "Such a purge was hardly unexpected, especially given last month's pulled IPO following the surprise dismissal of CEO Fernand Sarrat and resignation of chief information officer Doug Naussaur. With prospects of outside investment dwindling, executives need to minimize overhead or risk running out of cash."

Here's an E-Commerce Times article about the end of Linux stock mania, with an emphasis on events at Linuxcare. "Some analysts have pointed out that although Linux-related stocks have returned to more appropriate levels, Linux market share has actually continued to grow. Once Linuxcare gets its house in order, it could still expect a strong offering." (Thanks to Jay R. Ashworth).

LinuxPlanet has chimed in with this column on the troubles at Linuxcare. "Within the Linux community there is sometimes an outright dismissal of sales as an important component of every commercial concern. There are some who feel that Linux and Open Source is above such mundane concerns; something so superior like Linux and Open Source shouldn't be sullied by the muck of the commercial world. But guess what: the bazaar actually exists, and a company like Linuxcare needs to realize that it needs to play by the rules of the bazaar, not by the rules of the cathedral."

Here's a Reuters article on the Linuxcare layoffs. "Linux industry sources said that the company's venture capital firm, Kleiner Perkins Caufield & Byers, is shopping the company, with the two most likely purchasers speculated to be Red Hat Software Inc. and VA Linux Systems Inc."

News.com reports on the layoffs at Linuxcare. "The layoffs affected all parts of the company except the core programming 'gurus,' Pat Lambs, head of the office of the chief executive, said in an interview today. No future layoffs are planned, she added."

Embedded Linux

The O'Reilly Network looks at Linux tools for the Palm Pilot. "The tools included in the pilot-link package over many different services, all command-line oriented. Be aware that some of them are experimental, so it's a really good idea to back up your Palm before using them."

Also on the O'Reilly Network: this article about the "Yopy," a Linux-based PDA that is supposed to come out real soon now. "The derivation of the name Yopy is as nebulous as the device itself. One reporter claims it is Korean slang for 'young and full of cash.' The official GMATE web site says that it means 'spirit of young and intelligent who want speedy usage of multimedia function through a PDA.' You decide for yourself."

Here are two articles from the Wireless Developer Network:
This one about Microwindows, a small X-Windows for embedded Linux, and this one about Linux7k, for handheld devices.

News.com covers Lynx Real-Time Systems' name change to "LynuxWorks." "Changing names, though, will take less time than changing the company's business model. It will be at least two or three years before the company's revenue from Linux surpasses that of the proprietary LynxOS, chief executive Inder Singh said in an interview."

LinuxDevices takes a look at the transformation of Lynx Real Time Solutions into Lynux. "According to Singh, some customers who are initially interested in LynxOS move to BlueCat Linux, some go the other way, and some actually decide to use both. The result of this dual-OS strategy, says Singh, is the ability to meet the needs of more applications and, consequently, more customers."

Upside ran this look at Lineo. "For the last six months, the Caldera Inc. spinoff has played corporate Pac Man, gobbling up smaller companies at a pace of one acquisition per month. Lineo, which makes Embedix, is pushing to broaden its technology and engineering base."

The Salt Lake Tribune writes about the recent investments in Lineo. "Lineo has hired more than 140 people since September and now employs about 160. It also has bought six small Linux companies, including one in Japan and one in France, so far this year."

Business

Here's a LinuxMall.com article looking at the cutbacks at Wide Open News. "VA Linux and Red Hat are not the only Linux companies clipping on press passes to attract visitors to their site. LinuxMall.com, the largest online retailer of Linux distributions, applications and various merchandise, started an original content news site in March and intends to spin that news content site off as a separate but affiliated news site, LinuxNews.com."

Red Hat has laid off most of the "Wide Open News" team, according to this News.com article. "The Wide Open site will remain on the Web, but in a less ambitious form. The site will be populated with stories from a handful of syndicated news partners..."

Here's an article on LinuxMall.com about a supercomputing project in Sweden. "[Terrence] Brown's group has a multifaceted approach aimed at tying clustering efforts together. 'We are creating a new Linux distribution (and tools) that will allow anyone to easily create a general purpose supercomputer--a Vanilla Beowulf--without being a Linux programming expert,' Brown said."

