Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Consider some examples:

• IBM will be releasing the source to the Andrew File System (AFS) in September. This code, however, will be released under the IBM Public License. The IPL is, according to the FSF's license list, not compatible with the GPL. Thus, AFS will not become part of the standard Linux kernel.

• The Galeon web browser (see below) is licensed under the GPL. It makes use of the Gecko rendering engine to do most of the real work. But Gecko is licensed under the MPL, which is not compatible with the GPL. Thus, Galeon not only must put an addendum onto the GPL allowing linking to Gecko, but it can not distribute Gecko as part of the program.

• The new Python license, while intended to be GPL-compatible, is still under the shadow of some doubt on that score.

• The issue of linking KDE's (GPL) code with the Qt toolkit still has not been resolved to everybody's satisfaction.

There has been a surge of interest recently in component architectures and massive code reuse. Much work has gone into providing the infrastructure that makes this reuse possible and easy. But the flood of incompatible licenses threatens to bury the entire effort. What use is interoperable code if it can not be legally linked together?

The release of code from companies is to be applauded. But code that comes out under a unique, overly restrictive license is an island; it can not live up to its potential as part of the free code base. It is heartening to see some high profile companies begin to use the well known, established free software licenses on at least some of their releases. Along these lines, the relicensing of Mozilla, where parts will also be covered by the GPL, is an encouraging development. Let us hope this trend continues.

LWN Feature: Interview with Eazel's Bud Tribble. LWN editor Liz Coolbaugh sat down at LinuxWorld for a chat with Bud Tribble, Vice President of Engineering for Eazel. Here is that interview, for your enjoyment. The focus of the interview is on Eazel's experiences over the past six months, Nautilus and GNOME's future.

Taking a ride on the Galeon. Many LWN readers will likely have heard of the Galeon project by now. Galeon, of course, is a relatively new web browser built around Mozilla's Gecko rendering engine. Unlike Mozilla, however, Galeon restricts itself to just web browsing. Other tasks, such as news reading, email, and HTML editing are left to other applications.

Galeon should thus be of interest to anybody who has been dismayed by the sheer bulk and bugginess of Mozilla (and its commercial cousin Netscape 6). After all, many of us have already found ways of dealing with email and such, and simply want to look at web pages. Your editor, being one of those people who could never really relate to the Mozilla milestone releases, decided to pull down Galeon 0.7.3 and give it a try.

The executive summary is this: Galeon is 90% of the way there. It can be used for extensive web browsing without driving the user nuts. It's reasonably quick, and rendered almost every page correctly. Your editor was able to make Galeon crash, but not easily.

Now all that's left is "the other 90%." Galeon may beat Mozilla, but with a 30MB virtual address size, it's not exactly lightweight. And it grows, though more slowly than Netscape does. Pages requiring authentication simply render blank, and it won't even try SSL ("https") connections. Many of Netscape's useful keyboard operations are missing - scrolling a page, for example, can only be done with the mouse. Buttons for basic operations ("back", "reload", "stop") are missing; a pulldown menu must be used. There is no control over cookies - it appears Galeon does not implement cookies at all. There is a nice option to only load images that come from the same site as the page they are in, but no way to get it to fill in the images on a specific page. There is no equivalent to Netscape's essential "open frame in window" operation. And so on.

While Galeon's list of shortcomings is longer than one might like, there is little there that appears insolvable. Galeon is at that point where people can use it for many things, and the remaining problems are likely to go away fairly quickly. Netscape's days on a lot of desktops are likely to be numbered.

It may well be that relatively few Linux users will ever end up using Mozilla directly. Galeon has taken what is arguably the best of Mozilla's work - Gecko - and built it into a tool that better fits the Unix philosophy: do one thing very well. In the process, Galeon has highlighted one of the real benefits of free software: if the people building a tool are not doing it the right way, those who think they have a better idea can implement it using the best of what is available.

Inside this week's Linux Weekly News:

• Security: PGP and ADKs (Additional Decryption Keys).
• Kernel: The Tux2 filesystem; bye bye big kernel lock?; fun with threads
• Distributions: New distributions and reviews of old distributions, including a peek at Debian from a security perspective.
• Development:Galeon browser, X11R6.5.1, Xemacs/GTK
• Commerce: The Open Source Development Lab, Open Source Initiative ejects defamation by DVDCCA, DeCSS art contest.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

News and Editorials

PGP meets ADK. PGP (Pretty Good Privacy) has been around for a long time. It is a public-key encryption technique, developed by scientist Phil Zimmerman, that was, and is, a very commonly used public-key encryption system. It is not free, however, though PGP Security makes freeware versions available for Unix/Linux, in addition to their commercial offerings. Over the past week, though, reports have come in about security problems with PGP. What is going on?

Well, recent versions of PGP have introduced the concept of Additional Decryption Keys (ADKs). This allows a public certificate to contain multiple decryption keys. What is the purpose of an ADK? CERT comments, tactfully, "This configuration might be used, for example, in environments where data encrypted with an individual's key also needs to be available to their employer." It can also be used by governments that wish to require key escrow systems, whereby a third party can use an ADK to read an encrypted communication (if, for example, a police investigation gets a court order for the release of the secondary key).

Unfortunately, the newly introduced ADKs brought with them some improprieties. For example, PGP clients have not been checking to make sure that an ADK was signed by the owner of the public key. That allows another entity to submit a modified public key to a public key authority, including an additional ADK that will allow them to get access to the contents of encrypted code, if the sender of the encrypted code uses the corrupted public key.

What needs to be done? The problem has to be fixed in more than one place. PGP-based software needs to check to make sure that ADKs are authorized, and warn senders of ADKs in the public key even if they appear to be authorized. That means you need to make sure the PGP client you use has been fixed. Public key authorities need to reject the submission of altered public keys that contain unsigned ADKs.

In amongst this, there is some confusion as to whether this entire issue impacts Unix/Linux machines or only Windows machines. The CERT summary, mentioned above, is silent on this point. This ZDNet article states that only Windows clients are impacted. PGP Security has released updates for all platforms, including their freeware version of PGP for Unix/Linux. This BugTraq post from Howard Lowndes states that PGP-6.5.1i for Unix is vulnerable, which would explain the release of PGP-6.5.2 for Unix.

If you are using PGP, upgrading to the latest version is a good idea. Alternately, for those that prefer their software free, the GNU Privacy Guard (GnuPG) provides a completely free alternative that is highly recommended. Note that the CERT advisory and several other sources detail how GnuPG can be used to detect the addition of an authorized ADK to a public certificate.

Meanwhile, the whole issue has focused attention on the use of public key encryption. PGP and GnuPG together are possibly the most common/popular public key encryption system under Linux. PGP has always been somewhat arcane, resulting in only a minority of people using it. These new issues are not likely to encourage more people to try it out.

Here are some additional resources for people who want to delve more deeply into this issue:

• Key-Experiments, a paper by Ralf Senderek about how PGP manipulates public keys. The results of this paper triggered the discovery of the ADK vulnerability.
• Original problem report, sent to the ukcrypto mailing list by Ross Anderson.
• BugTraq ID 1606
• A note from Ralph Senderek, containing additional information, corrections and commentary.

OpenBSD's Good Example (RootPrompt). Here's an article on RootPrompt.org about the lessons Linux could learn from OpenBSD. "Why do we in the Linux community produce distributions that require the user to be a security expert? Why don't we at least add a 'Secure by Default mode' to our distributions?"

Quarterly CERT summary. Here is the latest quarterly CERT summary detailing the most active, ongoing security issues.

Security Reports

mgetty temporary link vulnerability. Stan Bubrouski reported a vulnerability in mgetty this week, triggered by the use of a temporary file in a world-writable directory by faxrunqd, a daemon normally run as root which is used to send fax jobs spooled by faxpool. As a result, any file on the system can be overwritten. mgetty 1.2.21 and all prior version are reported to be affected. An upgrade to mgetty 1.2.22 should fix the problem. Check BugTraq ID 1612 for more details.

This week's updates:

• Conectiva
• Caldera

glibc vulnerability in ld.so. Caldera Systems appears to be the originator for the report of a vulnerability in ld.so, part of glibc, in which environment variables are not properly removed in all cases before a setuid program is run. As a result, a local root compromise is possible (though no exploit has been reported as of yet. This week's updates:

• Caldera
• Linux-Mandrake

Linux-Mandrake security update to xpdf. MandrakeSoft has issued a security update to xpdf which fixes a symlink race condition. No other information on this problem has been spotted as of yet.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Intel Express Switch 500 series is vulnerable to a denial-of-service attack. A beta fix is available.

Updates

xlockmore. Check last week's Security Summary for details. An update to xlockmore 4.17.1 is recommended.

This week's updates:

• Linux-Mandrake

• Conectiva (August 24th)
• Debian (August 24th)

xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.

This week's updates:

• Linux-Mandrake
• Conectiva
• Debian
• Slackware (not vulnerable)

• Red Hat

dhcp. A second set of problems with the ISC dhcp client was reported in the July 20th Security Summary.

This week's updates:

• Linux-Mandrake

• FreeBSD (August 24th)
• ISC (July 27th)
• Linux-Mandrake (July 27th)
• Debian (August 3rd)

ntop. Check last week's Security Summary for more details. This week's updates:

• Debian

• FreeBSD (August 24th)

Netscape 'Brown Orifice' vulnerability.Check the August 10th Security Summary for more details.

This week's updates:

• SuSE (now available on US mirrors)

• Conectiva (August 24th)
• Red Hat (August 24th)
• Linux-Mandrake (August 24th)
• Caldera (August 24th)
• SuSE (August 24th)

Jukka Lahtinen minicom. Check last week's Security Summary for details. No official updates have been seen as of yet. Unofficial reports indicate that Red Hat 6.1 and 6.2 and Slackware 7.0 are vulnerable and that SuSE, Linux-Mandrake, FreeBSD and now Debian are not vulnerable.

usermode. Check the August 17th Security Summary for details on the most recent problem with usermode. This week's updates:

• Red Hat (updated advisory, with new SysVinit packages)

• Conectiva (August 17th)
• Red Hat (August 17th)

Resources

Complete Reference Guide to Creating a Remote Log Server (LinuxSecurity.com). LinuxSecurity.com has put out a Reference Guide for the process of creating a remote log server. "A remote log server is nothing more then a system preconfigured at install-time to provide hard drive space for other systems to log to. This system must be completely secured and locked down. No unencrypted remote access should be allowed, all RPC Daemons and other misc. services should be turned off as well. The only data allowed to the machine should be UDP/Port 514."

Events

September security events.

Date	Event	Location
September 1-3, 2000.	ToorCon Computer Security Expo	San Diego, California, USA.
September 11-14, 2000.	InfowarCon 2000	Washington, DC, USA.
September 13-14, 2000.	The Biometric Consortium 2000	Gaithersburg, MD, USA.
September 19-21, 2000.	New Security Paradigms Workshop 2000	Cork, Ireland.
September 26-28, 2000.	CERT Conference 2000	Omaha, Nebraska, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
Linux Security Audit Project
LinuxSecurity.com
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.16. The current 2.2.17 prepatch is 2.2.17pre20, which has gone to Linus and is awaiting his official blessing (otherwise known as "holy penguin pee") as the 2.2.17 release.

The Tux2 filesystem saw its first release this week. Tux2 resembles the journaling filesystem efforts in that it seeks to produce a crash-proof system. Instead of journaling, however, Tux2 uses a technique called a "phase tree." A phase tree filesystem structures everything as a tree - including all of the metadata. By observing strict requirements on the ordering of writes, updates can be made to the filesystem by working up the tree, then "committing" the entire set of changes by writing a new root block.

Journaling filesystems can limit performance due to their need to write things twice - once to the journal, and once to the real location on the disk. By avoiding the duplicated write, the phase tree approach should yield better performance; initial tests would appear to confirm that this is the case.

Tux2 is the work of Daniel Phillips; it was sponsored by innominate AG. The current implementation works with the 2.2.13 kernel; a 2.4 version will be available this fall. More information may be found in the announcement.

The end of the big kernel lock? In the 2.0 kernel, the "big kernel lock" was used to keep more than one processor from executing kernel code at any given time. This lock facilitated the implementation of SMP support for Linux, but protecting the entire kernel with a single lock leads to suboptimal performance, even on systems with just two processors. Thus, much of the scalability work since 2.0 has introduced more fine-grained locking; a relatively small portion of the 2.4.0-test kernel is covered by the big kernel lock.

Now kernel hacker Ingo Molnar has posted a patch which eliminates this lock altogether. It is replaced with a semaphore, which is a more efficient way of performing mutual exclusion for the remaining bits of code that need the big kernel lock - as long as no interrupt handling code needs it. This change is a sign that the multithreading of the Linux kernel is just about complete.

It is also quite a deep change to apply to a kernel that is supposed to be in feature freeze, preparing for a major release. Thus, it is not clear that it will actually make it into 2.4.0; Linus has yet to express an opinion on it.

Troubles with threads. A long discussion about support for threads in Linux wandered into the area of POSIX threads. There is a bit of an "impedance mismatch" between Linux and POSIX threads which makes the latter hard to support completely. It is widely believed that Linux threads are better, but POSIX is what a lot of people use.

A lot of the trouble comes from the fact that POSIX threads were designed to be implementable entirely in user space. Linux, however, provides kernel threads which look an awful lot like processes; they provide a lot of features which POSIX did not anticipate. They also make some of the POSIX semantics hard to implement. Examples:

• Signal semantics. POSIX expects all threads to be known by the same process ID; a signal sent to that ID gets delivered to exactly one thread as determined by per-thread signal masks and, possibly, a digital coin toss. Since Linux threads are processes, each has its own process ID and can be signalled independently.

• Waiting for child processes. POSIX threads can expect to be able to wait for any child process to exit - even those created by other threads. When threads are separate processes, these semantics can be hard to implement.

• Running another program with exec(). POSIX states that, when one thread calls exec(), all other threads are terminated before the new program is run. In a user-mode thread implementation, things can be done in no other way. Linux has no need to do that, however.

The 2.4.0-test8-pre1 patch contains a first shot at a thread group implementation. Linus has laid down a challenge to the POSIX threads implementers to work with this new code and see if it makes things easier; otherwise he'll take it out.

Meanwhile there was some fun discussion of things that could be done with the native Linux thread model. These include an unshare() system call which a thread could use to detach itself - partially or completely - from its thread group. Linux could well be the platform that launches a more interesting approach to threads - but not until 2.5...

For Linus's (rather uncomplimentary) view of POSIX threads, have a look at this posting.

IBM announced the release of the Andrew Filesystem (AFS) this week; details may be found in the press release. Word of the AFS release has been around since LinuxWorld; IBM has just now gotten around to telling the world formally about it.

AFS, of course, is the large-scale distributed filesystem favored by a number of large companies and universities. It has a number of advantages over NFS, including better security, location transparency, and disconnected operation. AFS has been available for Linux for some time, but only as a commercial product implemented by binary kernel modules; it has thus been expensive and prone to break when the kernel is upgraded. The release of a free version will certainly be welcomed by many people.

IBM is taking a bit of an interesting approach with this release, however. The use of the IBM public License has already been commented on in this week's front page; that will keep AFS out of the kernel proper. IBM is also forking AFS to make this release. It is not clear that all of the AFS code will be released, and IBM will continue to develop and support the commercial version. The FAQ talks about moving features from the open version to the proprietary one, but is mum about movement in the other direction.

Without more information on how much development effort IBM plans to put into the open AFS implementation, the cynical among us might well conclude that IBM is hoping to tap the free software community for help in improving its proprietary product. The truth there will come out eventually; until then, the donation of AFS is welcome. It gives the free software world something it didn't have before.

Other patches and updates released this week include:

• H. J. Lu has released an RPM package with a modified 2.2.16 kernel containing such goodies as NFSv3, the ext3 filesystem, the ALSA sound drivers, and more.

• Arnaldo Carvalho de Melo of Conectiva, who has been actively fixing glitches throughout the kernel code for some time, has posted his TODO list describing what he plans to fix next.

• User-mode Linux 0.30-2.4.0-test7 has been announced by Jeff Dike.

• Robert H. de Vries has updated his POSIX timers patch for 2.4.0-test7.

• Andre Hedrick has posted a tease describing his tag command queueing implementation for ATA disks. The patch also includes features like acoustic management, support for very large disks, and even serial ATA. No patch was posted, so contacting Andre looks like the way to go to play with this code.

• Vojtech Pavlik has posted version 2.1 of the VIA IDE driver.

• The Embedded Debian Project has announced the first development release of CML2+OS - a version of Eric Raymond's CML2 kernel configuration system that has been extended to configure and generate an entire operating system - not just the kernel.

• Sean Walbran has released version 0.20 of the linmodem mini-HOWTO.

• Randy Dunlap has made available the slides from his presentation on USB at LinuxWorld.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Distributions

News and Editorials

Debian 2.2 (Kurt's Closet). Kurt Seifried at SecurityPortal.com took a look at Debian 2.2 this week and wasn't very happy with what he found, from a security perspective. Some of his concerns hinged on finding older versions of packages that, he presumed, still contained security holes. Kurt was unaware that Debian will frequently backport security patches to older versions of software, rather than automatically upgrade to a new version, in order to avoid unrelated bugs that may have been introduced in the latest version. This policy surprised him, but it is not unique to Debian.

Earlier this year, when a security bug was found in the latest kernel (at that time), Linux 2.2.16, a patch was immediately released against 2.2.16. Some distributions immediately released updated 2.2.16 packages (including Red Hat). Others, including SuSE and Caldera, chose to backport and test the patches against older versions of the 2.2.X series. Their reasoning? The 2.2.16 kernel had just been released and they were not comfortable enough that it was well-tested and stable to wish to recommend it to their customers. Yet, they knew a fix for the security problem needed to be made available as soon as possible.

Debian's choice is, therefore, common among distributions that prefer a more conservative approach to new packages. On the other hand, it is understandably confusing to people unaccustomed to it. How can you easily tell whether or not a distribution has been patched to fix a given problem? Apparently, the answer is "you can't", at least not easily. Security resources such as SecurityPortal, SecurityFocus, LinuxSecurity.com and our own LWN Security Summary exist partially to try and make that difficult process a little easier.

New Distributions

minilinux. Not new, but new to our list, minilinux is a small, special purpose Linux distribution aimed at Ham Radio/Packet Radio enthusiasts. (Thanks to Michael Derek Barnett).

Laonux. Also in the special purpose category, Laonux is a small distribution aimed at hobbyists, providing a small core from which to build a personalized distribution. [From Freshmeat].

Leetnux - the 'elite' Linux distribution. With a very similar purpose, Leetnux is perhaps best described using the author's own words:

Leetnux is a Linux distribution specifically designed for Linux users who want maximum configuratibility. Therefore, the installation is quite hard, absolutely nothing is done "automagically" as in modern Linux distributions, but the user has total control over the installation. The idea behind Leetnux comes from Linux From Scratch, but a Leetnux system is not as "pure" as an LFS system, because a minimal pre-compiled system must be installed.

The name "Leetnux" derives from the two words "elite" and "Linux". "elite" is often written as eleet, in the script kiddy scene also forms like leet, 31337 or 1337 are common. I mixed the two words "leet" and "Linux" to get the word "Leetnux", an "Elite Linux". :-)

Linux/Coldfire. Linux/Coldfire is dedicated to supporting the port of uCLinux to the Motorola Coldfire processor. "The whole environment, kernel and applications, seems very stable. Networking (Ethernet, PPP, etc) is working really well, and appears to be stable and reliable. Things like IP-masquerading and Dial-on-demand work. There is also a port of the FreeS/WAN IPsec implementation to uClinux/ColdFire now!" [From Freshmeat].

Rabid Squirrel Linux. Continuing the theme, which seems to be popular among Console/OS additions to Freshmeat, Rabid Squirrel Linux is aimed at "power users and administrators" who want to do things the "old-fashioned" way, that is, through compiling source rather than through any new-fangled software tool. In addition, Rabid Squirrel is particularly aimed at server systems.

Distribution Reviews

DukeOfURL reviews Storm Linux 2000. Stormix Technologies' Debian-based Storm Linux 2000 is reviewed by the DukeOfURL. "That's right, Storm is setting out to make Debian better! In fact, in many ways Storm has improved Debian, but has also commercialized it simultaneously... "

Review: Abit Gentus Linux 3.0a (DukeOfUrl). The Duke of Url reviews Abit Gentus Linux 3.0a. "Due to big problems with Gentus and the GPL, Abit removed PerMon from their suite of tools included. It's sad to see PerMon go, but thankfully, Abit CC has replaced it, and now works on all Linux distributions that run on the Red Hat code base. I wonder if the source is available? I doubt it, since this piece of work is a valuable commodity in the Linux community."

General Purpose Distributions

Debian Weekly News. This week's Debian Weekly News reports a glitch that may prevent the implementation of the new testing tree, at least in the short term. Other stories include naming problems with the Debian Helix Gnome packages, problems with the Debian bug tracking website and the role of Debian in the return of a stolen laptop.

Please note that our Debian coverage in last week's Distributions Summary contained an error. It implied that the new Debian testing tree was already in existence, while, instead, it is only in the process of being discussed and coded.

In a related topic, IndyBox announced the availability of Debian GNU/Linux on its RS2200 server line.

Red Hat Wins Industry Awards. Red Hat proudly announced that Red Hat Linux 6.2 was named "Editor's Choice - First Place" for server distribution in the September 2000 issue of Linux Magazine and "Best Distribution" for the third straight year at the recent LinuxWorld Conference & Expo in San Jose, CA, USA.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

News and Editorials

Pros
Users could access maps, weather information, and news from anywhere. Businesses could benefit from having better connected employees. With appropriate server software, the cell phone could become a very powerful remote control device. Such toys would have a large cool-factor and would inspire geek-envy in the office and at trade shows.

Cons
Images would look bad on a monochrome low-resolution screen. Pages requiring user input would be difficult to use. It would be difficult to view many web pages. Browsing through page translator engines would probably be slow. Specially formatted web pages would be required for best results. Imagine the road-hazard factor of a driver browsing the web.

With most new technologies, previously unheard of applications come about as soon as the base technology is made available. It is unlikely that web browsers with tiny screens will be able to displace full screen browsers, but the portability aspect could bring about many interesting capabilities. It will be interesting to watch this technology evolve and mature.

Browsers

Galeon: The Little Browser That Could (Linux Today. Linux Today has reviewed the Galeon browser. "Galeon is at version 0.7.3, and while it is still a bare bones browser similar to KFM in KDE 1.1.2, the fact that Galeon uses the Mozilla rendering engine gives it a whole degree of complexity that similar small, fast browsers do not attempt to have."

Mozilla Theme Builder. Alphanumerica Inc has released a beta version of the Theme Builder for Mozilla. "This beta version of the tool gives users the ability to apply new graphic designs to the browser without changing its functionality. Individuals can use the tool to create their own personal themes while companies can "brand" the browser with their company colors and logo." Theme Builder has been released under the MPL license.

Databases

BerkeleyDB 2.9.1 released. A new version of the BerkeleyDB Python module has been released. Numerous bug fixes have been added as well as a new test suite.

Education

SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for August 28 is available; it covers the Math Teachers Guide, a new Authenticated User Community release, thoughts on cafeteria management software, and more.

Interoperability

Wine Weekly News for August 28, 2000. The August 28, 2000 edition of the Wine Weekly News is out. This week's WWN includes a report from the recent LinuxWorld conference.

Network Management

OpenNMS update. The latest OpenNMS update is available, with coverage of what has been going on with the Open Network Management Software project. Don't miss the link at the bottom to the Britney Spears guide to semiconductor physics.

Office Applications

XEmacs/GTK released. Those of you waiting for a themeable, GTK-based XEmacs need wait no further: William M. Perry has completed his project (sponsored by BeOpen) to bring XEmacs into the GNOME world. It is downloadable now, and there are some screenshots available.

On the Desktop

X11R6.5.1 available for download. X11R6.5.1, the latest X release from the Open Group, was announced on August 15. It is now available for download, one day ahead of the original schedule.

The return of the GNOME Summary. Here, after a prolonged absence, is the GNOME Summary for July 21 to August 28. It covers, of course, the GNOME Foundation announcement; there is also information on the 1.4 release process.

Science

IST Funds Many Health Related Projects (Linux Med News). Linux Med News has run an article on the European Information Society Technology's funding of health care software projects. "It seems as though the Europeans continue to be out in front of the US in adopting open source in healthcare: Information Society Technology (IST) is an executive organization consisting of 15 European countries that among other things funds healthcare technology projects, part of which are required to be in the public domain."

Web-site Development

Zope 2.2.1 released. Digital Creations has announced the release of Zope 2.2.1. This is a bugfix release; among other things it includes the fixes to the security problems that have come out in the last couple weeks.

ZCVSMixin, Zope meets CVS. ZCVSMixin 0.1.4 has been released. ZCVSMixin allows management of Zope objects with CVS. ZCVSMixin has been released under the ZPL license.

Midgard Weekly Summary. Here is the Midgard Weekly Summary for August 24. It contains an interview with Ron Parker, who is working on documentation, and other Midgard development news.

Section Editor: Forrest Cook

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Programming Languages

Java

Swank 0.6 Java GUI toolkit released. Version 0.6 of SWANK has been released Swank is a GUI toolkit written in Java that is similar to TK.

Perl

Damian Conway Talks Shop (O'Reilly). O'Reilly's Joe Johnson has interviewed Dr. Damian Conway, author of Object Oriented Perl. ".Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule."

Perl6 mailing lists (Perl News). Perl News has published a list of current Perl 6 mailing lists with subscription information and list archives.

PHP

PHP 4.0.2 released. PHP 4.0.2 has been released. "The new version features new functions, many bug fixes, and increased performance."

Python

This week's Python-url. Here is Dr. Dobb's Python-URL for August 28. It covers the latest in Python development news, including the new Python license FAQ.

comp.language.python.announce resurrected (Deja.com). Deja.com reports that the comp.language.python.announce newsgroup is being resurrected. The newsgroup is also being made available as a mailing list.

decompyle gets a new home. Decompyle, a python byte-code to source code decompiler is being maintained by a new volunteer, Hartmut Goebel. The current version of decompyle is pre-alpha 0.4.

Programming with Python Part 1: Baby Steps. Linux.com has put up the first in a series of Python tutorials. As can be inferred from the title, the first installment is of a highly introductory nature. Among other things, it contains a number of comparisons with Perl syntax.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for August 27. It leads off this week with the selection of the Tcl Core Team, which contains many familiar names.

TLS 1.4 SSL extension for TCL announced. A new version of TLS has been announced. TLS provides Secure Socket Layer support for TCL programs. Version 1.4 has a more robust test suite and bug fixes.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

The Open Source Development Lab. "Enable Open Source developers to build data center and telco class capability into Linux, accelerating its growth into enterprise e-Business deployment and development.", reads the mission statement of the newly created Open Source Development Lab. The OSDL is a collaboration between HP, IBM, Intel and NEC, with additional support from Caldera, Dell, Linuxcare, LynuxWorks, Red Hat, SGI, SuSE, TurboLinux, and VA Linux Systems. This combination of companies should ensure that the lab will be well-funded and have plenty of technical expertise on hand. OSDL will be a non-profit development group that will support high end projects by providing access to high-end hardware.

The lab, expected to open at the end of the year according to this announcement, will provide open source developers with a centralized enterprise development environment for sharing development ideas and innovations. It will be based near Portland, Ore. Only Open Source projects using accepted Open Source licenses such as those defined by www.OpenSource.org will be supported by OSDL. OSDL will not create new projects, instead it will help accelerate existing or new projects developed by the open source community.

Open Source Initiative rejects defamation by DVDCCA. The Open Source Initiative has issued a release taking exception to the DVDCCA's statements about the open source movement ("...dedicated to the proposition that material, copyrighted or not, should be made available over the Internet for free.") in its trial brief. "We in the open source movement respect copyright; in fact, we use copyright law to underpin the licenses that define the social contract of our community."

The DeCSS art contest. An announcement has gone out for the DeCSS art contest. Prizes will be awarded for the best artistic submissions involving DeCSS; co-author Jon Johansen will be one of the judges.

Two German Linux service firms get venture capital. ID-PRO AG has announced the receipt of "between 7 and 10 million euros" in venture financing.

The firm innominate AG has announced the receipt of DM 16.2 million in venture capital.

LinuxWorld award winners. Atipa has put out a press release expressing its pleasure at having won three "Show Favorite" awards at LinuxWorld. They were chosen in the Servers, Hardware, and Software Utilities categories.

Here's an announcement from Loki Software, winner of the "Best of Show" award at LinuxWorld. Briefly mentioned in the press release is the PC-based motion simulator that probably had a lot to do with this win. This motion simulator was a prototype designed by independent inventor Ray Woodworth, utilizing a patented valve he developed.

Conoco Builds Next-Generation Geophysical Supercomputer. Conoco has announced the deployment of a large, Linux-based cluster to be used for seismic processing. There are few details, other than that the cluster provides 0.5 teraflops of processing power, and has 10 terabytes of disk storage.

Lineo and Opersys release real time Linux Trace Toolkit. Lineo and Opersys have announced the release of the Linux Trace Toolkit, a powerful debugging tool, for real time Linux.

Sun releases internationalization framework. Sun has announced the release of its "operating environment internationalization framework" under the X11 license. This code is intended to make life easier for programmers trying to support multiple languages in graphical applications.

Corel's Linux plans from the new CEO. Corel has posted a message from Derek Burney, Corel's interim CEO, on what's going on with the company. "Next year, we intend to release a server edition of Corel LINUX OS, followed by an enterprise edition. The enterprise edition will combine our Linux front-end with Rebel.com's OfficeServer software and GraphOn Bridges[tm] and GO-Between[tm] solutions to allow small to medium-sized enterprises to deploy Linux, Windows and UNIX®-based applications throughout their organizations with ease." (Thanks to John Alexander Yorke).

Press Releases:

Commercial Products for Linux.

• Deskware has announced the availability of the CobolScript Professional Edition on Linux.

• Etnus (FRAMINGHAM, Mass.) announced the rapid adoption of TotalView, parallel debugger and analyzer.

• HELIOS Software GmbH (SAN FRANCISCO) will demo PDF Handshake Internet Printing, a feature of its forthcoming release of PDF Handshake 2.0.

• InnoLogic Systems Inc. (SAN JOSE, Calif.) announced release 2.0 of ESP-CV and ESP-XV. Key features are custom equivalence checking, enhanced core algorithms and Linux support.

• LinuxWizardry Systems, Inc. (SAN JOSE, Calif.) launched three new products, the Apprentice Router, Magic Passage VPN and the Wizard Penguin series PCs.

• NeTraverse, Inc. (AUSTIN, Texas) announced that the Win4Lin Server 2.0 is now available for download from the NeTraverse website www.NeTraverse.com under a pre-release program.

• NuSpectra Multimedia, Inc. (ALAMEDA, Calif.) announced SiteProxy version 1.0, designed to push Webcam video broadcasts from a low-bandwidth origination and Webcast them to large numbers of concurrent Internet viewers.

• Software Forge Inc announced LinuxCAD software, a drafting program for Linux.

Products Using Linux.

• Broadband Access Systems, Inc. (WESTBOROUGH, Mass.) announced that it has adopted the Linux operating system for its Cuda 12000 IP Access Switch.

• Intel Corporation (SAN JOSE, Calif.) introduced the Intel XScale microarchitecture chip for wireless Internet and networking infrastructure applications.

• Shuffle Master, Inc. (LAS VEGAS) announced that it has received Gaming Laboratories International, Inc. (GLI), approval for its Press Your Luck video slot game and for its Linux- based gaming device operating system.

• Splash Technology, Inc. (SAN FRANCISCO) will demonstrate its T Series color servers at Seybold San Francisco 2000. The Splash T Series product line features a Splash-Linux architecture that combines Splash's advanced compression and color technologies with the Linux operating system and standard Intel processors.

• VA Linux Systems, Inc. (SUNNYVALE, Calif.) announced the availability of the VA Linux 4450 server, offering fast data-processing power in a rack-optimized 4U (7-inch-high) form factor.

Products with Linux Versions.

• AbleCommerce announced the release of Linux and Solaris compatible editions of AuctionBuilder 1.0.

• Aether Systems, Inc. (OWINGS MILLS, Md.) announced availability of ScoutSync and Scout IT v.3.5 for Unix. ScoutSync and ScoutIT are the core components of the company's ScoutWare product family, providing advanced synchronization and comprehensive data management functionality for mobile and wireless applications.

• Anacom Communications, Inc. (DALLAS) announced the release of their new payment processing module for the latest version of the Miva Merchant Storefront Development and Management System.

• BIAP Systems, Inc. (LEESBURG, Va.) announced the release of the go'trieve platform. Versions for Linux x86 and Linux PPC available soon.

• Cohesion Systems, Inc. (WOODSIDE, Calif.) announced the release of Cohesion System Designer product for system designers and architects that face an increasing level of complexity in electronic systems.

• Computer Automation Systems Inc. (PLANO, Texas) announced its new "off-the-shelf" NEBS-400 product line.

• Essentus International Inc. (NEW YORK) announced that the Essentus Supply Chain Management Suite now supports Linux.

• IngenieurbÅro Liebhart Interactive Solutions (Switzerland) launched webfeedback, their debut web decision support system, under their trade name Cyberware-neotek.

• Lilly Software Associates (HAMPTON, N.H.) announced release 2.0 of VISUAL DCMS, its advanced Radio Frequency-enabled Warehouse Management System.

• LizardTech Inc. (SAN FRANCISCO) launched its DjVu technology and software.

• Logitech (FREMONT, Calif.) announced that its two new racing wheels, WingMan Formula Force GP and WingMan Formula GP, are now available.

• Pixami, Inc. (SAN RAMON, Calif.) announced it will now begin offering its complete suite of online photo enhancement technologies on the Linux operating system.

• Rational Software (PHILADELPHIA) announced Rational SiteLoad, a Web-based load testing product designed to help e-businesses avoid costly and highly visible Web site failures.

• Rave Computer Association, Inc.introduced the redundant 5U-rackmount system integrated with SPARCengine UltraAXmp which can be ordered with Linux.

• Software AG Inc. (SAN RAMON, Calif.) is now shipping EntireX 5.3, a powerful message-oriented middleware for fast, mission-critical application integration.

Java Products.

• Evergreen Internet Inc. (CHANDLER, Ariz.) announced ECential 3.1 for the Open Commerce Framework (OCF). The Open Commerce Framework is an open industry environment designed using Java J2EE(TM), EJB(TM), and XML technologies. Evergreen's ECential delivers pre-built B2C and B2B components that adhere to the Open Commerce Framework.

• Imperial Software Technology (PALO ALTO, Calif.) announced the availability of Visaj Personal Edition (Visaj PE), a freely downloadable version of the visual application builder for the Java language.

Books & Training.

• No Starch Press (San Francisco, CA) announced the release of "Steal This Computer Book", a book about computer viruses, Trojan Horses, electronic con games and such.

• O'Reilly announced the release of the "CVS Pocket Reference", a quick reference guide covering most aspects of CVS setup and use.

• O'Reilly announced the release of "Lotus Domino Administration in a Nutshell".

• Red Hat has announced the availability of its first "e-Learning" courses, which cover C, C++, Java, and Perl. The cost of the courses appears to be in the $300-500 range.

Partnerships & Mergers.

• Advanced Management Solutions (REDLANDS, Calif) announced that it has joined the VA Linux Solution Partner Program. Advanced Management Solutions develops and markets AMS REALTIME, enterprise project management suite soon to be available on Linux.

• Advants, Inc. (MINNEAPOLIS) announced that it has signed an agreement to add the FreeDesk.com Virtual Office Suite, on-line storage and PC Share to all Advants Internet terminals. Greg Johnson, president and CEO of Advants, Inc. said, "No laptop required, and no need to search for that Internet plug-in. This service will also introduce Linux to Advants users, a systems operating platform we plan to feature in the near future."

• InfoNow Corporation (DENVER) announced that Red Hat, Inc. has implemented InfoNow's iLeads solution, a closed-loop lead management system that increases the conversion rate of Red Hat's sales leads generated by their international system of partners, distributors and resellers.

• LinkUp Systems Corp. (SAN JOSE, Calif.) and PalmPalm Technology announced that the LinkUp L7200 system development board will support PalmPalm's Tynux (embedded Linux-based operating system).

• National Semiconductor Corporation (SANTA CLARA, Calif.) announced a worldwide strategic relationship to deliver the National Geode WebPAD technology to power several of ViewSonic's new family of Internet appliances.

• Omnis Technology Corporation (SAN CARLOS, Calif.) and PickAx, Inc., the parent company of PICK Systems, announced the signing of a definitive merger agreement.

• Penguin Computing Inc. (SAN FRANCISCO) and Bramasol Inc., an SAP America, Inc. Certified Business Solution Provider, announced that Penguin Computing has become one of the first Linux companies in the U.S. to implement and use an SAP solution in production on Linux.

• SpellCaster Telecommunications Inc. (TORONTO), developer of connectivity and remote access technology for the Linux operating system, announced that it had received an order from Cisco Systems Inc. of San Jose, California for its TeleScope ASBA 1027 load simulator.

• Tripwire Inc. (PORTLAND, Ore.) announced its partnership with SecurityFocus.com.

• Wacom Technology Corp. (Mountain View, California) is partnering with Sensiva, Inc. to offer its clients interactive symbol recognition functionality in all their tablet products. Sensiva software is available for Linux.

Investments and Acquisitions.

• Merlin Software Technologies International Inc. (BURNABY, British Columbia) announced the completion of a private placement.

• ZDNet has announced the acquisition of the Linux Hardware Database site.

Personnel.

• VA Linux Systems, Inc. (SUNNYVALE, Calif.) announced that Ali Jenab has joined VA Linux as Senior Vice President and General Manager of its Systems Division.

Linux At Work.

• ArsDigita Corporation (CAMBRIDGE, Mass.) announced that the ArsDigita Community System (ACS) suite of open source, collaborative commerce applications powers the leading comprehensive cancer services company, Lifespire.

• SGI knows how to have fun...it has announced that it is sponsoring the RoboCup Foundation through the donation of Linux systems and technical support, beginning with the Robot Soccer Championship in Melbourne, Australia. RoboCup has recently decided to shift over to Linux in general.

Other.

• Bluepoint Linux Software Corp. summarizes its year 2000 accomplishments.

• The Linux Internationalization Initiative (Li18nux) (SAN JOSE, Calif.) announced the general availability of the LI18NUX2000, Globalization Specification.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the News

Open Source.

News.com reports on the forming of the Open Source Development Lab. "Linux grew up on single-processor computers, mostly those based on Intel chips--not coincidentally, the types of computers that are easy to come by. But finding machines with two processors, much less 32, has been a lot harder for the volunteer crowd of programmers that has built Linux from scratch. As a result, Linux has shown more promise than performance in these powerful and expensive machines."

The New York Times covers the announcement of the Open Source Development Lab. " The companies were vague on details, like the size of the lab, how much it would cost and how much the project's backers would invest. The backers said the lab would be run by an independent director who would essentially choose which projects would be emphasized and which software would be tested, although they suggested that the laboratories would be accessible to Linux developers at large." The NY Times is a registration-required site.

Here's a ZDNet column about the GPL and Sun's recent adoption of it. "The GPL guarantees that IT has the ability to view, modify and redistribute source code for vital software infrastructure components. It gives IT the ability to set its own agenda independently of the schedule or plans of software vendors, and it provides a common set of resources upon which IT or third parties can build new components."

And here's another ZDNet GPL column on corporate adoption of free software. "Although the GPL model has proved it can produce robust software, it hasn't proved that it can produce large quantities of everyday applications."

The New York Times has put up a lengthy article on the adoption of open source software. It's mostly, though not entirely positive. "The two marketplace triumphs of open source, after all, are derivative rather than truly innovative. Linux is a version of the Unix operating system, and the Apache Web server was derived from software developed at the Illinois supercomputing center." The New York Times is a registration-required site. (Thanks to Jim Turley, Paul Hewitt, and Kenneth Tanzer).

LinuxMall.com has put up a conversation with Frank Hecker about the relicensing of the Mozilla code under the GPL. "Hecker believes these incompatible licenses have been holding up important progress. 'mozilla.org believed that these licensing issues were to some extent hindering the development of useful Mozilla-based applications, and so we believed it was appropriate to try and resolve the issues.'"

Andover News ran this article about OpenCOLA; it talks little about the project (which is another distributed search sort of thing) and much about its "open soft drink" promotion. "Indeed, it all started with a couple of guys from openCOLA sitting around a local Toronto pub wondering what 'the most closed source application in the world' is. Everybody started throwing out suggestions until a voice from the back called out 'it's the recipe for Coke!'" (Thanks to César A. K. Grossmann).

Companies.

ZDNet is impressed by VA Linux Systems' latest results, but still sees difficulties in the company's future. "Given that equation, it's really hard to see VA Linux remaining as an independent company down the line. HP, IBM and Dell could all be acquirers of VA Linux -- assuming it keeps on executing. Another wild card would be Compaq (NYSE: CPQ), which needs the server help."

The Boston Globe talks with Helix Code's Nat Friedman. "A quarter-million people have already downloaded Helix Gnome from the company Web site since it was released in March. Among the small but influential clique who run Linux software on their personal computers, Helix Gnome is on its way to being the gold standard."

Upside looks at the Linux Capital Group. "Instead of incubating a whole henhouse worth of startups, the LCG basket currently contains only two eggs: Progeny Linux Systems Inc., a network computing startup headed by Debian co-founder Ian Murdock; and KnownSafe, a professional security consulting company."

LinuxDevices.com gets a preview of the Screen Media FreePad, a Linux-based, wireless web browsing and telephone system. "Although the FreePad's operating system is a standard, open platform, Screen Media does not particularly want users to download 'uncertified' software into the FreePad. Instead, to facilitate FreePad upgrades and enhancements, the company plans to create 'FreePad Software Central', a website where FreePad users can obtain the latest certified software upgrades and enhancements."

News.com reports on SGI CEO Bob Bishop's first year on the job. "The company's decision to offer Linux on Intel processors also smacks against SGI's core group of customers, although Bishop made it clear the company's MIPS-Irix strategy is separate from anything it does with Linux. 'We're not putting Linux on MIPS,' he said."

Robin Miller criticizes Corel's Linux strategy in this osOpinion piece. "Linux offered a fine opportunity for Corel to capture a new set of users for its office and graphics software. Porting WordPerfect and CorelDraw to Linux was a good decision. But the idea of making a Corel Linux distribution was so bad that it overwhelmed all the company's Linux potential and has gotten it into trouble with everyone from hard-core Open Source activists to casual desktop Linux users."

Upside looks at Indrema. "Staking its life on the belief that current software development and hardware trends sweeping the embedded systems market will continue to sweep their way into the realm of gaming consoles, the company has been showing off its L600 Entertainment system, essentially a Linux-driven set-top box with a 600 MHz processor and the potential for 100 Mbs worth of broadband connectivity."

Business.

ZDNet's Jesse Berst is concerned about the DVD ruling. "Despite freedom of speech, you still can't shout 'FIRE' in a crowded theater. Now you can't even point to the person shouting."

Upside reports on Time Warner, a plaintiff in the DVD case, which linked (via CNN, which it owns) to a DeCSS mirror site. "The case is the latest example of a large media company contradicting its legal arguments with its own actions."

ZDNet ran this column worrying about the DVD case. "My biggest concern is the contention that the act prevents even the discussion of how to decrypt the code. Excuse me? That seems like a huge infringement on our First Amendment rights."

ZDNet looks at the challenges faced by Caldera in making the SCO acquisition work. "Caldera also must navigate the tricky terrain between its newly acquired proprietary UnixWare software and its open-source Linux offerings. While it won't immediately uncork the UnixWare recipe to developers, Caldera must quickly move the product in that direction to keep from alienating the open-source faithful."

News.com reports on the good news with Linux stock prices. "Analysts said the companies' stock surge in recent weeks may not be a temporary blip but a potential indicator of longer-term gains for the volatile sector."

Here's an editorial in Computer Weekly predicting a bright future for Linux. "Open source software - together with the open standards demanded by Internet-based computing - can shift the balance between IT suppliers and users. It can force suppliers to seek profits in the real added-value areas of services and solutions rather than in a proprietory monopoly over everyday desktop tools." (Thanks to Alan J. Wylie).

An Andover.Net columnist did a survey of web servers used in the B2B market to see what they were running. "Of the 63 retail B2B websites I examined, nearly half were running an IIS server over an MS Windows platform; a third were running Solaris, usually with either Apache or a Netscape Enterprise Server. Seven firms were using Linux. Four were using BSD." (Thanks to César A. K. Grossmann).

Here's a ZDNet column looking at Linux on the desktop. "Linux may serve countless pages, but the number it renders could probably be totted up on the back of a bus ticket. Like it or loathe it, Microsoft's Internet Explorer is the browser to have, and you might have thought that there was zero chance of it running natively on Linux. But two weeks ago Windows source-code licensee Mainsoft announced that it had secured rights to port IE to a variety of Unix platforms, including Linux. So that's one void that will soon be filled."

Computer Sweden/Åsikt has posted this column (in Swedish) on the success of Linux. "In Friday's issue we reported on Gnome, the new standardized user interface that will give Linux a more human face, which is an interesting project. But that which really make us give in for Linux is the the recognition it has gotten from many big companies." (Thanks to Daniel Petzen for the pointer and translation).

Dave Winer complains about the difficulties of being a commercial software vendor in the open source age. "So don't say Stallman created this mess. No one would have cared if Microsoft hadn't forced a decision. If they had been more relaxed about the Web, let Netscape drift, and stay on the side of developers, Microsoft would have cleaned up and we wouldn't be talking about Stallman or open source now. My opinion of course."

Here's a bizarre ZDNet column full of one-paragraph pot-shots seemingly designed to annoy just about everybody. One in particular is relevant: "Now that the KDE-Gnome rift in the Linux community is in the open, certain spinmeisters are doing their damnedest to paper over the differences and suggest it's all one big happy family. Wishful thinking. One side is going to win and there's bound to be raw hurt among the losers -- especially if they believe they backed the superior approach." The competition between the two projects was such a secret before... (Thanks to Dylan Griffiths).

News.com ponders the "Office on Linux" rumors. "Though Linux poses no immediate threat to Windows, two scenarios could change Microsoft's position regarding Office: the government succeeding in breaking up Microsoft or China moving to Linux, as it has threatened to do."

Resources.

The LinuxDevices.com Embedded Linux Weekly Newsletter for August 24 is out; as always, it contains a comprehensive summary of happenings in the embedded Linux world.

The third English issue of Linux NetMag is out; it contains articles on MP3 utilities, Wine installation, Lightspeed - a program for simulating relativistic effects, and more.

LinuxOrbit has put up this column by a recovering Windows user. "Kicking the Windows habit isn't nearly as hard as I thought it would be. The application-gap isn't nearly as wide as it once was, and the gap is closing every day. Even entertainment software on Linux is gaining fast, most notably in the sound category"

Reviews.

Signal Ground has put up a review of Running Linux 3rd Edition. "The value of 'Running Linux' is tremendous if you don't know much about Linux and want a quick but thorough overview. But even if you're extremely knowledgable about Linux, this book would make a handy reference to refresh your memory about a variety of topics."

LinuxDevices.com looks at the XScale CPU core from Intel. "Like the existing StrongARM processors, the new XScale core based processors will be supported by multiple suppliers of Embedded Linux. Specifically, Intel says the Intel XScale microarchitecture development platforms will contain the GNU toolchains from Red Hat, including compiler, assembler, linker, debugger, and monitor software. Additionally, according to Intel, Embedded Linux implementations optimized for XScale will be available from both LinuxWorks and MontaVista."

Interviews.

O Linux interviews Alan Cox. "Having seen Linux from its early days as a fun toy through to the latest figures on its usage the one thing I have learned is that predicting the future in computing is not very practical."

Finally.

The Boston Globe covers the most recent Geeks With Guns event. "Call them Linux Libertarians. This subculture of hackerdom is less about guns than it is about an elaborate philosophy of a faction of freedom-loving geeks with an acute distrust for authority. To understand them is to understand the popularity of Linux, an operating system that spawned out of the insurgent 'free software' movement."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

How to create a secure install (LinuxNewbie). LinuxNewbie.org has posted a document on installing secure Linux systems. "Package installation is the next area where you can really impact the future security level of your Linux box. It's very important that you choose to select packages individually, as every distribution I've seen installs a lot of software by default that you won't use."

Getting and Installing Command Line PGP (LinuxNewbie). LinuxNewbie.org has put up a new help file on installing PGP on Linux. Check it out for pointers on how to use this notoriously difficult utility.

Setting up multiple users in Kmail (LinuxNewbie). LinuxNewbie.org has put up a new help file on using Kmail to share a mail account between multiple users.

Events

University of Michigan Symposium on Technology and Society. The University of Michigan has announced the John Seely Brown Symposium on Technology and Society, which will be held September 8-9; the keynote speaker will be Lawrence Lessig. There will also be a panel on "the implications of open source software."

Technical Meeting Week in Burlingame, CA. The Object Management Group has published this press release about its Technical Meeting Week in Burlingame, CA, USA, September 11-15, 2000. Guest speakers include Miguel de Icaza, project leader for the Linux desktop GNOME who will present GNOME's CORBA-based interoperability architecture.

Embedded Linux Expo & Conference speakers announced. LinuxDevices.com is carrying this announcement of the speakers at the second Embedded Linux Expo & Conference, to be held on October 27 in Westborough, MA. The event is headed up by Alex Morrow, leader of IBM's Linux wrist watch project.

First Annual Linux Users' Training Conference. The First Annual Linux Users' Training Conference and Awards Presentation has been announced for October 30, 2000 in Washington, DC. This event is very strongly oriented toward the U.S. federal government.

Alan Cox, David Miller to speak at Australian Linux Conference. The Australian Linux Conference, which will be happening in Sydney on January 18-20, 2001, has announced that Alan Cox and David Miller will be speaking. The conferences call for participation is open through the end of September, should others be interested in presenting there.

Marc Merlin's report from LinuxWorld. Marc Merlin has put up a report from LinuxWorld. As is usual for his conference writeups, the report is comprehensive and full of photos; worth a look.

LinuxWorld sets records for attendance. More than 20,000 attendees and 200 exhibitors turned out for LinuxWorld Conference & Expo.

A report from Geeks With Guns at LinuxWorld. We have one last LinuxWorld report that has rolled in. Eric Raymond's Geeks With Guns event was held, as usual, at LinuxWorld earlier this month. Dennis Tenney attended, and wrote up his impressions of the event. If you're not offended by the nature of this gathering, have a look to see what went on.

September events.

Date	Event	Location
September 5 - September 7, 2000.	Embedded Internet Conference	Doubletree Hotel, San Jose, CA.
September 20 - September 22, 2000.	7th International Linux Kongress	Erlangen, Germany.
September 24 - September 28, 2000.	Embedded Systems Conference 2000	San Jose, CA.
September 25 - September 28, 2000.	LINUX Business Expo	Atlanta, Georgia.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net.

Web sites

Penguin Computing Unveils New Web Site. Penguin Computing Inc. announced its commitment to customer service with its new Web site. The site features the RAPTOR (Rapid configure-TO-ordeR) system, which allows purchasers to specify the comprehensive hardware, software and storage configurations.

Linux Technical Support Website. CTitek has developed a new technical support website at www.fixmylinux.com.

User Group News

LUG Events: August 31 - September 14, 2000.

Date	Event	Location
September 2, 2000.	The Thailand Linux User Group Meeting	Kasetsart University, Bangkok, Thailand
September 4, 2000.	Baton Rouge Linux User Group Meeting	The Bluebonnet Library, Baton Rouge, LA
September 5, 2000.	Linux Users' Group of Davis Meeting	Z-World, Davis, CA
September 6, 2000.	Silicon Valley Linux Users Group Meeting	Cisco Building 9, San Jose, CA
September 9, 2000.	Linux Users of Victoria InstallFest	Monash University, Clayton, Victoria, Australia.
September 11, 2000.	Southeastern Indiana Linux Users Group Meeting	Madison/Jefferson County Public Library, Madison, IN.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net.

Software Announcements

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux Links of the Week

Tigris is an ambitious project to create a new set of collaborative development tools. It almost looks like they are building the structure to make the next generation of SourceForge-like sites. Projects that are well underway include a bug tracking system, an access control package, a UML editor, and more.

Section Editor: Jon Corbet

This week in history

"I expect Corel to making tens of millions of dollars in the Linux space within the next 12 months," says Robert Young, president of North Carolina-based Red Hat Software Inc., a leading distributor of Linux software. "It's got some very well known software brands and there is a lot of demand among Linux users for more advanced software," he adds.
(Ottawa Citizen, August 26, 1998).

Oh well.

Salon Magazine, meanwhile, talked with Richard Stallman:

Never mind that Stallman started the free software movement, or that thousands of lines of code that he personally authored are an integral part of what most people today call "Linux." To the new generation, Stallman is an embarrassment and a hindrance who must, at all costs, be trundled into a back room before he scares off the investors.

The kernel developers were working on 2.1.120 and the 2.0.36 stable kernel prepatches. Multistream files were a topic of hot debate - something that has changed little in the intervening years.

The Debian Project released "Hamm-JP", its first shot at a Japanese version of its distribution.

Caldera split into two companies: Caldera Systems and a thing called Caldera Thin Clients, which handled the DR-DOS/embedded systems business. Caldera Thin Clients would eventually rename itself Lineo.

But the big news, of course, is the LWN adopted a new, multi-page format, leaving behind the "one big page" except for the hard core that refused to do without it....

One year ago (September 2, 1999 LWN): Red Hat parted ways with a company called LASER5, which had been doing all of Red Hat's localization work in Japan. LASER5 stated its intent to go into the business on its own and dominate the Japanese Linux market. A year later the company is still around, but is not quite the market force it had hoped to be.

Sun's purchase of StarDivision was made official. Sun also announced plans to release StarOffice under the Sun Community Source License, which did not raise a great deal of enthusiasm. A year later the SCSL is (almost) history, and one doesn't hear much about the "StarPortal" plans...

The development kernel was at 2.3.16; there were rumors that a 2.3 feature freeze was imminent. The stable kernel release was 2.2.12, which turned out to be a little less stable than some might have hoped.

Letters to the editor

Date: Fri, 25 Aug 2000 21:21:57 -0400
From: "Eric S. Raymond" <esr@snark.thyrsus.com>
To: Tom Cowell <tcowell@terma.com>

You wrote:
>                                          ESR should not abuse =
> his position as a celebrity among users of the Linux kernel by =
> publicising his views on other issues.

FYI, I fully intend to `abuse' my position in this manner as often as the
demands of effective publicity will allow.   There are two reasons for
this:

(1) Tactical.  Yanking peoples' chains just a little is an excellent way
    to get their attention.  And authenticity is terrific PR <evil grin>.

(2) Principled.  You fight for freedom in your way, I'll do it in mine.
-- 
		<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>

The prestige of government has undoubtedly been lowered considerably
by the Prohibition law. For nothing is more destructive of respect for
the government and the law of the land than passing laws which cannot
be enforced. It is an open secret that the dangerous increase of crime
in this country is closely connected with this.
	-- Albert Einstein, "My First Impression of the U.S.A.", 1921

Date: Sun, 27 Aug 2000 08:31:53 -0500
From: [withheld by request]
To: lwn@lwn.net
Subject: Geeks with Guns

Concerning "Geeks with Guns" you write:

"If you're not offended by the nature of this gathering, have a look to
see what went on."

Actually I am offended by the nature of this event, but more importantly
I think this event has a lot to do with guns, a little to do with geeks,
and nothing to do with Linux.  Associating Linux with an extremely 
controversial minority political group does a great disservice
to the Linux community.  I am a regular LWN reader, and a fan, but
this was a very poor editorial choice.

To: letters@lwn.net
Date: Thu, 24 Aug 2000 08:04:27 -0700
From: "   " <lkollar@my-Deja.com>
Subject: Re: "Let's move towards easier software installations"

A *very* timely piece. I had this very thing hit me in the face earlier
this week, when I managed to install Gnucash 1.4.4 from a source RPM onto
my PPC Linux system. What a hassle!

I had trouble from the very beginning. While Gnucash does not require
Gnome, the developers sure don't make it easy on those of us who prefer
something else. I had to install several packages on my system, some of
which conflicted with other packages, before I could even start
compiling. Then I had to get a tarball of g-wrap and compile that.

While none of this was particularly difficult, it was much more tedious
than it had to be. Testosterone get the better of me and I fought on until
I got it installed -- but a less technical user would have simply given
up. Aside from my belief that an important user app like Gnucash should be
WM-agnostic anyway, I got a fresh look at what Linux must be like to new
users.

Before I continue, I have to say the Gnucash developers don't deserve all,
or even most, of the blame. LinuxPPC has some serious problems with their
package organization (which may in turn have been inherited from
RedHat). Maybe Debian's package system would have made things easier. And
perhaps if I'd used the binary RPM at linuxppc.org, I'd have had a better
time of it.

Or maybe I expect too much. But non-technical users expect even more, and
most of them just want to get something done with their computers that
doesn't involve low-level administration. A good package design should
eliminate file conflicts. A good package manager should at least look for
(and install?) packages needed but not installed. And if you release a
source package, make sure you have packages for everything it depends on.

A little effort goes a long way toward making users happy.

-- Larry "Dirt Road" Kollar

Date: Thu, 24 Aug 2000 13:35:15 -0400 (EDT)
From: Joseph J Klemmer <klemmerj@webtrek.com>
To: letters@lwn.net
Subject: FUD response

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


	Your comments about responding to FUD are right on target.  For
the last few years I have been responding to FUD with the complete
contempt of silence.  It has become obvious, especially in the last few
years, that Linux and Open Source Software are winning (just like you
mentioned).  The only reason articles like Mr. Moody's are published are
to attempt to provoke a backlash from the "Linux Zealots".  I now simply
ignore the articles and use calm, real-world examples when anyone asks me
about Linux or comments on the article.

	Flaming Mr. Moody does no good.  Helping the people who don't know
understand the facts about Linux, what it can and especially what it can't
do, does more to offset the FUD in the long run.

Yours,
Joe

- ---
Don't ask me, I took the blue pill.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: pgpenvelope 2.8.9 - http://pgpenvelope.sourceforge.net/

iD8DBQE5pVzyHeWRPx8OIHARAo82AJ9ZH3JPA9ltm7NwXNzeQKVebv2MJQCgnTPY
XPnn1eh67+F20L80gWLSINg=
=BAXf
-----END PGP SIGNATURE-----

Date: Thu, 24 Aug 2000 08:18:17 -0600
From: Bruce Ide <nride@uswest.net>
To: lwn@lwn.net
Subject: Lunatic Fringe


zealots who would start flaming at the slightest provication (In the
form of a negative article or posting on a message board.) These people
were the reason IBM kept Team OS/2 at such a distance. They represented
probably around 1 percent of the OS/2 using community but the press and
flame mongers in the forums took no end of delight in baiting them and
then trotting their messages out as a sample of the "scary" OS/2
community. If I recall correctly, there was a similar group associated
with the Amiga and you probably wouldn't have to go too far to find one
associated with Windows, too.

Well things never change and the Linux Community has its own Lunatic
Fringe, which writers like Fred Moody are tapping in to. There's not a
lot you can do about the Lunatic Fringe. Fortunately the writers who
like to go kicking up ant hills when they've nothing better to do
quickly show the quality of their work and most people discount what
they have to say anyway.

The Linux press and the OS/2 press before it seemed to be more
responsible than to go looking for the Lunatic Fringe of the
competition. I suspect that the relatively low distribution of reporters
for those OSes has something to do with it. As more writers join the
Linux press, the quality of articles will no doubt go down. Not much you
can do about that either.

My advice is to ignore both parties and get on with writing better
software and better articles.

-- 
Bruce Ide                   greyfox@paratheoanametamystikhood.net
http://www.paratheoanametamystikhood.net

Date: Sat, 26 Aug 2000 08:47:03 -0700
From: Tim Jones <tjones@914fan.net>
To: letters@lwn.net
Subject: LinuxWorld Expo Awards .... What Do They Mean?

I was witness to a most amazing thing at LWCE in San Jose -- a backup
utility manufacturer won an award for best development tool.  In fact,
when I voted, I discovered that I could vote for every vendor in every
category.  Imagine, I could award Loki with "Best of Show," but I could
also award them with "Best Database," or "Best Office Suite."  This lack
of categorization lessens the impact of the awards that do fit.  Since
any vendor could win any award, do the awards mean anything outside of a
few users' (the number of actual votes weren't released, but I wasn't
witness to any huge crowds trying to vote....) having fun with the
voting software?

While I enjoy the opportunity to impart awards upon deserving companies,
I find the lack of logistical planning on the part of the voting
software designers to be unbelievable.  Awarding a company in an
environment that they are not part of is absolutely worthless.  When
Lonestar/Cactus won "Best Development Utility," the assemblage didn't
applaud, they laughed nervously.  I'm certain the Lonetar authors found
that to be most rewarding.

The user awards are important; they allow plain folks to say thank you
to Linux vendors for dedication and support.  But, let's be a bit more
careful in future voting to ensure that the awards are actually
something that apply, rather than another geek floor event to see how
ludicrous we can be as users.  In New York, let's assign categories to
each vendor's true offerings so that things like this don't happen
again.

Congratulations to the real award winners like Loki and Sun.  Thanks for
helping make Linux a great place to be!

Tim Jones
tjones@914fan.net

From: Aaron King <AaronK@4-Serv.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: "The first round of the DVD case is over"
Date: Sat, 26 Aug 2000 11:46:22 -0400

I wasn't around in the 60's so I have never had anything to really fight
for!  I'm 18 and I think this is something worth fighting for.  We are
talking about rights for ourselves AND the rights which will passed down to
our children.

We should be doing something, not merely reading the news and sending angry
email.  WE SHOULD get out there and protest!  Why does no one push for that
type of movement here?  If we leave technology decisions up to judges who
use computers to browse the "interweb" then we will never win in a fight
like this.  These judges see "Windows" as "a computer".  They don't
understand how computers work, how closed source and patents HURT technology
development.

So far no one has said, "Hey, computers are NOT like the rest of the
American Industry".  WHY?

Something needs to be done and I want to help.  What do you think?  Please
send reply to islandblend@home.com, this is my work email.

Aaron King
4th Generation Services
248-680-9400  x 112
aaronk@4-serv.com

Date: Sun, 27 Aug 2000 17:53:43 -0700 (MST)
From: "M. Leo Cooper" <grendel@theriver.com>
To: letters@lwn.net
Subject: Libelous statement in DeCSS case

Dear LWN editor,

I'm sure you are already aware of attorney Jonathan Shapiro's libelous
statement in a legal brief against the Open Source movement. It was,
after all, discussed at length on Slashdot.

   ...the so-called "open source" movement, which is a dedicated to
      the proposition that material, copyrighted or not, should be made
      available over the Internet for free...

The full text of the brief is available on-line at
http://cryptome.org/dvd-v-521-opq.htm.


I have been pondering appropriate responses to this. After all, most Open
Source developers, such as myself, depend on a trust relationship with
employers or clients for a livelihood and this could actually cause us
financial damage. I probably don't have the resources to actually file
a libel suit in a local court, but others might.

What I suggest is sending reasonably polite and literate letters to the law
offices of Weil, Gotshal & Manges L.L.P., 767 Fifth Avenue, New York, NY
10153, complaining about Shapiro's conduct. Likewise, e-mails to the New York
State Bar Association Ethics committee, ethics@nysba.org, might do some good.

I'm hoping Red Hat, VA Linux, Caldera, and all the rest do not let this go
unchallenged. After all, they were libeled, too.



Mendel Cooper
thegrendel@theriver.com

Date: Sat, 26 Aug 2000 12:13:14 -0700
From: Seth David Schoen <schoen@loyalty.org>
To: dave@userland.com
Subject: Base-64 code (is code with no license open source?)

Dave,

The copyright law is clear that works of authorship are copyrighted by
default upon creation -- with or without a copyright notice -- and
that making copies legally requires the permission of the copyright
holder in most circumstances.  Cf. Brad Templeton's copyright FAQs,
where this point is covered in detail.

If you publish an article of your own -- with no copyright notice, and
no license -- bearing perhaps your name and the date, put it up on
your web site, and somebody reprints it without asking you, or puts it
on a different web site:

- You can send a cease and desist letter.

- You can then sue, and win (if the letter is ignored), and perhaps recover
  profits.

The situation is exactly the same with a piece of software.

That's why the Debian Free Software Guidelines and the derived Open
Source Definition refer to "the license" and why the OSD had to make a
specific exception for source code "explicityly placed in the public
domain".  You see, I raised the question a while back of why public
domain source code should be excluded by the phrasing of the OSD; the
conclusion is that we'd definitely still need an explicit statement
_proving_ that the code is in the public domain.

Many people do not understand this, but some day somebody will be sued
for including a random source code fragment found on a web site in a
GPLed package, and then people will get the idea.  Already the OSI is
quite clear that "open source doesn't just mean access to the source
code" (but must also include clear legal authority to use, modify, and
redistribute it in compliance with the OSD, etc.), and the Free
Software Foundation, even mindful of software copyright law even in
the face of its opposition to most of that law, requires clear and
explicit statements about copyright permissions from prospective
contributors of code to the FSF's free software projects.

I don't want to disparage Tim O'Reilly's answer to the question.  Here
is the basic problem: Tim is 100% right about the tradition that
publishing code means it's OK to re-use it.  This is true since before
I was born, and no doubt Tim, like the guy in the epigram, knew that
before I was born.  And open source _should_ be about attitudes and
community expectations.  The problem is that, in the mad state of
copyright law, when we rely on attitudes, traditions, and community
expectations, we get sued, and judges laugh at us, and we lose.  No?

Thus the disagreement between programmers and lawyers which you mention.

Many software authors who publish code without a copyright notice do
intend for it to be in the public domain.  Oops!  It's definitely not,
unless they have explicitly said so.  I could sue people for re-using
the little Python number-theory experiments on my web site in a book
about combinatorics, because I've granted no license -- so I'm guilty
of the same mistake.  Or maybe the copyright law is guilty of
ballooning wildly so that everyone's intuitions about what is
reasonable are eventually overthrown... but I was going to try not to
get too partisan here. :-)

-- 
Seth David Schoen <schoen@loyalty.org>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5