[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news
 Back page

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

What is open source? There have been a few amusing attempts to characterize the open source world this week; here's a summary.

Is open source:

  • Communist? Steve Ballmer, President and CEO of Microsoft, thinks so, according to comments reprinted in this article in The Register. "And it had, you know, the characteristics of communism that people love so very, very much about it. That is, it's free."

    The "communist" label comes out every now and then. Even this many years after the end of the cold war, the term has great power in the U.S. One could almost even make a corollary to Godwin's Law: when somebody calls somebody else a communist, it means they have run out of real things to say and the conversation is over.

    In any case, one wouldn't think that a communist phenomenon would be so thick with libertarians and venture capitalists. Free software is a capitalist phenomenon: free agents are contributing to a public good because it is in their own selfish interest to do so. Use of words like "communist" show either a lack of understanding of free software or a great fear of it - or both.

  • Unoriginal? Michael Swaine, generally a supporter of free software, questioned its originality in this Web Review article. "Free Software/Open Source is, judging by the projects so far, chiefly about liberating existing software rather than creating something startlingly new."

    This charge, too, is not new. It is true that much of what's going on in the free software world is an attempt to create free versions of the best of what's already out there. That is, after all, the code that people want now. It seems silly to criticize people for providing it.

    But consider also: the TCP/IP protocols, the domain name system, the world wide web (built with open-source browsers and servers until Netscape took them proprietary), the web's predecessors (gopher, WAIS), anonymous FTP, USENET, virtual desktops, ReiserFS, EROS, Tcl/Tk, Perl, Python, SourceForge, and many more. The truly original open source code tends to be invisible because either (1) it's a fundamental part of the infrastructure we all use, or (2) it's so original that it remains obscure - for now.

  • The death of the software industry? Dave Winer took an opportunity to dig into open source as part of a column on the Napster issue. "Believe it or not, I'd like to thank the music industry for bringing money into the discussion again. Open source hype destroyed the economy of software. Now perhaps we can rebuild it, based on reality.... The software industry has already been decimated by the culture of piracy, both in ideas and implementations, through patents, open source and the Internet bubble."

    It would be curious to see just what parts of the software industry have been "decimated" by open source. Free alternatives can indeed create trouble for proprietary software vendors - back in the late 1980's, there were several companies selling emacs, for example. One could also blame SCO's current troubles on Linux. (For more on SCO, Caldera, and Linux, see this week's Commerce page).

    But the software industry is also highly dynamic, and few companies stay on top for long. SCO might have been just as easily toppled by Windows 2000. Free software has not, certainly, created this situation. The software industry is changing in response to free software, just as it has changed in response to many other factors. It remains vibrant and competitive, and that is unlikely to change.

The free software world is far from perfect, but criticism like that shown above misses the point. Expect to see more of it in the future, though.

Eric S. Raymond's latest missive is entitled Two faces and Big Lies; it's about DeCSS, Napster, and related issues. Eric rips into just about everybody with this one, from the DVD Copy Control Association through to people ripping off copyrighted music through Napster.

It's worth reading. The free software community needs to come to a consistent ethical position on these things. As Eric says:

We have a special responsibility because we are the king toolmakers of the digital age; our work and our values will have a large part in shaping the future of communications and media everywhere. We have a special need because the way these intellectual-property issues work out will come back to haunt us more than most if we get then wrong.

One thing that's worth adding to this discussion: remember that the free software world, too, is dependent on copyrights. Licenses like the GPL depend on copyright law. The free software world has a lot to contribute to the discussion on just how far copyright protections should apply, but if we promote the ignoring of copyright altogether, we are polluting our own well.

The Linux Development Platform Specification version 1.0-beta was released by the Free Standards Project on July 22. LWN mentioned the release in the daily updates page, but an editorial slip caused it to be dropped from the July 27 weekly edition. We regret the error.

The LDPS is interesting. It's essentially a stopgap specification designed to help in the creation of programs that are portable between Linux distributions; eventually it should be incorporated within the full Linux Standard Base. The LSB has proved to be long in coming; meanwhile the LDPS can be used, by developers and distributors both, to avoid the worst portability problems

The LDPS developers are looking for feedback! If you have suggestions for improvements, they should go back to the Free Standards project by August 7. Please have a look at the "comment instructions" on the LDPS 1.0-beta page; they are asking that comments use a specific format.

The LDPS text itself makes interesting reading. It is short and to the point, and it highlights just what the portability problems between Linux distributions really are. Some of these include:

  • Different versions of the C libraries. The worst of the glibc portability problems are hopefully behind us, but the LDPS recommends sticking with glibc-2.1.2 or 2.1.3 only.

  • Dynamic C++ libraries. The LDPS recommends that, in general, dynamic linking with libraries should be used. C++, however, brings in a number of interesting linking and runtime issues; to avoid difficulties, the LDPS recommends static linking be used with C++ libraries.

  • The ncurses library is singled out as having an unstable interface and being a source of portability problems.

  • Vendor-supplied patches to the kernel - usually backports of 2.4 features into the 2.2 kernel. These patches include raw I/O, the new RAID system, PCMCIA (normally maintained separately from the 2.2 kernel), and many others.

There is more to the list than what we have listed above, of course. There are two patterns that emerge from this list: interfaces that change, and vendor additions. As Linux has matured, the magnitude of both of these problems has been reduced, but it's far from clear that they will ever go away. Interfaces change because people find better ways of doing things. There is value in keeping backward compatibility, but there is also a point where the whole system gets weighed down by compatibility code. Sometimes you simply have to move forward. The willingness to occasionally break old interfaces is what will keep Linux alive for many years to come.

And, of course, the open source nature of the system means that distributors will always be able to tweak the code to meet their customers' needs. The best of these changes usually make it into the code base and become standard features. But there will always be good reasons to add nonstandard stuff.

Thus, for all the talk of incompatibility and fragmentation between distributions, we see from the LDPS that the list of real portability problems is small, and that the problems that do exist reflect the strengths of the Linux platform.

CopyLeft was added as a defendant in the DVD case this week. The [T-shirt] DVDCCA pigeonholed them into one of the "John Doe" slots on the suit after apparently figuring out that CopyLeft is selling T-shirts with the DeCSS code on the back. This move will, of course, bring the "free speech" aspect of the case into an even more prominent position.

The one immediate result, however, seems to be that CopyLeft is selling far more shirts. Since each shirt sold generates $4 for the Electronic Frontier Foundation, the DVDCCA may end up doing a favor for the defense.

Inside this week's Linux Weekly News:

  • Security: OpenBSD fuzz, CVS insecurities, forensics tools.
  • Kernel: A major VM rewrite in 2.5; changes to mount(2), getting configuration information from the kernel.
  • Distributions: European Linux distribution numbers, Corel Linux Second edition coming soon, Red Hat "Pinstripe".
  • Development: The OpenTcl movement, Python licensing issues, Linux printing advances.
  • Commerce: Caldera buys parts of SCO, Linux on S/390, More Red Hat News.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

August 3, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Security page.

News and Editorials

OpenBSD runs fuzz. For those of you with very good memories, the University of Wisconsin "Fuzz" program experimented with throwing garbage input onto the command line of common Unix commands and evaluating the result. Run twice, with a five-year interval, it turned up most of the same errors the second time. Theo de Raadt from OpenBSD picked up fuzz and ran it on OpenBSD to test the results. Here is what he found. Even with OpenBSD's emphasis on fixing all bugs and auditing code, fuzz still turned up errors in many basic commands.

It also turned up a debate on BugTraq as to the usefulness of such tools. The bugs found by fuzz previously and now are arguably not actually security bugs. However, they are still bugs and therefore deserve to be fixed. Theo commented, "I still consider fuzz to be somewhat of a crutch. For about half of these fixes, inspection found other things we could improve". Perhaps so, but inspection had not turned them up until fuzz gave them a reason to look again at code that has been around for a long, long time. In the end, such tools have their use and the current state of computer software in general argues a lot for the need for tools like this. However, Theo's point that software that passes all automated tests still likely has problems that are best found by a source code audit by trained staff shouldn't be forgotten either.

Also hypothesized in the report is the existence of commercial software from various vendor quality assurance groups to do "fuzz-like" testing and more. Such code is currently locked away within each organization; the release of such tools, and the pooling of ideas and knowledge to improve them, might be a boon. Of course, depending on the quality of the code, its availability might not make as much of a difference as we might hope.

Silence is the best security policy (ZDNet). This is apparently one argument that will never end. This ZDNet article argues that security holes should be "hushed up", not published. "Marcus Ranum, chief technology officer for intrusion detection software maker Network Flight Recorder Inc., used hard language to say that security can't be improved unless 'gray hat' hackers stop disclosing security holes to the public and stop creating tools for so-called 'script kiddies' to exploit the holes."

As someone who has followed vendor security reports for over ten years, this editor can testify that unpublished vendor security holes simply went unfixed. So much for "improving security".

Bull announces CDSA security software for Linux as open source. Bull has announced the forthcoming release of its Common Data Security Architecture implementation under an (unspecified) open source license. Code will be available on August 24.

New Security Reports

CVS vulnerabilities. Two CVS-related vulnerabilities were reported this past week. The first vulnerability impacts the CVS server, which can be made to execute an arbitrary binary via the Checkin.prog script. An unofficial patch for CVS 1.10.8 has been posted.

The second vulnerability impacts the CVS client, which blindly trusts path information from a CVS server and can thus be "tricked" into creating files in arbitrary locations. No workaround or patch has been posted, as of yet.

These vulnerabilities sparked a long discussion on the security of anonymous CVS servers. The consensus seems to be that CVS was simply not designed to be run in an "untrusted" mode (sound familiar?). Therefore, if you are running a CVS server, you should assume that the people authorized to use the CVS server are also authorized to get login access to the machine hosting the CVS server. A dedicated, highly controlled CVS server was recommended for less trusted circumstances.

Also mentioned in the discussion was a new open source project, subversion. Still in early development, it is meant to be a CVS replacement, presumably with better security built into the design. A "proof of concept" release is currently scheduled for September.

TurboLinux: cvsweb. TurboLinux has issued a security advisory for cvsweb-1.90 and earlier. Remote reading/writing of arbitrary files as the cvsweb user is possible. Updated packages for cvsweb-1.91 are provided.

Mailman. A vulnerability has been reported in mailman 2.0beta3 and 2.0beta4. Mailman can be exploited by a local user to read public and private data, passwords and potentially replace binaries and scripts. An unofficial patch against the current CVS tree is provided. Mailman 2.0beta5 has also been released and is reported to contain a fix for this problem.

GNU userv vulnerability. A security vulnerability in userv 1.0.0 and earlier has been reported which, under some circumstances, can allow a local user to carry out an unauthorized action. Userv is a system facility to allow one program to invoke another when there is only limited trust between the two programs.

GNU userv 1.0.1 has been released with a fix for this vulnerability.

Linux-Mandrake security update to kon2. MandrakeSoft has issued a security update to the kon2 package which patches up fld, a vulnerable setuid program. The Linux-Mandrake kon2 package contains KON, software for displaying kanji characters on Linux console screen.

OpenLDAP installation permissions. The installation permissions for openldap 1.2.11 (and possibly earlier versions) allow the binary itself to be writable by group. However, the installation does not choose the group that will be used, allowing it to potentially default to an untrusted group. This problem was reported on BugTraq by Dr. Christian Kleinewaechter. The problem can be dealt with by modifying the installation script itself or by checking the group ownership and permissions of the binary and modifying them, if necessary, after installation.

ntop. A BugTraq posting warns that ntop, a network usage display, can be used to remotely read any file on the system, if run in web mode. Ntop in web mode is a web server, run suid. Access to the server can be locked down via a configuration file, but the documentation incorrectly reports the proper location for this configuration file.

Commercial products. The following commercial products were reported to contain vulnerabilities:


Netscape/Mozilla JPEG marker vulnerability. Check last week's Security Summary for more information.

pam. A vulnerability in pam is triggered when a display manager and XDMCP are both enabled. It can allow unprivileged users to fake a console login and shut down the machine. Check the Red Hat advisory for more details

Multiple gpm vulnerabilities. New problems with gpm were reported last week, including the ability for a local user to execute arbitrary commands with elevated group privileges and a local denial-of-service attack.

This week's updates:

Previous updates:

dhcp. A second set of problems with the ISC dhcp client was reported in the July 20th Security Summary. New updates to dhcp-3.0b1pl17 (instead of pl12) are now coming out.

Linux-Mandrake: zope. Linux-Mandrake has put out Zope 2.1.6 packages, fixing a security flaw in the DocumentTemplate package that can allow documents to be changed without adequate authorization. Check the June 22nd Security Summary for information on the problem, which has also been fixed in Zope 2.1.7 and 2.2 beta 2.


Dan and Wietse's Forensic Tools. Dan Farmer and Wietse Venema have released The Coroner's Toolkit (TCT), a set of tools for doing a post-mortem on a Unix system after a break-in. "To set your expectations, the TCT software is not for the faint of heart. It is relatively unpolished compared to the software that we usually release. TCT can spend a lot of time collecting data. And although TCT collects lots of data, many analysis tools still need to be written. Nevertheless TCT sure beats the competition, which is non-existent, and beats them at the right price, too."

The tools are released under a combination of the IPL (IBM Public License) and a modified version of the BSD license.

TrinityOS. David Ranch, the IP Masquerade HOWTO author/maintainer and co-author of the SANS "Securing Linux: Step by Step" book, has also made available a website he calls TrinityOS. Like the Bastille Linux project, the website contains scripts for automating the process of securing various Linux services. Note, however, that the scripts themselves don't appear to have been heavily tested and provide no easy way to back out the changes they make. In many ways, they make a better reference for what ought to be done than a one-step method of securing a system for use by a novice.

Red Hat, Linux-Mandrake, and Slackware are all referenced. In addition to the afore-mentioned scripts, TrinityOS contains a wealth of links to additional security resources.

Hack Proofing Your Network. Hack Proofing Your Network is a new book from Syngress Publishing. Ryan Russell is the author and the list of contributing authors is quite interesting: " Contributing writers include: Rain Forest Puppy; Elias Levy, BugTraq moderator; Blue Boar, Vuln-dev moderator; Dan "Effugas" Kaminsky, Cisco Systems; Oliver Friedrichs, SecurityFocus.com; Riley "Caezar" Eller, Internet Security Advisors; Greg Hoglund, Click To Secure, Jeremy Rauch, and Georgi Guninski."

LinuxSecurity.com Weekly Newsletter. LinuxSecurity.com's weekly newsletter is also available, for those of you looking for additional Linux security news.


ToorCon pre-registration closes August 6th. Pre-registration for this year's ToorCon closes August 6th. The ToorCon Security Expo will be held on September 1st-3rd in San Diego, California, USA. "ToorCon is a comprehensive three day computer security extravaganza featuring lectures from some of the top experts in the field, hand-on demonstrations of the newest approaches to computer security, and a competitive game called RootWars which tests your penetration and defensive skills in a real-time simulation."

Check their web-page for more details.

August/September security events.
Date Event Location
August 14-17, 2000. 9th Usenix Security Symposium Denver, Colorado, USA.
August 14-18, 2000. Ne2000 (Networking 2000) Lunteren, The Netherlands
August 18-20, 2000. Hack Forum 2000 Ukraine
August 20-24, 2000. Crypto 2000 Santa Barbara, California, USA
August 22-23, 2000. WebSec 2000 San Francisco, California, USA
September 1-3, 2000. ToorCon Computer Security Expo San Diego, California, USA.
September 11-14, 2000. InfowarCon 2000 Washington, DC, USA.
September 13-14, 2000. The Biometric Consortium 2000 Gaithersburg, MD, USA.
September 19-21, 2000. New Security Paradigms Workshop 2000 Cork, Ireland.
September 26-28, 2000. CERT Conference 2000 Omaha, Nebraska, USA.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

August 3, 2000

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux (Flask)

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Linux Security Audit Project
Security Focus


 Main page
 Linux in the news
 Back page

See also: last week's Kernel page.

Kernel development

The current development kernel release is 2.4.0-test5. Linus actually sent out an announcement for this release, describing what's in it.

The first prepatch for the -test6 release is available. It consists mostly of small tweaks (many of which are spelling corrections), but also has some MIPS architecture fixes, an IBM MCA SCSI driver update, a big USB storage update, an ext2 filesystem update, and a reorganization of user process accounting.

Ted Ts'o, the new keeper of the 2.4 status list, has posted an updated summary of where the 2.4 release stands. The list remains long. Ted is also maintaining a web page on SourceForge with the current list.

The current stable kernel release is still 2.2.16. The 2.2.17 prepatch is up to 2.2.17pre14; probably at least one more iteration is forthcoming before the official 2.2.17 release.

