Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

• There is no right to reverse engineering in this case, because the defendant (2600 Magazine) did not actually write the DeCSS code.

• Free speech protections do not apply because code has a "functional" component which the law, according to the court, has a right to regulate. This finding would seem to imply that an English verson of the DeCSS algorithm would be protected - as long as it does not compile and run.

• None of the fair use defenses were accepted either. The purpose of building a Linux DVD player was discounted because DeCSS can also run on Windows.

• Linking to a site which offers DeCSS was considered to be the same as providing it directly.

This case is far from over, of course; now it moves into the appeals stage. It could be a long time before any sort of final resolution is reached.

This verdict is a chilling one for users of free software (and those who value freedom in general). Our ability to write software to meet our needs has been significantly restricted - at least, in the United States. This sort of ruling is a direct threat to our ability to use free software in the future. There is no doubt about the free software community's ability to to develop the software it needs. But if that development becomes a crime, then free software is in trouble.

As an example of where things could go, consider the recent reports in the media that the plaintiffs in the Napster case are likely to seek damages against not only Napster the company, but also directly against its investors and the programmers that wrote the system. Here we have gone beyond attempts to suppress the Napster service; this is an attempt to penalize those who write code.

Napster is a proprietary system. But if Napster's programmers can be hauled into court for the crime of coding, the same can happen with those who write free software. It is sufficient, evidently, to show that the software in question can be used for copyright infringement. The Free Software Foundation, source of the GNU "cp" command, had better watch its back. And we all need to be concerned.

How to respond to attacks on Linux. Linux has been blessed, in recent times, by a relative scarcity of FUD ("Fear, Uncertainty, and Doubt") attacks. But they seem to be on the rise again; perhaps the critics have grown tired of sneering at stock prices and have turned their attention back to the technology itself. As always, some of the criticisms make more sense than others.

The classic example of the week, of course, is ABC columnist Fred Moody's latest, which not only tries to trash Linux, but descends to the level of personal attacks on Linux users as well. We'll not dignify the text with a quote here; suffice to say that the article would be considered a low-level troll in any Usenet group or Slashdot comment. (The article may have moved by the time you read this; if so, it will be findable via the archive page).

LWN hasn't sermonized on response to FUD for a little while, so maybe it's time. Mr. Moody has most certainly received no end of critical email, some of which will be even sillier and more childish than his own writings. Such mail just becomes another weapon in the hands of those who would bash Linux - Mr. Moody uses his to accuse Linux developers of being "not great thinkers." Yes, he knows that it's not the developers who are sending that mail; that's not the point.

Linux is winning. Free software is better. We do not in any way need to resort to low-level attacks as a defense against FUD. The free software community is much better served by calm, dignified, and factual responses to these sorts of attacks. Please, before answering any sort of critical press, take the time and effort to do so in a way that reflects well on Linux. Please don't feed the trolls.

For more suggestions on how to respond to attacks, we strongly recommend taking a look at the Linux Advocacy HOWTO.

The GNOME vs. KDE thing. It has been a little while since we have had a good GNOME and KDE fight, so it shouldn't be surprising to see one turn up now. These battles have grown somewhat tiresome over the years. But this one is just a little different, and it's worth looking at what is going on.

The interesting thing is that the developers of both systems don't seem to be all that involved. No GNOME developer used the project's time in the spotlight last week to attack KDE. The KDE camp, perhaps feeling ambushed, has been a little more vocal; but they seem to be much more concerned with the upcoming 2.0 release.

To the extent that there has been shooting between the camps, it has been at a relatively interesting level. For example, the two projects have taken very different approaches to building component-oriented systems; GNOME has chosen CORBA, which has standards and network transparency behind it, but is also a heavyweight and complex solution. KDE has taken the "light and easy" approach with KParts. It will be most interesting to see which choice looks better in a year or two. Meanwhile, there should be a technical conversation on the merits of each approach.

So why, then, are we seeing articles in the press referring to the "war"? There seems to be a certain interest in fanning the flames here. See this week's Linux in the News page for some examples. Just like in the wider world, it's easier to write an article if there's some big battle to talk about.

Let's not go along with that. There is no "war" here. There are two competing implementations of a Linux desktop. The Linux community is richer for having both of them. The two embody different approaches to usability, different technical choices, and different organizational choices as well. Nobody knows what is the best way to do a Linux desktop - if, indeed, there is a single best way. The two projects are experiments which have a lot to teach us. Both are good things, neither is going away anytime soon, and there is no point in talking about "war."

Inside this week's Linux Weekly News:

• Security: Finally, Netscape fixes for Brown Orifice, plus Helix advisories, and more.
• Kernel: vger.rutgers.edu reborn as vger.kernel.org; Linus and the "curse of the gifted."
• Distributions: A new development tree for Debian, new distributions Repairlix and Fd Linux.
• Development: Database benchmarks, new KDE, new Gimp.
• Commerce: Transmeta IPO; financial results from VA Linux and Caldera; KDE wins award.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

News and Editorials

Helix GNOME advisories. Two advisories came out this week for security problems in Helix GNOME packages, including:

• Helix GNOME Update, a /tmp file vulnerability.
• Helix GNOME Installer, multiple locally exploitable vulnerabilities.

It is interesting to notice these problems, particularly since security is one area in which the GNOME project, and Helix, have not taken as active a stance as some could wish. For example, when asked about security issues at the recent press conference for the announcement of the GNOME Foundation, Miguel de Icaza's response was that people concerned about security should join the GNOME team and do something about it. This is an example of expecting to go back and "fix" a product to make it secure, rather than designing security into a product from the beginning.

In addition, the latitude given an average Open Source project to allow it to develop according to the interests of the developers who happen to choose to get involved is much wider than the latitude given to the product of a commercial company. Helix GNOME is a hybrid of both; it is available via the GPL, but also a key product of a new commercial company. It is important that Helix realize the difference in their position, now that they are no longer just donating their time to a worthy cause.

Last, with the addition of Helix GNOME Update and Installer, the developers have moved from the GNOME application space, where security is often considered less critical, to the arena of systems administration, where security is extremely important, if not paramount. That needs to signal a change in focus to the Helix developers. A security design review would be an excellent idea; pro-active auditing of their code (and the GNOME code) for security problems is even more essential. Otherwise, we may be dealing with security advisories for Helix GNOME on a regular basis.

Note that neither of the advisories above will apply to GNOME as shipped with most Linux distributions. They will only apply if you have downloaded and installed Helix GNOME.

The World's Most Secure Operating System (The Standard). Of course, Helix GNOME and the GNOME project should not be singled out as the only Open Source projects that need to rethink their approaches to security. The Standard took a look at OpenBSD and, in particular, Theo de Raadt, in this article. They found much to admire and many reasons why Open Source projects in general should consider following their example. "OpenBSD's proactive approach is unique among open-source systems, which normally rely on user reports and public forums to find vulnerabilities. The Linux security philosophy, for example, can be summed up as 'more eyes means better security' - that is, since the source code is open to peer review, bugs will be quickly spotted and patched.

De Raadt scoffs at that credo. Most reviewers of open-source code, he says, are amateurs."

Security Checkup (eWeek). Want to know what it would be like to have a security audit done for your company or organization? This eWeek article details the experience of a bank that recently did so. "...the increasing popularity of security audits is a manifestation of a growing trend among all enterprises to view security as far more than just something techies can fix with some network software".

CERT advisory on rpc.statd vulnerability. CERT has issued an advisory regarding the rpc.statd vulnerability first announced in July. The usual drill with CERT applies - if they have actually put out an advisory, that means the hole is being actively exploited. If you have not yet applied the update, you should have a look and think about doing so.

This week's prize for "Clueless Media Report" goes to Henry Kingman, who picked up the CERT advisory and therefore reported a "new Linux NFS vulnerability" in this article, in spite of the fact that the Debian and Red Hat advisories that he linked into his article are both from July.

Security Reports

xlockmore. A bug in xlockmore and a patch for the problem was posted to BugTraq this week. Check BugTraq ID 1585 for more details. This vulnerability may be exploited to execute arbitrary code with root privileges on some systems. On others, including the latest Debian release, such a root exploit is not possible, but access to encrypted passwords from /etc/shadow is. An update to xlockmore 4.17.1 is recommended.