ComputerWorld reports on software smugglers - people who slip unapproved operating systems into corporate settings. "At first glance, many information technology managers from traditional backgrounds recoil in horror at the thought of open-source operating systems. The freewheeling exchange of source code seems like a recipe for total chaos, and every IT manager knows that preventing chaos is the most important part of the job."

Here's a Reuters article casting doubt on the chances of the Corel/Inprise merger happening. "'I would guess that there is a less than 50 percent probability the deal will go through,' said Duncan Stewart, fund manager at Tera Capital Corp."

This ZDNet article looks at whether a split-up Microsoft would port Office to Linux. "Many Linux supporters said they doubt whether an applications spin-off from Microsoft, given its Windows-oriented corporate culture, would be willing to port Office to a rival operating system."

Resources

LinuxDevices has published a whitepaper by Cornelius "Pete" Peterson, President and CEO of NETsilicon, Inc., on the coming of age of universal device networking. "Highly integrated system-on-chip (SOC) integrated circuits, low-cost networking, Linux, and the Internet are key enablers of what surely represents a significant "phase transition" in the evolution of modern technology."

SecurityFocus takes a look at Network Address Translation (NAT), and the firewalling features present in Linux to build a basic Linux firewall. "The latest versions of the Linux kernel are not necessarily the most stable and reliable versions that have been made available. If your machine does not need the latest drivers, download and install a reliable, stable, well tested kernel; kernel 2.0.38 is known to be all three."

Joseph Pranevich addresses the reports that the 2.4 kernel is late in this LinuxToday column. "The traditional world of commercial software loves release dates and release announcements. Often, products are announced months (occasionally, years) before they are actually released with dates and feature lists that are occasionally wholly inaccurate. Open Source projects, as a general rule, don't make these kinds of announcements."

LinuxPapers has a new article on Installing Linux. "Installing Linux has for a long time been considered 'difficult'. This is due mainly to its history: the first Linux distributions had extremely basic installation tools, that pre-supposed a substantial amount of technical knowledge, especially about hardware. Fortunately, today the situation is drastically different. "

This week's Linuxcare Dear Lina column talks about setuid shell scripts. "For instance, if any temporary files are created or read, a malicious user could exploit a race condition, change the contents of the file, and take control of the script. Another potential danger can arise if the shell programmer becomes careless with command arguments. In this case, dear, the script could accidently spawn an interactive shell. Eek!..."

Machine Design has put up an introductory article, which is available in PDF format only. It's reasonably positive, though it dwells overly on "fragmentation" issues. There's also a survey of available design software. (Thanks to Robert K. Nelson).

Reviews and Interviews

Mark Minasi has written a book entitled, "The Software Conspiracy: Why Software Companies Put Out Faulty Products, How They Can Hurt You, and What You Can Do About It". Bryan Pfaffenberger takes a look at the premise of the book in this LinuxJournal article. "Flash back to the 1950s, and take a look at the average new car produced by one of Detroit's "Big Three" auto makers (GM, Ford, and Chrysler). You'd see lots of cool features: big, gutsy V-8 engines, flashy chrome bumpers, and (in 1957, anyway) fins that made the cars look like low-flying rockets.

If you owned one of these monsters, though, you'd discover another, less-appealing characteristic: shoddiness. The cars were riddled with defects and needed frequent repairs. They weren't safe, either, and they were murder on the environment." (Thanks to Kevin Cullis.)

AboutLinux reviews IBM's TopPage for Linux. "I originally intended this review to be fairly short; but the more I used TopPage the more I wanted to write about it. I had to stop myself before this review turned into another manual for TopPage; after all, the one provided by IBM is already pretty good :-) If you are getting the impression that I liked TopPage for Linux, you would be right."

SunWorld has finally gotten around to looking at The Cathedral and the Bazaar. "The paper is fascinating, but the slight trouble with it is that Raymond is a tribesman. In that sense, Raymond tries to be as factual as possible, but he can't be objective. He can't help but assume as background that hacker culture is inherently superior to its opposite, the culture of Dilbert-like programmers in big commercial companies. However true that may be, Raymond is unable to rise above his prejudices, which weakens the paper just that little bit." (Thanks to Cesar A. K. Grossmann).