Towards a new virtual memory system. Difficulties with Linux virtual memory have been popping up since early in the 2.2 stable series. While it works for most people, there are those who can easily get the system into a thrashing, useless state. Lots of work has been done trying to fix things up, with some success. Nonetheless, the current development kernels still can do unpleasant things with some loads.

It looks like 2.4.0 will go out with a less-than-optimal VM implementation. There is still room for tweaking, but Linus is not interested in major changes at this time. And he has a point; there comes a time when you have to draw the line and ship a kernel.

So now the developers are looking toward 2.5, when they'll be able to go in and make radical changes. To that end, Rik van Riel has posted a description of a new VM subsystem as he would like to implement it. It's based heavily on the FreeBSD scheme, which works quite well. But, of course, it will have some special Linux tweaks of its own. See Rik's posting for the details.

Changes to the mount system call, both large and small are on the table. Starting with the smaller issue: the current development kernels handle mounts a little differently from previous kernels (and most Unix systems) in that mounts can stack. Should a system administrator type:

    # mount /dev/hda1 /mnt
    # mount /dev/hda2 /mnt
both mounts will succeed. Somebody looking in /mnt after both operations would see the filesystem that lives on /dev/hda2 - the last one mounted.

Unix systems over the years have not allowed this sort of operation - the second mount would fail with a "mount point busy" error. It seems there are quite a few people who depend on those semantics - a number have complained about the "overmount by default" behavior.

The end result looks to be a return to the old semantics - stacked mounts will not happen unless explicitly requested by the user. (Some might ask why stacked mounts are needed at all; among other things, the automounter can use them to provide for "direct" mount maps.)

The person working with the mount semantics is the same guy who has been making changes all over the filesystem layer - Alexander Viro. He is also working on the addition of "union mounts", where several filesystems can be combined together into a larger, virtual filesystem containing all the files in each of the component parts. The semantics of union mounts still need some thought, however, and no work will be done on them until the 2.5 development series.

In the process of thinking about all this, Mr. Viro came to realize that the current mount interface shows, shall we say, some historical baggage. See this lengthy posting for the full scoop on the problem. Essentially it comes down to (1) the current mount system call interface is, um, inelegant, and (2) it is going to be very hard to add new features, such as union mounts, using the given interface.

So a brand new mount call ("mount6", perhaps) has been proposed, with an API like:

    int mount6 (action, mountpoint, type, 
                flags, device, data);
What's new here is the "action" parameter, which can have values like "mount", "remount", and "bind". With the current interface, the "flags" argument is used, sometimes, to indicate that an action other than a straightforward mount is to occur. Separating the action out will make the interface a lot cleaner.

There seems to be little opposition to the new interface, so it will likely go in at some point. The old mount interface will be preserved (probably by libc), of course, but in this case the interface change will be relatively painless anyway. After all, not very many programs call mount.

How should user space get information about the kernel? It all started with a posting about a compile problem involving one of the kernel header files. It seems that, in some situations, some headers are still being included directly out of the kernel source into user programs. That was supposed to stop happening entirely with glibc 2, and for the most part it has. However, it is still tricky for glibc to get certain kinds of information about how the kernel is configured without going to the header files.

Ulrich Drepper, the maintainer of the Linux glibc port, is direct in his criticism of Linus for not providing a straightforward kernel interface - a sysconf() call - to obtain kernel parameters. Linus has been even more direct, to the point of messing up his soft-spoken image, in his criticism of how glibc does things. According to Linus, kernel support should not be needed to provide user space with various kernel parameters.

How, then, is a user program to obtain information like the maximum number of groups allowed, or the clock tick frequency? Well, according to Linus, the best way to get at constant system parameters is to store them in a file, such as /etc/sysconf. The library can just look in that file, which would be updated (at boot time, perhaps), by a special program that knows where to look. This registry-like file could also contain pure user space information, whatever might be useful in tracking the state of the system configuration.

Not everybody likes the idea; there are some obvious issues to keeping the file synchronized with reality. But Linus is quite clear on the point that no sort of sysconf system call will be added to the kernel.

How can standalone kernel modules find include files? This question came up as a side branch of the sysconf discussion. When a kernel module is built separately from the kernel it will run under (i.e. if it's not part of the standard kernel source), the build process needs to be able to find the right header files. In general, that requires that the person building the module edit the makefile and set the kernel source path directly. That works, but lacks elegance and can be hard for people who are not normally accustomed to building kernels.

Installed kernel modules themselves live in a directory corresponding to the kernel version number under /lib/modules. Thus, modules for a 2.2.16 kernel are likely to be found in /lib/modules/2.2.16 (though many distributor-supplied kernels add on to the version number). So the question came up: when installing the modules, why not have a kbuild directory that has the source to the build kernel as well? Said directory would just be a link to the kernel source tree, of course. Consensus was achieved rather quickly on this idea; expect to see it implemented in future kernels. The change has also found its way into the 2.2.17 prepatch.

Other patches and updates released this week include:

  • Tigran Aivazian has made available his Mutex Comparison Toolkit, which can be used to determine the relative performance of the various kernel locking mechanisms in specific situations.

  • The latest version of Eric Raymond's new kernel configuration scheme is cml2-0.7.5.

  • The Timpanogas Group has released version 2.4.2 of its Netware filesystem implementation.

  • The IP Personality patch is interesting: it is a netfilter module which allows a Linux system to masquerade as something else, thus fooling the various OS fingerprinting tools which are out there.

  • Michael Elizabeth Chastain has written up a new document describing how the kernel makefiles work.

  • Matt Robinson, at TurboLinux these days, has released the 2.0 version of his Linux kernel crash dump analyzer.

Section Editor: Jonathan Corbet

August 3, 2000

For other kernel news, see:

Other resources:


 Main page
 Linux in the news
 Back page

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

European Linux distribution numbers. This July 20th Computer Weekly article focuses on the perceived lack of enterprises products and services for Linux in Europe. Encased within it, however, are some statistics from IDC on Linux market share in Western Europe, from IDC. As usual, when we get little snippets of such information, the exact method in which the statistics have been gathered is jealously guarded and therefore their accuracy cannot be accurately judged.

Nonetheless, it is not hard to believe that the popularity of different distributions would vary in different international regions.
SuSE 30%
Red Hat 23%
Corel 18%
Caldera 11%
Mandrake 11%
Others 7%

Corel LINUX OS: Second Edition to be previewed at LinuxWorld. Corel has announced that it will demonstrate the second edition of its Linux distribution at LinuxWorld on August 15. It is certainly about time that Corel released a new version of its Linux distribution. Corel Linux 1.0 was released in November of 1999 and, though promising, was considered "beta quality" by many reviewers. Many of us expected that Corel would integrate the feedback they received and release an updated version fairly quickly. Instead, months went by with no news from that front.

Still, this latest announcement indicates that work on Corel Linux has continued. Unfortunately, the press release contains no details about the improvements we hope to see in this new edition.

Interview with Joseph Cheek of Redmond Linux (GNULinux.com). GNULinux.com arranged for an interview with Joseph Cheek, the organizer of the Redmond Linux project. "GNULinux: Will Redmond Linux try to hide the command line from the user when possible (ex: such as COAS or Webmin tools do with basic administration)?

Cheek: Oh yes. For personal edition at least, if you have to use the command line to do anything it will be an error on our part. A bug. For other editions, the command line may play a role. It's nice to have it for power users, so later editions geared to power users will probably have it."

Red Hat, SuSE, others update Linux offerings (News.com). News.com looks at upcoming Linux releases. "These new versions, though, are a step ahead of the heart of Linux, called the kernel, which isn't moving along as fast as earlier hoped. Despite psychological tricks such as naming the current development version '2.4.0-test,' the new and improved 2.4 kernel still hasn't arrived."

New player emerges in embedded Linux race (News.com). Here's a News.com article about TimeSys. "But the company also has its own individual flavor, said chairman and co-founder Ragunathan Rajkumar. First, its Linux/RT version is 'hard real-time,' meaning that it's guaranteed to respond within a fixed amount of time--a tricky programming issue but one that makes the software appealing to some specialized customers. Second, the company will sell software that allows real-time Java software to run on its Linux systems, Rajkumar said."

Caldera OpenLinux

Caldera launches OpenLearning Linux education programs. Caldera Systems has announced the launch of its "OpenLearning" series of education courses. The courses are aimed at LPI certification, and are available from a network of training providers.

New FAQs. Caldera has released new FAQs with answers to questions about Java, sound, NTFS support and more.


Coyote Linux is a single-floppy distribution based on the Linux Router Project (LRP), but using its own configuration tools. Coyote Pro, the commercial version of Coyote, makes a Windows Wizard available for configuration. Coyote Pro is now reported to be active and under development again.


Debian Weekly News. This week's Debian Weekly News is entitled "No News is Good News". No show-stopper bugs have been found so far in test cycle 3, so the schedule for the release of Debian 2.2 in time for LinuxWorld San Jose still stands.

A new Debian project for a port to the IA64 has begun, but is currently hamstrung due to lack of access to the hardware.

Also new this week was a mention of Gibraltar, a Debian-based distribution entering the router/firewall arena. It is designed to run off of CDROM, using a floppy to store configuration information.


Kondara Linux (Duke of URL). The Duke of URL reviews Kondara Linux in this article. "While Kondara sounds like another Red Hat-based distribution with a funky name, it's breaking ground. The trademark feature is a single multi-lingual binary. Does Digital Factory's distro have what it takes to become the next big player in the Linux wars?"


Libranet Linux 1.8 released. Libra Computer Systems has announced the release of Libranet Linux 1.8. It is based on packages from the Debian potato release, with some updated packages from woody. Debian potato is the version currently in test cycle 3, which Debian hopes to release officially in the next couple of weeks. Debian woody is the development release already in progress for the release after this one.

Red Hat

Red Hat 'pinstripe' release. Red Hat has sent out an announcement for its latest beta release, called "Pinstripe." With Pinstripe, the Red Hat distribution expands onto a second CD. A list of changes is in the announcement; it includes more LDAP and Kerberos integration, the replacement of lpr with LPRng, and the addition of packages like SANE, gphoto, MySQL, AbiWord, XEmacs, and others. As noted in the announcement: "Important data should not be entrusted to Pinstripe, as it may eat it and make loud belching noises."


SuSE 7.0 pre-announcement. Here's an announcement from SuSE about the 7.0 release, which will be out at the end of August. With 7.0, SuSE is splitting the distribution into flavors: the "personal" and "professional" editions. The personal variant is aimed at newcomers and desktop applications, while the professional version is set up for servers.


A Request for Discussion (RFD) has been posted for the created of an unmoderated newsgroup, comp.os.linux.trustix. The newsgroup itself, barring any unforeseen objection, will probably be available within a month or so.

Section Editor: Liz Coolbaugh

August 3, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 Linux in the news
 Back page

See also: last week's Development page.

Development projects

News and Editorials

Notes from the VA Open Source Printing Summit. Printing has never been an area where Linux has particularly stood out. In an attempt to change that situation, VA Linux Systems convened a "printing summit" in Sunnyvale, attended by many people who are actively developing in the printing area. Grant Taylor's notes from the event are worthwhile reading. "Mark VanderWiele then presented his project, which frankly took most of us by surprise. IBM has over the years written printer drivers for essentially all printers to support OS/2. They are porting this project to Linux and releasing it as free software: probably GPL or perhaps LGPL."

Grant has also announced the launch of LinuxPrinting.org, his site dedicated to information about printing under Linux.

Internet Groupware for Scientific Collaboration. Jon Udell has written up a report on Internet Groupware for the Software Carpentry project. The report looks at the tools that are currently available, and talks about where those tools should really be. It's a good overview of what could be done to make the net better for collaborative work, recommended reading.


Mozilla Status Update (July 29th). A new Mozilla Status Update went on-line on July 29th. Each group appears to be making progress towards eliminating bugs that are considered "show-stoppers" for beta 2 release.

KMail progress review. As part of the lead-in to the 2.0 release, the KDE project has set up a "launch pad" page with information on what's changed. The most recent addition is a detailed review of the new features in the KDE mail client KMail. It looks like the developers have been busy...

KMailcvt - Exchange email's with Outlook Express. Hans Dijkema has reported the completion of two working import filters for KMail and Kab (KDE address book). They support the import of Outlook Express 5.0 folders into KMail and MS Exchange .PAB format files into Kab. This should be pleasant news for KDE users that still need to use Outlook and Exchange as well.

Web Browsers on the Linux Desktop (Web Review). Here's a survey of Linux web browsers on Web Review. "Timing for the first official [Mozilla] release is unclear, though looking at overall progress and various snippets on the Mozilla Web site gives the impression that we will see one before the year's end. At any rate, M16 is already a usable browser for Linux and I expect the next 'milestone' release to replace Netscape on my own desktop."

qmail-autoresponder version 0.93. The qmail-autoresponder appears to be approaching its first stable release. This should be a useful little tool for qmail-based sites.


SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for July 31 is out. It contains information on efforts to support Linux in education in Colombia. In addition, recent discussion on the mailing lists has focused on the need to provide lessons plans, developed by teachers, that utilize Linux software instead of commercial packages. New effort has begun as a result, currently focusing on getting permission to adapt existing lesson plans to Linux and re-publish them. Many additional topics are also covered.


WorldForge 'Acorn' demo alpha release. The WorldForge project has announced the 0.1 (alpha) release of its Acorn demonstration game. This is the first chance for many to see this open source multiplayer game platform in action.


A toast to wine for running win apps (ZDNet). A ZDNet columnist writes about his experiments with Lotus Notes and Wine. "The performance was similar to running Notes under Windows-the longest lags were in accessing the Notes server. This surprised me, but after all, Wine's name stands for 'Wine Is Not an Emulator.' Rather than slog through the emulation of a full machine and OS, Wine only provides an alternate implementation of the Windows API."

Network Management

ScoreBoard Inc to support OpenNMS. ScoreBoard Inc has announced plans to support development on OpenNMS by hiring an OpenNMS fellow, another full-time person dedicated to this open source project. They are currently looking for the right person to fill this position.

OpenNMS Development Update. This week's OpenNMS Development Update highlights the release of the "Service Control Manager" spec. "This is the hallmark event in what should be several successive weeks of new programming specs. Knock wood."

It also includes an informal report back from DefCon.

Office Applications

Gnumeric and the Gnu Love of my Life (ShowMeLinux). Here's a review of Gnumeric on the ShowMeLinux site. "Hold onto your hats, Excel fans, it gets even better. On the higher end, some of the most useful Excel features are supported: goal seeking, solver, and quite a lot of analysis tools, which unfortunately don't allow the interaction of Excel when it comes to selecting ranges, but the tools themselves work great."

Evolution 0.3. Another development snapshot for Evolution, the Gnome groupware suite, has been put out. This is primarily a bug-fix release.

The Graphics Lab on Your Linux Desktop (LinuxPlanet). LinuxPlanet looks at Linux graphical tools, especially gPhoto and the Gimp. "gPhoto offers a very friendly and easy-to-use package that covers a wide array of cameras. When I was shopping for a camera, I loaded the supported list of cameras on to my Palm and went shopping. I was pleasantly surprised to notice that there was support for almost every model on the shelves of several local merchants. The only exception was a $75 toy. Everything else, from $200 beginner models to pricier almost-$1000 units were supported by gPhoto."

AbiWord Weekly News. Last week's AbiWord Weekly News focused on Online help, toolbar improvements, and major BeOS fixes. This week's edition reports great progress on the binary Word export.

On the Desktop

KDE 2.0 Beta 3 Released (1.92). The KDE Project has announced the release of the third beta of KDE 2.0. This release contains a lot of bug fixes, and some new functionality as well.

Helix GNOME: Unix For Humans (O'Reilly Network). The O'Reilly Network has put up a detailed article on obtaining and installing the Helix GNOME distribution. "Helix Code aims to provide an easy-to-use and easy-to-install open source desktop. They do this by taking the standard GNOME desktop and then enhancing it with a few additional features that make it both nicer and more user-friendly. However, what basically has made Helix GNOME so popular is its awesome installation and update programs. With these programs, setting up the latest version of a GNOME desktop, and then keeping it up-to-date, has become really easy."

Web-site Development

IBM offers free tool for writing Linux software (News.com). According to this News.com article, IBM is about to release a new web development tool. "The product, Sash Weblications for Linux, was written by seven IBM summer interns and will be available for download to the open-source community within the next few weeks..."

Latest Zope faqts update. Here's an update detailing the latest entries in the zope.faqts.com knowledge base. Check it out for instructions on making the Zope tutorial work, and the distressingly ugly truth of how one simulates a "while" loop in DTML.

Section Editor: Forrest Cook

August 3, 2000

Project Links
High Availability

More Information



Development tools

News and Editorials

The OpenTcl Movement. On July 24th, in response to discussions on comp.lang.tcl, John Ousterhout posted a proposal for a "Tcl Core Team" to manage the Tcl core. "Our conclusion matches what many of you have been arguing for a while, which is that we should open up the Tcl core to encourage contributions by a broader cross-section of people."