• Conectiva
• Debian

GNOME-lokkit. Alan Cox reported a bug in the GNOME-Lokkit firewall package which could result in exposed network ports contrary to the user's request. An update to GNOME-Lokkit 0.41 should fix this problem.

ntop. A new problem in ntop 1.3.1 has been reported when run in web mode (-w). FreeBSD has put out updated packages that disable the -w mode, but reports other potential problems with the package. Personal suggestion: consider not using ntop. If that is not an option, read the FreeBSD advisory for other suggested workarounds.

• FreeBSD

Multiple buffer overflows in top. Ben Lull reported multiple buffer overflows in the procps top included with Slackware Linux. An unofficial patch is included with the post. No confirmation from the Slackware team has been seen, as of yet.

xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.

• Red Hat

PHP-Nuke. The PHP-Nuke web portal is reported to erroneously allow access to administrator privileges. This has been fixed as of the latest version.

gopherd. A buffer overflow in the University of Minnesota's Gopher Daemon can be exploited to gain root access. No fix for this has been made available so far. Check BugTraq ID 1591 for more details.

darxite. Guido Bakker reported a vulnerability in the darxite daemon, a program written by Ashley Montanaro and used to retrieve files via FTP or HTTP. This bug can be used to execute arbitrary code under the login of the process running darxite. Check BugTraq ID 1598 for more details.

Jukka Lahtinen minicom. An installation-dependent vulnerability has been reported in minicom on Red Hat 6.1 and 6.2 and Slackware 7.0. SuSE and Linux-Mandrake are reported not vulnerable. FreeBSD has been both reported vulnerable and not vulnerable; no final information is yet available. This bug will allow the creation of files with ownership uucp. Vulnerable systems running uucp can have system configuration files overwritten.

Originally reported by Michal Zalewski, more information can be found via BugTraq ID 1599.

CGI scripts. The following CGI scripts were reported to contain vulnerabilities:

• htgrep can be used to view arbitrary files on the system using an explicit path.
• Netauth web-based email, older versions could be used to read arbitrary files on the system. Downloading the current version is reported to fix this problem.
• Account Manager from the CGI Script Center also can be exploited to gain administrator privileges. Patches are available and the latest version for download has been fixed.
• Subscribe Me, also from CGI Script Center, contains a similar vulnerability. Patches and a fixed version are also available on the CGI Script Center website.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• RapidStream VPN Appliances, a default account with no password is available via sshd in the Rapidstream 2.1 Beta box product only.
• BEA's Weblogix Proxy, a plug-in for Netscape Enterprise Server, IIS and Apache, contains multiple exploitable buffer overflows. An upgraded version has been made available.

Updates

Another Zope update. It turns out that the fix for the Zope "mutable object" security hole (discussed in last week's LWN weekly edition) did not entirely solve the problem. Thus, a new update has been posted. Zope sites which let untrusted users edit DTML should apply the new patch.

• Red Hat (Zope is part of the PowerTools product).
• Debian
• Conectiva

Netscape 'Brown Orifice' vulnerability.Check the August 10th Security Summary for information on the Brown Orifice vulnerability. Two weeks later, fixed versions of netscape have finally become available.

• Conectiva
• Red Hat
• Linux-Mandrake
• Caldera
• SuSE

dhcp. A second set of problems with the ISC dhcp client was reported in the July 20th Security Summary.

• FreeBSD

• ISC (July 27th)
• Linux-Mandrake (July 27th)
• Debian (August 3rd)

cvsweb. Versions of cvsweb prior to 1.86 may allow remote reading/writing of arbitrary files as the cvsweb user. Check the July 20th Security Summary for the original report from Joey Hess. The FreeBSD advisory also contains a good summary of the problem.

• FreeBSD

• Linux-Mandrake (July 20th)
• Debian (July 20th)
• TurboLinux (August 3rd)

proftpd format string vulnerability. FreeBSD has released new advisory with information on upgrading proftpd to fix the ftp setproctitle() format string vulnerability discussed in the July 13th Security Summary.

Resources

Feature: Securing Linux-Mandrake (Rootprompt). Rootprompt has written up a description of recommended steps to take to secure a Linux-Mandrake system. "If you are going to be allowing POP or IMAP connections to your host, install stunnel. stunnel is a program that can take any connection on a port and turn it into an encrypted SSL connection."

Events

August/September security events.

Date	Event	Location
August 20-24, 2000.	Crypto 2000	Santa Barbara, California, USA
August 22-23, 2000.	WebSec 2000	San Francisco, California, USA
September 1-3, 2000.	ToorCon Computer Security Expo	San Diego, California, USA.
September 11-14, 2000.	InfowarCon 2000	Washington, DC, USA.
September 13-14, 2000.	The Biometric Consortium 2000	Gaithersburg, MD, USA.
September 19-21, 2000.	New Security Paradigms Workshop 2000	Cork, Ireland.
September 26-28, 2000.	CERT Conference 2000	Omaha, Nebraska, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
Linux Security Audit Project
LinuxSecurity.com
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.16. The latest 2.2.17 prepatch is 2.2.17pre19. This prepatch was put out on August 18 as the final one, but the official stable release has yet to happen as of this writing.

vger.rutgers.edu is no more. As was reported last week, the system which has handled linux-kernel and many other mailing lists for years suffered a disk disaster and went off the net. David Miller had been planning to move the lists anyway (the folks at Rutgers were getting tired of them), so this failure was the obvious opportunity to finish the job.

The lists made a brief stop at vger.redhat.com, but not everybody was happy with the use of a vendor-specific domain. So the lists moved again - at least virtually - to their permanent home at vger.kernel.org. Some effort went into scrubbing every mention of Red Hat from the list headers. So, to all appearances, linux-kernel is redhat-clean, but Red Hat is still hosting the list - and doing the community a favor in the process.

If you were on any of the old vger lists, you should have gotten the note saying that you have to resubscribe to the new version. All of the lists are controlled by majordomo, so the usual subscription drill applies.

Driver locations, code sharing and the 'curse of the gifted'. This week's linux-kernel fight started out as part of an ongoing effort to reorganize the device driver tree. This reorganization has created some new directories such as "media" for things like video drivers and "input" for joysticks and such. Many drivers have found new homes in this process, but Linus drew the line at a patch that moved many of the USB drivers into the "input" directory.

Most Linux users, most likely, are not concerned with the details of the organization of the Linux kernel source tree. But the conversation took a more interesting turn when one person defended the change by saying that it would help to promote sharing of code between drivers. Linus answered back with a statement that code sharing is not all it has been cracked up to be, and that often it's better to just make a copy of something useful and modify it as needed.

Unsurprisingly, quite a few people disagree with this assessment. But it's worth considering his point of view for a moment. Linus is essentially saying that overzealous attempts to share code lead to modules that have been stretched beyond what they can comfortably handle. The result is a great many special cases, situations that maintainers can not test, and bugs. Rather than deal with all that, why not just make a copy that is able to properly handle a specific situation?

For what it's worth, Linus's comments are very general, but his examples all have to do with device drivers that try to support too wide a variety of hardware. There certainly are situations in that area where splitting code apart makes sense, especially when support of old, "legacy" hardware can be left behind in a relatively static driver. But the comments on code sharing in general have caused some concern among members of the linux-kernel list.

In particular, Eric Raymond joined in with an interesting letter accusing Linus of suffering from the "curse of the gifted." In Eric's view, Linus resembles the talented high school student who need not study to do well, and, as a result, never learns how. Linus's programming talents are such that he has never had to adopt the tools and techniques that most programmers rely on: things like source code management systems, bug tracking and regression testing systems, and, yes, code sharing.

The talented high school student in Eric's example falls apart at the University because the necessary study skills have never been developed. Eric fears that something similar could happen when the complexity of the Linux kernel reaches a point that it outstrips even Linus's talents. Will he, at that point, be able to fall back on the software engineering techniques that so many others depend on? If you accept Eric's "curse of the gifted" argument, it is an issue worth pondering.

Other patches and updates released this week include:

• Thomas Graichen has announced a new version of the Linux Kernel Source Reference, a web site that facilitates digging through any version of the kernel source and getting diffs between arbitrary versions.

• Jon Westgate has released a patch for the emu10k1 (SB Live) driver which enables input from the front panel S/PDIF port. It also allows direct recording from both the external S/PDIF and internal CD digital inputs.

• Yuri Pudgorodsky announced the availability of the "Virtual Environment System" (VE) for Linux. VE allows an administrator to set up multiple, independent application environments on a single system, with the idea of increasing system security.

• IBM has announced the release of a new debugging facility called "Dynamic Probes." It allows the placement of breakpoints anywhere in user and system space, making it well suited to kernel debugging. The package's web site seems to indicate that the patch only works for the 2.2 kernel, however.

• A patch to allow kernel profiling on PowerPC systems was released by Graham Stoney.

• Keith Owens has released version 2.3.15 of the modutils package.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Distributions

News and Editorials

New Debian development tree: testing. Currently, the Debian development is generally split into two trees: stable and unstable. Debian 2.2, now that it has been released, has become the new "stable" tree. It will be maintained, bugfixes and security fixes released against it and probably point releases will be issued against it every six months or so. The new unstable tree began as soon as Debian 2.2 was frozen for testing. Given how long Debian 2.2 stayed in freeze, the new unstable tree ("woody") has been underway for many months.

Anthony Towns has started a new tree (called a "distribution" in Debian circles, but given the use of that term in this summary, we are avoiding it) called "testing". Testing will lag behind the unstable tree by a couple of weeks and will avoid integrating packages introduced into unstable that then rapidly log bug reports against them. The goal is to produce a development tree that is more up-to-date than stable, but relatively bug-free compared to unstable. This tree would then be the one frozen and released as stable, allowing a shorter time cycle between major releases.

One disadvantage to the new testing tree will be yet another place where bugfixes have to be introduced. Currently, when Debian releases a security advisory, they generally provide updates for both the stable and unstable tree, for each architecture. Now they'll have to release updates against three trees, stable, testing and unstable, an approximately 50% increase (sometimes the updates for either "stable" or "unstable" will be the same as those needed for "testing").

Nonetheless, the idea has merit. Debian has been struggling for a couple of years now, debating ideas for speeding up their release cycles without sacrificing their commitment to quality. It will be interesting to see if the "testing" tree offers at least a partial solution.

Five new products hit the Linux arena (CNN). CNN looks at a few interesting announcements from LinuxWorld. "On the front of new distributions is Kondara MNU/Linux from Digital Factory USA Kondara's innovation enables you to use multiple languages at the same time without requiring a reboot to switch your Linux OS to a different language version."

Reviews

DistributionWatch Review: Debian GNU/Linux 2.2 (LinuxPlanet). LinuxPlanet reviews Debian 2.2. "Pretty anticlimactic stuff, when it comes down to it, and therein lies one of the strengths of Debian GNU/Linux. The project moves forward at a seemingly ponderous pace, but a little time spent reading through the myriad developer and user lists reveals a disarmingly feverish quest for perfection."

Review: Corel Linux Second Edition (LinuxISO). LinuxISO.org has put up a review of Corel Linux Second Edition. "The most outstanding feature in this distribution, and in line with Corel's stated ease-of-use goals, is the HTML-based Help system. Both context-sensitive and system-wide help are readily available, with Index and Search functions included in the main Help program."

New Distributions

PocketLinux. We mentioned PocketLinux on last week's Front Page as one of the spiffier announcements from the LinuxWorld conference. PocketLinux is an embedded Linux distribution for handhelds, currently supporting the VTech Helio and the Compaq IPaq.

For more detailed information, you may wish to check out this PocketLinux introduction from Jim Pick. For the adventurous, it appears they may have some VTech Helios available for new developers.

Repairlix. Weighing in at 12MB in size, Repairlix is designed for installation on a business-card-size CD for use as a system recovery tool.

Fd Linux. A new mini-distribution, Fd Linux, has come to light. It uses two floppies and provides a Linux system with networking, logging and firewall capabilities.

General Purpose Distributions

Debian Weekly News for August 22. The Debian Weekly News for August 22 is out. It covers how the 2.2 release is going, the new "testing" distribution, and more.

If you want to download an ISO of Debian 2.2, be sure to pick up version 2.2rev0a, since some of the initial ISOs had problems (particularly Sparc and Alpha ISOs).

A tale of two Linux Expos (ITWorld). ITWorld's George Lawton dwelled on Debian quite a bit in this article on the highlights of LinuxWorld. "Much attention has been paid to the commercialization of Linux, but the spirit of open source that drives Linux may be best seen in efforts like the Debian development group, which is something of a labor of love for the programmers involved."

It also provided a nice, concise list of the highlights of the Debian 2.2 release. "Version 2.2's adherents say it is more scalable and robust than previous versions, and supports the ability to update the underlying OS or applications without rebooting the machine. It runs on major hardware platforms, including Pentium, PowerPC, Sparc, Alpha, and even old 68000-based machines like the Amiga and Atari. Debian 2.2 also supports multiple languages, including Japanese, German, and French; support for Chinese is nearing completion. It supports authentication and LDAP, and is said to include better support for the new Linux File Hierarchy Standard."

Debian GNU/Hurd. The Debian Kernel Cousin Hurd from August 16th provides the latest information from the development of this non-Linux free software operating system.

LinuxPPC employees go to jail for good cause. LinuxPPC has put out this press release on a fundraising effort by employees Jeff Carr and Mariam Darvish for the battle against neuromuscular disease; it involves "going to jail" (in a motel room) until the fundraising goals are met.

Slackware Linux Essentials. You can now check out Slackware Linux Essentials: The Official Guide to Slackware Linux on-line. The print version of it is also available, either by itself or as part of the retail boxed set.

Embedded Distributions

Blue Cat Linux. LynuxWorks has announced the release of BlueCat Linux 3.0. In a separate announcement, the company states that BlueCat Linux now supports the Hitachi SuperH processor; and there's even one more on the new support for the ARM architecture.

PeeWeeLinux 0.50 released. From LinuxDevices.com we get the news that PeeWeeLinux 0.50 has been released. This is the first stable release of PeeWeeLinux, which is a distribution aimed at embedded applications.

Special Purpose Distributions

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

News and Editorials

We should go the extra mile and provide easy installation; it may be the difference between code going somewhere or languishing in the dust. A lot of effort may go into the writing of software; a small amount of the developers' time should also go into streamlining the installation process. Here are some basic suggestions that would help.

First, installation should be easy for novices and experts alike. Many installations require a well-seasoned software developer to deal with tricky compiler problems and dependencies. Often, such a person just isn't available. Build your installation for the average person, not for the expert.

Second, consider dependencies. It is common and desirable for packages to utilize code and capabilities already available in an existing package. When one program depends on another, though, an update to one package can break a package that depends upon it. Often older versions of dependency code get aged off of the distribution sites. If practical, it is a good idea to make a working version of the dependency code available for download with the dependent code.

Third, test on multiple distributions. Developers should build their code to work on a generic Linux system, possibly with the use of the Linux Development Platform Specification. Testing should preferably be done on several different distributions.

Software package systems such as RPM and dpkg are one very good solution to many of the problems mentioned above. Package maintainers would do well to distribute their code in one or more of these package formats, and keep the packaged versions up to date. Open source systems will move forward faster if the component pieces are more available to "regular folks". Let's make it easier to use!

Browsers

Mozilla Status Update. The latest Mozilla Status Update is out. News includes bug fixes and improvements to the LDAP code.

XUL Reference Available. Zvon.org has made an XUL Reference available for downloading. The reference can be read online with Mozilla M17.

Databases

PostgreSQL benchmarks. Great Bridge has run benchmark tests on several databases including PostgreSQL and MySQL. Also see these related articles on the benchmark results.

Education

Linux for Kids. The Linux for Kids page is now managing its mailing lists on Source Forge. There are 3 lists: translation, general, and devel.

Electronics

Icarus Verilog compiler 20000819 snapshot. A new snapshot of the Icarus Verilog compiler has been released. Verilog is an electronic simulation and synthesis tool.

Interoperability

Wine release 20000821. The August 21, 2000 release of Wine has been announced. Improvements include bug fixes, DocBook SGML documentation, thread-safe GDI, and improved DBCS support.

Timpanogas Research Group announces open source NetWare compatible system. The Timpanogas Research Group has announced a project to create an open source, NetWare-compatible operating system in 2001. TRG has already been supporting a free NetWare filesystem for Linux; the kernel for the new system is available as well. They are pulling in a lot of Linux kernel code to fill in much of the needed capabilities. Of course, they would like to hear from anybody who wants to contribute.

Network Management

OpenNMS update for August 22. Here is the OpenNMS update for August 22, covering the "Boulevard of Broken Arms" and other events in OpenNMS development.

Firestarter 0.4.1 announced. Firestarter 0.4.1 has been announced. Firestarter is a GNOME based gui tool for creation of a firewall system.

Office Applications

AbiWord Weekly News for August 17. The AbiWord Weekly News for August 17 (which actually covers two weeks) is out. New features include an improved PalmDoc exporter, completion of the Zoom dialog, and an improved lists dialog.

GIMP 1.1.25 Available. A new developer's version of the Gimp has been released. See the Change Log for a list of the changes.

Review: Nautilus 0.1. Eric Kidd has posted a review of Nautilus 0.1 on the UserLand Discussion site. "Guess what: The folks at Eazel haven't lost any of their old magic. Nautilus is slick, slick enough to make Michael Dell start wondering about Linux on the desktop." Here is where you can download Nautilus preview release 1 to try it out for yourself.

Eye of Gnome 0.4 is released (Gnome.org). Eye of Gnome, an "insanely cool image viewer" has been released. You can download the code from this location.

On the Desktop

KDE 2.0 beta 4 released. KDE 1.93, also known as "Kooldown," is the fourth beta for KDE 2.0 and has been released. With luck, this will be the last beta before the "early fourth quarter" KDE 2.0 release. Major changes include speed improvements to the HTML rendering widget, integrated support for GTK themes, JavaScript library work, Office 2000 imports, and lots of bug fixes

Simon Hausmann on KDE components. Simon Hausmann writes about some common misconceptions concerning KDE's component technologies.

Evolution 0.4.1 released. Evolution 0.4.1 has been released. Evolution is the GNOME mailer, calendar, and addressbook application.

Science

The Computer History Graphing Project version 0.4. The Computer History Graphing Project has released version 0.4. This project's goal is to graph the progress of computers under a family tree. Thanks to Scott Fenton

Web-site Development

The return of the Midgard Weekly Summary. After a bit of an absence, the Midgard Weekly Summary is back. It contains, as always, the latest in the development of the Midgard application server system.

IBM Open Sources SashXB (Gnome.org). IBM has released another package as open-source under the LGPL license. "SashXB is a technology that allows web developers to access the native GUI". See the SashXB for Linux page for more information.

Section Editor: Forrest Cook

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Programming Languages

C/C++

POSIX threads explained, Part 2 (IBM). In Part 2 of this series, Daniel Robbins explains the use of mutexes to deal with the locking of Posix threads. If you missed it, Part 1 of the article gives a general overview of Posix threads and how to get started coding them.

Perl

AI::NeuralNet::Mesh, version 0.20. Josiah Bryan has announced the first public release of AI::NeuralNet::Mesh. This is an optimized accurate neural network Mesh for Perl.

Python

This week's Python-URL. Here is Dr. Dobb's Python-URL for August 21. As always, check it out for the latest in Python development news.

PyStream - a C++ stream emulation. Andreas Jung has written PyStream, a new Python module that emulates C++ streams in Python.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for August 21. It covers the latest in the Tcl/Tk development world, including the Tcl Wiki page.

TMML - Tcl manual markup language. Joe English has announced TMML, a tool for converting TCL documentation to XML and has proposed its use for conversion of the TCL documentation.

Xlib TCL tutorial. George Peter Staplin announced the availability of a tutorial on using Xlib to draw into a Tcl/Tk window.

Software Development Tools

Software Carpentry reopens testing tool competition. The Software Carpentry Project, which had removed the testing tool objective from its software design competition after the first round, has now reinstated the testing category with a new set of objectives. See the Unit and Regression Testing page for the new rules and requirements. May the best new testing system win.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Transmeta files for IPO. Transmeta has put in its IPO filing. The full S-1 filing is available for those who wish to slog through it. Unfortunately we don't have a summary available yet. Hopefully by next week we'll have one ready for publication. In the meantime here are a few highlights:
The company plans to trade as TMTA; price and such still undetermined. They have managed to lose almost $120 million so far. Revenue in the first half of this year was all of $358,000. Nonetheless, they have over $100 million in the bank.

Linus Torvalds' name appears twice in the filing, as a way of showing the expertise Transmeta employs.

Some more information may be found in this News.com article. "Hypersecretive Transmeta has not released its chips to the public yet or even revealed a complete set of performance benchmarks. As a result, most analysts admit that they have not been able to evaluate the overall performance of the Crusoe family."

VA Linux and Caldera reported financial results. VA Linux Systems has reported its results for its fiscal 2000 year. The company brought in $120 million over the year, a nice increase over 1999's $18 million. The company is still losing money, of course, but less so than before.

Also in the announcement: "VA Linux estimates that SourceForge now hosts over 76 percent of the world's known Open Source software, with 8,000 software projects and over 53,000 registered users."

Caldera Systems has announced its third-quarter results. Revenue for the quarter was $1.2 million, up 9% from the year before. They turned in a net loss of $7.5 million in that time.

KDE Desktop is Show Favorite At Linuxworld Expo. The KDE Project has put out a press release proclaiming its election as "show favorite" in the desktop category. The PR also states that the fourth beta of KDE 2.0 comes out tomorrow.

Itanium News. SuSE has joined VA Linux Systems and Red Hat in announcing the availability of a free Itanium "compile farm" that may be used to port applications. There is also an IA-64 version of SuSE Linux 7.0 which is available for download.

Red Hat has also announced a new service called the "IA-64 JumpStart Program" which is aimed at helping developers get software working on the IA-64 processor. It includes training, support services, and an IA-64 compile farm which can be used to test things out.

Software releases. AbriaSoft has announced the release of its "Abria SQL Standard" product, which is a boxed distribution of MySQL. Apache, PHP, Perl, and some others have been thrown in for good measure, as has the O'Reilly MySQL book. It even comes with technical support. Price is $59.

Sun has announced the availability of a porting kit which can be used to make Linux device drivers work on Solaris (Intel) systems.

NeTraverse has announced the 2.0 release of its "Win4Lin" product, which allows running Windows applications under Linux.

Surveys and Studies. Here's the results (in German) of a study that examined every www.* host in the .de domain, trying to identify what system is running behind each. The result: Linux wins, with 44% of the systems identified. English text is available via babelfish. (Thanks to Lenz Grimmer).

Red Hat has put out a press release publicizing the latest IDC report, which finds that Red Hat had 52% of Linux server shipments worldwide.

Caldera and SCO announce 'Linux and UNIX Marriage'. Caldera and SCO's Server division have put out an announcement on some new initiatives which are presented as "the first steps along the path to a Linux and Unix marriage." These include the "Linux Kernel Personality" for UnixWare which appears to be an enhanced compatibility layer and which also got its own announcement. There is also a new set of service offerings.

Newtella Inc. formed around music sharing network software . A company called Newtella, which somehow plans to make money by supporting the use of Gnutella to share music files, has announced its existence.

Press Releases:

Open Source Products.
Unless specified, license is unverified.

• Sybase has announced its intent to release its "Watcom" C, C++, and Fortran compilers under a (still unspecified) open source license.

• X.Org (MENLO PARK, CA) announced the release of X11R6.5.1, available for download on August 25.

Commercial Products for Linux.

• AbleSolutions Corporation (VANCOUVER, Wash.) announced the release of Linux and Solaris compatible editions of AuctionBuilder 1.0.

• Dialogic, a subsidiary of Intel, announced the availability of its Linux application development kit.

• Digi International (MINNEAPOLIS) announced that Linux drivers are now available for its EtherLite line of network serial concentrators.

• Enhanced Software Technologies, Inc. (MILPITAS, Calif.) announced that its Backup and Restore Utility, BRU 16.0, supports Panasonic's 4.7GB DVD-RAM drive in Linux environments.

• Guardian Digital has announced the availability of its "Linux Lockbox." The Lockbox is an "e-business server" system with an emphasis on high security. Guardian Digital has created a new distribution called "EnGarde" for this purpose; they also bundle AllCommerce from OpenSales.

• Isogon (NEW YORK) announced its support for IBM's pricing policy for the S/390 Integrated Facility for Linux.

• LightWork Design Ltd (SHEFFIELD, UK) announced that its photorealistic rendering product, LightWorks, is now available on the Linux operating system.

• Matrox Graphics Inc. (MONTREAL, CANADA) announced Linux support for its single-slot DualHead cards. The beta Linux XFree86 driver is now available for download from the Matrox website.

• Mentor Graphics Corporation (WILSONVILLE, Ore.) announced the availability and immediate release of the entire IC Station suite of products on the Red Hat Linux platform.

• Oasis Technology (TORONTO, Ontario) announced that it will now offer its ePayment technology on the Linux operating system.

• OpenHardware.net announced availability of design data for a SIMM-sized 10BaseT Ethernet board. The tiny Ethernet interface board is meant to be used with the EZ328SIMM, a SIMM-sized single-board computer that contains a Motorola MC68EZ328 CPU and is supported by the current uClinux embedded Linux distribution.

• Proven Software, Inc. announced the release of a new Inventory and Point of Sale module for Proven CHOICE Accounting, business accounting software for Linux.

• Sanchez Computer Associates Inc. (MALVERN, Pa.) announced the company has completed a port of its PROFILE/Anyware enterprise banking system to Linux.

Products Using Linux.

• Dialtone Internet, Inc. (FT. LAUDERDALE, Fla.), provider of Linux hosting solutions, announced the addition of Cobalt Networks' Intershop Commerce RaQ to its product line.

• Extended Systems (BOISE, Idaho) announced that the Bluetooth Special Interest Group (SIG) has placed Version 1.1 of Linux-based XTNDAccess Blue SDK on the Bluetooth Qualified Product List (BQPL).

Products with Linux Versions.

• Aestiva has a piece about its Aestiva HTML/OS platform.

• Alliance Systems, Inc. (PLANO, Texas) introduced the I-Series 5000 open communications platform.

• American ANKO (SANTA FE SPRINGS, Calif.) announced the availability of a sound-based vibration mouse, AVB's VMouse.

• BiTMICRO NETWORKS (FREMONT, Calif.) introduced the E-Disk ATE25, 4.3 GBytes of flash storage devices in a 2.5-inch form factor.

• Cleanscape Software International (SAN JOSE, Calif.) announced an upgrade to Cleanscape XTC-1750A, a C programming language cross-development environment for embedded systems using the MIL-STD-1750A processor.

• Expertcity.com (SANTA BARBARA, Calif.) announced the launch of Expertcity2.0, which will enable live global support solutions.

• GoAhead Software (BELLEVUE, Wash.) announced its second-generation product, GoAhead SelfReliant, a cross-platform solution.

• ICS Advent (SAN DIEGO) introduced Aviant, a new family of advanced single board computers (SBCs) based on Intel processors and chip sets.

• Micromuse Inc. (SAN FRANCISCO) announced the availability of Netcool/Firewall version 2.0.

• Net Technologies, Inc. (NEW YORK) announced the release of DoTell Interactive version 2.0, a platform for voice-content creation, management, and distribution.

• Phobos Corporation (SALT LAKE CITY) announced shipment of the IN-Boost SSL, a network interface card that completely offloads the burden of Secure Sockets Layer (SSL) encryption/decryption processing from secure web servers.

• Strategic Concepts, Inc. (BENTONVILLE, Ark.) announced that its Strategy5 Transportation Software now interfaces with Inter-Tax.

• talentsoft, Inc. (MINNEAPOLIS) announced that its Web+ and Web+Shop software will be bundled with Compaq's 1U rack mountable Proliant server and the Alpha workgroup server DS10 and DS20e.

• Technauts (CARY, N.C.) announced the availability of its eServer software for Intel's next-generation Communications Appliance Platforms. OEMs can run it pre-packaged with Red Hat Linux or install an operating system of their choice.

• WebManage Technologies, Inc. (CHELMSFORD, Mass.) announced Service Level Reporter software, for Web management.

Java Products.

• Inprise/Borland announced that it will port its Borland JBuilder, Inprise Application Server, VisiBroker for Java and JDataStore for platforms based on the Intel Itanium processor; including the Red Hat Linux 64 bit operating system.

• The NQL Internet division of AlphaServ.com (SANTA ANA, Calif.) unveiled the development roadmap for its Network Query Language, adding Linux support.

Books & Training.

• O'Reilly has announced the release of the third edition of its classic Linux in a Nutshell. It includes a great deal of new material, including discussions of KDE and GNOME, and a section on the Debian package manager.

• SGI has announced a course in building Beowulf clusters. It lasts three days, and appears to cover a wide range of topics from interconnects through to parallel programming. The one scheduled offering at this point is September 11 to 13 in Maryland.

Partnerships.

• AdTools, Inc. (NEW YORK) announced that it is working with SGI to enhance awareness of SGI and Linux in Europe.

• eLinux (TORRANCE, Calif.) and TeamLinux Corporation announced the launch of a joint initiative to provide professional services.

• Enhanced Software Technologies, Inc. (PHOENIX) announced a broad range of bundled backup solutions available exclusively through LinuxMall.com.

• Informix Corporation (MENLO PARK, Calif.) announced that the Informix Dynamic Server.2000 (IDS.2000) database engine running with SuSE Linux on Compaq Computer Corporation Alpha processor is now available for customer shipments.

• LinuxOne Korea will resell Dot Hill Systems Corp.'s SANnet products as part of its line of complete Linux solutions.

• MSC Software, a provider of simulation software, has announced a partnership with HP to start selling Linux cluster systems built with HP workstations.

• Natural MicroSystems (SAN JOSE, Calif.) announced that it has become a member of the LynuxWorks Synergy Partners Program and that LynuxWorks has become an NMS Alliance Partner.

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) announced a strategic agreement with CrosStor (SOUTH PLAINFIELD, N.J.) to port CrosStor NAS and eCos, network-attached storage software, to Red Hat Linux.

• SuSE Linux AG (HANOVER, Germany) and Tech Soft America (ALAMEDA, Calif.) announced an agreement to freely distribute TSA's HOOPS 3D Application Framework (HOOPS/3dAF) with SuSE's Linux Operating System.

Investments and Acquisitions.

• CollabNet has announced the acquisition of Alphanumerica, a web services firm. Alphanumerica has been a participant in the Mozilla project, as well as the sponsor of the first two Mozilla developer meetings.

• Lutrix Technologies has announced the receipt of equity investments from Compaq, NEC, and Deutsche Bank Alex. Brown. Lutris is the developer of the open source Enhydra application server.

• UserFriendly has been acquired by a company called Vast, according to this announcement. The deal was done for about $4.6 million in stock.

Financial Results.

• Hewlett-Packard Company (PALO ALTO, Calif.) reported 15 percent revenue growth in its third fiscal quarter, ended July 31, 2000.

Linux At Work.

• IntraLinux, Inc. (SAN RAMON, Calif.) announced that it has been awarded a Master Services Agreement (MSA) contract with the State of California for systems integration, project management, system design and engineering and project oversight services for information technology.

Other.

• The Linux development community and open source community elected David Sugar as their representative to participate on the International Softswitch Consortium (ISC). Vovida Networks sponsored the open election and has contributed the yearly ISC membership fee, travel and lodging for a member of the Linux development/open source community to participate on the ISC.

• e-smith, inc. (BOSTON) announced that the e-smith Linux server distribution earned the editor's choice award from Australian Personal Computer Magazine.

• Lineo, Inc. (BRISBANE, Australia) announced the establishment of Lineo Australia Pty Ltd in Brisbane. This office is the base for Lineo's Integrated Products Group, formerly operated as Moreton Bay Ventures, a company which Lineo acquired in May.

• Open Source pioneers Michael Tiemann and Miguel de Icaza have made charitable contributions to the Bonobo Protection Fund, a charity administered by the Georgia State University Foundation, Inc., a 501 (c) 3 charity. Other major Open Source figures have also committed to donate to the fund. The bonobo is a rare and endangered primate.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the News

Recommended Reading.

This ZDNet column starts as a LinuxWorld piece, but wanders off into Linux desktops. "Yet it's precisely this perceived importance of interface consistency, continuity and discipline that is AWOL in any of the current Linux desktop efforts. Without it, Linux will not appear on the desktop in any meaningful numbers. It seems that the fervent engineers have neglected to internalize that users actually care about usability."

Upside has posted a summary from LinuxWorld. "Although smaller companies showed up in force, this week's LinuxWorld only reconfirmed the growing suspicion that large-scale companies are the ones truly making a killing off the Linux phenomenon. IBM, a company that now supports Linux on every one of its hardware platforms -- including the wristwatch-sized server prototype it showed off Wednesday -- appears to have assumed kingmaker status in the Linux business community."

Here's another ZDNet article which starts off as a general LinuxWorld piece. "And while Linus said he was relieved not to be writing another keynote the night before the show, RMS and ESR may have felt differently. Why else would they have kept sneaking into the Working Press room and talking a little too loudly with anyone who'd listen? Even ubiquitous Linuxshow emcee Jon 'Maddog' Hall was more seen than heard at this LinuxWorld..." Thereafter, the article becomes a lengthy look at Helix Code and Eazel; worth a read, even if it does say that GNOME 1.0 came out six months ago.

GNOME vs. KDE.

News.com reports on GNOME and KDE. "Owen Taylor, the Red Hat employee responsible for maintaining GTK, said he stays in touch with Qt programmers so the two packages have similar abilities and features such as the ability to drag text from a Gnome program and drop it into a KDE program. However, he added, 'There's no way we can merge the toolkits.'" (Thanks to César A. K. Grossmann).

ZDNet tries to play up the GNOME-vs-KDE thing. "For a war that supposedly isn't, the battle over open-source desktops seems to be getting bloodier. It's GNOME vs. KDE. And even though many open-source backers are loath to admit the existence of a rift within their ranks on any software development front, sides are being taken and two distinct camps are forming."

LinuxPlanet isn't happy about the GNOME Foundation. "To me, the GNOME Foundation is really nothing more than an attempt by large vendors to impose their agendas on the Linux community and stifle both innovation and community involvement. For Sun, this is nothing more than an attempt to push StarOffice on the Linux community by tying it to a single desktop standard; it's also a rather blatant effort to crush K Office before it's released, and that saddens me a great deal, because K Office has the potential to be a killer application rising solely from the Linux community."

ZDNet ponders the GNOME Foundation. "Still, The Gnome Foundation faces tall challenges. History shows that multivendor efforts often fail because managers from member companies can't put aside their differences long enough to beat Microsoft."

This ZDNet column questions the GNOME Foundation's prospects for taking over the desktop. "While a Linux desktop sounds good in theory, the idea faces the same obstacle Linux encountered when trying to gain a foothold in the server room- namely, status quo. IT managers who have begun to run Linux servers in the back room said they will hold off on putting Linux in the front office until it looks like Windows."

O Linux interviews KDE founder Mattias Ettrich. "The key to the success of KDE is the huge amount of code that is shared between applications. We implemented the basic idea of free software - code sharing - to a degree that was never done before. This was possible due to two reasons: a) the choice of an object oriented language and its sane use within the project and b) the concept of open source in general."

Here's an osOpinion piece essentially arguing the "GNOME is superior" point of view. "It's worth noting that had the KDE group gone with CORBA components, it would have been possible to write components that would work in both GNOME and KDE. This would have given developers a very powerful way to write common code for both environments."

If you are tired of the latest GNOME/KDE silliness, you probably do not want to have a look at this LinuxPlanet column, which strives to fan the flames in every way. "Does anyone else see the irony of a project headed by a guy who's in it for the money, backed by companies who are in it for the money, getting the official Glorious October Revolution seal of approval, while a volunteer effort driven by sheer love of the project does not? Yes, there are people from distributions who work on KDE, but they have not set up little companies for themselves to capitalize on it."

Reports From LinuxWorld.

Upside reports from LinuxWorld, with an emphasis on embedded systems. "Virtually invisible on the LinuxWorld floor a year ago, fast-growing companies such as Lineo, MontaVista and LynuxWorks poured their precious pre-IPO dollars into lavish booth displays. It was an eerie sight, considering that many of the same companies had been displaying their wares on card tables only five weeks before at the Embedded Linux Conference."

LinuxDevices.com summarizes LinuxWorld from an embedded systems point of view. "Better than one in ten of the more than 160 exhibitors rolled out new products and services aimed at embedded Linux developers and applications."

TechWeb reveals that Linux businesses are businesses in this LinuxWorld summary. "Major corporations joining the Linux love feast this week managed to quietly support their own agendas while boosting the operating system and its open-source contributors." The article also manages to attribute the stock symbol "SUSEX" to (privately-held) SuSE.

ZDNet talks with Linus Torvalds at LinuxWorld. "Rapid content serving on Linux is probably going to be an option in the next 2.4 release of the kernel, he said. It's also a priority to work Riesser [sic] file journaling into the next release."

News.com covers Ransom Love's LinuxWorld keynote. "But for high-end systems, Caldera will advocate the use of UnixWare, one of SCO's versions of the Unix operating system on which Linux is based. 'Linux currently does not scale to the high-end data center, (but) other operating systems in the industry do,' he said. 'A single operating system kernel cannot scale,' he said."

Here's a ZDNet column that is somewhat critical of open source proponents. "Amidst the pony-tailed, multi-pierced, roller-blading attendees of this week's conference is an underlying air of tolerance. Open source is premised upon the equal participation of any and every hacker, regardless of gender, race, religion or hair-color choice. But if tolerance is the watchword in the open-source world, why is the community so hard on newbies?"

The DukeOfUrl covers day one, day two and day three of LinuxWorld. From day three: "I was fortunate enough to attend the Mandrake party on Tuesday and the VA Linux party on Wednesday. Both were great events at swanky locals. Although everyone was amongst friends, no one bothered to take to the dance floor. It seemed really awkward, as everyone was crowded around the collection of vintage video games. Finally, a few brave souls dare out to the dance floor and broke the ice."

LinuxPower has put up more coverage and pictures from LinuxWorld.

MPAA wins DVD case.

Wired News covers the DVD decision. "A DVD-descrambling program is akin to a virulent Internet epidemic that must be eradicated, a federal judge said Thursday as he agreed with Hollywood that DVDs must be protected from decryption and copying."

The Boston Globe. "Robin Gross of the Electronic Frontier Foundation, an Internet civil liberties group, rejects the idea that DeCSS is an illegal computer program. But she said that even if it is, 2600 has a constitutional right to tell people how to get it."

CNN. "Martin Garbus, a lawyer for Corley, said: 'We understood that this was an issue that has to be resolved by the Supreme Court. The judge's First Amendment analysis is wrong.'"

News.com. "'To the extent that defendants have linked to sites that automatically commence the process of downloading DeCSS upon a user being transferred by defendants' hyperlinks, there can be no serious question,' [Judge] Kaplan wrote. 'Defendants are engaged in the functional equivalent of transferring DeCCS code to the user themselves.'" (Thanks to Toon Moene).

The New York Times (registration required). "Because Judge Kaplan sits on the district court, which is the trial court of the federal system, his decision is not binding on other federal courts and is subject to review by the Court of Appeals for the Second Circuit. But the judge's decision has considerable persuasive force for other courts both because it is the first time the law has been tested and because the Manhattan court is among the more prestigious district courts." (Thanks to Paul Hewitt and John Villalovos).

Corel.

ZDNet's Evan Leibovitch looks at Michael Cowpland's resignation from Corel. "So here we are, with what might have been the unthinkable -- a Corel without Cowpland. At the news conference, Cowpland stated that his resignation was voluntary and had nothing to do with Corel's beleaguered state. I dunno, I just can't see the company sustained for very long. This looks to me like Corel is making the conditions right in anticipation of a sale."

Here's a ZDNet column on Michael Cowpland's departure from Corel. It does not pull any punches. "Corel Chairman and CEO Michael Cowpland finally did something right Tuesday, when he announced his resignation from both posts at the Canadian software developer. Most shareholders would argue the unceremonious departure comes several years too late."

Forbes chimes in on Michael Cowpland's departure from Corel. "Forget about restructuring or retrenching. Burney's job should be to put investors out of their misery and get the company ready for sale."

News.com has run a pronouncement from a Gartner analyst on Corel's future. "More recently, Cowpland and Corel placed a large bet on moving the company's applications to Linux on the desktop. In North America, at least, Linux on the desktop has been a non-starter. This strategy may have received its heaviest blow yesterday, when several large vendors--Compaq Computer, Hewlett-Packard, IBM and Sun Microsystems--announced support for the Gnome Foundation's Linux desktop project. Key parts of this open-source interface are productivity applications that run on top of Unix and Linux. The Gnome Foundation likely has further reduced whatever revenue opportunity Corel had in this area."

Companies.

ZDNet looks at the Ogg Vorbis codec. "In simpler terms, Ogg Vorbis is a new digital audio compression format that is similar to MP3, but costs nothing. It is completely open source, is entirely free of patents, and is supposed to have better audio quality and compression than MP3."

Here's a ZDNet article about IBM's approach to Linux. "IBM's multifaceted moves to Linux go a long way toward opening up the company?s commercial code base. This is a far cry from the IBM of old, which once teamed up with Hewlett-Packard and Digital Equipment Corp. to create the Open Software Foundation (OSF), whose sole purpose was to splinter Unix and protect its members' respective proprietary OSes."

LinuxDevices.com looks at Red Hat's other operating system. "Red Hat's ongoing eCos commitment surfaced yesterday in the form of a joint announcement between Red Hat and CrosStor Software. CrosStor, it seems, is porting its network-attached storage (NAS) software -- which currently depends on Wind River's VxWorks as its underlying RTOS platform -- to Red Hat's eCos."

News.com covers Nokia's plans to release the source to its phone-based browser. "'This doesn't mean it's going to be Mozilla open source. It needs to be better supported than that,' said Paul Chapple, manager of Nokia's U.S. business development team. 'But we've learned that you have to provide the source so the customers can control the destinies of their own products.'"

The New Zealand Herald has put up this article on the production of the Lord of the Rings trilogy. "Wellington-based Weta Digital's ability to process work on the Lord of the Rings movie trilogy has just dramatically improved - with big savings to boot. Weta has bought 16 dual-processor SGI 1200 servers running the Linux operating system." (Thanks to Andrew Simpson).

ZDNet reports on a poll of Java developers on whether Sun should open source the language. "Opinion so far is divided. As of Monday, 28.8 percent of developers voting said there was nothing wrong with Sun's Java licensing, while 26 percent said Java should also be made available under the GPL."

Here's a ZDNet column claiming to advocate an open source strategy for Microsoft. The author is not entirely clear on the concept, however: "I propose a slight alteration to the open-source model. Microsoft, of course, would expose the complete source code for its operating systems. This code could be downloaded by any user and compiled for personal use. However, Microsoft would be the only company allowed to create a distribution of the Windows operating system licensed for business use."

Business.

Upside ponders the future of Linux. "This unlikely method of developing software works amazingly well for a process that seems to resemble nothing so much as a form of voluntary socialism. I have never seen a business model operate this way. Certainly not in a capitalist country like the United States, where Linux is extremely popular and Linux companies are being funded with the faith that we can somehow make money off it. It makes me wonder how well it will stand up to the capitalist winds of change."

Wired News looks at a new Forrester Research report which predicts great gains for open source software. "Forrester analyst Carl D. Howe predicts that Microsoft's business model will clash so severely with the new open-source-fueled development and distribution models that the company's market share will shrink for the first time in its history. And eventually, the report forecasts, MS will become little more than a 'legacy vendor,' offering support for its antiquated products." (Thanks to Lance Jones).

News.com reports on a deal between Dell, OpenSales, and Linuxcare. "Dell will sell a server loaded with OpenSales' e-commerce software, which lets people create and run shopping Web sites, bundled with support from Linuxcare, said Dell account manager Jay Gleason. The product will be unveiled in the fourth quarter and will be called E-Shop-in-a-box."

ComputerWorld put up this article on Unix vendors who are adding Linux binary compatibility layers to their systems. "However, it could also spell danger for the very vendors that are offering the support, facilitating a wholesale migration away from their proprietary Unix versions toward Linux, observers said."

Here's a ZDNet column which predicts a bright future for Linux. "The main reason to be bullish on Linux's future is not that it will replace Windows. Rather, like Microsoft once was, Linux is the technology that is best aligned with a changing economy and will grow in step with it. This means, of course, in some instances Windows and Windows 2000 servers will be replaced by Linux, but that is a minimal definition of success."

Here's another ZDNet column looking at the growth of Linux. "Like all things democratic, a truly free and open operating system (OS) will require constant vigilance by an industry that is organized not to collaborate, but to compete. What's more, sundry paradoxes threaten to stymie even the sincerest efforts to create a lingua franca platform that is simultaneously free, open, universal and dynamic."

Upside has run some letters to the editor in response to recent columns about Linux. "I can't see many IT managers adopting Linux. Even if the software license is 'free', I doubt that the cost of server software licenses is a very big part of the typical IT budget. How many IT managers really want to have their own customized version of an OS? Oh please, give me a break."

Money.com posted this article on its discovery that Linux is still around. "Linuxmania 1.0 centered mainly around 'pure plays' like Red Hat and Caldera. But now it has become clear that Linux's biggest impact may be on some of the biggest companies in the tech world--AOL, Hewlett-Packard, IBM, and Dell."

Resources.

The LinuxDevices.com Embedded Linux Weekly Newsletter for August 17 is out.

LinuxLinks.com has posted a survey of relational database systems for Linux with an emphasis on business use. "PostgreSQL has been in development for over 10 years and represents a mature product. This is an important consideration to a corporation who cannot afford to trust their precious data to a product that has not been extensively tested."

Reviews.

A review of the ABIT BX133 motherboard has gone up on NewsForge. "The first benchmark is a set of timed Linux kernel compiles. Compiling a kernel is a common action for a Linux user, making it a very valid benchmark for a Linux system."

Interviews.

The Wall Street Journal talks with Linus Torvalds in this article reprinted on MSNBC. "Mr. Torvalds defended his habits. He said, for example, that not selecting an 'official' Linux user interface allows the best one to emerge through competition."

Upside talks with Richard Stallman. "If this year's LinuxWorld seemed a little less colorful than the two previous San Jose episodes, maybe it was because the man who usually supplies the color decided not to show up."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Events

More LinuxWorld pictures from LinuxNewbie. LinuxNewbie.org has put up another set of pictures from LinuxWorld.

SkyEvents' Linux Expo. There is a call for papers for Linux Expo Toronto (October 30 - November 1, 2000) and Linux Expo Paris (January 31 - February 2, 2001).

August/September events.

Date	Event	Location
August 30 - September 1, 2000.	LinuxWorld China 2000	Beijing Kerry Center Hotel, Beijing, China.
September 20 - September 22, 2000.	7th International Linux Kongress	Erlangen, Germany.
September 24 - September 28, 2000.	Embedded Systems Conference 2000	San Jose, CA.
September 25 - September 28, 2000.	LINUX Business Expo	Atlanta, Georgia.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net.

Web sites

internet.com adds two new Linux related web sites. internet.com announced that it has added new internally developed Web sites, including AllLinuxDevices.com and EnterpriseLinuxToday.com.

User Group News

August/September events.

Date	Event	Location
August 26, 2000.	Central Ohio Linux User Group Meeting	TEAM America, Worthington, OH
August 26, 2000.	Sydney Linux Users Group Installfest	Macquarie University, Sydney, Australia
September 4, 2000.	Baton Rouge Linux User Group Meeting	Bluebonnet Library, Baton Rouge, LA
September 5, 2000.	Linux Users' Group of Davis Meeting	Z-World, Davis, CA
September 6, 2000.	Silicon Valley Linux Users Group Meeting	Cisco Building 9, San Jose, CA

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net. Plain text please.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux Links of the Week

Lambda the Ultimate bills itself as "The Programming Languages Weblog." Therein you'll find discussions on language design, functional programming, and no end of obscure languages. It's a welcome break from the C/C++ battles.

Section Editor: Jon Corbet

This week in history

At that time, trademark acknowledgements were relatively rare. The Linux International site did not have one, and neither did many distributions. After this episode, that all changed. Nobody really questions Linus's trademark anymore.

ZDNet chimed in with some Good Old Time FUD:

Technically, Linux might be a reasonable choice, but what kind of company is going to rely on unsupported freeware or something that's supported by two tiny vendors? Rejecting Linux is a straightforward business decision. If it were supported by an IBM or a Hewlett-Packard, then that would be an entirely different matter,

One year ago (August 26, 1999 LWN): Linux-Mandrake celebrated the end of its first year with two "Editor's Choice" awards from LinuxWorld, its first big equity investment, and the launch of its "Cooker" development version. LWN celebrated with an interview with Linux-Mandrake creator Gaël Duval.

Caldera Systems and Red Hat were the first distributors to claim year-2000 compliance for their systems. It seemed important at the time.

Ted Nelson's long-hyped Xanadu system was released as open source this week, after well over two decades of development. It also seemed important at the time.

Letters to the editor

To: editor@lwn.net
Subject: Note about GNOME Foundation
From: Havoc Pennington <hp@redhat.com>
Date: 23 Aug 2000 23:44:49 -0400


Although most responses have been positive, some articles and comments
about our recent GNOME Foundation announcement have been
disappointingly inaccurate.

In particular, two mistakes are common.  The first is referring to the
Foundation as "consortium"; the Foundation is not a consortium, but an
organization of individual contributors to the GNOME Project. The
companies joining the Foundation join an advisory board which has no
decision-making function; decisions are made by a board of GNOME
contributors elected by the membership. At this time, around
two-thirds of the members of the Foundation are independent volunteers
not employed by one of the advisory board companies. The Foundation is
simply a legal entity that can act on behalf of the 3-year-old GNOME
Project. The GNOME Foundation is comparable to SPI/Debian and the
Apache Software Foundation. For more details, see the press release:
http://www.gnome.org/pr-foundation.html

The second mistake is that this represents some kind of flareup or
resurgence of a "war" with KDE. At our press conference, we took pains
to discourage this interpretation of the announcement when members of
the press asked about it (see Bob Young's comments, for example). We
are interested in healthy and friendly cooperation with the KDE
project and other free software projects. Interoperability efforts
such as http://www.freedesktop.org continue and will not be affected
by the GNOME Foundation.

Both GNOME and KDE have valuable contributions to make. We're creating
a foundation to help us run GNOME well, and we're excited about the
recent commercial acceptance of GNOME, but these things are advances
for GNOME, not attacks on anyone else. Our primary focus is to expand
the userbase of free software; competing with other free software is
not the point.

Havoc

From: Tom Cowell <tcowell@terma.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Offtopic letter from Eric S. Raymond
Date: Fri, 18 Aug 2000 17:29:10 +0200

Shame on the LWN editor(s) for publishing a letter from Eric S. Raymond =
(LWN back page August 17, 2000) with a sig that takes up (according to =
wc -c) not much less that half the total message, and puts forward his =
views on gun control (nothing to do with Linux).

I'm not going to reveal my views on gun control - that's the whole =
point. LWN, I think, should not have let this message through the =
editorial filter (or should have removed the sig). ESR should not abuse =
his position as a celebrity among users of the Linux kernel by =
publicising his views on other issues.


Tom Cowell

Date: Thu, 17 Aug 2000 22:59:19 +0200
From: Toon Moene <toon@moene.indiv.nluug.nl>
To: letters@lwn.net
Subject: Judge halts posting of DVD cracking code 

I just read the following on 

http://news.cnet.com/news/0-1005-200-2547756.html

> "Computer code is not purely expressive any more than the assassination of
> a political figure is purely a political statement," Kaplan wrote in his
> opinion today.  "The Constitution...is a framework for building a just and
> democratic society. It is not a suicide pact."

Now, I don't know anything about US Law, but *this* statement just
smells as "guilt by association".

Surely, the US legal system can do better than *that* ?!?!?!?

-- 
Toon Moene - mailto:toon@moene.indiv.nluug.nl - phoneto: +31 346 214290
Saturnushof 14, 3738 XG  Maartensdijk, The Netherlands
GNU Fortran 77: http://gcc.gnu.org/onlinedocs/g77_news.html
GNU Fortran 95: http://g95.sourceforge.net/ (under construction)

Date: Tue, 22 Aug 2000 08:37:17 -0400
From: David Rysdam <david.rysdam@openone.com>
To: letters@lwn.net
Subject: Not understanding "Open Source"

From your daily page:

> 'Here's a ZDNet column claiming to advocate an open source strategy for
> Microsoft. The author is not entirely clear on the concept, however: "I
> propose a slight alteration to the open-source model. Microsoft, of
> course, would expose the complete source code for its operating systems.
> This code could be downloaded by any user and compiled for personal use.
> However, Microsoft would be the only company allowed to create a
> distribution of the Windows operating system licensed for business use.'

Remember 2+ years ago when everyone was bemoaning the confusing term
"Free Software"?  And how ESR and friends swooped in with the saving
term "Open Source"?  That has come back to bite us.Because of the way
the "Open Source Movement" pushes features like "fewer bugs", "fast
development time", and "hardware support" a person could be forgiven if
they forgot about (or never even heard about) the real purpose of Free
Software: freedom.

Don't get me wrong, I *like* the features of Open Source
software: reliability, flexibility, low cost, ease of use (for a power
user, anyway).  But I even more like the main feature of Free
Software: freedom.  No worrying about multiple installations,
redistributions or modifications.

From: "Donald Braman" <donald.braman@yale.edu>
To: <letters@lwn.net>
Subject: FW: logical reasoning and the English language
Date: Fri, 18 Aug 2000 16:35:20 -0400

Thought you might appreciate this letter to Fred Moody. -Don

-----Original Message-----
From: Donald Braman [mailto:donald.braman@yale.edu]
Sent: Friday, August 18, 2000 4:27 PM
To: melmoth73@hotmail.com
Subject: logical reasoning and the English language


Dear Fred,

Two quick notes on your commentary, Linux Revisited:

1. On logical reasoning: You assume that the people who write to you are
representative of people who create Linux patches. I suspect that this
assumption is unwarranted.

2. On the English language: You write:
    ...people, [the clause discussed above], who are not great thinkers."
Consider writing, instead,
    ...people who, [the clause discussed above], are not great thinkers."

You know the saying about glass houses and the people who live in them,
don't you?

Sincerely,
Donald Braman
donald.braman@yale.edu

Date: Mon, 21 Aug 2000 13:09:07 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: melmoth73@hotmail.com
Subject: Linux column, and proponents.

G'day, Mr. Moody.

My, but you're an unpopular person this month.  :-)

I have some exception to take with some of the comments in your
current column; I hope you find my remarks comprehensible, rather than
compost.

> Now the basic, distilled-to-one-line message of my column was this: If
> Linux had to stand up to the amount of use and abuse Windows NT did,
> it would not be up to the task.

I'm afraid I must say that I think this comment, similarly to this
one:

> Citing statistics posted on BugTraq, SecurityFocus.com's computer
> security mailing list which tracks vulnerabilities in operating
> systems, and relying on the testimony of security experts, I wrote
> that Linux systems are weaker than the state of the art in operating
> systems. I also noted that the number of its reported
> vulnerabilities, when measured against its market share, was, in
> essence, higher than the number of Windows NT reported
> vulnerabilities when measured against its market share.

demonstrates a fundamental misperception of the situation at hand.  I
do not choose to attribute this misperception, unlike some; my
intention is merely to clear it up.

I do not have current statistics on the number of Linux systems
exposed to the raw Internet, vs the number of NT boxes.  Nor do I wish
to comment on the relative sturdiness and security of these systems as
shipped.  That's not really the point at hand here.

As I see it, as a front-liner who gets the calls when someone's box
gets rooted, it's like this: regardless of whether Linux *requires*
work to make it sufficiently secure to live in the wild, *it is
possible to MAKE it sufficiently secure* -- and, of course, I only
have to do it once, no matter how many machines I have -- and I can
then push the changes out to the various boxes (because stock Linux
supports secure, signed, remote distribution of system updates, and NT
does not).

Now, the strawman argument that is commonly made here -- it was made
in a CFOnet piece by a Meta Group analyst to which I replied in last
week's Linux Weekly News' Letters column 

	<http://lwn.net/2000/0817/backpage.php3>

-- is this: "but, the fact that you can change everything so easily
means that you'll never know what you're running!"

Or, in our case here, that you're always going to miss something
because you have so much to do.

Well, it's like this, Fred: That's not Linux's fault.

If I hired an MIS guy and told him to network my 6 locations across
the Internet, and make everything as secure as he could... and he
picked NT... and someone broke in through a publicized security hole
that Microsoft simply hadn't gotten around to bothering with, what
should I do with him.

I'll tell you what I *would* do with him: I'd fire him.

Yes; for buying Microsoft.

Because the simple truth is this: the Mean Time To Security Fix
Publication for Microsoft, while much better than it has ever been, is
still an order of magnitude worse than that of the open source
operating systems, and I don't see that it will ever get better.

If Microsoft doesn't feel now that they have sufficient impetus to
improve this, I guess it will take a Navy ship run by NT getting blown
up because of a blue screen, instead of merely having to be towed back
to port, to make the point.


In the business world, we call it due diligence: making sure that
you've done enough research that you can say with some assurance that
there's not a better way to do the job: in this case, that the balance
between expenditure and risk reduction has been struck as effectively
as possible.

I don't much care whether the answer is OpenBSD, NetBSD, or Linux; any
of them is a better answer, from a system maintainability and
hole-chasing standpoint, than any current version of NT.

Stipulated, and here's the crux of the strawman: you do have to *do*
the work.  But at least it is *possible* for you to do the work, a
luxury you don't have with MS.


I don't know NT5 (oh, excuse me: "Windows 2000" <snicker>) well enough
to dis it on constructive grounds.  I'll have to make due with noting
that it, too, is a 1.0 version.  (Even though it's published version
number is 5.0, notwithstanding that NT3.1 was itself a 1.0 release;
don't get me started on this one.)

Cheers,
-- jra

Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff    			  The Suncoast Freenet
Tampa Bay, Florida     http://baylink.pitas.com                +1 727 804 5015