Olinux.com.br interviews Steffen Seeger of the General Graphics Interface (GGI) project. "LibGGI is useable already. As far as KGI is concerned, the KGI console subsystem is quite useable already, though there are still some known bugs, so this part of KGI could be labeled being in beta testing state. The KGI drivers, however, are still alpha or early development."

zocks.de has an interview with Mathieu Pinard from Tribsoft, Inc. about porting Jagged Alliance 2 to Linux. (English text follows the German text.) "When did you start thinking about porting to Linux?
When I was an OS/2 user, it was very hard to get new games. It was about 1994 when I first wanted to do games for alternative OS, but I didn't have the time to make games. In 1999, I really wanted to start something, and porting was the ideal solution because doing a new games would have been too big, too long and too risky."

LinuxMall.com talks with Greg Lindahl, the engineer behind the "Jet" cluster. "We saw a particular bid, the one at the Forecast Systems Lab, as a potential breakthrough for a Linux-based cluster supercomputer. The FSL bid was fairly unusual because FSL has a history of taking risks, and the procurement process itself looked very fair and focused on buying a system with the highest possible performance on FSL's weather codes."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

UCITA-Colorado Home Page. The UCITA-Colorado Home Page and the corresponding UCITA-Colorado email list have been created to be lobby and information resources against possible UCITA legislation in Colorado, USA. "Kevin Cullis spoke with Anthony Navarro at the Colorado State Attorney General Office. He stated that they have the document in hand, but nothing is being proposed at the moment. That's doesn't mean that it's not being worked, it's just that they have not heard, at this time, of anyone proposing it."

SystemLogic.net Weekly Rant Contest SystemLogic.net is planning a new column entitled "SystemLogic.net's Weekly Rant by ________" That blank space will be filled in by someone that they pick in a contest giveaway.

Resources

May LinuxFocus available. The May issue of LinuxFocus is available, with articles on the vi editor, making PDF from DocBook, and many other topics.

Italian Linux FAQ The Linux FAQ and News in Italian (formally known as FAQ for the newsgroup it.comp.linux) was first mentioned in LWN in 1998. It has now been rewritten. Parts have been rewritten and integrated in Ziobudda's FAQ (see LWN for April 27). The new FAQ can be downloaded at http://www.pippo.com/linux.html. The old FAQ is still available at ftp://ftp.pippo.com/pub/linux-faq/it.comp.linux/.

HostedForums.com A new Linux forum site, at HostedForums.com, has been launched. It contains discussion groups on a number of Linux topics, from specific distributions through to the kernel, PPP, and MySQL.

Events

Some ALS submissions lost. Those who submitted a paper for the upcoming Atlanta Linux Showcase may want to have a look at this notice. It seems that some of the submissions got lost, due to a software problem somewhere. If you submitted a paper, you may want to check with the conference organizers to see if they really got it.

Journees du Libre IIIeme Edition Strasbourg-Illkirch, France, will host Journees du Libre IIIeme Edition (in French), on May 12th and 13th, a no-entrance-cost event sponsored by Le LUG de Strasbourg. "This event is an attempt to gather during two days free software actors, developers, users, advocates and hobbyists. Several conferences and demos are planned and available to anyone interested in free software." (Thanks to Guy Brand.)

2nd Braunschweig Linux-Days The 2nd Braunschweig Linux-Days will be held the 13th and 14th, May 2000, in Braunschweig, Germany. Last year's event attracted over 800 people and 30 speakers. This year's event contains four tracks and over forty talks, spread over two days. Looks like fun ... best of luck, folks!

Oracle iDevelop2000 Oracle announced it will kick off its 24-city Oracle iDevelop2000 conference series on May 16, 2000, at the Oracle campus in Redwood Shores. Oracle instructors will provide in-depth information on using the Java, Linux and Extensible Mark-up Language (XML) capabilities within Oracle's latest software.

Supercomputing Week Supercomputing Week "High Performance Clusters" will be held in Mexico City at the National Autonomus University of Mexico (UNAM), May 29th - June 2, 2000.

The first meeting of the Open Source Health Care Alliance (OSHCA), formed as a result of the Practice Management Summit in Toronto last fall, will be held 1-2 June, 2000 in Rome, Italy. It is being sponsored by the Minoru Development Corporation.

Embedded Linux Expo & Conference (ELEC) The RTC Group and LinuxDevices.com released the technical program for the first Embedded Linux Expo & Conference (ELEC) to be held June 22nd, in San Jose, Calif.

PC EXPO This year's PC EXPO features the LinuxMall.com Summit and the Linux Pavilion, sponsored by Linux Journal. June 27-29, 2000 Jacob Javits Convention Center, New York.

GNU/Linux Curitiba report Conectiva has put out coverage of the GNU/Linux Curitiba event, held April 30th in Curitiba, Brazil. Talks were given by Richard Stallman, Rik van Riel and others ...

Web sites

User Group News

Linux User Group in Groningen The local Linux User Group in Groningen, the Netherlands is meeting on May 17, 2000.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux links of the week

Another approach has been taken by Advogato, which has been up and running since last November. Advogato carries a certain number of free software and freedom-related stories; it also hosts diaries for its readers. A look at the site on any given day will show new diary entries from a number of well-known Linux personalities. There is also an interesting "certification" mechanism which establishes a reputation value for each member.

Section Editor: Jon Corbet

Letters to the editor

Date: Tue, 9 May 2000 20:18:39 +0200
From: Ragnar Hojland Espinosa <ragnar@macula.net>
To: lwn@lwn.net
Subject: http://www.lwn.net/2000/0504/


   Kerberos protocol - sort of. You can only get the information in the 
   form of a self-extracting executable file, which puts up an    
   intimidating "click wrap" license first. It seems that the Kerberos 

That's not true.  You just have to open the file with winzip and, oh lookie,
a pdf :)

-- 
____/|  Ragnar Højland     Freedom - Linux - OpenGL      Fingerprint  94C4B
\ o.O|                                                   2F0D27DE025BE2302C
 =(_)=  "Thou shalt not follow the NULL pointer for      104B78C56 B72F0822
   U     chaos and madness await thee at its end."       hkp://keys.pgp.com

Handle via comment channels only.

Date: Fri, 5 May 2000 13:26:51 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: letters@sptimes.com
CC: trigaux@sptimes.com, asp@baylink.com, letters@lwn.net
Subject: LoveBug worm

I'm quite disappointed to see that none of today's coverage of this
topic points out that the reason this worm spread so far so fast is
that -- as it always has -- Microsoft has chosen to favor convenience
over security in the default configurations of most of its operating
system and applications software.

In many cases, poor Outlook users didn't even *have to open* the
attachment, Outlook would be "helpful" and do it for them.

This is not the first time this has happened... but it's also not the
first time the *general* press has failed to make it clear that the
fault lies as much with Microsoft as it does anywhere else.

The technical press seems to do a slightly better job of getting it
right, although they're not perfect either.

In any event, until people (by which I mean the highly paid network
administration staffs of Fortne 500 companies just as much as
individual PC owners) start to think security -- or switch from
Microsoft software to better designed programs (like Eudora and
Netscape Messenger) and operating systems (like Linux and the Mac OS),
this sort of thing will continue to occur... and people will continue
to find out the hard way that stupidity is supposed to be expensive.

Cheers,
-- jra

-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     
The Suncoast Freenet
Tampa Bay, Florida     http://baylink.pitas.com                +1 888 806 1654

Date: Thu, 4 May 2000 14:47:11 -0700
From: Nathan Myers <ncm@nospam.cantrip.org>
To: editor@lwn.net
Cc: bad@kitenet.net
Subject: Tucows download stats


In this week's LWN, while discussing Tucows download statistics, 
Liz observes:

  The really startling note from the three months worth of data, 
  still a small sampling, is the lead that the two RPM-based 
  distributions have on the rest of the pack. It will be an 
  interesting trend to watch. 

Considering that Corel and Stormix are basically Debian plus
some add-ons, it's worth looking at the statistics with the 
three combined.

February
Linux-Mandrake     46%
Red Hat            27%
Debian+            18%
SuSE                3%
Slackware           3%
Caldera             3%

March
Debian+            36%
Linux-Mandrake     31%
Red Hat            14%
Caldera             6%
SuSE                5%
FreeBSD             4%
Slackware           1%

April
Red Hat            31%
Debian+            29%
Linux-Mandrake     29%
Caldera             4%
FreeBSD             3%
SuSE                3%
Slackware           2%
Yellow Dog Linux    1%

Here we have the Debian/Apt-packaged family easily keeping up with the 
more heavily-promoted commercial distributions.  March is interesting 
in that Debian downloads far exceed Mandrake's much-hyped popularity.

Perhaps once Potato is out, Debian will just take over the world; 
then all those people working on proprietary distros can go home and 
do something productive instead. :-)

Nathan Myers
ncm@nospam.cantrip.org

Date: Thu, 4 May 2000 15:37:24 +0100 (BST)
From: Dunstan Vavasour <dunstan@grenville.co.uk>
To: letters@lwn.net
Subject: Kernel Releases, Feature Creep, etc.


The process Sun use for developing OS releases (so a fairly reliable
source told me) is to have two development teams, each producing alternate
releases. So the team which had just released Solaris 2.4 immediately
started work on the new stuff to go in Solaris 2.6, while the other team
worked on Solaris 2.5. Then when Solaris 2.5 was released, that team then
merged in the new features which were already included in the upcoming
2.6, and moved on to develop Solaris 2.7.

By contrast, when the feature freeze comes down on a Linux development
kernel tree, it means that excluded features won't be in a production
kernel until perhaps two years down the road. If, on the other hand, the
new development kernel started when the "near production" kernel hit
feature freeze then it would take off the pressure to cram features under
the wire. All that then leaves is the need for people to work on the
latter stages of the kernel development rather than the more exciting
earlier stages, but I would guess that the "near release" kernel would be
more widely used and deployed, giving it the usage and testing which is
needed at that stage, while the early stage kernel might attract more
developers where more effort is needed. When the 2.4 (say) kernel is
released then the 2.7 development kernel would start, either with the 2.4
code base, and the new stuff in the 2.5 kernel being merged in, or it
would take the current 2.5 kernel (unstable) and add features while the
2.5 kernel is stabilised for release as 2.6. Clearly the two development
teams would need to share bug fixes, but they could work with a large
degree of autonomy without being a code fork.

The need to talk like this shows just how important the Linux kernel now
is.

Dunstan Vavasour
dvavasour@iee.org

Date: Thu, 04 May 2000 00:31:45 -0700
From: David Clatfelter <dclatfel@pacbell.net>
Subject: Where is the 2.4 kernel?
To: letters@lwn.net

In your May 4th edition, you noted a number of articles which
have begun to ask the question - Where is the 2.4 kernel?

Let me state first that while I am not a developer, I think I
agree with most Open Source developers, that software is like
fine wine - it should never ship before its time.

But what I find most humorous is that these authors have chosen
to question the release schedule of the kernel.  I mean, how many
of them will be consciously aware of the benefits of 2.4?  Is it
just me, or is it somewhat absurd to compare the release of 2.4 to
something like the release of Win2K?  Why aren't these authors
clamoring about the release date of KDE 2.0 or the next version of
GNOME?  That seems like the more apt comparison, but nobody ever
seems to make it.  

Anyway, thanks for letting me voice my opinion.

David Clatfelter

Date: Thu, 4 May 2000 10:31:35 -0400 (EDT)
From: Clemmitt Sigler <siglercm@alphamb2.phys.vt.edu>
To: letters@lwn.net
Subject: Open Source software release schedule.

Hi Jonathan and Elizabeth,

The solution to the problem of Open Source release "delays" that you
addressed on last week's front page seems really simple to me.  But
given the nature of Open Source hacking, it may be hard to achieve.

In the case of the Linux kernel, when 2.4 comes out Linus and Alan and
other kernel "fathers" need to sit down on IRC or in person and decide
just one thing:  Which new features should be included in the 2.5
development kernel series.  This needs to be planned _before_ hacking
on 2.5 starts.

The list of features to be included should be short, high priority,
high feature win, and achievable.  Then comes the hard part -- having
the discipline to stick with it.  Some modifications to the list are
to be expected, but inclusion of totally new features not planned should
be forbidden.

We know the nature of Open Source hacking is to code what you love as much
as what needs to be done.  This makes such discipline hard, and might even
lead to the dreaded "code fork" if someone gets extremely frustrated that
his/her pet project won't be included in the kernel.  So it seems to me to
be a choice between the current long development cycle, or
losing/redirecting hacker interest in the Linux kernel.  It would be nice
if there was a common ground somewhere in between these two extremes, but
this can't be easy to find.

					Clemmitt Sigler

From: nride@us.ibm.com
To: letters@lwn.net
Date: Fri, 5 May 2000 13:32:29 -0600
Subject: 2.4 -- What's the big deal?



No one who matters made any promises and as always the kernel will get done
when it gets done. Open source development isn't in the death march that
commercial shops are in and if commercial acceptance of Linux is going to
require us to get into that mode, I'd as soon give the various companies
the finger. We're not shipping a piece of software with 64 thousand bugs in
it, here. We have our reputations to think about, after all. If you need a
newer kernel, the dev kernels have been relatively stable (I'm running one
at home right now.)

I fail to see what the big deal is, or who finds it a big deal. I assume
some crack smoking marketroid. The marketroids always choose (usually
unreasonable) deadlines over quality. Well I got news for you, one of the
biggest reasons to use Linux is because of its quality -- the number one
reason people quote for using it over windows is that it never crashes. I
know that the important people (The Kernel Developers) are smart enough to
know that this is a non-issue and pay it the attention that it truly
deserves. I wish the rest of the Linux media would follow suit.

--
Bruce Ide                               nride@us.ibm.com
IBM PSC Software Developer

Date: Thu, 4 May 2000 14:42:20 -0400
To: letters@lwn.net
Subject: Software testing in the Open Source world
From: Zygo Blaxell <zblaxell@genki.hungrycats.org>


> In 20 years of development, having worked for 7 different
> companies ranging in size from a 5 man startup to the behemoth that is
> Samsung, this is the first time I've seen software released to the world with
> no formalized testing applied.

I wish I could read the rest of this
article, but the web server is returning error messages to me at the
moment.

In 8 years of development, having worked for 6 different companies ranging
in size from a 5 man startup to a behemoth that I won't name, only one of
those companies released software to the world _with_ formalized testing
applied, and that company's policy was to ship the revision of the product
with the lowest number of known severe defects when the release date
arrived.  The same company also had no plans to correct the software after
shipment even when the problems were severe, corrections were available,
their application to existing systems in the field was feasible, and
ongoing support was paid for by the customer--an inconvenience which
usually outweighed the small quality benefit from the pre-release testing
in practice.

Your mileage may vary, I guess.

This perception be the result of different semantics surrounding the word
"formalized."  All of the companies maintained some level of defect
tracking, ranging in complexity from stacks of paper with handwritten
bug reports to a customized cross-platform client-server database
application, and in all cases at least one employee spent part of
their time documenting defects as they were found.  To me, this is not
"formalized testing"--it's "informal testing" at best, and IMHO
it's a stretch of the meaning of the words to even call the behavior
of some of these companies "testing" at all.

Contrast with e.g. CVS, EGCS, Perl, or Tcl, all of which have significant
formalized (and mostly automated) test suites.  In particular the CVS and
EGCS projects publish their test results on mailing lists where anyone who
wants to know can see exactly how well the developers are doing.

Also contrast with the Linux kernel and the Debian distribution.
Formalized testing definitely does occur on subsets of these projects,
as sophisticated end users and even a few developers run their own test
suites and benchmarks on each new revision, although the code coverage
is by no means complete.

To say that no testing exists in open-source software at all is a gross
overstatement.


Opinions expressed are my own, I don't speak for my employer, and all that.
Encrypted email preferred.  Go ahead, you know you want to.  ;-)
OpenPGP at work: 3528 A66A A62D 7ACE 7258 E561 E665 AA6F 263D 2C3D