This week, Michael McLennan posted an announcement for a community election of the new Tcl/Tk Development Team. Nominations must be received by 11:59pm EST on Sunday, August 6. Voting starts on August 7 and continues until 11:59 EST on August 11. Check http://www.tcltk.com for more details.

The next few months are likely to be pivotal in the history of Tcl/tk. A transition from a tightly-controlled development to a more fully open development is not an easy one. Nonetheless, in this case, it seems an obvious evolutionary step. We wish them good luck.

VAR'AQ: Finally, programming support for Klingon. For the fearless only, NTK reports on var'aq, a "stack-based, Forth-ish language, with Lispish data structures, and an object-verb-structure grammar designed for use by Klingons." Comments project leader Brian/B'Rian Connors/C'onnarrghs, "'If you are afraid to tread in hostile territory like this, you might want to hold off on playing with var'aq for a while.'" NTK retorts, "But then, maybe you are weak, and dishonour us all with your cowardice, toDSaH!" Hey, if my dog can understand Klingon, surely programming in it can't be hard?


Java2 v1.2.2, Java3D 1.2 FCS, and JAI 1.0.2-beta. The Blackdown team proudly announced three new releases this week, including Java2 v1.2.2, Java3D 1.2 FCS, and JAI 1.0.2-beta. The JCK status page for Java 1.2.2 indicates that the Intel port has passed all tests.

They also mention that Java v1.3, the JMF and Debian packages for all the recent releases are "soon to come".


Mumps Compiler Version 2.0. Mumps is a programming language with a long history of use in the development of software for the health-care industry. Version 2.0 of the Mumps to C translator/compiler has been released. It appears to provide some specific PostgreSQL support. Note that this is not free software; commercial use requires a license. The full 1995 Mumps standard has not been implemented. Nonetheless, if you have legacy code, this may be a way to get your software ported reasonably painlessly to a new environment.


Developers To Polish New Perl (ZDNet). ZDNet reports on the plans for Perl 6. "The upgrade will better Perl's management of system memory, improve its ability to parse eXtensible Markup Language and search for XML-tagged documents, and make the language more compatible with Java and other software programs."

For those of you wanting to follow the development progress for Perl 6, we recommend bookmarking http://www.perl.org/perl6/.


Python-URL for July 31. Here's Dr. Dobb's Python-URL for July 31; it contains the usual mix of Python development items, including a pointer to this posting by Tim Peters clarifying the Python license situation.


Tcl-URL (July 31st). This week's Tcl-URL contains a link to another posting from John Ousterhout regarding the development of the Tcl Core Team, works from Sergei Kucherov containing wizardly Expect advice and other useful posts from the past week.

Section Editor: Forrest Cook

Language Links
IBM Java Zone
Perl News
Daily Python-URL
Tcl Developer Xchange

 Main page
 Linux in the news
 Back page

See also: last week's Commerce page.

Linux and Business

Caldera and SCO: it's official. Caldera Systems and SCO announced this week the purchase deal that has been rumored for some time now. LWN attended the "analyst conference call" on the merger; here's what we were able to pick up.

The deal itself is as follows. Caldera Systems will pick up the Server Software and Professional Services divisions of SCO. A new holding company, called simply "Caldera, Inc." will be created to take possession of the new groups. Ransom Love will be Caldera Inc.'s CEO, while David McCrabb from SCO will become the President and COO. What SCO gets out of the deal is 28% of Caldera, Inc., $7 million in cash, and an $18 million loan from the Canopy Group, the major stockholder in Caldera. SCO also retains the "OpenServer revenue stream", even though it is Caldera that "will have exclusive distribution rights for the SCO OpenServer product line, and is fully committed to servicing and supporting the SCO OpenServer customer base."

SCO will also hold on to its outside investments, such as the stake in LinuxMall.com.

Caldera's plan is to build a unified product line out of its current Linux offerings and SCO's products. They see Linux as being best suited to the lower end systems, while UnixWare works better at the high end, especially in clustering applications. In general, SCO's clustering seems to be Caldera's path into this very competitive area. Caldera also has high hopes for Monterey as the high-end system for the IA-64 architecture. In all of these cases, they emphasize that there will be a single API for developers to use - the Linux API.

Caldera also gets SCO's channels and its large list of customers. SCO's logos are also part of the deal, leading to the question of what the remainder of SCO will call itself. They had no answer to that, but pointed out that "Tarantella, Inc." already exists; since Tarantella will be the core of SCO's operation now, there is an obvious name change there.

Will SCO's products be released as open source? Caldera's answer was, at best, ambiguous. There was a lot of talk about "source access" licenses - meaning, perhaps, that if you license the products you can get at the source but not redistribute it. Caldera also devoted a lot of words to how it gives back to the community, so it's clear they feel some pressure there. But it's not clear how they will respond.

Needless to say, Caldera is upbeat about the deal. They claim that the company is now the first to show a truly coherent Linux business model with a clear path to profitability. Time will tell...

(For more information, see this SEC filing from Caldera, which covers most of the important parts of the deal. Also some of the less important points: "Both companies will continue to use the SCO Cafeteria in Santa Cruz. Ingrid and her staff will continue to produce their tasty creations.")

Linux on IBM's S/390. Here is the formal announcement from IBM of its new pricing structure for Linux on the S/390.

For those using Linux on the S/390, Computer Associates announced that it is making "a comprehensive suite of eBusiness management software" available, including Unicenter, MasterIT, Ingres, ARCserv, and eTrust, and BMC Software has announced that its "PATROL" and "Knowledge Module" system management tools are available with a free trial period offer.

More Red Hat News. Singapore based Donovan Systems will bundle Red Hat Linux on its 64 bit hardware systems.

Red Hat, Inc. completed the acquisition of WireSpeed Communications Corporation Inc.

Red Hat and Ericsson have announced a deal to jointly develop a range of consumer products oriented around home communications. The first such product will be Ericsson's "Cordless Screen Phone," due to be available by the end of this year.

Aug. 4 is Last Day for Nominations. A position is being made available, for the second year, to the Linux development/Open Source community on the International Softswitch Consortium (ISC), paid for by Vovida Networks. Nominations for the position are open until August 4. A list of nominees will be posted Monday, August 7, 2000 at Vovida's web site.

Set-top Boxes. Bluepoint Linux Software Corp. has announced the signing of a letter of intent to develop a Chinese Linux system for a new set top box to be deployed by Bridge Group.

Coollogic announced the availability of a new, Linux-based set-top box designed to enable Internet access via a television set.

Press Releases:

Commercial Products for Linux.

  • LinuxSolve, Inc. (SANTA CLARA, Calif.) announced the vHost secure server appliance, a secure Linux-based virtual hosting solution.

  • Loki Software has announced a deal with Epic Games wherein Loki will maintain and support the Linux version of Unreal Tournament.

  • SteelEye Technology has announced the launch of a high-availability version of the Apache web server. It includes fault detection and failover capabilities to keep a site up even when individual servers fail. It's supported on Caldera and Red Hat.

  • TurboLinux has announced the launch of "TurboLinux DataServer," a version of its distribution with IBM's DB2 integrated. Cost is $2500.

Products Using Linux.

  • RSA Security Inc. (BEDFORD, Mass.) announced that the NetMAX division of Cybernet Systems Corporation has licensed RSA BSAFE Crypto-C security software for inclusion in its NetMAX family of Linux-based Internet appliance software.

Products with Linux Versions.

  • Compaq Computer Corporation (HOUSTON) introduced the StorageWorks RAID Array 4100 SAN.

  • Digitex Technology Services, Inc. (St. Louis, Missouri) has a number of products with Linux versions, and will soon introduce 1U and 2U rackmount Linux firewalls. The line of Linux products can be found at www.digitex.cc/Products/.

  • Engineous Software Inc. (MORRISVILLE, N.C.) added Linux support for iSIGHT 5.5; integration, automation, and design improvement software.

  • Mentalix Inc. (PLANO, Texas) is now shipping Pixel!FX 2000, an imaging and scanning product line.

  • Piranha, Inc. (DALLAS) announced its streaming media technology, Piranha Stream.

  • Port25 Solutions, Inc. (ELLICOTT CITY, Md.) announced PowerMTA, a Message Transfer Agent (MTA) primarily for delivering large volumes of outbound Email messages.

  • ViewSonic Corporation (WALNUT, Calif.) announced it is unveiling Internet appliances that will be bundled with AT&T WorldNet Service.

Java Products.

  • FatWire (MINEOLA, N.Y.) announced the release of UpdateEngine 5, a platform for e-business.

Books & Training.

  • O'Reilly has released the third edition of the book Programming Perl. "Any Perl book can show the syntax of Perl's functions, but only "The Camel Book" is a comprehensive guide to all the nooks and crannies of the language."

  • Boston University Corporate Education Center has partnered with CIW to offer its clients the Certified Internet Webmaster (CIW) program.

  • Wave Technologies (ST. LOUIS) adds boot camps in IT Security, Oracle 8i Dba, Java, And Internet Technologies.


  • Collab.Net (SAN FRANCISCO) and SkillsVillage.com announced a strategic alliance in which Collab's SourceXchange will link with SkillsVillage.com's solution.

  • Extended Systems (Boise, IDAHO), provider of Linux-based Internet access solutions, has been accepted as an Associate member of the Bluetooth Special Interest Group (SIG).

  • Force Computers (SAN JOSE, Calif.) announced the "Running with Force" third-party alliance program to supply communications equipment manufacturers with a range of embedded solutions. Current Force partners include LynuxWorks and MontaVista Software Inc.

  • Inprise/Borland (SCOTTS VALLEY, Calif.) announced that InterBase 6.0 is shipping with Cobalt Network's RaQ 4r.

  • InterLan Technologies (RESEARCH TRIANGLE PARK, N.C.) selected Caldera Systems to provide the Linux operating systems in its Internet Utility Center.

  • Linuxcare, Inc. (SAN FRANCISCO) has teamed with Compaq Computer Corporation through the Compaq Solutions Alliance program to simplify Linux installation on Alpha servers with the introduction of Linux Jumpstart! CD.

  • LinuxDevices reports on the merger of LynuxWorks, Inc. (Blue Cat Linux) and ISDCorp (Royal Linux). "It significantly increases the size and scope of the LynuxWorks' professional services organization, thereby enabling them to better support the needs of customers who choose to develop Linux-based products. In addition, LynuxWorks will now have Linux support for a wider variety of target processors including ARM and MIPS."

  • OnCore Systems Corporation (HALF MOON BAY, Calif.) announced support for International Business Machine's new line of PowerPC 405 embedded processors.

  • Qualys, Inc. (SUNNYVALE, Calif.) is integrating SecurityFocus.com vulnerability information as part of its QualysGuard service.

  • SiliconPenguin.com has announced a partnership with LinuxDevices.com; it seems to involve the use of news from LinuxDevices on the SiliconPenguin site.

  • SuSE Linux AG and Trustix (Nuremberg, Germany and Trondheim, Norway) announced a partnership to ensure that XPloy is compatible with SuSE Linux.

  • Syrinex Communications Corporation (BUFFALO, N.Y.) announced an agreement with Barrister Global Services Network. Barrister will provide field installation and support services throughout North America for Syrinex's Linux-based NexServer line of Internet server appliances.

Investments and Acquisitions.

  • Inprise/Borland has evidently been talking with another company about selling InterBase, at the same time that it has been open-sourcing the product. Now the company has announced that those talks are over, and InterBase will not be sold.

  • Linuxcare has announced the completion of a new round of funding: $30 million from Dell, Motorola, Sun and ITOCHU International.

Financial Results.


  • Data Mirror has appointed Mr. Wayne Howard as its new vice president and CFO.

Linux At Work.

  • 3Dgeo has purchased a 32 node linux cluster from NetworX for processing seismic data. "3DGeo Development, Inc., a leading innovator in 3-D advanced seismic imaging technology, has purchased a 32-processor cluster system from Linux NetworX to use in its high computation data processing application. According to 3DGeo, the high performance computing market is experiencing a paradigm shift from traditional supercomputers and large parallel servers to Linux cluster systems."

Section Editor: Rebecca Sobol.

August 3, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Linux in the news page.

Linux in the News

Recommended Reading.

Salon has run this no-holds-barred piece on the shutdown of Napster. "On the open Net, a thousand new Napsters are blooming. And what will be the impact of the court-ordered shutdown of Napster? These projects -- small, underground efforts that grew unnoticed in the shadow of Napster the company -- will be flooded with energy. Users will flock to them, and talented software hackers will work overtime to perfect them. From the recording industry's point of view, it is slaying one enemy only to seed the field with a thousand new opponents -- opponents who are, not incidentally, its own best customers."

Here's an Upside article about the open source database market. "With Linux plays fighting to hold onto their market caps, it seems strange that other companies would be in such a rush to pour money, code and accumulated labor into another unproven market. According to land rush participants, however, databases and the e-commerce applications that feed off them offer an even bigger open source opportunity than Linux ever did."

Napster and Related Topics.

ZDNet questions the consistency of Napster's approach to intellectual property in a lengthy article. "Napster's Barry, a former corporate lawyer, insists there is nothing inconsistent about the company's efforts to protect its intellectual property. 'We are not an open-source software company,' he says. 'This is not Gnutella,' he adds, referring to the popular free software product that lets users exchange music files."

A federal judge enjoined Napster from distributing copyrighted music. (Upside) "Judge Marilyn Patel chastised Napster for failing to turn its technologic expertise against copyright infringement on its system and scoffed at the company's argument that many people use its system legally. In fact, Patel said, Napster has sought to profit from music piracy since its inception."

OS Opinion has run an article on the recent Napster injunction. "With 78 million projected users, Napster would have had a near monopoly on music sharing. It would have been far easier to then develop a licensing system with those users, gathered in a central place. By shutting down Napster without a ready replacement, they insure that music sharing will be driven "underground" in the GNUtella network."

The New York Times has run this article on the Napster ruling. "Like many of Napster's millions of users, Mr. Frost, a 23-year-old systems administrator in San Francisco, did not see the court's ruling as a victory for copyright law or a defeat for a particular company. He saw it as a call to arms. "I wanted to get more involved in keeping free music distribution alive," Mr. Frost said."

Upside looks at another Napster-like site known as Napigator. "'Right now, we're looking into getting more bandwidth,' says the 21-year-old co-owner of Dublin, Calif.-based thirty4 Interactive LLC, which operates Napigator. 'I think a lot of [Napster users] will go to Opennap.'"

USA Today reports that Napster filed a last-minute appeal in federal court to avoid being shut down. Meanwhile, traffic on other free music sites has surged. "At Scour, cofounder Dan Rodrigues says traffic rose 80%, and adds, ''We're prepared for this weekend.'' Scour is being sued by the record industry and the Motion Picture Association of America."

Upside assesses Gnutella's readiness to pick up for Napster if need be. "Now that the court has stayed the judge's order that would have shut Napster down and has allowed Napster's service to keep running during the RIAA trial, the pressure is off somewhat. But the last 48 hours have given Gnutella developers a sense of what improvements they must make to the network in order to prepare for the landslide of users it may be asked to handle."

Wired News reports on yet another file sharing system, this one's called "MojoNation." It's decentralized along the lines of Gnutella, but also has a commercial aspect to it. "In an attempt to spread MojoNation quickly through the hacker underground, Autonomous Zone plans to release the beta version at the DefCon convention this weekend in Las Vegas. Versions will be available on sourceforge.net for Windows and Linux machines."

According to this ZDNet article, the folks at CopyLeft have been added as defendants in the DVD suit as a result of their selling T-shirts with the DeCSS code on the back. Beyond selling a lot of shirts, this move should help to bring the "code as speech" issue into an even more prominent role in the suit.


Here's an Upside article about IBM's Bluetooth release. "The source code, which will be released under the Gnu General Public License, governs portions of both the communications protocol and the device drivers that allow Linux-based devices to communicate via the low power, wireless Bluetooth standard."

IBM is offering special deals for mainframe hardware and software to encourage Linux usage, according to this CNet article. "A new Linux pricing plan means that current customers using the company's G6 mainframes can buy a new processor for $125,000 as long as it's used only to run Linux, McCaffrey said. A new processor normally costs three times that, he said."

LinuxPlanet attends a Linux S/390 installfest, and looks at IBM's Linux strategy in general. "IBM has been getting the message loud and clear from its customers that Linux on S/390 is a hot product--and that IBM needed to refine the installation process if people were going to make it work as anything other than a lab toy."

ComputerWorld has put up this article on IBM's new pricing schemes for Linux support on the S/390. "Key among the features is hardware called the Integrated Facility for Linux. It will let users of IBM's Generation 6 and Generation 5 mainframes add processor capacity exclusively for Linux applications without increasing charges for all other software on the server." (Thanks to Peter Link).


According to this News.com article, Linuxcare has managed to scare up some new funds. "A new round of funding will be necessary to bring Linuxcare back from the brink and restore its status as one of the earliest companies to make a serious go at turning Linux's popularity into a business. But the funding is no guarantee that it will be able to stave off new and current competitors."

Here's an article in Upside about Oracle's new jobs site run by Collab.Net. "According to the deal, Collab.Net will manage OTNXchange, a website that will employ the Collab.Net-owned integrated development environment SourceCast. OTNXchange is scheduled to go live Sept. 15, and to stimulate community involvement, Oracle plans to release a collection of unlicensed freeware tools designed to augment and interact with the company's proprietary database platform. The only catch is that developers must be part of the Oracle Technology Network to participate..."

Perth based Harvest Road has shown a 100 percent growth for the financial year that ended on June 30, reports AFR. "A recent deal with the Brisbane-based local unit of Red Hat, a leading developer of open-source Linux operating system software, to bundle HarvestRoad's web collaboration applications with Linux in Australia and Asia has given HarvestRoad an inexpensive point of entry into the Chinese and Indian markets."

ZDNet looks at the Red Hat/Ericsson deal. "With open software and open standards as its basis, is it possible that a growing community of developers and users will transform the Ericsson screen phone into an open, multi-vendor Internet Appliance platform -- a sort of 'Palm Pilot' of web pads? 'Yes, that's quite possible,' says Red Hat's Knuttila, 'that's an interesting way to frame it.'"

News.com also looks at the Red Hat/Ericsson deal. "Ericsson will pay Red Hat to create specialized versions of the Linux operating system in several Internet-enabled devices for the home, said Kim Knuttila, general manager of Red Hat's client services group. In addition, Red Hat will help Ericsson adapt its product line to Linux, and both companies will engage in joint marketing and branding work, he said."

ZDNet covers the Caldera/SCO deal. "Red Hat CEO Matthew Szulik would agree with that, although in a harsher manner. 'This validates what we and the IDC numbers have been saying all along about the death of the proprietary Unix market. As advocates of open source, we look forward to Caldera's support of open sourcing SCO's proprietary Unix technology to the entire open-source community.'"

Evan Leibovitch's latest ZDNet column is about the Caldera Linux Technology Preview distribution. "Based on pre-release versions of the 2.4 kernel, KDE 2.0 and the newest XFree86, the LTP is the first kit I've seen in a while that easily allows those unversed in kernel installation to examine future developments."


ZDNet picks up on speculation that Microsoft might open source their C# language from the minutes of a meeting held two weeks ago in Orlando as part of ECMA's previously obscure TC39 technical committee. "Q: Will Microsoft be open sourcing their implementation?

A: This is under consideration, but has not been decided. Microsoft has been approached by a number of companies desiring to partner on this. Jim expressed his opinion that he saw it likely that the source to a reference implementation would be made available, but declined to speculate on the licensing details."

John Dvorak writes about Linux in China in this rambling column. "I can't see how Microsoft has a prayer in China unless it gives away all its code for years to come. Linux and the open-source movement have China written all over them, because they play entirely in the public domain. Among other things, the government in China abhors piracy and knows it's not good for business. Because Linux is free, there's nothing to pirate, so China will move its computer scene toward Linux officially." (Thanks to Bill Cory).

ABOUT's Aron Hsaio has written an article that discusses the emergence of Linux on palmtop devices.

"Linux is getting smaller.

Not in terms of market share, mind you. Physically smaller. In a trend which marks a departure of sorts from the Unix and large-scale computing roots of Linux, manufacturers of all kinds of small and even tiny devices are embracing Linux as the embedded operating system of choice. It could well be that in the future, rather than using Linux on the desktop, we'll all be using Linux on the palmtop."

In this OS Opinion article, Xavier Barosa discusses past failures of closed systems and how they relate to today's world. "The CDless policy that Microsoft has imposed on the OEMs will eventually backfire and ensure that success of the Alternative Software movement; in particular, LINUX and BeOS."


The University of Auckland, New Zealand's Tamaki Campus has a DebianGNU/Linux based cluster named Kalaka. Kalaka is built from already installed machines in an open network.

ZDNet has posted this tutorial article on using PHP with database systems. "In this article, I'll introduce you to the process of interfacing PHP scripts with the database of choice. We won't go in-depth into the functions for each database type - those can be found in the PHP Manual, in the 'Function Reference' section."

Here's a survey of Linux web browsers on Web Review. "Timing for the first official [Mozilla] release is unclear, though looking at overall progress and various snippets on the Mozilla Web site gives the impression that we will see one before the year's end. At any rate, M16 is already a usable browser for Linux and I expect the next 'milestone' release to replace Netscape on my own desktop."


Linux Power's Jeremy Katz reviews Caldera's Computer Based Training (CBT). "So, what should I expect? According to the back of the box, I should get the information needed to do an install of Linux, login, use some of the various parts of KDE, get help, and shutdown properly in about an hour of going through the product. With this in mind, I stuck the CD in my CD-ROM drive and mounted the CD to find that it would autorun on a Windows machine as well as an AUTORUN.SH which I assume would autorun on a Caldera machine, although it did nothing of note on my Red Hat box."

GnuLinux.com has run this review of PhatLinux 3.2. "PHATLinux, the name alone is an indication of what kind of experience you are in for when using and installing this distribution. This is by far one of the most pleasant experiences with installing a distribution of Linux that we have ever had. At only 180 Mb for the download this is one small Linux (comparably), but it does come with most of the essentials needed."

Hardware Unlimited reviews the 3dfx Voodoo 5 5500 AGP video card under Linux. "As I mentioned before, the Linux drivers are very young, and lacking many features, such as FSAA and the ability to use both of the VSA-100 processors. It doesn't feel very good running a Voodoo4 when you're supposed to have a Voodoo5, that's for sure. If you're thinking of buying 3dfx for their Linux support-you may just want to wait a few months for their drivers to mature."


The (U.S.) National Public Radio ran a segment on open source software in its August 2 Morning Edition program. "NPR's Larry Abramson reports on the open source movement. It may sound unfamiliar, but considering what it's done for operating systems like Linux and Red Hat, it may be the hottest trend in computer programming." The program is available as an 8-minute RealAudio file. (Thanks to Sean Dague).

Bruce Perens has put up an editorial on Technocrat on buffer overflow exploits. He blames much of the problem on the i386 architecture, and calls for non-executable stack patches to be incorporated into the Linux kernel. "The people on the Linux kernel list, I'm told, have discussed and rejected this idea twice now. Maybe it's time for the rest of us to take it more seriously."

Here's an ABC News column criticizing Linux's security. The author has a strange view that the number of vulnerabilities in an operating system should be proportional to the number of users it has. "If you look this list over, and measure each system's number of vulnerabilities against the number of its customers, Linux is arguably the worst operating-system product in history, and Microsoft's the best. As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one."

Section Editor: Rebecca Sobol

August 3, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Announcements page.


The "Linux Newbie Administrator Guide" has been significantly updated.


August Linux Gazette available. The August 2000 Linux Gazette - issue 56 - is now available.

First two issues of LinuxUser online. LinuxUser, a U.K.-based print magazine, has put its first two issues on the web. All of the articles are available - but they are in PDF format.

lhD Driver Database launched. The Linux Hardware Database has announced the launch of its Linux Device Driver Database, which is claimed to have entries for more than 800 drivers.

Archive of Netcraft surveys. The beginnings of an archive of older Netcraft surveys has been made available, in response to requests from LWN.net. Many thanks to Matt Hunt!


Reports from the Linux Beer Hike. The 2000 version of the Linux Beer Hike is now underway in Coniston, England. Reports and pictures from the event are now being posted for the benefit of those who couldn't go. "Power was the first bete-noir. The hall is a little short of the requirements of most systems rooms and a hall-full of Sun CRTs was a little too demanding. ....so we all ran fsck for while..."

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net.

User Group News

Emilia Romagna Linux User Group. ErLUG has organized an Italian LUG community meeting at the University of Bologna, Italy, on October 29th and 30th.

August 3, 2000



Software Announcements

Due to an unexpected glitch, our weekly software announcements are not available this week. They will return next week.

Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news
 Back page

See also: last week's Back page page.

Linux Links of the Week

Much of what David Gelernter writes is interesting, and The Second Coming: A Manifesto is no exception. It's his vision of how computing will evolve in the near future. Worth a read.

Those who are into high-end sound applications on Linux may want to have a look at LinuxDJ.com. This rather utilitarian site is the home for a number of audio development projects and documents.

Section Editor: Jon Corbet

August 3, 2000



This week in history

Two years ago (August 6, 1998 LWN): LWN commented on the relative lack of FUD (fear, uncertainty, and doubt) attacks against Linux, and predicted that there would be more such in the future. Microsoft has obliged a couple of times, but, in general, there have been remarkably few FUD attacks on Linux. This week's front page, however, shows that they are not completely absent.

Eric Raymond celebrated the first six months of the "open source" term.

Because if we truly desire world domination, we've got to get our LSD into the corporate elite's conceptual water supply and alter the beast's consciousness. That means we need to co-opt the media that shape decision-making at the highest corporate levels of the Fortune 500.

The development kernel was 2.1.114; work continued on the 2.0.36 stable release. Much energy went into a vast flamewar over whether the devfs patch should go into the 2.2 kernel; in the end it didn't happen, but it will be there in 2.4. The beer-drinking penguin logo was removed from the development series.

One year ago (August 5, 1999 LWN): SGI jumped into Linux with both feet, announcing a new Linux-based server system. The company also let it slip that Irix would not be ported to the Intel architecture.

Eric Raymond addresses the question of whether free software can be original:

But there is a more fundamental error in the implicit assumption that the cathedral model (or the bazaar model, or any other kind of management structure) can somehow make innovation happen reliably. This is nonsense. Gangs don't have breakthrough insights -- even volunteer groups of bazaar anarchists are usually incapable of genuine originality, let alone corporate committees of people with a survival stake in some status quo ante. Insight comes from individuals.

The development kernel release was 2.3.12. Linus Torvalds announced that the 2.3 kernel would go into feature freeze "in about two weeks." Here we are, a year later... The stable kernel release remained 2.2.10.

A Linux Lament in Salon complained about problems with the Red Hat community stock offering:

We coders had been abruptly disenfranchised, after having had silver carrots waved in front of our noses. I'd opened my first money-market account just now, in order to take part in the commercial future of something I believed in -- and the door had been slammed in my face.



Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 27 Jul 2000 23:35:42 -0400
From: Patrick Callahan <pac1@tiac.net>
To: lwn@lwn.net, "basiclinux@topica.com" <basiclinux@topica.com>
Subject: LWN - So what happens when Linux really explodes

>So what happens when Linux really explodes, as seems (to some)
>inevitable? Just how weird is it going to get? Will we look back with
>nostalgia to 1994, when nobody knew what we were talking about? Will we
>want our old Linux back? For now this is still our revolution,  and we
>can maybe shape its future. Before long, that may no longer be true. 

I've jumped on the Linux bandwagon recently.  August 1999.  I think
things have changed radically since then.  When I first started, it was
not unusual to get a well reasoned response to a request for specific
information in a linux help chat room on irc.  Maybe lately I've been
hanging out too much on the wrong sort of channels but it seems that the
overall tone of the irc experince for geeks like me is changing
somewhat.  Has anyone else noticed this?

There seem to be many more seekers of information than givers.  There
seem to be more questions from people who haven't read the fine manual,
don't know where the manual is, and don't care... yet....  As always,
there's interesting and interested people to chat with, but the noise is
getting louder...

I wonder if the Linux Cognecenti are overwhelmed by the increasing
numbers of people arriving at linux.  Have they stopped responding to
newcomers, just because there's so many of them.  Or maybe they're just
responding to questions that interest them.  How do people who have been
here since the early days feel about people like me who are late to the

Some responses in some forums lately seem quite harsh or irritated,
almost as if the information givers are getting fed up repeating
themselves to each newcomer who arrives on the scene.  

Other places are a delight to be in.  The Basic Linux Training Mailing
list is terrific.  I think its because most of its members are
newcomers, committed before they join the list, to actually working at
learning linux .  This may not be the case in other forums.

-Pat Callahan
Date: Fri, 28 Jul 2000 11:36:01 -0400 (EDT)
From: Elliot Lee <sopwith@redhat.com>
To: "Aaron J. Seigo" <aseigo@mountlinux.com>
Subject: Your LWN post

Just wanted to correct a small technical point:

> I point to Icaza's own project Gnome as an example that he is (to
> quoth him) "smoking crack" when spouting these arguments. Gnome sets
> policy, and in the right place, too: on the application level.

That is incorrect - all desktop-generic policy is set in gnome-libs and
the other Gnome libraries, not in the applications themselves. gnome-libs
and related pieces would generally be accepted as part of the operating
environment, rather than part of the application.

And an opinion:

> Well, look at BeOS/Mac/Windows. They each enforce policies on
> programmers and users at the system level, but because of that they
> are each cordonned off into their own space of the computing arena.
> Unix is a substrate that strives to be flexible enough for _any_
> policy.

You may be ignoring a few things:
	. BeOS/Mac/Windows are intended primarily to meet the end-user's
	needs n the desktop, which is why they have to set policy.
	. The unavailability of a widely used group of UNIX libraries that
	set user policy is a large reason for the failure of UNIX on the
	desktop so far.
	. Gnome's goal (and I believe the goal of all the desktop
	projects) is to make UNIX viable as an end-user desktop
	platform, which *requires* setting policy across apps.
	. For what it's worth, it is possible to define an aweful lot
	more policy on BeOS/Mac/Windows than your post would imply -
	you are making a lot of assumptions based on having used them
	rather than any real facts. (Not that they aren't sometimes
	a pain to use :)

I think a main point of confusion lies in the fact that you see "the
system should set policy" and start to incorrectly think that the kernel
will suddenly start to know about my mouse settings or root window
background. This is not what is being advocated. I think you are also
confusing "setting policy" (which is a good thing) with "the system is not
transparent or flexible". The latter is the case with BeOS/Mac/Windows, is
a reason I like UNIX so much, and has nothing to do with policy being set.
It is entirely practical to both set policy _and_ be transparent/flexible.

If you wish to argue that ever setting any policy on an inter-application
basis is evil, that is most likely because your goal could to continue
using the same old (and definitely fun from a hacker's perspective! :)
UNIX that has been around for ages, rather than bring UNIX to the desktop
and other new frontiers, as Miguel's goal is. If you choose to argue this,
that is fine - you may not agree with this goal and the changes it
requires, but recognize & respect the reasons for which the opinion was

Not a Miguel fanboy, but annoyed at random rants,
-- Elliot
The best way to accelerate a Macintosh is at 9.8 meters per second per second.

Date: Wed, 02 Aug 2000 17:02:49 -0400
From: "George B. Moody" <george@mit.edu>
To: letters@lwn.net
Subject: Fred Moody's story, "Linux Sux Redux"

The story indicates that the numbers of vulnerabilities reported on BugTraq
for "Red Hat and the other Linuxes" were 122 in 1999 and 47 so far this
year, and notes that Windows NT's counts of 99 and 37 are significantly
lower.  The error is that the numbers for Linux *include* those for Red
Hat, so that adding the Red Hat numbers to those for Linux results in
counting the Red Hat vulnerabilities twice.  In fact, the correct numbers
for all versions of Linux put together are 84 for 1999 and 30 for 2000, and
for Red Hat they are 38 for 1999 and 17 for 2000.  In round numbers, the
numbers of vulnerabilities in Windows NT are about three times as high as
those for Red Hat.

Fred says, "If you look this list over, and measure each system's number of
vulnerabilities against the number of its customers, Linux is arguably the
worst operating-system product in history, and Microsoft's the best."  A
more bizarre way to assess quality would be hard to imagine.  If I
understand him correctly, Fred is suggesting that quality is proportional
to market share, and that having more customers in some way can overcome
having more bugs.  This is no more true of software than it is of food.
The greasy spoon in the mall may attract more visitors despite high prices
and poor sanitation, but those who are lucky enough to enjoy a friend's
home cooking are not only getting a free lunch but a better one, and they
get to inspect the ingredients if they care to do so.  Those who are so
thoroughly in the grip of the belief that what costs more must be better,
and that anything free is therefore worthless, might spend their money on a
nice bunch of flowers for the cook; or they can throw a brick through their
friend's window and go eat the best mystery meat in town at the greasy
spoon with Fred.

"As Linux zealots are beginning to find out, it's a lot easier to
masquerade as a better product than it is to go out and be one."  Earth to
Fred: Get a clue!  We Linux zealots(TM) know that marketing can make people
believe that expensive and shoddy products are better than superior free
alternatives, and guess what?  Anyone who has ever paid too much for
something just because it comes in a shiny box knows it, too.

-- George Moody (no relation to Fred, as far as I know)
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds