[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news
 Back page

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The other free software war. There are two competing free software projects out there, both working on solutions to the same problem. There are strong differences of opinion on who has the best technology; a fair amount of sniping goes back and forth. Corporate interests are increasingly visible, and accusations of selling out are occasionally heard. There is also occasional talk of bringing the two projects together, but it doesn't look likely to ever happen.

No, the issue is not desktops - it's real time Linux. And while the term "war" overstates the case (just as it does with desktops), "intense competition" certainly does not. And the stakes are high: Linux is clearly poised to take over a large part of the embedded market, and many embedded applications require real time capabilities.

There are numerous contenders in the real time arena, but two projects dominate:

  • RTLinux is perhaps the effort that most people think of first. It was created and is headed up by Victor Yodaiken, who has built a company (FSM Labs) around it.

  • Real Time Application Interface (RTAI) was originally an offshoot of RTLinux, but has since been redesigned and reimplemented from scratch. This project is the creation of Paolo Mantegazza at the Politecnico di Milano.

Both projects are based on the same idea: a module is loaded into the Linux kernel which pushes Linux to the side and runs it as the lowest-priority process. Thus the full set of Linux capabilities is there to use whenever no hard real-time task needs the processor. Both require that hard real-time code be written as kernel modules, and both provide FIFO-oriented communication mechanisms to move data between Linux and real-time tasks.

So what are the differences? RTLinux takes a very spartan approach to features; reliability, absolutely deterministic response, and portability to many platforms are the project's priorities. For example, no dynamic memory allocation is possible in RTLinux. RTAI aims to provide a broader set of features to the real-time programmer, but only runs on Intel systems. RTLinux makes many changes to the standard kernel source, while RTAI takes a minimalist approach to kernel changes.

That small set of differences has become a rather wide divide; the two camps often seem to not like each other very much. The situation is certainly not helped by the fact that both projects are headed up by, shall we say, highly determined men with strong opinions. Also unhelpful, in this regard, is that Victor Yodaiken owns a software patent on the real-time Linux concept. While Mr. Yodaiken has never attempted to exercise this patent against RTAI or any company using it, he also has not plainly said that such action will not happen in the future.

As the stakes get higher, expect the rivalry between these two projects to become louder and more public. Consider, for example, the case of MontaVista Software, which announced the availability of a prototype, fully-preemptable Linux kernel with a claim that it was the first hard real-time Linux system available. The announcement drew a gentle correction from Mr. Yodaiken (MontaVista is a supporter of RTLinux), and a much stronger one from Lineo, an RTAI supporter (via Zentropix, which it acquired). The desire to be the dominant real-time Linux solution will certainly drive more of this sort of claims and counter-claims.

Of course, the quest to be the real-time Linux solution is likely to be as futile as that to be the desktop solution. The same dynamics apply: the competition has caused both groups to push harder to release a quality product while providing choices to real-time programmers. This kind of diversity is a good thing. All we have to do is to keep it friendly and polite...

More on the :CueCat. Last week's LWN discussed the sad story of the :CueCat scanner and the Linux driver that the :CueCat's backer, Digital Convergence, seeks to suppress. That issue lacks any sort of resolution at this point, but there are a few followup items that are worth mentioning:

  • Lineo's :CueCat driver has quietly reappeared on its open source projects page.

  • Those interested in the cuts of the cat should have a look at the Dissecting the :CueCat page. It also includes instructions on how to disable the serial number contained within the device.

For those who are having trouble with the :CueCat's sophisticated "XOR with 'C'" encryption scheme, here's a bit of Perl code (from the "Dissecting" page) that does the trick; it's attributed to Larry Wall:

#!/usr/bin/perl -n 
printf "Serial: %s  Type: %s  Code: %s\n", 
    map { 
        tr/a-zA-Z0-9+-/ -_/; 
        $_ = unpack 'u', chr(32 + length()*3/4) . $_; 
        $_ ^= "C" x length; 
    } /\.([^.]+)/g;

In the end, the :CueCat is a classic example of a broken business model. One can no longer (if, indeed, one ever could) put out a piece of hardware with the expectation that people will not seek to improve its operation with new software. And, in the free software world, only one person need code up improvements before everybody can enjoy the fruit of that labor. Digital Convergence was very generous to give away all of those barcode scanners; but to expect them to be used only with their software was naive in the extreme.

LWN readers have spoken. We had guessed that the popup windows with the software announcements would be unpopular. In fact, not a single reader wrote in favor of them. So they are gone, forevermore. We still don't have the announcements sorted by license, but that will change next week... we promise...

Inside this week's Linux Weekly News:

  • Security: Meet the SuSE Security Team.
  • Kernel: Linus on kernel debuggers; MontaVista's preemptable kernel; coming soon: a patch management system.
  • Distributions: Two new distributions: SmoothWall (firewall/router) and Darkstar (cross-platform standard).
  • Development:Snapper development system, KDE on Debian, mozdev.org.
  • Commerce: Red Hat Center Stage, Intel releases computer vision software for Linux, more open source releases.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

September 14, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Security page.

News and Editorials

Come meet the SuSE Linux Security Team. The SuSE Linux Security Team has added some new members in the past couple of weeks. A series of mail exchanges with SuSE gave us some background on the new members and their planned activity, but also the opportunity to find out more about the entire team. So here, with only a bit of fanfare, is the SuSE Linux Security Team, in chronological order of the date they joined the team.

  • Marc Heuse. About two years ago, Marc became the first member of the SuSE Linux Security Team. He joined SuSE from Deutsche Bank, where he held responsibility for network security. His background includes work in a cryptographic company (SecuDE) and other Unix systems administrations work.

    Mark continues to work part-time as part of the SuSE security team, but about a year and a half ago, he also took a full-time job working for KPMG's Information Risk Management Department. You'll find him there doing e-commerce security reviews of organizations such as SAP's mySAP, more German banks, Internet home banking solutions, and more.

  • Thomas Biege. Thomas is currently studying computer science in Dortmund. He has been interested in Unix and Internet security since 1996. Before he started working for SuSE, about a year and a half ago, increasing the team at that time to two, he "played around" with security in his spare time on his Linux machine, releasing bug reports both to BugTraq and to SuSE. Thomas works only part-time for SuSE. With the rest of his time, he works free-lance security jobs, securing systems, setting up firewall, performing penetration tests, source code reviews and more.

  • Roman Drahtmueller. Roman is the first of two recent hires, taking on a full-time position with the SuSE Security Team. He is the important link between the other part-time security staff and the actual maintainers of various pieces of the code. He answers customer questions on the suse-security@suse.de mailing list, writes and releases the security announcements, keeps the work of the maintainers and security people in sync, maintains security packages and is responsible for SuSE internal security. In the past, Roman studied physics in Freiburg, Germany and Connecticut, USA. He has also worked as a security administrator and as a free-lance Security Consultant, building firewalls and such.

  • Sebastian Krahmer. Sebastian, the second of two recent hires, is a computer-science student from Potsdam, Germany. He is well-known for his bug reports to BugTraq, such as the suidperl+mail bug. He is a part-time member of the SuSE security team, with his work focusing on source code auditing, bug fixes and maintaining security packages.

Marc, Sebastian and Thomas handle the source code auditing, development of security-related bug fixes and customer assistance with security-related problems. They also write security papers and develop new security tools. For their work, they monitor and interact with both public and private security mailing lists.

When a team member finds a bug report or exploit that affects SuSE Linux, they notify the rest of the team and then take over responsibility for working on that particular bug. Once a fix is developed, it is sent on to the SuSE maintainers, for integration with the main development trees, and to Roman, who will write up the security advisory and release it once new RPMs are built. Big patches are also sent back to the author of the program involved. Other Linux vendors are informed via a private mailing list.

In addition to this reactive work, the team works pro-actively to audit source code, write and maintain security tools and papers, look around for new tools and generally improve the overall security of SuSE Linux.

Unix, Linux computers vulnerable to damaging new attacks (News.com). News.com reports on "format string" vulnerabilities. "Fans of Unix and its close relative, Linux, pride themselves on the general security of their operating systems compared with Microsoft Windows, which has been plagued with security problems. But the format string issue highlights the fact that weaknesses can lurk for years within software, and that it's hard to track them down among hundreds of thousands of lines of programming code."

Primed and ready (Upside). Upside looks at the expiration of the RSA patent. "Perhaps hoping to stifle any Mozilla-type celebration within the anti-software patent community, RSA Security (RSAS), official administrators of the RSA public key encryption patent, dumped their crown jewel into the public domain on Wednesday, two weeks ahead of schedule."

Security Reports

Horde/IMP format string vulnerability. A format string vulnerability in the Horde library 1.2 and earlier was reported to BugTraq and is remotely exploitable. The Horde library comes from the Horde Project, which develops a set of Web-based productivity, messaging, and project-management applications, under the GPL. The Horde library itself is released under the LGPL. The format vulnerability in the Horde library has been shown to impact IMP, a PHP-based Internet Messaging Program from the Horde Project. In addition, it may impact other, not-yet-reported, applications that use the Horde library. An upgrade to Horde 1.2.1 and IMP 2.2.1 should fix the problem and is strongly recommended.

This week's updates:

pam_smb remotely-exploitable stack buffer overflow. A remotely-exploitable stack buffer overflow has been reported in the pam_smb pluggable authentication module. This is a severe vulnerability, which could lead to a remote root compromise. All versions of pam_smb prior to 1.1.6 are affected. If you are using Samba and pam_smb, an immediate upgrade is strongly urged.

This week's updates:

Linux-Mandrake security update for mod_perl. Linux-Mandrake has issued a security advisory and updated packages to fix a configuration-based security problem in mod_perl.

XMail remotely exploitable buffer overflow. Davide Libenzi's XMail is an Internet and intranet mail server, currently at release 0.59. Aviram Jenik reported a remotely exploitable buffer overflow in all versions of XMail prior to 0.59. Anyone using this software is strongly urged to upgrade to the latest version.

SuSE security update to Apache. SuSE issued an advisory reporting configuration-based security problems with Apache, as shipped with SuSE 6.0 through SuSE 7.0. The misconfigurations could allow CGI source code to be made visible and allow files on the web-server to be modified, if WebDAV has been installed. These problems appear to be specific to SuSE. SuSE users are strongly urged to upgrade their Apache packages, or correct their configurations, immediately.

@stake, Inc. originated the discovery of these problems. They sent advisories for the Apache and WebDAV problems to BugTraq, after SuSE had a chance to make updated packages available.

Mailman writable variable . The external archiving mechanism in all versions of Mail prior to 1.2beta uses an internal variable %(listname), which can be exploited to run arbitrary code. Check this BugTraq posting from Christopher Lindsey, which includes a patch, or BugTraq ID 1667 for more details. An upgrade to Mailman 1.2beta or later is recommended.

tmpwatch fork bomb denial-of-service. tmpwatch, a binary provided with Red Hat 6.1 for use in cleaning up unused files in temporary directories, is vulnerable to a denial-of-service attack. Nested directories can be used to cause a "fork bomb", where the process recursively generates more and more sub-processes. The problem was reported to Red Hat's BugZilla, but no vendor response has been seen as of yet. Subsequent postings pointed out that a system could be defended from such problems either by setting process resources limits or using stmpclean, another, similar program.

Format string vulnerability in muh. muh is an IRC-bouncing tool. Multiple format string vulnerabilities exist in muh 2.05 (and potentially earlier versions). These can be used to crash muh and possibly to execute arbitrary code as the muh user. Here is the original report from Maxime Henrion, and a followup, including an unofficial patch, from Kris Kennaway. The author recommends disabling logging until the program has been patched. An official patch is not yet available.

YaBB.pl input check vulnerabilities. YaBB (formerly www.yabb.org) is a web-based bulletin board system written in Perl. It has been reported that the YaBB.pl perl script fails to apply security checks to input in several places. As a result, arbitrary files on the system can be read. YaBB 9.11.2000 has been released as a result and should fix these problems. Check BugTraq ID 1668 for more details.

Cgi-bin script vulnerabilities. The following cgi-bin scripts have been reported to contain vulnerabilities:

  • phpPhotoAlbum v0.9.9 and earlier versions, can be used to view any directory or file on the web-server. No vendor update.
  • IBM's Net.Data, the db2www component contains a remotely-exploitable buffer overflow that can be used to execute arbitrary code or crash the web-server.

Commercial products. The following commercial products were reported to contain vulnerabilities:


glibc vulnerabilities. Check last week's Security Summary for more details. The updates below take care of both the ld.so environment variable vulnerability and the locale format string vulnerability. If you do not see an update for your distribution, you may want to check last week's summary for updates that fix at least the ld.so problem.

In addition, for those of you who are reluctant to upgrade your glibc library at this point, this BugTraq posting from Lionel Cons at CERN describes the methods they are using to protect against the recently-reported glibc bugs without upgrading the glibc package. Note that an upgrade is still strongly recommended as your first choice.

This week's updates:

Previous updates:

xpdf symlink race condition. Check the August 31st Security Summary for the original report.

This week's updates:

Previous updates:

screen setuid root vulnerability. A vulnerability in screen 3.9.5 and earlier that can be exploited by a local user to gain root was recently reported last week. Note that screen must be installed setuid root in order to be exploited. Screen 3.9.5 and earlier contain this vulnerability. This week's updates:

Previous updates:
  • Debian (September 7th)
  • Linux-Mandrake (not vulnerable) (September 7th)
  • Red Hat, unofficially reported not vulnerable (September 7th)
  • FreeBSD (September 7th)
  • Conectiva (not vulnerable) (September 7th)
  • NetBSD (September 7th)

mgetty temporary link vulnerability. Check the August 31st Security Summary for details. An upgrade to mgetty 1.2.22 should fix the problem.

This week's updates:

Older updates:

PHP upload vulnerability. Check last week's Security Summary for more details.

This week, the PHP Group provided an official advisory for this problem, with programming recommendations and links to updated PHP packages (4.0.3RC1 and 3.0.17RC1) that contain functionality to help avoid insecure programming practices with PHP.

mopd updates for Linux. Last week, we mentioned a mopd advisory for FreeBSD. If you are using mopd under Linux, you might want to note that the Linux/VAX recommends the use of this mopd-linux port, which is based on the OpenBSD sources and includes the latest security fixes. [Thanks to Andy Phillips].

xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.

This week's updates:

  • Slackware current upgraded to xchat 1.5.7 (see Changelogs)
Older updates:


scanssh. Just announced this week, scanssh is a network scanner that probes for running SSH servers and determines their version numbers. "scanssh supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH servers in a company or the Internet as whole".

Librnet, Library for Raw Networking. To assist those who wish to develop their own `low-level' network-related software, Gigi Sullivan has released the Librnet library. This is the initial release; note the author's comment: "As stated above, Librnet is far from being complete and stable."


September/October security events.
Date Event Location
September 19-21, 2000. New Security Paradigms Workshop 2000 Cork, Ireland.
September 26-28, 2000. CERT Conference 2000 Omaha, Nebraska, USA.
October 2-4, 2000. Third International Workshop on the Recent Advances in Intrusion Detection (RAID 2000) Toulouse, France.
October 4-6, 2000. 6th European Symposium on Research in Computer Security (ESORICS 2000) Toulouse, France.
October 4-6, 2000. Elliptic Curve Cryptography (ECC 2000) University of Essen, Essen, Germany.
October 11, 2000. The Internet Security Forum Edinburgh, Scotland.
October 14-21, 2000. Sans Network Security 2000 Montery, CA, USA.
October 16-19, 2000. 23rd National Information Systems Security Conference Baltimore, MD, USA.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

September 14, 2000

Secure Linux Projects
Bastille Linux
Secure Linux
Secure Linux (Flask)

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Linux Security Audit Project
Security Focus


 Main page
 Linux in the news
 Back page

See also: last week's Kernel page.

Kernel development

The current development kernel release is 2.4.0-test8. This release was announced on September 8. It seems to have the real fix to the the file corruption bug, along with quite a few other updates and fixes. There is also a change to the licensing terms; Linus has put in a note that only the current version of the GPL applies to the source - any future versions that come out will not automatically be applicable.

Ted Ts'o posted a (lengthy) new 2.4 status liston September 13.

The current stable kernel release is 2.2.17. The stable kernel prepatch is up to 2.2.18pre6.

There is a constant call for the inclusion of the NFS patches in 2.2.18. Protesters have begun blocking streets in Swansea. The basic problem is the same as it has been for a while: the standard Linux NFS implementation works poorly, especially if you are trying to set up a big server. The available fixes make things a lot better - to the point that many distributions include them with their kernels.

Alan seems to be softening his position on this one; some recent postings from him have suggested that NFS will go into a stable kernel soon, perhaps even into 2.2.18. It now seems to be a matter of stabilizing some of the other changes and waiting for the time to be right.

A new 2.0.39 prepatch is out; this one is 2.0.39pre8. The pre7 patch was supposed to be the last, but evidently a problem of the "brown paper bag" variety turned up...

The kernel debugger discussion continues, without a whole lot in the way of new and interesting contributions. There are two well entrenched positions, and the debate does not seem to be convincing many people to change their minds.

The pro-debugger debugger case was well stated by Keith Owens, modutils and kdb maintainer, in The case for a standard kernel debugger:

Seven of the twelve architectures in the standard kernel already have built in debuggers. Where is the evidence that these architectures have more bad patches because of the presence of the debuggers?

For those who can't fathom why Linus would be opposed to the inclusion of a kernel debugger, a reading of his explanationmight help to clear things up.

I don't think kernel development should be "easy". I do not condone single-stepping through code to find the bug. I do not think that extra visibility into the system is necessarily a good thing....

I'm a bastard. I have absolutely no clue why people can ever think otherwise. Yet they do. People think I'm a nice guy, and the fact is that I'm a scheming, conniving bastard who doesn't care for any hurt feelings or lost hours of work if it just results in what I consider to be a better system.

One nice thing about Linus, one does not usually have to wonder about just where he stands...

Andrea Arcangeli, meanwhile, has made available the slides from a recent talk he gave on the available kernel debugging tools.

MontaVista's preemptable kernel got some attention this week following the company's press release announcing its availability. It's time for a quick look at what MontaVista has done.

In most Unix systems since the very beginning, kernel code has had a hold on the processor for as long as it wanted. While user code can be preempted at any time, kernel code keeps on running until it explicitly yields control. Kernel developers used to take great advantage of that fact, since they didn't have to worry about surprises from shared access to resources.

Life has gotten harder with the arrival of SMP systems; kernel code must now be prepared to cooperate with more kernel code running on other processors. It is still true, however, that Linux kernel code is not kicked off a processor involuntarily. (OK, there are a few small exceptions, such as interrupt handling).

The non-preemptable kernel brings about problems, however. Sometimes the system must be able to respond very quickly to an event. Many real-time tasks require very quick response, but even dealing with everyday audio and video streams can be a problem if the system reacts too slowly. An operating system which cannot preempt its own kernel code is going to be susceptible to this sort of long latency; if some kernel function gets going on a long task, it may not give up the processor for way too long a time.

What MontaVista has done is to make the kernel code preemptable. The idea is not new; Linus mentioned the possibility back in July. MontaVista just jumped out ahead of the pack by offering an implementation well ahead of the beginning of the 2.5 development series.

MontaVista's kernel is not completely preemptable. Whenever code is handling interrupts, doing bottom half processing (essentially an extension of interrupt processing), or running the scheduler it can not be preempted. More significantly, any code which is holding a spinlock will not be pushed out of the CPU. This restriction makes sense for performance and deadlock reasons, but also greatly limits the preemptability of the kernel. Much of what is done in the kernel happens under the protection of one or more spinlocks.

And, in fact, a set of latency benchmarksperformed on the MontaVista kernel by Benno Senoner show that, while the kernel performs better, it still has significant latencies. In particular, the system can be quite slow to respond when it is performing significant disk activity. Mr. Senoner also tested Ingo Molnar's latest low-latency patch with significantly better results.

So MontaVista's kernel is perhaps not the ultimate hard real-time solution that the company would like. It is a significant bit of work, though, that may well find its way into the 2.5 development series, whenever that may begin. More information on MontaVista's work can be found in this white paper published on LinuxDevices.com.

A proposal for a Linux kernel patch management system was posted this week. The proposal is the work of Linus Torvalds, Ted Ts'o, Daniel Quinlan, and Sebastian Kuzminsky, who is writing the code to implement it. The current system, which can be described as "send patches repeatedly to Linus and/or the subsystem maintainer, then watch new releases to see if it appears" tends not to work very well for a lot of people, so something more organized is called for.

The proposed system is relatively straightforward. A mailing address would be set up to accept patches; a program sitting behind the address will store and log them. Mechanisms can be put into place to track the outstanding patches, perform certain types of automated testing, and more. With luck, the new system will make life easier for both Linus (who is buried in patches) and the kernel developers (who never know what the status of their patches is).

No more IDE backport for 2.2. Andre Hedrick, maintainer of the Linux IDE subsystem, has announced that he will no longer be able to support the 2.2 backport of his IDE work. This port has seen heavy use, and is included by a number of vendors in their standard kernels. It's valuable work, but getting the 2.4 kernel stabilized is more important, for now. The backport will, hopefully, remain available, as Bartlomiej Zolnierki has indicated his willingness to maintain it in the future.

Watch out for ECN. Support for IP Explicit Congestion Notification (ECN) started finding its way into the kernel with 2.4.0-test3, with -test7 providing a full implementation. ECN, as described by RFC2481, allows routers to set a bit inside an IP packet to indicate that the route taken by the packet is experiencing congestion. A compliant implementation should then throttle back its transmission rate in much the same way as it would when packets start getting dropped. The advantage with ECN is that congestion can be indicated without actually dropping packets, leading to fewer retransmissions.

It turns out, however, that some firewalls from a very large network equipment manufacturer do not deal with ECN correctly; in fact, they simply drop packets that attempt to use the ECN feature. The result is that, if you are using ECN, a substantial portion of the Internet (a figure of 8% has been posted) is unreachable. This was not the desired result.

For now, people running development kernels will almost certainly want to turn off CONFIG_INET_ECN to avoid this problem. The longer term solution will probably involve pressure to get the non-compliant systems upgraded, and, perhaps, some mechanism to detect connections that are broken by ECN and automatically turn it off.

Other patches and updates released this week include:

  • David Howells posted a patch which moves a number of the WINE "system calls" into the kernel, with a significant improvement in performance. He is looking for comments on the idea; Linus is not opposed to it.

  • Jens Axboe has released version 0.0.2c of his CD-RW packet writing module.

  • User beancounter patch IV-0010, a process resource accounting mechanism, was posted by Andrey Savochkin.

  • Aki Laukkanen posted an announcement of his "streamfs" filesystem, which is oriented toward audio and video streaming applications.

  • Modutils 2.3.16 has been released by Keith Owens. Given that questions about the new module locations still turn up on linux-kernel, a number of people should probably get this new version.

  • Jeroen Vreeken has posted version 0.7 of his video loopback driver.

  • Juan Quintela has released version 0.0.4 of the "memtest" suite - a set of tools for testing the memory management system.

  • Rik van Riel has announced the latest version of his virtual memory patch; there is also a scheduler patch available.

  • acl-0.6.5, the latest stable release of the access control list patch, is available.

  • usbview 0.9.0, a tool for displaying the topology of a USB bus, is available.

Section Editor: Jonathan Corbet

September 14, 2000

For other kernel news, see:

Other resources:


 Main page
 Linux in the news
 Back page

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

New Distributions

Announcing SmoothWall - a distribution for firewalling. A new distribution, called SmoothWall, has hit the net. SmoothWall is a severely pared-down system whose one role in life is to turn a computer into a dialup router and firewall for homes and small offices. It is available for download now; the ISO image is only 18MB.

Many Linux router/firewall projects already exist, such as Bifrost, Coyote Linux, floppyfw, Gibraltar and ShareTheNet. Many of these are, in turn, derived from the Linux Router Project. SmoothWall chose a different route. As documented in their September newsletter (PDF format), co-founders Lawrence Manning and Richard Morrell examined existing firewall/router projects first. They found either commercial products or products that required Linux administration skills.

Feeling strongly that good security should not have to be purchased, they set goals for their product that included GPL licensing, secure Internet connectivity and problem-free installation, even for non-Linux users. This way, the benefits of Linux and Open Source could spread quickly across PCs without requiring people to first "change the way they work". They took their market research to a local LUG meeting (HantsLUG) for feedback and peer review. In addition, the LUG eventually also provided them with additional developer talent for their project.

SmoothWall started with the 645MB VA Linux distribution and then pared it down to 45MB. The finished product requires a 486 machine with a small disk, something they felt would be fairly easily available, either as discards from companies or for small amounts of money.

They recently started hosting their downloads on Sourceforge and have been extremely pleased with the response they've received in a short period of time (63,000+ hits on their website within 37 hours and over 3000 downloads). Due to request, and available assistance, their installation document and FAQs are now being translated into thirteen different languages. That's an impressive start for such a new project.

Darkstar Linux. A new distribution development project was announced on the linux-kernel and linux-ppc development lists this week. Darkstar Linux plans to build yet another Linux distribution. In this case, their goal is to have a distribution that can be consistent across hardware platforms, ranging in size from PDAs to Mainframes. They have stated that they will not restrict the software that is included to any one license; software released under any license that allows free distribution will be considered for inclusion. Presumably their choices will be somewhat restricted, though, based on the need to only include packages that are supported across hardware platforms. StarOffice, for example, would not fit their stated goals, since it is currently only supported on the Intel platform (though, of course, given the licensing of the not-yet-release StarOffice 6.0 under the GPL, this may change).

The project has just begun and they are "seeking system administrators, kernel developers, and userland contributors to help with the development and maintenance of the system. Knowledge of CVS and make(8) is recommended, but not absolutely required".


Distribution list changes. As you may have noticed last week, we've continued to break our distributions list into multiple categories. The work is not yet done and it is, of necessity, somewhat arbitrary, since we list each distribution only once, even though it might fit in multiple categories. Still, check it out, let us know what you think and, above all else, do let us know if you see any errors introduced as a result.

General-Purpose Distributions

SuSE Linux News. SuSE has announced that a version of its distribution for SPARC processors is now available for download. This expands their platform support to cover Intel, PowerPC, Alpha, Sparc and the IBM S/390.

In addition, SuSE also announced their free test environment for the Intel Itanium 64-bit architecture, along with access to the preliminary version of SuSE 7.0 for IA-64.

Debian Weekly News (Sep 12). This week's Debian Weekly News joyously reports the rapid introduction of KDE packages into Debian. "All of the core of KDE is already present in unstable, and more packages are sure to follow". It is good to see such a swift response to the relicensing of Qt under the GPL.

Other topics this week include potentially new licensing problems with Python 1.6, the possibility of a point release for Debian 2.2 in the near future, to integrate security updates and some packages that didn't make it into the initial release, and, last, a technical discussion on whether or not daemons should automatically be started up if they are installed.

Conectiva Linux 6.0 beta launched. Conectiva has announced the release of the 6.0 beta. It contains an initial release of an RPM-enable apt-get, which should be very interesting. The usual caveats apply: "This is a beta, and quite informal. Do not expect it to work."

Linux-Mandrake 7.2beta2. The latest Linux-Mandrake beta, dubbed ulysses-2, is now available for download in ISO format. [Thanks to Luc Taesch].

Terra Soft simplifies Yellow Dog Linux product line. Terra Soft Solutions has announced the simplification of its Yellow Dog Linux product line. While other distributions are busily adding "corporate" and "enterprise" versions, Terra Soft has decided to combine its "Champion Server" and "Gone Home" into a single product.

Mini/Special Purpose Distributions

Coyote Linux 1.20 Released. The latest, stable version of Coyote Linux, version 1.20, was released on September 6th. Coyote Linux is a single-floppy distribution based on the Linux Router Project. The Coyote website reports, "This version contains full support for Ethernet (DHCP and Static IP), PPPoE, and PPP Dialup connection types."

DragonLinux v2r1. A new release of DragonLinux, v2r1, is now available for download. "DragonLinux v2r1 is based on Slackware v7.1. With our own custom installation we offer a partition-less installation. You no longer need to repartition your hard drive to install Linux. (A bootable MS-DOS or Windows [3.x or 98/98] drive is required.) Linux gurus will note that UMSDOS, as was used in previous versions of DragonLinux, is no longer used."

Section Editor: Liz Coolbaugh

September 14, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 Linux in the news
 Back page

See also: last week's Development page.

Development projects


New site: mozdev.org. A new web site, mozdev.org, is now open for browsing. Mozdev.org is hosted by Alphanumerica and caters to development projects that are based on the Mozilla project.

Visual XUL Environment, ViXEn. A new development project known as ViXEn has been announced. "Vixen is designed to be a Visual XUL IDE similar to Visual Basic, Delphi, Macromedia Dreamweaver and Glade, but for the XPToolkit technology developed by the Mozilla project. The initial goal of Vixen is to allow developers to quickly develop professional quality dialogs and windows without having to write any (or at least much) XUL or CSS by hand. The long term goal is to create a comprehensive development environment for rapid development of XUL applications."


SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for September 11 is out. It covers SEUL/edu's trade show presence, and a number of other issues.


Gnome Games (Show Me Linux). Show Me Linux has an article on Gnome Games. Seventeen different games are described in the article.


Wine 20000909 released. A new version of wine, version 20000909 has been announced. This release includes improved Win32 dll loading, more DBCS codepage support, and lots of bugfixes.

Wine Weekly News for September 11, 2000. The September 11 version of the Wine Weekly News is out. The 20000909 release of wine is discussed and there is an interview with Alexandre Julliard concerning the future of Wine.

Network Management

OpenNMS Update for September 12. Here is the OpenNMS Update for September 12 with the latest news from the Open Network Management Software project.

Office Applications

AbiWord Weekly News (Sep 6). The AbiWord Weekly News returns to its regularly scheduled slot with this week's issue. Topics include the Tabs Dialog, a website outage, the imminent release of 0.7.11 and a discussion about AbiWord's development methodology.

LyX Development News. The LyX Development News for September 13 is out. It includes a set of photos from the fourth International LyX Developers Meeting.

On the Desktop

Upcoming release of Snapper development system. Gnome.org has published an article on the upcoming release of the Snapper Development System. " The Snapper Development System enables a Linux GTK+/Gnome application to be "beamed" to a user desktop or web appliance running Linux. Snapper works by embedding the application in an XML file, which can reside in a relational database or on a file or web server, and since the application is GTK+/Gnome based the user will enjoy the "look and feel", and speed of a native Linux program. By using this foundation the possibilities are endless."

An Evangelist for Free Software (Time). Time has added Miguel de Icaza to it's list of 100 most influential innovators for the 21st centry. "In an idealistic corner of the computer world, there is a breed of benign engineers called open-source software programmers. They believe in sharing their work rather than selling it."

Interview of Miguel de Icaza and Nat Friedman (Linux Planet). Linux Planet's Dennis E. Powell has interviewed Miguel de Icaza and Nat Friedman. " 'This isn't just about free software,' he (Nat Friedman) says. 'It's about the Internet and communications. Certain types of businesses revolved around communicating data, for instance selling music, selling software, weather services, things like this. Now that we have this communications medium which is becoming fairly ubiquitous, and which allows you to transfer information from one place to another very quickly and at relatively low cost, things are changing--certain businesses are just changing. So people have to come up with new ways of making money. Certain industries will die, and certain companies will not be able to keep up and will also die as a result.'"

GNOME FAQs posted. Version 1.0 of the GNOME Foundation FAQ has been posted. If you have questions about the newly-created Foundation, that's the first place to look. The latest general GNOME FAQ by Telsa Gwynne is also available.

KDE packages are pouring into Debian (Debian Weekly News). The Debian Weekly News talks about getting KDE running under Debian as a result of recent KDE licensing changes. "All of the core of KDE is already present in unstable, and more packages are sure to follow."

The People Behind KDE: Matthias Ettrich. KDE.org's Christine Bastian has published the first in a series of profiles and interviews on KDE developers. The first profile is on Matthias Ettrich , founder of KDE.


Linux Med News' top articles. Linux Med News celebrates the publication of its one hundredth article and has published a list of the best articles posted to the site in the last year.

Web-site Development

BRL 2.1.16. Version 2.1.16 of BRL, the Beautiful Report Language has been released. BRL is a scheme based language for server side web database applications.

Section Editor: Forrest Cook

September 14, 2000

Project Links
High Availability

More Information



Programming Languages


Java Push (IBM). IBM's Developer Works has run this article by Shawn Bedard on using code written in Java to push Java applets and applications out of a web server. Source code is included with the article.


New book: Basic Lisp Techniques. A new book, Basic Lisp Techniques by David J. Cooper Jr. has been made available for download in pdf format.


Online interview of Nathan Torkington (IT World). IT World is running an online interview of Perl 6 project manager Nathan Torkington from September 13 through 15. If you have any burning Perl 6 questions, this is a good place to take them.

Perl 6: New From the Ground Up (SD Times). SD Times has run an article that discusses work being done for Perl 6. "While it's been reported that Perl 6 would be rewritten in C++ from its original C, Sugalski said, 'It's far too early to tell in a project this size to be talking about code. It may be C or it may be C++.'"


This week's Python-URL. Here is Dr. Dobb's Python-URL for September 12 with the latest in Python development news.

FPIG: FORTRAN to Python Interface Generator Release 2. A new release of FPIG, the FORTRAN to Python Interface Generator has been released. FPIG is a command line tool that allows FORTRAN code to be called from Python. FPIG is licensed under the LGPL license.

XML Matters (IBM). IBM's developerWorks has run two parts of an ongoing series by David Mertz on integrating XML and Python. Part One introduces XML, Python, and xml_pickle. Part two discusses the use of xml_objectify for making Python objects out of an XML document.

New Python 2.0 documentation packages. A new release of the documentation packages for the Python 2.0 beta 1 release has been announced.


This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for September 11. Check it out for the latest happenings in the Tcl/Tk world.

Tcl MoveController. A TCL Movie Controller was announced this week. The program is intended to be a: "Tcl-only-QuickTime-look-alike-megawidget-movie-controller".

Autodoc 2.4 released. Autodoc version 2.4 is now available. Autodoc is "an application to convert specially formatted documentation embedded into tcl code into a cross-referenced set of HTML pages describing this code."

Section Editor: Forrest Cook

Language Links
IBM Java Zone
Perl News
Daily Python-URL
Tcl Developer Xchange

 Main page
 Linux in the news
 Back page

See also: last week's Commerce page.

Linux and Business

Red Hat Center and 'Center Stage'. The Red Hat Center is a non-profit, private foundation endowed by Bob Young and Marc Ewing, the founders of Red Hat, Inc. The purpose of the Center is to support, promote, and engage in a wide range of initiatives to advance the principles of transparent technology. What is transparent technology? "Transparent technology is the general term Red Hat Center uses to describe any type of technology where the public is permitted to see, understand, and possibly improve on what's being developed." This would naturally include Open Source or Free Software. In order to increase public awareness of open source, the Center has launched a series of public forums at Center Stage. Bob Young kicked off Center Stage last Tuesday, September 12. Look for the following people to host Center Stage in the coming months: Paul Jones, Founder and Director of MetaLab ; Tim O'Reilly, Founder and President of O'Reilly & Associates ; and Brian Behlendorf, Founder and CTO of Collab.Net.

Intel releases computer vision software for Linux. Intel Corporation has announced the initial release of its "Open Source Computer Vision Library." The library provides a wide range of functions, including gesture recognition, object-tracking, face recognition and camera calibration. Its written in C and released under this open source license and can be downloaded at http://www.intel.com/research/mrl/research/cvlib/.

The Open Source Computer Vision Library was first announced at the IEEE Computer Society Conference on Computer Vision and Pattern Recognition in June of this year. It has had two alpha releases prior to this open source release.

More open source releases. Network ICE has jumped into a growth market with this announcement for "Altivore," an open source email surveillance system. Now we all can watch how Big Brother watches us...

Cadence has announced that its "TestBuilder" testbench library, used by "designers, IP developers, and EDA vendors to develop interoperable testbenches for chip or system design verification," will be released under an open source license. A quick glance at the license text shows it to be roughly GPLish in form; it does require a name change if any modifications are made, though.

News from Red Hat. Red Hat has announced the availability of a new set of training courses covering topics like embedded systems, IA-64 engineering, Apache, and secure web server administration.

Red Hat has announced the completion of its acquisition of C2Net.

New at VA Linux. VA Linux Systems has gotten into the network-attached storage market with this announcement of its "9205 NAS" system.

VA's Open Source Development Network has announced the launch of its NewsForge site.

Super Computing. IBM has announced the opening of a "Linux Supercluster Briefing Center" at the University of New Mexico. This center will " assist customers in planning their Linux and Linux clusters plans with IBM, and allow them to benchmark and 'test-drive' key applications"

Terra Soft has announced the availability of a new, eight-node PowerPC cluster product, running Black Lab Linux.

Sandia National Laboratory has put out this announcement on the pending expansion of its "Antartica" Linux cluster. It's growing from "only" 600 nodes to 1600; they expect it to take the 20th spot on the list of the world's fastest computers.

MontaVista announces preemptable kernel. MontaVista Software has announced the availability of its preemptable version of the Linux kernel.

Nokia's 'Media Terminal'. Nokia has announced the (future) availability of its Linux-based Media Terminal, "a powerful infotainment center for the home." There is also a separate press release emphasizing the open source aspects of the system. "Nokia's commitment to the open source community is strong and Nokia therefore intends to make source code available in order to maximize freedom to create applications for the Media Terminal."

Acrylis Inc., launches WhatifLinux Personal Edition. A company called Acrylis, Inc., has announced the availability of "WhatifLinux Personal Edition," which appears to be a software update service. "WhatifLinux Personal Edition provides users with immediate access to software updates, security alerts, patches and the latest open source software information right from their Web browser."

Pogolinux offers free Linux CDs. Pogolinux has posted an offer of a free Linux CD, sent through the mail, to anyone who asks. It even comes with a month of email support. They don't say so, but the design of the entry form suggests they are only prepared to ship within the U.S.

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • Akopia (RESTON, Va.) announced the launch of Akopia Interchange, a widely distributed open-source (GPL) electronic commerce application.

  • BioAPI Consortium (GAITHERSBURG, Md.) announced the public release of Version 1.0 Beta of the BioAPI Reference Implementation.

  • CYRANO (PARIS and NEWBURYPORT, Mass.) disclosed its plans to embrace the Open Source model of development. CYRANO plans to post the source code for OpenSTA (Open System Testing Architecture) beginning with the 0.9.0 developer release, expected by the end of September 2000. OpenSTA will be licensed under the GNU GPL.

  • eTantrum (NEW YORK) released its non-commercial, open source version of its music identification technology, the Music ID Service, licensed under the GNU General Public License agreement.

  • Reyes Infografica (MADRID, Spain) launched ReyesWorks.com, a middleware visual platform.

Commercial Products for Linux

  • Archaeopteryx Software, Inc (Brookline, MA) announced that it has released the first beta version of its Wing IDE product, an integrated development environment for the Python programming language.

  • Dialtone Internet, Inc. (FT. LAUDERDALE, Fla.) a provider of Linux dedicated hosting and colocation solutions, announced "Wholesale 4 Success", a program offering prospective resellers dedicated servers at wholesale price levels.

  • Essential Communications (ALBUQUERQUE, N.M.) announced the availability of a High Performance Parallel Interface (HIPPI) networking package for Linux users.

  • LinuxForce.net (Philadelphia, PA) announced its newest product, AdminForce Remote, system administration and monitoring tool.

  • Loki Software has announced an agreement to port the game Kohan: Immortal Sovereigns to Linux. It will be released "near-simultaneously" with the Windows version in the first quarter of 2001.

  • PolyServe (BERKELEY, CA.) announced the immediate availability of LocalCluster, PolyServe's software-only solution offering high availability (HA) and load balancing for web, file, email, and TCP/IP servers.

  • SteelEye Technology Inc. (SAN JOSE, Calif.) announced the release of a High Availability (HA) Database Server Solution for Oracle 8i. Combined with Oracle 8i, SteelEye's LifeKeeper for Linux clustering software provides enterprises with a solution for ensuring high availability of business-critical applications running on Oracle 8i database servers.

Products Using Linux

  • Blue Wave Systems Inc. (CARROLLTON, Texas) will demonstrate its ComStruct high density Voice and Fax over IP solution with a Linux-based system host single board computer.

  • Metro Link Inc. (FORT LAUDERDALE, Fla.) announced its new MATRIX technology for use with UPnP.

  • Myplay, inc. (PASADENA, Calif.) has a Myplay interface to an MP3 car stereo that contains a 25GB hard drive, Ethernet connection, and runs Linux.

  • NEC has announced its "Express5800/120Rc-2" server, which can be had with (Red Hat) Linux preinstalled.

  • Visual Circuits (MINNEAPOLIS) introduced Firefly, a Linux-based, compact, multichannel video player.

  • ZNYX Networks (ATLANTA) announced the new OpenArchitect CompactPCI switch, which uses Linux for switch management.

Products with Linux Versions

  • Computer Associates International, Inc. (ISLANDIA, N.Y.) announced the general availability of Unicenter TNG Software Delivery Option (SDO) 3.0, an eBusiness solution that accelerates and automates the delivery of software and other digital content to resources across the enterprise.

  • Dirig Software, Inc. and Bradmark Technologies, Inc. (PHILADEPHIA) announced NORAD, a complete enterprise management solution combining the systems and applications management functionality of Proctor from Dirig and the database management capabilities of Bradmark's DBGeneral.

  • Dirig Software, Inc. (NASHUA, N.H.) announced full integration of its RelyENT enterprise applications management solution into Aprisma Management Technologies' SPECTRUM v6.0 network management product.

  • Evoke Communications (LOUISVILLE, Colo.) announced the availability of Evoke Collaboration 4.2, a real-time, online presentation service.

  • Gordano Ltd. (NEW YORK) announced the immediate availability of NTMail 6.0, a major upgrade to the company's Internet mail server solution.

  • Mail.com, Inc. (NEW YORK) announced that it has partnered with Net400 to provide its IP Fax services to IBM AS/400 customers.

  • Piranha, Inc. (FREEHOLD, N.J.) announced availability of Piranha Net, a compression software solution.

  • Progress Software Corporation (BEDFORD, Mass.) announced Progress SonicMQ 3.0, the next generation of its E-Business Messaging infrastructure.

  • Rackspace Managed Hosting (SAN ANTONIO) announced the launch of its new security offerings and managed security services. These dedicated security solutions can be applied to single servers or server clusters that run on Linux, NT, Win2000, Solaris and other UNIX platforms.

  • Symantec Corp. (CUPERTINO, Calif.) announced Norton Ghost 2001, a utility designed for PC and small business users for system upgrading, backup, and recovery. New with this version is support for the Linux EXT2 file system.

  • UniBar, Inc. (ROCHESTER HILLS, Mich.) demonstrated e-BARCODE 2000, that enables users to print the General Motors 1724 label series from a web application via a browser.

  • Viewgraphics, Inc. (IBC, AMSTERDAM, Netherlands) announced the availability of DTV:Net 2.0, the newest version of the company's solution for streaming MPEG-2 over industry-standard Ethernet networks.

  • Vsoft Ltd. (AMSTERDAM, The Netherlands) announced the launch of VideoClick@Home, a standards- based, open architecture software for the delivery of video services to homes over broadband IP infrastructure.

  • Young Minds, Inc. (REDLANDS, Calif.) has begun shipping PowerCD Studio, a new version of its controller-based CD-Recording (CD-R) solution.

Java Products

  • Ganjo (STATEN ISLAND, N.Y.) announced the release of Ganjo Application Server Version 2.0, a tag-based, cross-platform web application server written entirely in Java. The company is also actively considering releasing the product as an open-source project.

Support and Service

  • BeOpen.com (SANTA CLARA, Calif.) announced today the launch of its PythonLabs Professional Services Program.

Books and Training

  • Linux Journal (SEATTLE, WA) announced the publication of Embedded Linux Journal, a special supplement to be released in October 2000.

  • O'Reilly (Sebastopol, CA) just released the second edition of "Database Programming with JDBC and Java", which describes the Java interfaces that make portable object-oriented access to relational databases possible.

  • OpenAvenue (ATLANTA) announced that they have joined a group of sponsors to promote and host the CollabDev Seminars, examining the issues and advantages for open standards and the collaborative development process.

  • SGI has announced the availability of a set of Internet-based training courses aimed at LPI certification.


  • AudioCodes Limited (ATLANTA) Performance Technologies, Inc. and Motorola Computer Group recently demonstrated an integrated, carrier-grade Signaling System 7/Internet protocol (SS7/IP) media gateway which uses Motorola's high-availability, Linux-based, CompactPCI chassis.

  • Centura Software Corp. (REDWOOD SHORES, Calif.) announced its participation in EMBLIX, the Japan Embedded Linux Consortium. EMBLIX was announced in the July 27, 2000 edition of LWN.

  • Merlin Software Technologies International Inc. (BURNABY, British Columbia) announced that it has become a VA Linux Solutions Partner.

  • MIICRO, Inc. (CHICAGO) has agreed to purchase a parallel computing cluster based on PowerPC microprocessors from Terra Soft Solutions, Inc., Loveland, CO. MIICRO will use this Linux-based, high-speed computing environment to advance the development of its neuroinformatics services.

  • NETmachines, Inc. (PLEASANTON, Calif.) announced that it has signed an agreement with Marketlink Technologies, to outsource sales and marketing of its Linux-based server appliance solutions.

  • SteelEye Technology Inc. (MOUNTAIN View, Calif.) announced a new systems integrator alliance with SoftNet Solutions. The partnership enables SoftNet Solutions to incorporate SteelEye's high availability clustering software for Linux with SoftNet's enterprise systems integration and consulting services.

  • WireX (PORTLAND, Ore.) aims to move its Immunix (a Linux distribution) family of products and technologies to Taiwan and Mainland China through a partnership with TSC.

Investments and Acquisitions

  • Cirpack (SURESNES, France) announced its acquisition of Netbricks (formerly Omnitel). This acquisition means that Cirpack can integrate the technologies mastered by Netbricks into its own product, such as the Cirpack Call Agent and Gateway which are open platforms based on Compact-PCI standards that run under Linux.

  • Guru.com (SAN FRANCISCO) announced that it has secured $44 million in its Series C round of financing. Red Hat was one of the investors. It seems that Red Hat and Guru.com plan to build a project marketplace for the open source Linux community.

  • NewMonics, Inc. (LISLE, Ill.) announced that it has secured $8 million in its second round of venture capital led by DynaFund Ventures. NewMonics is a telecommunications company using real-time Java and embedded Linux technology.

  • Quicknet Technologies, Inc. (ATLANTA) announced the purchase of Australia-based Equivalence Pty. Ltd., the creators of the OpenH323 project.

  • Wasabi Systems, which offers support and services around NetBSD, has announced its first round of venture financing.

Financial Results

  • eOn Communications Corporation (MEMPHIS, Tenn.) reported fourth quarter revenues of $10,772,000 compared to revenues of $15,201,000 for the fourth quarter of fiscal 1999.


  • EBIZ Enterprises Inc. (SCOTTSDALE, Ariz.) announced that Tim Jones is joining the company as executive vice president of TheLinuxLab.com, a division of EBIZ.

  • Linbox (Paris) announced the appointment of Jean-Pierre Laisné as its president and chief executive officer. Here's the same announcement in French.

  • The Santa Cruz Operation, Inc. (SANTA CRUZ, Calif.) (SCO) announced that it has reduced its worldwide workforce by 19% or approximately 190 employees.

Linux At Work

  • BroadLogic Network Technologies (AMSTERDAM, Netherlands, IBC) announced that TV FILES has chosen BroadLogic's Satellite Express PCI+ card for its horse racing coverage system for SNAI. TV FILES chose BroadLogic's receiver boards, partly because of its support for the Linux operating system.

  • Linux NetworX, Inc. (SANDY, Utah) announced that Rockwell Science Center will be using Linux NetworX clustering technology for simulating aerodynamic fluid flow in the analysis of aerospace systems.

  • TurboLinux has announced that TurboLinux Server is being used by First Credit Bank of Los Angeles as "the underlying operating system of its enterprise infrastructure."


  • The island of Taiwan is gearing up to support Linux users worldwide.

  • TheLinuxStore.com (SCOTTSDALE, Ariz.) announced it has doubled its sales force over the past three months and plans to continue expansion through the end of the year as it fills the growing demand for Linux products.

Section Editor: Rebecca Sobol.

September 14, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Linux in the news page.

Recommended Reading

How Big Blue fell for Linux (Salon). Andrew Leonard has posted the next installment of his Free Software Project book on Salon; this piece looks at how IBM and Linux came together. "The story of how IBM made friends with free software hackers, from the early days when it dipped its toes into the Apache Project to its current headfirst plunge into Linux, is not the story of a carefully executed strategy. It is instead a tale of contingency, luck, a few committed engineers and a few canny executives. Its twists and turns hinge on the results of combating agendas, political maneuvering and software ambition. At its most mundane, it is a story that hints at how the battle for dominance over new software markets will be waged over the next few years." (Thanks to Paul Hewitt).

A bug in the legal code? (Salon). Salon talks with David Touretzky, the professor who gave the first amendment testimony in the New York DVD case. "What was the judge thinking? If he really wants to prevent people from telling others where to get the code, he should have made it illegal to publish the URL in any form. But that would make the fascist nature of his ruling even more painfully obvious. Instead he's opted for a fig leaf, although I can't imagine how he could do this without embarrassment." Go read it.

Patents and Licenses

Patents vs. Antipatents (Newsforge). Newsforge has printed an excellent article on patent issues and patent reform. "'The problem with our patent system is not clueless examiners,' Hargrave and Malamud write. 'The problem is a classic management bureaucracy coupled with an environment changing at the pace of Internet time. The current system is no surprise. The Congress has given the Patent Office a charge to make money ... Patent examiners are on quotas to produce more patents, not better patents.'" [Thanks to Karl Vogel].

Open source licensing battle comes to an end (Upside). Upside takes a look at recent signs of the power of the GPL, including Trolltech and Sun's recent decisions. "On Monday, both Eng and KDE project leader Matthias Ettrich cited the recent OpenOffice announcement as one of many influences on their decision to throw in the towel and add a GPL-licensed version of Qt to the company software lineup."


A Sneak Peek at Nautilus from Eazel (LinuxPlanet). LinuxPlanet has put up this look at the latest Nautilus release; it also gets into Eazel and its relations with the GNOME project. "Commenting on the project's stability is pointless at this stage in the process: the Nautilus team put their efforts up not to provide a day-to-day file manager, but to give the community at large a chance to see what their efforts are leading up to. Our experience over several days ranged from being unable to keep it running for more than a minute to leaving it up and being able to look into various features for several hours."

Open source: KDE hits back at GNOME (ZDNet). ZDNet reports on rumors that the KDE project may be about to set up a "foundation" of its own. "But sources close to the KDE Project say the group is now leaning toward establishing an alternative to the GNOME Foundation, tentatively called the KDE League. Among the expected backers, sources said, are Linux distributors including Caldera Systems, Mandrake and SuSE."

MontaVista unveils fully preemptable Linux kernel prototype (LinuxDevices.com). LinuxDevices.com reports on MontaVista's new preemptable Linux kernel. "The prototype kernel modification is currently showing better than a 10-fold improvement in worst-case kernel responsiveness, but is expected to reach gains of 100-fold or better, by the time the technology is incorporated into MontaVista's Hard Hat Linux distribution in the January 2001 timeframe."

Embedded Linux companies square off in PR shoot-out (Upside). Upside looks at MontaVista's preemptable kernel announcement. "From a strategic perspective, last week's MontaVista announcement served two purposes: first, it win over real-time application developers to the concept of working on the actual Linux kernel rather than an RTAI-derived emulation; and second, to lobby the inner circle of kernel developers such as Linux creator Linus Torvalds on the importance of including further real-time development in the upcoming 2.5 and 2.6 versions of the kernel."

Linux Getting Its Game Face On (Wired News). Wired News looks at Loki Software and its role in porting games to Linux. "But although its games have been highly acclaimed among Linux aficionados for being virtually indistinguishable from the Windows originals, Loki has made a far greater contribution to the gaming industry: In the process of converting Windows games for Linux play, the company has created a number of open-source development tools billed as an alternative to DirectX, Microsoft's set of proprietary, Windows-only game development libraries."

Investor AM: Red Hat in the spotlight (ZDNet). ZDNet looks forward to Red Hat's earnings announcement, due Thursday. "Aside from the usual top-line and bottom-line tallies, analysts are looking for fissures that could indicate problems ahead. Analysts are projecting a loss of 2 cents a share on sales of about $18.5 million to $19 million. And, oh by the way, a new CFO would be nice too."

VA Linux plunges into booming storage market (News.com). News.com covers VA's new network-attached storage system. "The product offers the ability to send email alerts to VA and customer support personnel, the company said. It also comes with Linux's new ext3 'journaling' file systems, a technology that logs file changes and therefore enables a server to recover from a crash more quickly."

Details of Nokia's MediaScreen (LinuxDevices.com). Here's a closer look into the details of Nokia's Linux-based MediaScreen. "The Mediascreen runs an embedded Linux operating system, and makes use of a unique Nokia software device, called navibars, to make it easier for viewers to locate desired programs and services."

The AIX and pains of 64-bit computing (ZDNet). This ZDNet column looks at IBM, Caldera, and Monterey. "Strong words, but ironically the commandeering of Monterey by IBM may suit Caldera's interests better than those of the pre-Caldera SCO. Having IBM maintain AIX L at the very highest end -- in the thin air of 32-CPU systems and huge installations, which Linux won't be ready to handle for a while -- leaves Caldera to concentrate on the low end where Linux and SCO 32-bit operating systems are jostling for the same mind share."

Commentary: After SCO deal, Caldera needs a Linux-Unix vision (News.com). News.com offers some advice to Caldera on how to make the SCO deal work. "To keep SCO customers from drifting to Windows 2000, Caldera must deliver a coherent road map for SCO's OpenServer and Caldera's OpenLinux and must clarify the data center UnixWare strategy for Intel's IA-64 processors (from SCO's work on Project Monterey)."

SCO slashes its work force by 19 percent (ZDNet). ZDNet reports on the SCO job cuts. "Caldera Systems CEO Ransom Love said that the bulk of the cuts would come from the SCO side, but that a few Caldera people would be cut, as well. 'This is clearly a SCO layoff, not a Caldera layoff,' Love said. 'We are simply positioning the (combined) company to be profitable before any other Linux company is.'"


Close Enough for Government Work? (LinuxNews.com). LinuxNews.com looks at open source and security especially in regard to use by the U.S. government. "Linux is up against some stern arguments against its use in secure government computing--arguments open source security experts are happily blowing apart."

Two SuSE Linux Apache Vulnerabilities Identified (ZDNet). ZDNet reports on two security problems with SuSE's version of Apache - both are difficulties with the default configuration. "One vulnerability allows a malicious user to read passwords and discern network structure while the other allows a malicious user to create or browse file directories on a Web server."

Linux VCs Coming Back? (Andover.Net). Here's an Andover.Net column on how venture capitalists are once again beginning to fund Linux businesses. "Forrester Research, among others, thinks Linux could be IBM's chance to retake its old position as the 'Infrastructure Gorilla' of the computing industry. And if IBM is betting much of its future on Linux, that's good enough for many in the venture community." (Thanks to César A. K. Grossmann).

Linux great and small (ZDNet). ZDNet UK looks at Beowulf clusters. "Beowulf has a way to go before it delivers cheap, high-performance, high-security computing. Not all computing operations are amenable to being spread across a lot of independent systems, and in any case the application software needs to be written specifically for clustering. But some traditional applications can use Beowulf to maximise online availability -- servers and some database systems, for instance -- so there's an attraction for ordinary business users already."

Supporting WAP in Linux (LinuxDevices.com). LinuxDevices.com has put up a white paper on supporting the Wireless Application Protocol in Linux. "For many in the Linux community, WAP -- the Wireless Application Protocol -- leaves a bittersweet taste because of its semi-open nature. The WAP forum is an elitist club for telecommunication giants that requires $27,500 up front and does not promote open discussion about its specifications."

Two Rivals, One Destination (ZDNet). ZDNet compares IBM's and Sun's strategies for Linux. "Most recently, IBM CEO Lou Gerstner and Sun CEO Scott McNealy have hitched a ride with the Linux parade. It's sure to be an interesting trip. Both companies hope to maintain certain proprietary ad vantages, while opening up their respective Unixes just enough to support mainstream Linux tools and user interfaces." The article spends most of its space on Solaris and AIX, though.

MS on Linux: Thanks, but no thanks (ZDNet). ZDNet talks with Microsoft product manager Doug Miller about Linux. "Microsoft knows where it doesn't want to go, Miller says, and that's headlong into the open-source camp. Microsoft wants to stay a for-profit software company that charges for products and services. And it has no use for open-source development models, he says, claiming that Microsoft's existing peer-review and beta-testing processes give Microsoft better quality control than open source can provide."

Linux can't compete (Australian IT). Here's a report in Australian IT on Bill Gates' latest comments on Linux. "'The myths of Linux just don't add up,' he said. 'It's not free unless you don't place value on the costly development and support resources it takes to make it work.'"

See also: this response from Paul Ferris in LinuxToday. "Mr Ferris said he remained confident that the marketplace would be competitive for years to come. He also said that Linux would surprise even the most clueless of market analysts and journalists by gaining a sizeable desktop share in the next couple of years." (Thanks to Gary Shears).

Is Microsoft Going Down The Tubes? (ZDNet). Here's a ZDNet column suggesting that Microsoft will soon be "just another company," with Linux getting much of the credit for bringing about the change. "The usual response to that by Microsoft fans is, 'But there aren't any applications!' Give me a break. You've got Sun's Star Office and VistaSource's Applixware for office work, Netscape Navigator for a browser and mail readers that aren't susceptible to Outlook Transmitted Diseases (OTD) like Melissa. That argument hasn't held water for years."


September LinuxFocus available. The September issue of LinuxFocus is now available. It includes articles on REBOL, MagicPoint, Bastille Linux, and more.

LinuxDevices.com Embedded Linux Weekly Newsletter. Here's the LinuxDevices.com Embedded Linux Weekly Newsletter for September 7. As usual, it contains a comprehensive summary of events and coverage in the embedded Linux arena.

Using Postfix (BSD Today). BSD Today has put up this tutorial article on installing Postfix, an alternative mail system. "Tired of the sendmail's cryptic configuration, or do you find yourself complaining about its speed? Well then, postfix could be the MTA for you."

Gnome Games (ShowMeLinux). ShowMeLinux rates several GNOME games. "Gataxx: D+. Um. is this Othello? It looks like Othello, it plays like it. Or is Gataxx some other Shakespeare play I didn't read in high school. No help, no instructions. It's just black and white pieces, it must be easy."


Review: Think Unix (Danny Yee's Book Reviews). Danny Yee reviews Jon Lasser's Think Unix. "Rather than trying to be a detailed guide to a particular system, a comprehensive reference work, or a source of answers to particular problems, Lasser tries to teach the fundamental concepts of Unix and the Unix way of thinking. He also captures something of the way in which Unix is a way of life and a culture, not just an operating system, with a good leavening of humour, history, and hackish lore."


Software That's Free For All (MSNBC). MSNBC is running an interview with Miguel de Icaza, originally from Newsweek. "We at Gnome are developing features that we want to see in the next generation, but often people want features other than the ones we planned for. By accepting contributions from users, we've been able to make software that has a lot more features for the desktop. We have some of the most exciting software out there."

Section Editor: Rebecca Sobol

September 14, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Announcements page.



LPI news. Here's the Linux Professional Institute newsletter for September 6, 2000.

Also LPI announced the Polish language version of the LPI web site.


Second Annual Linux Storage Management Workshop. The Second Annual Linux Storage Management Workshop will be held October 15 to 19 in Miami, Florida. The list of speakers has been posted; it contains many prominent names. If you are interested in Linux and data storage, this looks like the place to be.

September/October events.
Date Event Location
September 20 - September 22, 2000. 7th International Linux Kongress Erlangen, Germany.
September 24 - September 28, 2000. Embedded Systems Conference 2000 San Jose, CA.
September 25 - September 28, 2000. LINUX Business Expo Atlanta, Georgia.
September 27 - September 30, 2000. Linux Asia 2000 - email: Zaid Karim Shaari Putra World Trade Centre, Kuala Lumpur.
October 10 - October 14, 2000. Atlanta Linux Showcase Cobb Galleria, Atlanta, Georgia.
October 16 - October 18, 2000. Wireless Developer Conference Santa Clara Conference Center, Santa Clara, CA.
October 23 - October 25, 2000. Apachecon Europe Olympia Centre, London, England.
October 27, 2000. Embedded Linux Expo & Conference Wyndham Westborough Hotel, Westborough, MA.
October 31, 2000. Linux Expo Canada Metro Toronto Convention Center, Toronto, Ontario

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Linuxfool.com passes on the torch to IQLinux.com. Linuxfool.com, a question and answer website, has handed over their operation to IQLinux.com.

User Group News

Skĺne Sjćlland Linux User Group. SSLUG presents a new and updated version of "The Big Danish Word List", which can be used by spell checking programs. "The Big Danish Word List" is issued under the General Public License (GPL). SSLUG is a joint Swedish and Danish Linux User Group.

LUG Events: September 14 - September 28, 2000.
Date Event Location
September 14, 2000. Boulder Linux Users Group Meeting NIST Radio Building, Boulder, CO
September 16, 2000. Mty GUL 3rd Linux Installfest Monterrey N.L, Mexico
September 17, 2000. Omaha Linux User Group Meeting Omaha, Nebraska.
September 17, 2000. Beachside Linux User Group Meeting Conway, SC.
September 18, 2000. Linux Users' Group of Davis Meeting Z-World, Davis, CA
September 19, 2000. Free Software & GNU/Linux Club at Utah State University Forum Logan, Utah
September 19, 2000. Bay Area Linux Users Group Meeting Four Seas Restaurant, Chinatown, San Francisco, CA
September 20, 2000. Linux User Group of Groningen Meeting Groningen, Netherlands
September 24, 2000. Perth Linux Users Group InstallFest Canning College, Perth, Western Australia.
September 27, 2000. Central Ohio Linux User Group Meeting Columbus, Ohio
September 27, 2000. Linux User Group of Assen Meeting Assen, Netherlands

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

September 14, 2000



Software Announcements

Software announcements sorted by license will be available next week.


· Console ·
apachedb0.12 Logs Apache transfers into a mysql database.
Aphid0.10a A script for quickly compiling and installing the Apache Web server with mod_ssl
Ari's Yahoo Client1.4.1 A text-based Yahoo! Messenger client.
Arping0.9 ARP level ping utility.
AutoInstaller0.07e A program installer/uninstaller using a plug-in system.
Automated Password Generator1.1.4 Set of tools for password generation.
Bastille Linux1.1.1.pre3 A comprehensive hardening program for Redhat Linux 6.0.
Beeyond BeeHive1.0beta14 A secure communication and transaction server.
BLiNDCrypt0.1 A fast encryption system
BSDPak0.11 BSD package management utility.
burn_baby_burn0.9.0 A set of utilities for burning to CD-R and CD-RW media.
capsel1.5.6 A Linux kernel 2.2.x security module.
catscan1.1 Script to decode Digital Convergence CueCat barcode scanner output.
cdrecord1.10a04 Allows the creation of both audio and data CDs
cgames2.0 Games for the Linux console
Coyote Linux1.20 A single-floppy distribution for sharing an Internet connection.
CueCat Driver0.1.2 Linux kernel driver for the :Cue:Cat barcode reader.
Cursed Chatalpha-0.1 Curses Based Yahoo chat client
DACT0.4.15 Dynamic Compression Routines
Discus0.2.2 Print a report of disk space usage more prettily than df.
DJ In A Box0.7 Re-encoding MP3 streaming server.
dkeeper0.22 A useful utility to keep info about your data media.
Drone2.90.0 System for automatically distributing batch-mode simulations over the Internet
eclipse3.8 An astronomical infrared data-processing engine.
Eggdrop Commander0.2 Eggdrop IRC Bot Configuration file generator.
Ethernet Frame Diverterethernet frames diverter 0.4 Ethernet Frames Diverter for Transparent WWW proxying bridge
Extended Attributes and ACLs for Linux0.6.5 Kernel patches for ACLs, Ext2 file system implementation, and user utilities
fb-slideshow.sh0.1.0-alpha Script to play sets of images with fbi.
FBShot0.1e Takes screenshot from framebuffer devices.
fireparse1.7 ipchains log analysis with HTML e-mail reporting
FooCat BarCode0.1.2 Decodes CueCat scan data into usable serial number, type, and barcode data.
Gamora0.74.0 Java based server construction, hosting, and adminstration architecture.
Gifsicle1.21 Command-line tool for creating, editing, and optimizing GIFs and animations
GNU awk3.0.6 a pattern scanning and processing language
GNU Parted1.2.9 A partition editor, for creating, destroying, resizing and copying partitions.
graft2.3 A package management utility.
grepmail4.43 Searches a normal or gzipped mailbox for a given regularexpression
HP OfficeJet Linux Driver0.6 Linux support for the HP Officejet All-In-One series.
id3ed1.10.1 ID3 tag editor for mp3 files. Interactive and command line modes.
Intel P6 Microcode Update Utility1.03 A utility to upload new microcode to Intel P6 microprocessors.
ipchains-firewall1.7.1 Rules-based ipchains firewall/masquerading script suite
Java Xml RTF2.0a2 A library for producing RTF files with Java and XML.
JEsd0.0.6 A re-implementation of EsounD in pure Java.
jPhotojava usb camera tools: 0.3 Digital Camera access from Java; supports PTP/USB cameras
KayBot1.3.0 An IRC Bot written in C to act as a peaceful channel holder.
kcd5.3.1 Directory change utility.
Kexis0.2.0 A lossless WAV file compressor.
Klum_Adminklum admin 0.3.5a1 A Web-based tool for administrating Quake 3 servers.
kwhois1 A small, semi-intelligent whois program.
lftp2.2.6 Sophisticated command line based FTP client
libaudiooss0.9.2 An OSS audio emulation on top of NAS.
LiMpOo2.0 Linux Multimedia Player
lyx2html0.1.1 A simple LyX to HTML file converter.
margi_cs- 0.4 Linux driver for Margi/Billionton PCMCIA DVD decoder card.
Matanza0.4 A multiplayer game.
microcom1.02 A basic serial terminal emulator for Linux platforms.
mid2syx.py0.1 A Python script for extracting SysEx streams out of Standard Midi Files
MiniGUI0.9.90 A mini graphical user interface for real-time embedded systems.
moodss8.26 Modular Object Oriented Dynamic SpreadSheet
motion2.0 A motion detector for video4linux devices.
Mp3Chew0.47.0 Mp3Chew attempts to correct garbled MP3 filenames.
MRTA0.16 Multi-router traffic accounting.
MTX1.2.9 program for controlling the robotic mechanism of DDS autoloaders
MyQuote1.11 A Perl program to display real-time quotes on the console.
nabou1.5 A file integrity monitoring tool written in Perl.
NAMD2.2b1 Parallel molecular dynamics simulation program
newsleech0.1.1 Non-interactive NNTP news retriever.
NTLogon0.6 A Samba logon script generator.
OBCONNECT1.4.2 Tools to ease sharing a PPP link with a small Windows network.
OpenLDAP2.0.1 LDAP suite of applications and development tools
Openwall Linux kernel patch2.2.17-ow1 Linux kernel patch to block most stack overflow exploits
OSS3.9.3p Provides sound card drivers for most popular sound cards under Linux
outline2html1.00 Convert EMACS outline type files to HTML.
p3c, a pop3 checker0.1b A pop3 checker with a text interface.
Partition Image0.3.2 A harddisk cloning utility.
Pbotty1.1e Pbotty - Perl/PostgreSQL/PHP3 IRC Bot
pdump0.779-2 Perl packet sniffer that dumps, monitors, and modifies traffic on a network.
pemail: perl email1.0 pemail is a command line mail user agent written in Perl.
Perl CueCat Decoder1.0.1 CueCat string decoder.
Perl ODS Dynamic DNS Update Client1.0 Perl update client for ods.org's free dynamic DNS services.
POSIX 1003.1b clock/timer patch2.4.0-test8 Kernel patch to provide POSIX 1003.1b clocks and timers
PPP Keepalive1.2 Maintains Dialup Connection
pvm_crack0.01 A pvm-enabled brute force UNIX password cracker.
Queue1.20.2 Innovative load-balancing/batch-processing system and rsh replacement
rbmake0.90 Make books for your Rocket eBook out of Web pages.
rc.firewall4.1 Firewall script with support for numerous services.
Recovery Is Possible!2.2 A floppy Linux boot/rescue system.
reiserfs3.5.25 A filesystem which stores the files themselves in a B*-tree, gaining speed.
rhup0.9.17 Make updates of Red Hat systems easier.
rip in peace1.10 An audio CD archiving tool.
RoboCommish0.1.2 A Perl-based Fantasy Football League(s) management suite.
Rubber Hose0.8.2 A plausibly deniable cryptographic filesystem.
sample_load2.0 An extremely flexible load-logger.
ScanErrLog1.4 Apache Error_Log parser and presenter.
ScanSSH1.2 A fast SSH version network scanner.
SCAR0.02 Simple console audio recorder.
screen3.9.8 Full-screen window manager that multiplexes a physical terminal
Secure Locate2.3 Secure version of the GNU locate program
SendIP1.0 A commandline tool to send arbitrary packets.
setrage0.4 XFree86 4.x Configuration Program
sfront0.67 Translates MPEG 4 Structured Audio to C
sgalaPOP31.0 Fetches the number and size of messages in a POP3 mbox.
SharkBait0.1.0 Decoder for Cue:Cat: barcode scanner
Shorten Utilities0.02 A collection of scripts developed to assist in using shorten.
slasholic0.2 A script to notify you of new slashdot articles.
Smart BootManager3.6-1 A OS Independant boot manager.
smpop0.1-alpha POP3 server stress-tester.
SmsSend1.7 Sends SMS to any GSM using scripts.
sortmp30.4 MP3 uncompressing and sorting script
Sox12.17 Sound Processing Tool
Squid-Graph2.1 Simple graph-charting Squid logfile analyzer
Stereograph0.29a A powerful truecolor stereogram generator.
streamcast0.7 Icecast and shoutcast file streamer with request queue support
Streamfs filesystem20000909 Special purpose filesystem for audio/video editing.
Sysmon0.83.2 Accurate and high performance network monitoring tool.
T.E.A.R.0.4.2 Console-based CD to MP3 encoding tool.
tcpxd1.0 A general purpose TCP/IP relay proxy.
TekNap1.2 A console Napster client.
tenderizer0.9.2 simple Freshmeat newsletter filter in Perl.
timbot2.3 A modular factoid-storing IRCbot in common lisp.
TimeWarp0.0 Change the system time on a per-application basis.
Topsecret Net0.90 Encrypts data across a network.
Trianii0.1.4 Script to create a Pine address book from an LDAP directory
twin0.3.4 A text-mode window manager and terminal emulator.
txt2pdf4.0 A very flexible and powerful PERL5 converter from text files to PDF
uCON641.9.3 The (ultimate) handheld/console/emulation tool with 70+ options.
Ultimate HTML Optimizer3.3lt An HTML optimizer.
UniquE RAR File Library0.3.1 Tiny static library to decompress RAR archives.
Universal Line Printer Client0.5.1 Universal Line Printer Client.
User Account Information0.0.1b1 An ethernet users/customers traffic counter.
vHost1.01 A small Virtual Host administration utility for Apache.
ViBRA0.4 ViBRA16 Sound Blaster kernal sound support.
VM6.76 Emacs-based mail reader
Voicetronix Unified API2.0.2 A user mode API for Voicetronix 4 port analog DSP telephony cards.
vtgrab0.1.1 A utility for monitoring another machine's console.
webNIS1.0 Simple remote authentication tool.
whatsnewfm0.2.1 A filter for the Freshmeat newsletter.
Woody0.1.5 Tree editor, outliner, TODO list, and project management tool.
xt2fbt0.02 Makes fbset timings from XFree86 modelines.
yappa1.2 A photo album generator.
zimg4.2.2 zimg - Display 2-D data of arbitrary format

· Daemons ·
bftpd1.0.10 An inetd-based Linux FTP server.
Courier0.27 ESMTP/IMAP/POP3/Webmail server.
Courier-IMAP1.0 IMAP server for maildirs
Epona1.2.3 Nick, chan, memo, and bot IRC services.
ICRADIUS0.17 Powerful cross platform radius server
Instant Message Client/Daemon0.4 A decentralized instant messaging program.
Leafnode1.9.17 NNTP server for small leaf sites
Libra FTP server1.1 Anonymous FTP server.
lirc0.6.2 Linux Infra-red Remote Control
MasqMail0.1.4 Offline Mail Transfer Agent
mod_video0.1.0 mod_video is an Apache module for grabbing images from a frame-grabber card.
MOSIX0.97.8 for linux 2.2.17 Single-system-image clustering software for Linux.
MySQL3.23.24 An SQL (Structured Query Language) database server.
Net::FTPServer0.4.4 A secure, extensible, and configurable FTP server written in Perl.
NSS-MySQL0.2 NSS library for MySQL.
PET1.0 Cooperative HTTP proxy cache system.
PTlink ircd5.5.0 New featured ircd with a great services integration
Resin1.2.b2 JSP (Javaserver Pages) engine
REXEC2.0 A secure, decentralized remote execution environment for clusters.
RPGD1.4a A multi-user, medieval-fantasy role-playing game
SocksCleaner0.4 Socks cleaner for irc servers
UniBg Patch for Hybrid IRCDrc4 Hybrid IRCD patch that adds several new features.
usb_perms0.1 A USB permissions daemon.
WebIRCD0.1.7 IRCD with WebChat addon
XMail0.60 An SMTP/POP3/popsync/finger server.

· Development ·
Allegro3.9.33 A portable game programming library.
AMC (ATOM Module Compiler)3.6.3 A programmable compiler
asdf1.0 Directory tree synchronization.
Audio::DSP0.02 Perl interface to *NIX digital audio device
autoconf2.49a Package of m4 macros to produce scripts that automatically configures sourcecode
Averist0.8.1 Authentication layer for any CGI-based application.
beecrypt1.1.0 A cryptography library.
Beeyond BeeCenter1.0beta14 A secure communication and transaction client.
BRL2.1.16 Database-oriented language to embed in HTML and other markup.
ccscript1.2.2 Embedded C++ class based state-event scripting engine
Cervisia0.7.0 KDE CVS frontend
Common C++1.2.1 A portable environment for C++ threads, sockets, etc.
daemon0.3 Turns other processes into daemons.
Data-Admin and Data-Lib09_03_2000 A simplification of PHPs database calls.
DBIx::Password1.3 Perl DBI password abstraction.
diet libc0.3 A library for creating small, statically-linked binaries.
E Database Access library1.0 A very fast and generic API to store and retrieve indexed data.
Easysoft Interbase ODBC Driver0.1.7 ODBC Driver for Interbase 6.
eev.el2000sep07 embed hyperlinks and shell/Tcl/TeX/Perl/etc code in plain text files
ENBD2.4.12 An enhanced network block device for Linux 2.2.
Expresso Framework2.0 A library of extensible Java components for building Web applications.
Freepository1.0 A heavily modified CVSWeb attached to a database.
GeoTools0.7.8.1 Java toolkit for Web-based GIS and mapping.
gjdoc0.5.1 HTML documentation generator for GJ.
gladepyc0.6 Generates low-level pygtk/Python code from Glade XML files.
Gnome--1.1.12 GNOME C++ bindings.
GNU Smalltalk1.8.3 A Smalltalk interpreter and libraries.
Gtk--1.2.3 C++ interface for the popular GUI library gtk.
GtkMathView Widget0.1.1 A GTK Widget for rendering MathML documents.
HappyDoc0.7.1 A Python source documentation extraction tool.
J-INTERCAL0.11 INTERCAL compiler and runtime for Java.
JEL0.9.4 A compiler for one-line expressions into java bytecode.
JJ2000java jpeg2000 3.2.2 Java reference implementation of JPEG2000 image compression.
JUiC++0.1 A library for Java-like utilities in C++.
KSI Scheme3.3.0 An implementation of the Scheme programming language
LANforge1.0.2 An ethernet traffic generation and testing tool.
LCL0.3 The LinuxClassLibrary
libjsw1.3.0 A UNIX joystick wrapper library and calibrator.
libslack0.3 A UNIX/C library of general utilities for programmers with slack
libspeaker0.1.0 A C library for using the PC internal speaker.
libsqlora82.1.1 A simple C library to access Oracle databases.
libxml++0.4 C++ interface to XML files.
MPEG Maaate0.0.2 Toolkit for parsing and analysis of MPEG audio files.
NeatSeeker0.22 Simple collection of Java classes for constructing search engines.
Net::Z3950::SimpleServer0.02 Simple Perl module for Z39.50 server development.
OCI C++ Library0.3.1 A very simple library to communicate with Oracle 8.x through OCI.
OpenSSL0.9.6 beta 1 The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
PDFlib3.0.2 A portable C library for dynamically generating PDF files.
pdist1.0b An automated software packaging tool.
Persistence Layer10092000 Maps objects to a relational database.
PHPWidgets!0.92 Build dynamic webpages from HTML and PHP code snippets.
PM31.1.15 Modula-3 compiler, debugger, libraries, and applications
Qt2.2 GUI software toolkit
rdf2html0.0.5 This class file produces a news ticker from a given Netscape channel file.
RegExplorer0.1.6 Regular Expression Explorer
Scintilla1.32 Source code editing component and tiny IDE for Win32 and GTK+.
signd for ProLite0.01 A daemon for ProLite LED signs.
Songprint1.0 Music recognition library.
Terminality1.5 A cross-platform terminal manipulation library.
Tie::EncryptedHash1.0 Perl Hashes with encrypting fields.
Timer_q1.0.3 Shared C library for creating timed events (doesn't use alarm()).
TinyLIB0.7 Tiny game development library
uClinux-cisco25000.1 Linux for Cisco 2500/3000/4000 routers.
UConio1.0.2 Video handling C library.
User-mode Linux0.31-2.4.0-pre8 User-mode port of the Linux kernel
var'aq090800-interim A Klingon programming language.
Video4linux loopback0.7 A video4linux driver providing video pipes.
Wing IDE1.0b1 An IDE for Python.
Xref-Java2Html1.0.0 A cross-referencing Java to HTML converter.
xxdiff1.7 A graphical file comparator and merge tool.

Galeon0.7.4a A GNOME Web browser.
Glimmer0.9.16 Multi-language programmer's editor.
Glitter Newsreader0.9.2 An interactive GUI program for extracting binaries from newsgroups.
Gnapster1.3.12 A GNOME Napster client.
GnomeSword GNOME Bible software that uses Sword.
GPOP0.32 Popup message client
remotehost_applet0.2.0 A configurable panel icon for remote host sessions.
The GNU FaXile Viewer0.9.0 A viewer for multi-page FAX images produced by hylafax.

· KDE ·
AudioCutter Cinema0.89 Audio processing software with many effects and functions.
Kaim.46 An AOL Instant Messenger using the Qt library.
KGuitar0.2 KDE guitarist environment
Kmerge0.4 A KDE utility to diff and merge files.
KMLOFax0.6.2 Facsimile utility for the ELSA MicroLink(tm) Office

· Web ·
Alkaline UNIX/NT Search Engine1.31 Web site and intranet search engine and spider, ala Altavista or Excite.
APG1.31 A Java app that generates Web photo galleries.
Back-end0.3.3 A simple content management tool.
CGI - IRC0.1 A CGI IRC client for IRCing from a web browser
comment.cgi20000907 A Web album which allows comments to be added to pictures.
ct2600-code4.0.0 A PHP and MySQL Web site RAD.
DGS Search0.9.5 A PHP-based search capable of filesystem and database searches.
Dieresis Colloquius1.0.0 b pr2 Perl-based bulletin board system.
dotBanner0.97 A complete banner management system for small to large Web sites.
ESSE0.99 A search engine for HTML pages.
Eteria IRC Client20000911 An RFC-1459-compliant IRC chat client written in Java.
ezconfirm1.7 A Web-based confirmation mechanism for ezmlm.
FAQ-U0.92b A database driven online FAQ engine.
GeekLog1.0.4 A PHP and MySQL weblog.
GIF2HTML1.0 Renders a GIF image as HTML.
Gronk0.7 A Web-based MP3 jukebox.
HPE0.6.0 A PHP news portal engine.
ht://Check1.1.0b4-utero A link checker that gets information through HTTP/1.1 and stores in a MySQL db.
HtmlHeadLine.sh16.6 Script that automatically fetches news headlines.
IDS0.4 CGI that produces image galleries on-the-fly.
IMP2.2.1 IMAP and PHP3 based webmail system
Instant ASP1.0.8 Java-based implementation of the MS Active Server Pages framework.
Kagora0.1 A Perl based web forum system.
LinkChecker1.2.5 LinkChecker is a URL link checker
MailStudio @MESSAGE5.0 Web-based Messaging Server.
Merchant Empires0.83 A Web-based game of combat, strategy, and role-playing.
MisterHouse2.28 Home automation with Perl.
mod_auth_any1.0 A generic Apache authentication module.
mod_auth_unixODBC0.01 Apache authentication module for use with unixODBC.
mymusic1.0pre2 web-based music database and daemon
myPACS0.12 Web-based medical image management system.
MySQL Import1.4 Imports data into MySQL with a Web browser.
MySQL Users1.0 A simple Web-based interface for creating MySQL users.
NeoMail1.14 A Web-based interface to user mail spools on a system.
okChat2.4.7 A java chat system.
panFora1.3 Web-based discussion forum with efficient navigation and easy installation.
Photo Archive1.3 Web-enabled photo archive.
PHP Simple Quotesv0.1 A simple PHP Quote of the Day engine.
PHP Weather1.25 Shows the current weather conditions on your Web page.
PHPBoard1.0-pre1 A PHP based messaging system.
phpGroupWare09072000 A Web-based software suite.
phpPhotoAlbum0.9.9sp1 Dynamic PHP photo album.
phprevista0.1.0 Web application to search and control a magazine's articles.
phpSecurePages0.18b PHP4 multi-language login and password client authentication.
phpShop0.6.0 A simple and powerful PHP E-Commerce solution for B2C and B2B.
phpSysInfo1.0 phpSysInfo will display things like Uptime, CPU, Memory, etc.
pwiki0.7.1 Web-based collaboration tool.
PyGantt0.5.0 PyGantt reads a xml project description and outputs a html Gantt diagram
SearchExpress2.5 A search tool for your Web site.
Shohei Mail0.1.0 Web-based multi-user mail gateway.
Sirobot0.14.1 A Web fetch tool similar to wget.
Sitegrab0.8.0 An IRC-log parsing URL Grabber with a Web-based Search Engine.
site_foundation0.4d A storytelling, discussion, etc. Web app not unlike Advogato or Slash.
slides.sh0.18 A shell script based text to HTML presentation translator
SmoothWall Linux0.9.2 A fully functional Linux Firewalling application server
SpeedyCGI2.0 Speeds up Perl CGI scripts by running them persistently
Talksofa1.0b A PHP/MySQL discussion/news site.
Tapestry0.1.4 Java component object model for developing highly interactive Web applications.
Tayau1.0.0 A project Web site builder.
The Java SSH/Telnet Application/Applet2.0-20000908-1101 Fully featured telnet program for WWW-Browsers
Time Manager0.3.0 A cgi-bin script that keeps track off time spent at work.
TUTOS20000910 Support teams with calendar, project management, addressbook , and bugtracking.
uri2.8 URI manipulation library
VacationAdmin0.8.1 A Webmin module for vacation (.forward).
VAMP Webmail1.9.9-6 Flexible PHP-based Web mail.
webbase5.12 Internet crawler C library and program
WebMake0.4 A simple, offline Web site management system.
Webmin0.81 Web-based interface for system administration for Unix
Weborama1.0 Automatically display all the pages of a Web site.
wingS0.9 Servlet development framework featuring a Swing-like component model.
XSLies0.54 XSLT application for creating HTML presentations from XML.

· X11 ·
Aileronseptember 12, 2000 Email client for WindowMaker, similar to NeXTSTEP's Mail.app
AIPS31dec99 Process and display data from radio telescope arrays.
Aleph One/SDL0.10.4 3D first-person action game, based on Bungie's Marathon series.
Asteroids3D0.1.151 A 3D, first-person game of blowing up asteroids.
AutoZen1.2.1 A tool to alter your state of consciousness.
Blocks0.16.1 Anonymous distributed file sharing utility.
CAFire0.0.14 A burning mouse pointer toy.
Cat-and-the-Hack Angband2.9.1.2 A roguelike role-playing game.
CDR-Toaster1.10 Tk frontend for cd-burning. Uses mkisofs and cdrecord
Crosstalk Analizer1.0e A tool to find crosstalk problems in microcircuits.
E2 Gaim Plugin1.0 A Gaim plugin that replaces [square bracketed text] with links to Everything2.
Efsane0.6.5 Turkish Window Manager for X
Flight Path Analiser0.6 Gtk+ / OpenGL Numerical methods flight path analiser.
Foundation0.2.0 A real-time multi-player space conquest game.
foXcontrol-desktop0.1 Allows you to change FOX application settings easily.
fspanel0.3 A tiny windowlist panel.
gaim0.10.0 GTK based AOL Instant Messenger
GDancer0.3.2 A dancing Space Ghost XMMS plugin.
Ghemical0.2.2 A molecular modelling package with GUI and 3D-visualization tools.
GNU Gaming Zone0.0.3 An online gaming center with multiple rooms and game modules.
GNU xhippo2.7 A GTK-based playlist manager for various UNIX sound players.
Gomoku.apptictactoe.app 1.0.0 GNUstep 8x8 TicTacToe Game
gpppkill1.0.3 Ends idle ppp connections
Grace5.1.2 a WYSIWYG 2D plotting tool
Gravitational Particle Simulator1.0 A particle system simulator.
gsx0.90b GTK+ Scour Exchange client.
GtkTiLink3.20 A TI calculators <-> PC communication program using a GTK interface
GUL/VDOG0.4.1 Tool for construction, manipulation, and visualization of objects.
gVtund0.1.0 A GUI to configure vtund.
GWhere0.0.15 Catalog manager.
Gyach0.5 GTK based Yahoo! Chat client.
Hanzim1.04 A visual, interactive Chinese character and word dictionary.
IglooFTP-PRO1.0.1 Powerfull and User Friendly FTP client
ishamp0.2 A GTK+ MP3 player and radio card tuner.
jEdit2.6pre6 Powerful text editor
Juggle0.1.2 A multithreaded file transfer program for Java 2.
Just Another GTK Tetris0.5 Small and simple GTK Tetris clone.
Kwirk0.0.17 A Clanlib-based roleplaying game.
larswm6.0 A tiling window manager built on 9wm.
MyCompta1.0 (French) Logiciel de comptabilité personnelle
nVidia XFree86_40 Drivers0.9-5 nVidia XFree86 4.0 Drivers.
Pan0.8.1 beta 4 Gnome/GTK Newsreader
Papaya0.5 Papaya is a GTK-based MUD client for Linux, Solaris, and Windows.
pitchtune0.0.2 An instrument tuner.
pvmpov3.1g.1 POV-Ray raytracing in a parallel environment
pyDict0.2.5 English-Chinese Chinese-English Dictionary
qVIX1.0beta1 High quality, full-framerate, low bandwidth, realtime video conferencing.
replacebell1.01 A library to replace X's default bell with a sound of your choice.
SciTE1.32 Small syntax styling editor for Win32 and GTK+
Search And Rescue0.4 Helicopter rescue simulation
Secure Java Diary0.2.0a Java Diary with Strong Encryption
Siag Office3.4.0 Free office package for Unix
Skipstone0.3 Gtk+ Web browser based on Mozilla.
SpiralSynth0.1.6 A software synthesizer.
StarCraft Start2.1 Bash script to start Starcraft in Linux.
sunclock3.04 A fancy clock that shows both time and geographical data.
TeXmacs0.3.0-3 W.Y.S.I.W.Y.G. technical text editor
tkgate1.5c A hierarchical digital circuit editor and simulator.
TkPasMan2.1 Personal Password Manager, easily store and paste usernames and passwords
USBView0.9.0 USB device and topology viewer
Virtual X680001.1.3 X68000 emulator
Vis5d+1.0.2 Volumetric visualization of scientific data.
VisualOS1.0.1 An educational visual simulator of an operating system
Wallpaper Control0.1-2 A graphical wallpaper manager.
wApua0.05 A WAP WML browser written in Perl/Tk.
Weasel Video Browser1.0 A Java MPEG-1 video browsing, indexing, and retrieval toolkit.
WiredView0.0.3 OpenGL network traffic monitor.
wmtheme0.9.2 A window manager theme utility.
xdiary/calendar1.1 A small but efficient calendar and diary program.
XEmacs/GTK21.1.12 (patch 2) A version of XEmacs that uses the GTK+ widget set.
Xlockmore4.17.2 screen saver / locker for the X Window System
Xmame/xmess0.37b6.1 The Unix version of the Multiple Arcade Machine Emulator
Xmms Gtk Playlist1.0 Application to import and search the current xmms playlist.
xmms-alarm0.2.2-fixed A plugin which allows XMMS to be used as an alarm clock.
XMMS-Tool (X-Chat Script)1.1 X-Chat script to control XMMS
XShipWars1.33i Space oriented highly graphical network game system.
Xtheater0.5.1 GTK-based MPEG-1 video & video/audio player
XTicker1.0.2 Stock ticker for Swedish stocks
YIFF Sound Server2.10.0 A network transparent multiclient sound server for Linux games and apps.
¶napster0.80 alpha A Napster clone entirely written in Java.


Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news
 Back page

See also: last week's Back page page.

Linux Links of the Week

If you've not yet had enough real-time Linux for the week, the Real-Time Linux HOWTO should be able to fill in the gap. It is a comprehensive resource covering everything in the real-time area.

Tired of bloated executables? Have a look at A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux on the MuppetLabs site. If you're determined, you can make them really small... (Thanks to Nicolas Pitre).

Section Editor: Jon Corbet

September 14, 2000



This week in history

Two years ago (September 17, 1998 LWN): Some people began to question the role that Richard Stallman was playing in the Linux world. An LWN article on the subject drew more hostile mail than anything else we have ever written. RMS is as uncompromising as ever, but somehow he seems less controversial these days (KDE "forgiveness" editorials notwithstanding). To an extent, that may be because his points on freedom have sunk in.

The development kernel was 2.1.112; it was in the 2.2 feature freeze. 2.0.36 was in the prepatch stage; people were complaining because Alan Cox would not include patches to make gcc 2.8 and egcs compile it correctly (due to stability concerns).

Shipments of the international version of SuSE 5.3 were halted due to an unpleasant installation problem.

One year ago (September 16, 1999 LWN): a company called "Channel One Gmbh" registered the "Linux" trademark in Germany. Whatever their plans were, they didn't last long. Under great pressure, they caved in and signed the trademark over.

IBM's first "Red Hat Certified" laptop turned out to not run Linux very easily or well; see the lengthy instructions on how to make it go.

The development kernel was 2.3.18; this kernel saw the long-awaited integration of PCMCIA support into the mainline source tree. Linus also announced a feature freeze:

The feature freeze should be turning into a code freeze in another two months or so, and a release by the end of the year. And as everybody knows, our targets never slip.

It is, of course, one year (and quite a few new features) later...

Caldera 2.3 was released that week, as were LinuxPPC 1999 Q3 and Yellow Dog Champion Server 1.1. Corel put out its first call for beta testers for its upcoming distribution. And SuSE 6.2 got a review:

My view is that, if you study SuSE Linux, you'll see a revolution in the making that will devastate current hi-tech business models, causing a fundamental shift in the computing world. I found that Linux was the Aladdin's Cave of computing.
-- The Guardian.

Cobalt Networks surprised people by becoming the second Linux company to file for an IPO.



Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 07 Sep 2000 11:09:02 +0200
From: Fred Mobach <fred@mobach.nl>
To: letters@lwn.net
Subject: Cuecat drivers


In LWN of September 7 you noticed that

"The case appears weak, but the company has managed to get the :CueCat
drivers pulled down - for now".

But on Linux Today I found a talkback at
http://linuxtoday.com/news_story.php3?ltsn=2000-09-01-012-06-NW-CY where
is stated :

"Still available in Europe

You can find it here :








Fred Mobach

From: "Lindenmayer, Louie L" <Louie.Lindenmayer@PSS.Boeing.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Digital Convergence vs. FooCat
Date: Thu, 7 Sep 2000 11:02:57 -0700 

If a Linux driver is developed indepedently and released GPL'd because
the original developer was Windows-centric, then the original
developer threatens litigation against the Linux developers, will the
original developers be able to make a Linux driver that won't infringe
on the GPL'd code and would they have to prove it?

Could the original developer invalidate and usurp the GPL'd code on
the basis of 'illegal reverse-engineering'?

Louie L. Lindenmayer III
NEW --> (425) 266-8290 <-- NEW

Date: Fri, 08 Sep 2000 10:52:36 -0500
From: Pete Flugstad <pete_flugstad@icon-labs.com>
To: stephens@cnet.com, letters@lwn.net
Subject: Re: Unix, Linux computers vulnerable to damaging new attacks

Mr Shankland,

  You missed a couple of points in your article:

  One, this particular bug is, to be blunt, "nothing new".  Anyone who
has spent ANY time at all programming in C is going to run into it or
something like it.  Since just about every major OS out there, including 
Linux, all Unix varieties, ALL MS Windows varieties, and just about every
RTOS (VxWorks, pSOS, etc), use C as the basic language, they are ALL 
vulnerable to this type of attack.  That's right, MS Windows, including 
NT & 2000, are vulnerable to this type of thing.

  The bug fundamentally stems from the nature of C programming, and the
printf (and related) library functions, used for printing out messages. 
Just about every program/OS out there uses a form of printf, EXTENSIVELY.
Just about all the text you see on your screen right now, window titles,
icon labels, menu entries, was created with printf at one level or another.
So, the fact that we haven't seen similar attacks on Windows is just because
no one has really tried... yet.

  Second, you miss the point of the Linux's open source license.  Since
it is open, and we have the source code, we CAN go through and audit the
code for this type of thing.  That is precisely what is happening here,
and it's why these are popping up now.  Previously, Unix/Linux was not a
large enough installed base for anyone to bother auditing the source, as
the number of targets for these types of attacks was not worth it for a
Cracker to bother with.  Now, as Linux and Unix are gaining popularity
because of their stability and usefulness as web/internet servers, it's
becoming important to do this type of security audit.

  Go ask MS if you can audit the 40+ million lines of Windows 2000 source 
code for bugs like this.  Don't blame me when they laugh you out of the 
building.  And don't believe them when they say they've done this already.
If Sun/IBM/HP have not yet done it with all the years they've had their
respective versions of Unix, there is no way MS has done in in the small
amount of time they've been shipping Win2k, with its millions of lines
of new code in the last 4 years.

Pete Flugstad
Sr. Software Consultant
Icon Labs
Date: Mon, 11 Sep 2000 13:22:30 -0400
From: David Wittenberg <dkw@cs.brandeis.edu>
To: letters@lwn.net
Subject: Profitable Open Source company

Cygnus support was created almost 10 years ago to provide support for
open source products.  John Gilmore told me that they were quite
profitable their first year, and I expect most years after that.  They
have since been bought by RedHat.

--David Wittenberg
Date: Sun, 10 Sep 2000 04:58:25 -0600
From: Dylan Griffiths <Dylan_G@bigfoot.com>
To: letters@lwn.net
Subject: Confused about GPL comments.

	I was reading the 7th of September, 2000 LWN when I happened upon this
piece from Martin Cracauer <cracauer@BIK-GmbH.DE>:

"The GPL tries to eleminate (sic) all software that is not GPLed or can be
made so.  That is a problem for people like me who use much software
under different licenses where none of the clauses is a problem for
me (i.e. the formerly BSD advertising clause and many university

And I'd just like to say: the author of the code decides on the licence. 
They take the time to look, examine, and evaluate the licences.  The GPL
itself is not a sentient entity, nor is it a living entity.  It is not a
virus.  It is not anything organic.  It is simple a licence written by a
man, RMS, who wants to ensure that if you make big changes and distribute
them -- that you include the source so that you pass on the freedom to
modify you used in the first place.

Now, this may sound like I'm a GPL lover.  I'm not.  I just can't stand to
see licence bigotry by people who think that licences are living entities
which seek to 'infect' other programs.  That's just ludicrous.  If you don't
agree with that part of the GPL -- don't use the GPL.  And if you want to
link with a GPLed program, get one side to grant an exclusion for the other
side.  Instant legality without the "viral" nature.

    www.kuro5hin.org -- technology and culture, from the trenches.
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds