Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

• Leading the pack is Sun's purchase of Cobalt Networks in a deal valued at about $2 billion. With this move, Sun will have finally dragged itself into the Linux business realm - assuming the company does not redesign Cobalt's products into SPARC/Solaris systems. More information can be found in Sun's press release on the purchase.

• EBIZ is getting $3 million from Caldera Systems. Deciphering the press release can be a little hard, but one sees therein that EBIZ is not getting cash from Caldera; instead, Caldera's "Electronic Linux Marketplace" division is being transferred to EBIZ, where it will be called "partnerAxis." This division will be "a web-based B2B entity providing knowledge exchange, Linux product sales, advertising, membership and channel development." That clears things right up.

  Caldera CEO Ransom Love will also be joining the EBIZ board of directors.

• The NewsFactor Network has bought 66% of osOpinion, a site which often runs Linux-related columns. The value of this deal, according to the announcement, is $500,000.

• MontaVista Software brought in a good chunk of cash for its operations. The company started by announcing an (unspecified) equity investment from Intel; it then followed up with this announcement of $23 million in investments from WR Hambrecht and others. All together, that should be enough to keep the company going for a while.

• Even Corel got a new investment which allows it to sell up to almost 15 million shares of its stock to an unspecified investor. It is, however, subject to a condition that could be hard for Corel: "...there having occurred no adverse effect on the company's business, prospects or financial condition."

It would appear that the business community believes that the Linux stock slide has bottomed out. The investors are coming back - but hopefully with more realistic expectations this time.

Debian and free software project organization. Most Linux users are aware of the Debian distribution and its status as the most popular noncommercial distribution around. The distribution itself offers a massive set of packages, a self-updating capability (for some years now), and a high degree of stability. It is growing in popularity, despite its high-profile, venture and IPO-funded competition. Just as interesting as the distribution, however, is the complex organization that makes it possible.

Because Debian is arguably the most organized of all free software projects. Kernel development looks like a benevolent dictator floating serenely above a screaming bazaar of hackers loudly trying to get their patches noticed and accepted. Apache is an anarchic, but calmer group of people quietly implementing the features they need. Debian, instead, resembles an established constitutional democracy, complete with elections and a civil bureaucracy.

The founding document, perhaps, of the Debian Project is the social contract. It provides the philosophical underpinnings of the project, including the commitment to free software and to not hide problems. A much more legalistic foundation, however, is the Debian Constitution. This document describes how the project functions and makes decisions.

For example, it defines the office of the Project Leader, which is currently held by Wichert Akkerman. It's not a particularly powerful office, however; Debian folks prefer to make their decisions in a more distributed way. The constitution also defines and empowers the Technical Committee (currently Ian Jackson, Manoj Srivastava, Dale Scheetz, Guy Maor, Klee Dienes, and Raul Miller). The Committee can "decide any matter of technical policy," resolve disputes among developers, and, with a suitably strong vote, require a developer to make a change that he or she would otherwise be unwilling to do.

That last power is seldom exercised; Debian developers normally have absolute power over the packages they maintain. As long as they stay within the policy guidelines and fix bugs, what they say goes.

Debian does, however, have quite a few policy guidelines. The Developer's Reference spells out in great detail how Debian developers interact with the project and each other. Therein one can find out the process for becoming a recognized developer, the procedure for going on vacation, how to upload new packages, the conditions under which one developer can update another developer's packages, how to deal with bug reports, and, of course, how to retire from the project.

All Debian developers also use a public key encryption system to sign any packages they upload. That way the project knows that each package it has came from a recognized developer.

A completely different set of guidelines can be found in the Debian Policy Manual. This document contains the set of technical policies that make Debian a functioning, consistent system. It tells how to allocate user and group IDs, spells out the MIME support policy, defines interpretations of keys on the keyboard, lays out the proper uses of symbolic links, gives the accepted way of accessing mailboxes, tells how to use environment variables, and more. All Debian packages are expected to adhere to these policies.

On top of all that is a complicated structure of committees and positions within the Debian organization, including the Release Manager, the CD Production Team, the Spam Fighting Team, and more. See this organization listing for the full set.

To the Lone Hacker who is holed up in his basement writing the Great American Compiler, all of the above may be a bit scary. Where is the fun of working on free software if you have a whole book full of rules that you have to follow? But the nature and scale of Debian make this organization necessary. Debian has several hundred active developers worldwide, and thousands of packages. Such a project could easily collapse under its own weight given the chance.

Debian is far from collapse; it is, instead, supremely healthy. Its distribution is consistent, functional, and highly stable, despite being made up of thousands of pieces assembled by people who have often never met each other. Nobody worries about what will happen if Wichert Akkerman decides his future lies in timeshare condominium sales - the project's structure and policies would continue to function as before. Debian's organization makes the project robust.

The project has not been without its glitches - distributions have come out late, new maintainers were excluded for a long period, and so on. But, in the end, Debian's organizational effort has worked.

As free software continues to grow, we will certainly see many development projects on a new, larger scale. The desktop projects are an example of where things are going. Others will be formed to attempt tasks that are hard to even image now. Debian has shown one way of making projects on this scale work. It is a most interesting social institution, with much to teach us all.

Has Cisco patented NAT?. It turns out that Cisco has a patent on a "security system for network address translation systems". Depending on your reading of the patent and what it really covers, this could be one of the more threatening software patents to come along yet.

NAT has been a feature of Linux networking for years - though the Linux world has generally referred to it as "masquerading." Essentially the feature allows the hiding of a network of systems behind a single gateway. All outgoing connections appear to come from the gateway itself - the systems behind it are invisible. They are also, normally, unreachable from the outside; this feature means that a box running NAT/masquerading can often serve as a simple and highly effective firewall.

It is the firewalling ("security") feature of NAT that Cisco claims a patent for. The claims in the patent text describe the basic NAT algorithm, then add features like dropping inbound TCP packets that do not correspond to an existing TCP connection. Passing through FTP data connections and certain types of ICMP packets are also claimed as patented features. These are all things that the Linux implementation does.

If Cisco decides to get obnoxious - and there is no evidence of that at this time - this could be the first serious patent issue to reach deeply into the Linux kernel. The basic NAT implementation in Linux predates the patent application, and thus qualifies easily as prior art. But some of the fancier filtering features may not. The possibility of a patent challenge reaching deeply into the Linux kernel exists. This one is worth keeping an eye on.

:CueCat, one more time. We'll stop talking about the :CueCat affair soon, we promise. But this episode just keeps on bringing up interesting issues. Consider this article in SecurityFocus, which quotes Digital Convergence VP David Mathews:

Digital Convergence was aghast. "If people take over our cat and start using their own databases, the world becomes cloudy," says Mathews. "Our revenue model is being the gate keeper between codes and their destinations online."

The company's revenue model may depend on being the gate keeper, but free software's model depends, instead, on freedom. We're not much interested in gate keepers who seek to maintain their position on the basis of (still unspecified) intellectual property claims. Freedom makes things hard for those who prefer a carefully controlled population. Expect to see a lot more fights like this one.

Inside this week's Linux Weekly News:

• Security: Debian security updates for 2.1 stop, an SDMI hacker challenge boycott.
• Kernel: 2.4.0 - getting closer? What about BitKeeper?
• Distributions: ASPLinux, kmLinux and the Embedded Debian project.
• Development: Mozilla gets crypto and training videos, Ghostscript gets a new maintainer.
• Commerce: Red Hat financial results, Intel Open Runtime Platform, recent surveys
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and Editorials

Debian to phase out security support for 2.1. The Debian Project has announced its intent to phase out security support for the 2.1 ("slink") distribution. Their expectation is that most users have already upgraded to 2.2. They are looking for feedback on the idea; now is the time to scream if this idea bothers you.

We, ourselves, will be waiting eagerly to hear whether or not there is any negative feedback to this announcement. If there is not, it will be amazing, and a strong indication of a difference between Debian customers and those of other distributions. Red Hat, for example, officially supports security updates for Red Hat 4.2 and 5.2, and it isn't difficult to go out and find customers still using those distributions.

Why would someone choose not to upgrade? Well, there is the issue of "if it isn't broken, don't fix it". Everyone these days has too little time to do too much work. If a system is quietly working away in the corner, doing what you want it to do without requiring any intervention, why risk breaking it? Remember all those systems that have clocked a year or more of uptime? Well, that implies, for non-Debian systems, that they haven't upgraded their distribution in at least that amount of time.

Other issues can crop up as well. Kernel changes between major distributions can pose new demands on memory, disk and other hardware. As a result, some distributions choose to run with older kernels. TINY Linux is an example of this. It is based on Slackware 4.0 and the Linux 2.0.X kernel in order to meet their goal of supporting old, slow systems with minimal memory and disk. With the need to have good security on all systems being so aptly demonstrated by this year's distributed-denial-of-service attacks, it is important to provide security fixes for these machines as well, not just systems that have been upgraded to the latest distribution.

Most of all, no matter how easy the upgrade, it takes time to do good backups, verify them and thoroughly test a system after an upgrade. As a result, many people probably upgrade their systems as much as six months or more after the last major release.

Debian, though, is a slightly different kettle of fish. Most Debian users upgrade their systems piecemeal, bit by bit, on a frequent basis. It may be more unusual to find someone that is still running exactly the same Debian that they installed from CD. So maybe the Debian community will prove us wrong, by voicing no concern over this policy change. Either that, or the ones that don't complain are the same people that aren't going to bother to install a security update in any case.

The EFF and Linux Journal call for SDMI challenge boycott. The Electronic Frontier Foundation and Don Marti at Linux Journal have both called for a boycott of the the Secure Digital Music Initiative (SDMI)'s hackSDMI challenge. "The Electronic Frontier Foundation (EFF) urges the Internet community to boycott this contest and refrain from helping the recording industry perfect a way to undermine our fair use rights."

SDMI is a new format for music, designed to replace the MP3, which allows the implementation of control over how and when the music is played. This can include the devices upon which it can be played, whether or not you can make a backup, even whether or not you can listen to it once or ten times. As a result, it allows the implementation of practices that prevent not only widespread copying, but much of the "fair use" practices that are common today. It is backed by a consortium of over 100 companies in the music industry and planned to replace MP3 by Christmas this year.

In court, the ease in which the CSS DVD format was decrypted was of at least some embarrassment to the plaintiffs, if not a valid defense. This hacker challenge seems geared both to prevent a similar embarrassment for SDMI and as a marketing ploy to demonstrate the "security" of the new SDMI format. As security professionals, our time is here to be used to help make our computers and networks more secure -- not to support someone's marketing plan or future legal defense. We concur with the proposed boycott.

Here are some additional articles on the topic for those of you who are interested:

• Crack SDMI? No thanks! (Salon)
• Linux users say SDMI contest a trick (ZDNet)
• SDMI on SDMI, a Wired interview with SDMI executive director, Leonardo Chiariglione.

September CRYPTO-GRAM newsletter. The September CRYPTO-GRAM newsletter is out. It discusses full disclosure of security problems, the PGP vulnerability, and whether Bruce Schneier's parents should be sued for creating and distributing a piece of circumvention technology (namely, Bruce).

Security Reports

klogd/sysklogd format string vulnerability. A format string vulnerability in klogd was reported on BugTraq. klogd receives messages from the Linux kernel and forwards them to syslog. In Linux distributions, it is generally packaged with syslog as "sysklogd". This vulnerability has been proven to be locally exploitable to gain root and may potentially be remotely exploitable or exploitable via knfsd. The problem affects Linux and many other versions of Unix. An immediate upgrade is strongly recommended.

Note from this BugTraq posting by Solar Designer that the updates below also include fixes for some syslog-specific bugs as well, notably in both printchopped() and printline().

From the large number of timely updates you see below, it is easy to guess that this vulnerability was actually found about a week ago originally and then reported to both Linux and Unix vendors, allowing them to have fixes available immediately after the vulnerability announcement was made.

This week's updates:

• Red Hat
• Conectiva
• Slackware
• Linux-Mandrake
• Debian
• Immunix
• SuSE
• Caldera
• Trustix

Note that Red Hat appears to be having problems with their redhat-watch mailing list. As a result, we've seen multiple advisories for some issues and no advisories for others. Red Hat users may want to check the Red Hat Errata or the BugTraq mailing list regularly for updates until the problem is resolved.

eject exploitable buffer overflows. FreeBSD has issued a security advisory for eject after an internal audit found ways that this setuid root program can be used locally to gain root privileges. They've provided updates packages for FreeBSD. This problem is not limited to FreeBSD, so advisories from other BSD and Linux distributors can be expected to follow.

listmanager exploitable buffer overflows. FreeBSD also put out updated listmanager packages. Listmanager is not Open Source software, but is freely distributable. The author has reported locally exploitable buffer overflow vulnerabilities in versions previous to 2.105.1.

pine malformed X-Keywords denial-of-service. FreeBSD issued a belated advisory for pine4, with fixes for a problem processing mail messages with malformed X-Keywords header lines. These caused pine to crash, allowing a user-level denial-of-service attack.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

• MultiHTML, can be used to get read access to every file on the system. No solution provided.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Cisco PIX Firewall, protocol filtering fixup may be bypassed. A fix is expected from Cisco next week, according to this post.

Updates

Linux-Mandrake security update to mod_php3. MandakeSoft has issued a security update to the Apache PHP3 module. There is not, however, a problem with PHP itself; instead, many scripts which process file uploads have a bug which can allow them to be subverted. The update provides a new function which makes it easier to write secure PHP code. Anybody using PHP for file uploads should have a look at this advisory.

xpdf symlink race condition. Check the August 31st Security Summary for the original report.

Debian users should also note that xpdf-i versions prior to 0.90-7 are also vulnerable. Updated packages are available at http://non-us.debian.org/dists/proposed-updates/ (or your nearest non-US mirror).

This week's updates:

• Red Hat

• Linux-Mandrake (August 31st)
• Debian (September 14th)
• Caldera (September 14th)
• Conectiva (September 14th)

xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.

This week's updates:

• FreeBSD
• Slackware, official advisory
• TurboLinux

• Red Hat (August 24th)
• Linux-Mandrake (August 31st)
• Conectiva (August 31st)
• Debian (August 31st)
• Helix GNOME (September 7th)
• Slackware current upgraded to xchat 1.5.7 (see Changelogs) (September 14th)

screen setuid root vulnerability. A vulnerability in screen 3.9.5 and earlier that can be exploited by a local user to gain root was recently reported in the September 7th Security Summary. Note that screen must be installed setuid root in order to be exploited. Screen 3.9.5 and earlier contain this vulnerability. This week's updates:

• Red Hat (affects Red 5.2 and earlier only)
• FreeBSD, official advisory

• Debian (September 7th)
• Linux-Mandrake (not vulnerable) (September 7th)
• Red Hat, 6.X unofficially reported not vulnerable (September 7th)
• FreeBSD, unofficial report (September 7th)
• Conectiva (not vulnerable) (September 7th)
• NetBSD (September 7th)
• SuSE (September 14th)

Mailman. A vulnerability was reported in mailman 2.0beta3 and 2.0beta4 and fixed in 2.0beta5. Check the August 3rd LWN Security Summary for more details.

Note that the fixes below do not address the more recently reported Mailman writable variable vulnerability covered in last week's LWN Security Summary.

This week's updates:

• FreeBSD

• Conectiva (August 3rd)
• Linux-Mandrake (mailman not shipped) (August 10th)
• Red Hat (Secure Web Server) (August 10th)
• Debian (only the woody development version is impacted) (August 10th)

glibc vulnerabilities. Check the September 7th LWN Security Summary for the initial reports and last week's LWN Security Summary for more details and workarounds.

This week's updates:

• Immunix

• Red Hat (September 7)
• Debian (September 7)
• Conectiva (initial advisory) (September 7)
• Caldera (September 7)
• Slackware (September 7)
• Conectiva (updated advisory) (September 7)
• Linux-Mandrake (September 14th)
• SuSE (September 14th)
• Trustix (September 14th)
• Red Hat (updated advisory) (September 14th)
• TurboLinux (September 14th)

Horde/IMP format string vulnerability. Check last week's Security Summary for more details. Horde 1.2 and 1.3 have been patched in the CVS trees for this problem. The Horde team also has made available a patched version of IMP 2.2.2. This version is part 2 of a security vulnerability present in 2.2.0 (and earlier "pre" releases) that was only partially fixed in 2.2.1. Users of IMP 2.2 on production systems are strongly encouraged to upgrade.

Resources

Updated security tools. Here are some Open Source security tools for which minor updates have been made available in the past week:

• nessus 1.0.5, a remote security scanner, now supports XML output and 64-bit compatibility. In addition, new security checks have been added and performance improvements have been made.

Events

September/October security events.

Date	Event	Location
September 26-28, 2000.	CERT Conference 2000	Omaha, Nebraska, USA.
October 2-4, 2000.	Third International Workshop on the Recent Advances in Intrusion Detection (RAID 2000)	Toulouse, France.
October 4-6, 2000.	6th European Symposium on Research in Computer Security (ESORICS 2000)	Toulouse, France.
October 4-6, 2000.	Elliptic Curve Cryptography (ECC 2000)	University of Essen, Essen, Germany.
October 11, 2000.	The Internet Security Forum	Edinburgh, Scotland.
October 14-21, 2000.	Sans Network Security 2000	Montery, CA, USA.
October 16-19, 2000.	23rd National Information Systems Security Conference	Baltimore, MD, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
Linux Security Audit Project
LinuxSecurity.com
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.17. The 2.2.18 prepatch series is up to 2.2.18pre9. With pre9, Alan Cox finally merged in the long-awaited NFS fixes; this is good news for those hoping for decent NFS server behavior from the 2.2 kernel.

One more 2.0.39 prepatch came out in the form of 2.0.39final. Unless something truly earthshaking comes up, this patch will go out as an official 2.0 stable release.

Another step toward 2.4.0? On September 17, the 2.4.0-test9-pre2 announcement came out with an interesting set of remarks:

I think we're getting to the point where there are no major known bugs. That means that as of the final 2.4.0-test9 I will no longer accept any patches that don't have a critical problem (as defined by Teds list) associated with them.

So when you send me a patch, either bug Ted to mark the issue as "critical" first, or pay me money. It's that easy.

Linus has not made any public remarks on the amount of money that would be required to get a patch in. However, at least a couple of developers seem to have concluded that a more economical approach is to offer Ted Ts'o a nice bottle of liquor.

2.4.0 still does not lack for known issues in need of fixing. But it is getting closer to that final stabilization phase before the official 2.4.0 release can go out. That release, of course, is certain to have a few remaining bugs - perfection is hard to reach. But at some point you have to call something an official stable release to expand the user (and thus testing) community.

Meanwhile, there has been a bit of grumbling in the ranks from a small number of developers who are getting tired of the feature freeze. One developer has even started up his own 2.5 tree and offered to make it available to others who are looking for a place to hack on new features. The problem, of course, is that stabilizing 2.4 requires the attention of as many developers as possible. It's important to truly have enough eyeballs to make the bugs shallow. If the hackers go off on some sort of unofficial 2.5 effort, the 2.4 kernel will suffer.

So patience is counselled for those wanting to work on 2.5. They are still going to have to wait for some time. In the past, Linus has always let a good chunk of time go by - on the order of a couple months - after the first stable kernel release. Only once it's truly stable will he open up a new development series and start the process over again.

What about BitKeeper? Last week's kernel page discussed a proposal for a new kernel patch management system that had been posted. It didn't take too long for the inevitable question to come up: what about BitKeeper? It was, after all, once said to be the kernel source management system of the future. One of Larry McVoy's reasons for creating BitKeeper in the first place was to try to make Linus's job easier.

These seem to be the reasons why BitKeeper is not being pushed at this time:

• BitKeeper is a large and complicated beast. By all accounts it repays the time invested to learn it, but kernel hackers tend not to have a lot of spare time. Not everybody agrees that BitKeeper is hard to learn, but getting people to put time into learning a new tool is always a challenge.

• BitKeeper is not open source software - though it is very close. See this 1999 LWN feature for a description of the issues surrounding the BitKeeper license. Some kernel developers have very strong feelings about free software, and some of those (notably Alan Cox) have said they would not use BitKeeper for that reason.

• Linus has not come out and said he would use the system (though he does plan to try it).

All of these issues feed the fear that an insufficient number of kernel hackers would use BitKeeper. And if only a few use it, it's not worth the trouble of learning how. So the plan for now is to try to put together a much simpler system and hope that it actually gets used. It is interesting to note, however, that Linus only plans to use this system until 2.4.0 comes out. What happens thereafter is anybody's guess.

Other patches and updates released this week include:

• A new RTL8139 net driver patch was posted by Jeff Garzik.

• David Howells has released a new version of his "WINE in the kernel" patch.

• Rik van Riel's VM code is now in the -test9 prepatch, but he's not done yet. Here is his TODO list for virtual memory management in the 2.4.0 time frame and after.

• Vojtech Pavlik has posted a new version of his VIA IDE driver.

• Dave Higgen has posted a new NFS patch for 2.2.18 which is intended to complete the merge of the new NFS code into the upcoming stable kernel release.

• Stephen Tweedie has announced a version of the ext3 journaling filesystem which journals only metadata. Previous versions have journaled file data as well, which slows things down significantly. This version is faster, but is also very explicitly not yet ready for people to depend on.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

New Distributions

ASPLinux. The name ASPLinux is derived from "Application Service Provider", a popular buzzword in commercial circles. ASPLinux is produced by SWsoft, a "multinational software development company with headquarters in Singapore and offices in the USA and Europe". Language support includes Korean, Japanese, Chinese, Thai, Indonesian, Russian and others.

ASPLinux is derived from Red Hat and promises to be 100% Red Hat-compatible. It is apparently aimed at current Windows sites for, though it does require repartitioning, it provides download and installation capabilities that are usable directly from Internet Explorer and your favorite Microsoft operating system.

They also offer ASPcomplete, which includes add-ons expected to be of interest to Application Service Providers. This includes the user beancounter patch to the Linux kernel (jointly developed by Alan Cox and Andrey Savochkin), which provides per-user resource limitations (rather than the per-process limitations provided by setrlimit). It is fairly easy to see why Application Service Providers would be interested in this, since it can help prevent the actions or activities of one user from using up all of a critical resource and thereby impacting other users.

ASPLinux is still in a snapshot development mode, meaning they have not yet released their first stable product. Till then, there is a great deal of information (and a few screenshots) available from their website.

kmLinux - a new German Linux distribution for schools. Fred Mobach, with the laudable intent of making sure we didn't neglect happenings in Germany due to the language barrier, sent us his take on kmLinux, derived from the kmLinux website. To summarize, kmLinux is a SuSE-derived distribution intended for use in schools.

It comes in two flavors, both aimed at desktop customers. KmLinux installs directly under Windows, for ease of introduction to Linux newcomers. KmLinux-S installs in its own Linux partition, though it can co-exist with additional operating systems as well. Both are bundled with applications for text processing, mathematics, computer science, physics, chemistry, astronomy, Internet, graphics and games. Both use the Reiser filesystem, so that teachers/students that abruptly turn off their systems without going through a normal shutdown process will have their files protected.

KmLinux is being developed by the Landesbildungsserver Schleswig-Holstein, a German government organization, in close cooperation with the VereinFreie Software und Bildung (Union for Free Software and Education) and SuSE.

Many thanks, Fred! We greatly appreciate this type of assistance from our readers.

News and Editorials

Best Linux For Business (ZDNet). ZDNet gives us a brief introduction to Linux distributions. "A critical factor in choosing a Linux distro is your company's level of in-house expertise with computers in general and with Unix-like operating systems in particular. If you have resident Linux or Unix gurus, you have many more options."

Interview: Frank Smith of the Embedded Debian Project (GeekNews.org). GeekNews.org interviews Frank Smith of the Embedded Debian Project. "The current focus is on CML2+OS, a system for the configuration and generation of both a Linux kernel and an operating system (i.e. root filesystem). Its purpose is to assist embedded Linux developers in configuring and generating small (1 to 10Mb) Linux target systems."

Distribution Reviews

Linux in Brazil Reviews Conectiva Linux 5.1. From Linux in Brazil comes the review (in Portuguese) of Conectiva Linux 5.1. Here's a Babelfish translation. They appear to be pleased, particularly with the security, since its non-US location allows it to include security software and features that have been avoided, to date, by the larger US-based distributions.

TechLinux, a new Brazilian distribution based on Mandrake. Also from Linux in Brazil comes a review of TechLinux 1.0a (in Portuguese), the alpha release of a new Brazilian Linux distribution based on Linux-Mandrake. The review just covers the packaging and documentation; a fuller piece is promised once they have time to install and use the system. Here is the Babelfish translation.

General-Purpose Distributions

Debian Weekly News. The Debian Weekly News for September 19 is out. It covers the move to replace Debian's installer (described as "aging"), new features in apt, and the end of security fixes for Debian 2.1.

Kernel Cousin Debian. Via this week's Debian Weekly News, we learned that a new Kernel Cousin began publishing last week. Kernel Cousins are regular discussion reports based on a specific mailing list. The original Kernel Cousin reported on the linux-kernel mailing list. Others now report on Wine and the Hurd. The newest Kernel Cousin is the Kernel Cousin Debian, which will be focusing on the debian-devel mailing list. This will be a good source of additional information for Debian followers.

Here are links to the first two Kernel Cousin Debian releases:

• Kernel Cousin Debian #1 For 7 Sep
• Kernel Cousin Debian #2 For 14 Sep

Note that the Kernel Cousin Debian is breaking ground with a new "group-authored" development, modeled, of course, on the successful Debian development method. Any number of authors can volunteer to help out. Each author "claims" a thread, follows it and summarizes it as soon as no new posts to that thread have been seen for three days in a row. If you follow debian-devel, this may be a new way to help out the cause. Additional authors are definitely needed.

Kernel Cousin Debian Hurd. Debian GNU/Hurd development is still currently very light, with the Kernel Cousin Debian Hurd #59 For 13 Sep reporting 75 posts and only one complete discussion thread, on 'pmake' and 'ash' advancements.

Slackware Development News. The development version of Slackware now uses a statically-compiled version of GCL, due to problems using the dynamically-compiled version on multiple machines. An upgrade to Tcl/Tk 8.3.2 has been completed and LILO 21.5.1 is now being used. Check the security section for a link to the Slackware security update for klogd/sysklogd.

Embedded Distributions

The Architecture and Development of Etlinux. LinuxDevices.com has posted this white paper on the design of Etlinux, an embedded version of Linux. In particular, their use of the Tcl interpreter in order to reduce the overhead associated with normal ELF binaries, was discussed.

"Consider, for example, that for a program such as the classic "Hello World", which has several hundred bytes of code, the smallest executable obtainable with gcc occupies about 2.5 KB, for an overhead of about 2.4 KB, or more, in real-world programs.

Hence the fundamental idea behind Etlinux: to use an interpreted language as a "motor"; it is possible in this way to globalize basic functionality in the executable of the interpreter, making it available as primitives of the language, and using scripts as applications. For Etlinux, the choice of the language fell to Tcl, a scripting language developed by John Ousterhout (see reference, below), which is exceptionally easy to learn, and easily extensible through it's C API. "

TimeSys announces pre-emptive kernel support. TimeSys has announced the availability of its own pre-emptable kernel in its TimeSys Linux/RT distribution.

They also issued this position statement, joining the crowd of companies disputing MontaVista's "first hard real-time Linux" claim.

Coollogic introduces Coollinux AE. Coollogic has announced the availability of its "Coollinux Appliance Edition" distribution, aimed at original equipment manufacturers.

Mini/Special Purpose Distributions

BYLD 1.1beta1 with CDROM support. The latest beta version of BYLD (Build Your Linux Disk) can now write to a CDROM. BYLD is a single-floppy-disk-based distribution meant to be a base from which to build your own rescue disk, net client, etc.

Linux Router Project (LRP) 2.9.8 announced. Linux Router Project 2.9.8 was announced Wednesday, September 13th. The new version supports either the Linux 2.0 or 2.2 kernel. In addition, a package merging system that supports the creation of dynamically extended packages will be of interest to the LRP development community. "Persons using the development snapshot can use this system to make customized packages that dynamically build against the current release".

Vector Linux 1.5. Vector Linux is a small distribution designed to be a very basic Linux distribution from which to build or "homebrew" your own. It supports installation of both rpm-based and debian dpkg-based packages. The latest version, Vector Linux 1.5, contains support for international keyboards, laptop PCMCIA support, the Linux 2.2.17 kernel and a new console look-and-feel, among other improvements. Some additional information is available in the Changelogs.

SmoothWall Linux 0.9.4. SmoothWall Linux, introduced to our distributions list in last week's LWN Distributions Page, has released a new, minor update which includes some streamlining of the method the installer uses to autoprobe for ethernet cards, DHCP and Apache, among other changes.

Fd Linux 1.1-1 introduces minor fixes. A fix for an ssh bug and a minor filesystem image bug led to the release of a minor update for this floppy-based mini-distribution.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

Browsers

NSS 3.1 Beta 1 Release 15. Mozilla.org has announced the release of NSS 3.1, a set of libraries for security enabled applications. The crypto code has been unencumbered thanks to recent licensing changes. NSS 3.1 is a complete open-source implementation that includes the recently opened RSA code. The Mozilla Crypto FAQ has all of the details spelled out. Open crypto software fills in a critical capability that had been missing from Mozilla.

Mozilla Training Videos are now available. Mozilla has made a set of SeaMonkey BrownBag Training Series videos available for download. The videos are in Real Video format and range from 15MB to 36MB in size.

Databases

Using MySQL's Built-In Replication To Maximize Availability (Php Builder). Php Builder has run an article by Michael Tanoviceanu on using MySql in a master-slave configuration. The process of setting up redundant database servers is explained in detail.

Documentation

Linux Documentation Project change. The Linux Documentation Project is planning on publishing an index of current HOWTOS to comp.os.linux.answers. Work is under way to improve the feedback path from the readers to the authors of the HOWTOS.

Electronics

Icarus Verilog 20000917 snapshot available. The gEDA project has announced a new snapshot of the Icarus Verilog compilation system.

Games

WorldForge looking for game developers. WorldForge is building a new game infrastructure platform called Stage, and is seeking developers for the project. If you have an interest in working with game software, these folks would really appreciate a helping hand.

Interoperability

Wine Weekly News for September 20, 2000. The latest version of the Wine Weekly News is available. News includes the WineHQ cutover to a new mail server and wine portability issues.

Network Management

OpenNMS Update for September 19. Here is the OpenNMS update for September 19, covering the latest developments in the Open Network Management Software project.

Office Applications

AbiWord 0.7.11 released. The first AbiWord release in three months is out. Many new features have been added, among them are PalmDoc exports, better Gnome support, improved dialogs, and additional RTF font support. See the announcement for details and get the latest version at the AbiSource homepage.

Evolution 0.5 (Salamander) Released. Version 0.5 of the "Evolution" mail / calendar / address book application from Helix Code has been announced. It includes a rather substantial list of new features. A bug fix version for Evolution 0.5 has just been released. Here is the announcement for version 0.5.1, which is available for download.

Nautilus needs testers. The Nautilus file manager for Gnome will be going through a second preview release in the next few weeks. The project is looking for testers to help locate bugs and verify fixes for resolved bugs.

What's New in GIMP 1.2? (O'Reilly). O'Reilly news has run an article by Sven Neumann about What's New in GIMP 1.2. The article discusses the many new features in the upcoming Gimp 1.2 release

On the Desktop

Final KDE2 beta released. The fourth and final beta release of KDE2 has been announced. Here's your last chance to find problems and help the KDE team produce a solid 2.0 release.

The people behind KDE: Lauri Watts. The "people behind KDE" series continues with this interview with Lauri Watts, KDE's "documentation reviewer." "I guess you'd call that 'Help File nitpicker'. I help review the documentation for various things including sgml markup, typos, completeness. Closest to a real world job would be a copy-editor, but I try to stay out of editorialising the actual text unless it's not making sense. That's rare, the doc writers are doing a wonderful job."

GNOME Documentation Project Status Report. The GNOME Documentation Project Status Report for September 15 is out. The GDP folks look like a busy crowd.

Alan Cox releases GnoRPM 0.95. Linux kernel Hacker Alan Cox has lent a hand to the GnoRPM project by fixing a number of bugs and releasing GnoRPM 0.95. The notice states: "So if you ever had any troubles with GnoRPM before, rest assured that from here on, it is as stable as the kernel itself."

Gnome Libs 1.2.5 test release. Miguel de Icaza has announced a test release of Gnome Libs. Numerous bug fixes have been included.

Printing

CUPS v1.1.3 released. A new version of CUPS, the Common Unix Print System is available for downloading. Many improvements have been added, bugs have been fixed, and new documentation is available. CUPS is reported to be a big help for those dealing with multiple UNIX platforms and network printers.

Ghostscript gets a new maintainer. Raph Levien has announced that he is the new maintainer of Ghostscript. The announcement contains a lot of useful information on the Ghostscript project's upcoming directions. Mr. Levien has an ambitious list of tasks to accomplish, not the least of which is simplifying the licensing model. Congrats, Raph - we expect you're going to be busy... (Thanks to Andrea Fogazzi).

Science

RFC: Journal of Open Source Medical Software (Linux Med News). Linux Med News has an announcement about an RFC for the development of a scholarly journal on Open Source medical software. If you are working in that arena, check it out. Editorial board positions are available.

Ocularis: Leading the Way for Blind Linux Users (Linux News). Linux News has run an article on Ocularis, an open-source project using Linux that aims to create a "Seeing Eye Penguin" for the blind. "Eventually, Ocularis should be able to offer a variety of basic programs intended to allow visually impaired users to carry out certain core functions. 'The basic applications that Ocularis will possess are a word processor, calendar, calculator, basic accounting or finance application, file manager, Internet browser, and e-mail client,' the site explains. 'In addition, easy to use, all-purpose screen reading software will be included to provide access to nearly any console-based program.'"

Web-site Development

Midgard Weekly Summary for September 14. The Midgard Weekly Summary for September 14 is out, covering an admittedly "slow week" in the development of the Midgard application server.

Zope 2.2.2 released. Zope 2.2.2 has been released. It's mostly a bugfix release, but it should be of interest especially to ZEO users.

There is also a Zope 2.3.0 plan available which shows some of the things the developers are thinking of adding for the next major release.

Zope Weekly News. Here is the Zope Weekly News for September 20. It covers recent events in the Zope development world, and announces a Zope job available at a "Fortune 100 media company."

ZGDChart 0.4.2b released. Zope.org has released a new version of ZGDChart, a Zope based chart drawing facility. " ZGDChart is based on Michael Ray Steed's Python module gdchart, which in turn is based on Bruce Verderaime's GDCHART C library, which in turn is based on Tom Boutell's GD C graphical library. " ZGDChart can help you draw spiffy graphics with Zope.

Section Editor: Forrest Cook

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Programming Languages

C/C++

Common threads: POSIX threads explained, Part 3 (IBM). IBM's developerWorks has run the third and last article by Daniel Robbins on using Posix threads. This article covers condition variables. You may want to start with the first and second articles if you have not read them already.

Gtk-- 1.2.3 released. A new release of Gtk-- has been announced. Gtk-- is a C++ interface to the Gtk GUI library. This release contains mostly bugfixes. Gtk-- is distributed under the LGPL license.

Java

Java code samples (IBM). IBM's developerWorks has published a useful set of Java and JavaScript code samples. If you are thinking about getting into Java, this might be a good place to start. DeveloperWorks has also run an article on how to Acquire multiple locks in a fixed, global order to avoid deadlock in Java.

Perl

PerlMonth issue 11. Perl Month Issue 11 has a number of useful articles on using Perl. Topics include debugging Perl CGI scripts, searching LDAP servers, and using various HTML:: perl libraries.

Python

This week's Python-URL. Here is Dr. Dobb's Python-URL for September 19, covering what looks like a busy week in Python development.

Python-dev Summary for September 15. A.M. Kuchling's Python-dev Summary for September 15 is out. It covers the latest Python releases, licensing issues, and many other Python development topics.

PyQt/PyKDE Python Bindings for Qt and KDE. The Kompany has announced new versions of Sip, PyQt, and PyKDE, which are tools for binding Python to Qt and KDE. The software is available for download.

Charming Python: Curses programming (IBM). IBM's developerWorks has a new article by David Mertz on Curses programming in Python. The article walks you through the process of coding a Curses based application in Python.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for September 19. It covers this week's happenings in the Tcl/Tk world, including the release of Expect 5.32.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Red Hat second quarter results. Red Hat has announced its second-quarter results (fiscal 2001). Revenue was $18.5 million, up from $10.5 million a year ago. The adjusted net loss was reported to be $1.9 million, compared to an adjusted net loss of $4.3 million at this time last year. The company seems well on its way to becoming profitable sometime in 2001.

In other news, Red Hat and NetSilicon have announced a partnership to deliver products and services oriented toward Internet appliance systems. The first product is "NET+Lx," an Internet appliance development platform, running a version of uClinux which was ported by Red Hat to NetSilicon's NET+ARM(TM) processor.

Intel delivers an open source language research platform. Intel has announced the release of its "Open Runtime Platform" under an open source license. The ORP is an optimized Java runtime environment, which initially interoperates with GNU Classpath. GNU Classpath is an open source library for Java. The basic system incorporates a fast code generating Just-In-Time compiler (JIT) as well as an optimizing JIT. It also includes several Garbage Collection (GC) algorithms, ranging from a simple mark-sweep algorithm to an advanced train algorithm.

MontaVista joins Intel ACPP. The Intel Applied Computing Platform Provider (ACPP) program consists of third-party board and software vendors who meet Intel's strict criteria for quality assurance, design capability, tools, support and in the case of the hardware vendors, manufacturing capacity.

MontaVista Software has announced that it has joined Intel's "Applied Computer Program Provider" program. Intel, too, has issued a press release on this event.

RadiSys and LynuxWorks to develop high-availability Linux system. RadiSys and LynuxWorks have announced their intent to create a new, high-availability Linux system targeted for telecom and embedded system applications which require "five-nines" or better availability.

RadiSys and LynuxWorks are both active members of the ACPP as well as charter members of the High Availability on Intel Architecture Forum sponsored by Intel Corporation.

Recent Surveys. VA Linux Systems has issued a press release on the latest IDC results, which show VA in the number two position for Linux server shipments in the U.S. and third worldwide.

A company called Evans Data has announced the results of a new survey: evidently they found a large increase (50% in 6 months) in the number of developers who are working on Linux wireless applications.

InterVideo launches Linux DVD player. InterVideo has announced the availability of a Linux-based software DVD player "with integrated CSS copy protection."

Yggdrasil ships Linux DVD9-ROM. Yggdrasil has announced the availability of what it claims is the first Linux DVD9-ROM. The DVD9-ROM format allows them to put 8GB worth of Linux stuff (from Metalab and ftp.gnu.org) onto a single disk.

MandrakeSoft issues response to Bill Gates. MandrakeSoft has issued a response to recent comments by Bill Gates about Linux. "What Mr. Gates calls 'hype' is actually a worldwide, grass-roots, fundamental change in how computing is performed."

It's fragtime for the Dust Puppy. UserFriendly.org is sponsoring the Loki Software Quake III Arena Contest. Contestants will create and modify "skins" and levels based on the cast of characters from the UserFriendly.org episodic comic strip for use with Quake III Arena.

Lineo provides services for Embedded OEMs. Lineo has announced that its Professional Services Group will be expanding into providing services for embedded Linux original equipment manufacturers.

Press Releases:

Commercial Products for Linux

• eSoftBank.com Inc. (SHENZHEN, China) announced the launch of one of its newly conceived products: Strategy E*Linux, including Linux Configuration Center (Linux CC) and Powermail.

• Solsoft, Inc. (MOUNTAIN VIEW, Calif.) announced Solsoft NP-Lite 4.0, its security management solution, now available for free download.

• Linux NetworX, Inc. introduced its RapidFlow line of switches, which are fully managed, wire-speed, non-blocking, stackable Fast Ethernet and Gigabit Ethernet switches that are incorporated into every Linux NetworX cluster system.

• Linux NetworX has also announced the availability of its Evolocity 1240s cluster, which is oriented toward high availability web serving applications.

• Motorola Computer Group (TEMPE, Ariz.) announced a plan to expand its Advanced High Availability Software offerings, providing "out-of-the-box" software solutions that support the high-availability (HA) features and functions of Motorola's carrier-grade, Intel and PowerPC processor-based platforms. HA Linux is scheduled for March 2001, with other platforms to follow.

• SGI (MOUNTAIN VIEW, Calif.) announced that it will soon release the source code for its SGI digital media software development kit (dmSDK) for the Linux operating environment.

Products Using Linux

• Axis Communications (CHELMSFORD, Mass.) introduced the AXIS 2120 Network Camera, the intelligent tool for remote monitoring and web attraction based on live video.

• Check Point Software Technologies (REDWOOD CITY, Calif.) announced the VPN-1/FireWall-1 SmallOffice software. The Intrusion.com SecureCom PDS 2100 is an Ethernet-connectable security appliance that comes pre-installed with Check Point's VPN-1/FireWall-1 SmallOffice software running on a hardened version of Red Hat's Linux.

• DevelopOnline (TEMPE, Ariz.) will soon launch a website DevelopOnline.com, a collaborative, online development center for programmers, innovators and engineers to design new products or improve upon existing products over the Web. The site is built on Linux and several embedded Linux companies (such as Lineo, MontaVista and Red Hat) are collaborating.

• Intershop Communications, Inc. (SAN FRANCISCO) announced that Intel has incorporated its e-commerce hosting software into the Intel NetStructure Storefront Appliances, which operate on RedHat Linux 6.2.

• V-ONE Corporation (GERMANTOWN, Md.) released the latest version of its SmartGuard Security Appliance, which now includes Secure Multiple Unit Management over the Internet and IPSec for Site-to-Site using IKE. SmartGuard is a pre-configured appliance, which uses a security hardened Linux operating system joined with Intel's high-speed computing platform.

Products with Linux Versions

• American Megatrends Inc. (ATLANTA) announced the addition of AMIEnterprise64 Firmware, a 64-bit server firmware solution, to its line of products.

• Dell (ROUND ROCK, Texas) is now offering its Dell PowerEdge 1400 server at prices starting under $1,700. These can be ordered with Red Hat Linux 6.2 factory installed.

• InfoValue Computing, Inc. (BOSTON) introduced the QuickVideo Carrier Suite for DSL, a video streaming software solution for video-on-demand, video multicast, and video distributed caching services over a DSL network.

• Kasenna, Inc. (MOUNTAIN VIEW, Calif.) announced that its Kasenna MediaBase software is available for shipment on multiple platforms, including Linux.

• Microware Systems Corporation (DES MOINES, Iowa) offered the Microcode Solutions Library for the Intel IXP1200 network processor.

• Multi-User Solutions (ATLANTA) introduced Call Status, a new service which allows its customers access to their account information via the Internet.

• Sanctum, Inc. (SANTA CLARA, Calif.) introduced AppScan 1.5, the latest version of the company's web application audit tool, which now features SSL encryption support.

• TASKING (DEDHAM, Mass.) announced its latest release of the C166 Tool Suite V7.0, introducing a higher-performance EDE, complete with enhanced error checking for SAFER C and a faster, more efficient C/C++ compiler.

• Trilogic Systems (BOSTON) has a CompactPCI Communications Platform, a rack mount CompactPCI development platform which can be ordered with Red Hat Linux.

• Wicom Communications (ESPOO, Finland) announced a software version of its Wicom Enterprise/Wicom CSS (Communication Service Solution) that uses Brooktrout Technology's TRxStream Series TR2001 IP Telephony platform.

• Wright Technologies (TORONTO, ONTARIO) announced that they are porting Wright's next generation visual communication software to Intel's new IA-64 processor platform.

• Young Minds, Inc. (REDLANDS, Calif.) announced that it is shipping PowerDVD Studio, an automated DVD-Recording system.

• Zero G (SAN FRANCISCO, CA) announced the immediate availability of version 3.5 of the InstallAnywhere product line.

Java Products

• Continuus Software Corp. (IRVINE, Calif.) announced the release of ChangeSynergy 3.5, an automated and integrated Java-based change request management system.

Books and Training

• AbriaSoft (FREMONT, CA) announced its release of the Abria MySQL Admin Training CD-ROM, its first in a series of MySQL education products. AbriaSoft commercially distributes MySQL into a boxed package for online database solutions.

• ArsDigita Corporation (CAMBRIDGE, Mass.) announced that the open-source ArsDigita Community System (ACS) suite of e-business applications powers the online community for iDevelop2000, Oracle's two-day event which provides hands-on training on the Oracle Internet Platform, including Oracle8i.

• Digital Creations and Kaivo (DENVER) announced that Kaivo will be developing and delivering Zope training worldwide.

• eWEEK (MEDFORD, Mass.) announced eSEMINARS, an online and interactive seminar series. "Realistic Options for Deploying Linux in the Enterprise" on Oct. 27 will probably be of most interest to LWN readers.

• No Starch Press has announced (finally) the availability of its new book: Linux Music & Sound by Dave Phillips. "Phillips covers general Linux audio set-up, describes basic and advanced use of the system, and profiles and evaluates the broad range of Linux sound and music applications."

• Novell Users International (OREM, Utah) continues their North American Hands On Technical (HOT) Labs tour. There's a lab on NDS for Linux with Caldera's e-Server and Novell's eDirectory.

Partnerships

• 3Dlabs, Inc. (SUNNYVALE, Calif.) announced that it has become a permanent member of the OpenGL Architecture Review Board (ARB).

• Dialtone Internet, Inc. (FT. LAUDERDALE, Fla.) announced that effective immediately, its "Wholesale 4 Success" program partners will be able to add the Cobalt RaQ server line to their product offerings. At this time, this offer includes the Cobalt RaQ 3 and the Cobalt RaQ 4i, with Chili!soft ASP technology.

• GraphOn Corporation (MORGAN HILL, Calif.) announced that TIDAL Software Inc. will sell a packaged, GraphOn-branded version of Bridges.

• IBM (SOMERS, N.Y. & BELLEVUE, Wash.) announced an expanded agreement with Chili!Soft, Inc., a subsidiary of Cobalt Networks, Inc., to deliver complete web hosting solutions to the UNIX/Linux environment.

• Macadamian Technologies Inc. (OTTAWA, ON) announced that the Syndeo Collaboration Suite 2.1 is now IBM Netfinity ServerProven, and now fully supports IBM's WebSphere Application Server and DB2 Universal Database on the RS/6000 platform.

• VeriSign, Inc. (MOUNTAIN VIEW, Calif.) has announced three separate deals to integrate VeriSign's website digital certificates into other products. This one with CyberIQ Systems to integrate them into CyberIQ's HyperCommerce system. This one with Nuron LLC, and Penguin Computing Inc. to integrate into Penguin Computing's Linux-based servers with Nuron's adaptive computing boards (AcB) and this one with Covalent Technologies, Inc. to integrate them with Covalent's Apache server products.

• Web.de and Tucows Inc. (Karlsruhe, Germany and NEW YORK) announced a content syndication agreement that will bring co-branded, localized versions of the Tucows software libraries to German users.

Investments and Acquisitions

• IBM (WHITE PLAINS, N.Y.) announced that it will aggressively expand the company's Web Integrator Initiative to Europe's major Web Consulting firms by year-end. IBM plans to invest up to $65 million over the next 18 months.

• Sun Microsystems, Inc. (PALO ALTO, Calif.) and Cobalt Networks, Inc. announced that Sun will acquire Cobalt in a stock-for-stock merger.

Financial Results

• Netgem (PARIS) reported revenues of 43 million euros.

Personnel

• e-smith, inc. (BOSTON) announced the appointment of Ross Laver as Director of Online Community Development. In this new role, Laver is responsible for developing content that creates value for e-smith's three principal online communities: customers, systems integrators, and open-source software developers.

Linux At Work

• DashCenter, Inc. (CLARKSVILLE, Md.) announced that it has selected network-attached storage (NAS) appliances from VA Linux Systems, Inc. as the basis for DashCenter's new storage-for-rent offering.

• HostNYC, Inc. (NEW YORK) announced the integration and launch of new Linux-powered hosting platforms featuring the Cobalt RaQ 4.

• Olivesystems, Inc. (FREMONT, Calif.) is delivering a complete end-to-end Operations Support System (OSS) to Koyote Communications, Inc., in Commerce, TX. This specific implementation of RAPID7, running on Linux, includes RAPID7 Billing Engine, RAPID7 Order Management & Care, RAPID7 Partner Gateways to Southwestern Bell and GTE, and RAPID7 Hardware Gateway to CopperCom/DTI. RAPID7 is 100% based on open, proven foundations, such as Java/J2EE, Oracle, XML. All applications are built in-house by Olivesystems.

• TurboLinux, Inc. announced that China's largest sports Web site, Shawei.com, hosts the Sydney 2000 Olympics webcast and all of its other content on a high availability Internet site built around TurboLinux clustering, caching, and load balancing software solutions powered by an Oracle database on Compaq Proliant servers.

Other

• Akopia Inc. (RESTON, Va.) welcomes the recommendations of a report into open source software published yesterday by the President's Information Technology Advisory Committee (PITAC).

• Penguin Computing Inc. wants us to know that they are a platinum sponsor of the Linux Business Expo in Atlanta.

• Stalker Software (MILL VALLEY, Calif.) and VA Linux Systems, Inc. announced that Stalker Software's CommuniGate Pro was awarded first place in Network Computing magazine's recent "RFP: No-Fail Email" challenge, based on the email solution that Stalker submitted on a VA Linux 2200 2U server.

• Synopsys, Inc. (MOUNTAIN VIEW, Calif.) announced that its Verilog Compiled Simulation (VCS) tool has enabled AMD to achieve a major milestone in regression throughput. This performance was attained by running Synopsys' VCS Verilog simulator on a Linux-based server farm using the new AMD Athlon processors.

• Topica Inc. (SAN FRANCISCO) announced the launch of Topica Direct, an email newsletter delivery solution for businesses. IBM developerWorks has signed an agreement with Topica, for a newsletter which will provide information on Java, Linux, XML, Open Source, Startup and other web technologies.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the News

Open Source

What makes software open source? (Upside). Upside looks at the Python license issue. "What's the difference between a GPL-compatible and a non-GPL-incompatible software license? In the case of the version 1.6 license for Python, the interpreted object-oriented language developed by Dutch hacker Guido Van Rossum and the Free Software Foundation (FSF), the hacker group charged with overseeing the Gnu General Public License (GPL), the answer is: 20 words."

U.S. Government Should Foster Development of Free Software (LinuxToday). LinuxToday covers the President's Information Technology Advisory Committee (PITAC) and the recently issued 'Recommendations of the Panel on Open Source Software For High End Computing.' "The cover letter to the report says that PITAC 'believes the open source development model represents a viable strategy for producing high quality software.' A promising start. "

Know your rights (regarding open source software) (ZDNet). Here's a quick survey of software licenses on ZDNet. "The real downside of the GPL, particularly for embedded developers, is that it's designed to discourage the creation of proprietary software and to encourage free software. If you wanted to build your firmware around a GPL package or library, you'd be forced to give away the source code to your firmware. But this is not a problem with an LGPL package, like the GNU C library, which can be legally included as part of proprietary software."

The Failure of the Free Software Movement (Dr. Dobb's). Here's an opinion piece in Dr. Dobb's Journal claiming that the free software community has fallen short of its goals. "Although the Free Software Movement has succeeded in creating GNU/Linux and other free software, it has made little progress in its larger goal of making all software free, and faces serious challenges due to increased popularity of existing free software." (Thanks to Alexandre Dulaunoy).

Real-time on LinuxDevices.com

The Real-time Linux Quick Reference Guide (LinuxDevices.com). LinuxDevices.com has posted a quick reference guide to real-time Linux. "Given the somewhat bewildering variety of alternatives, we've assembled the LinuxDevices.com 'Real-time Linux Quick Reference Guide' which we hope will assist you in locating Linux-based solutions that match your system requirements."

Real-time Linux -- what is it...? (LinuxDevices.com). LinuxDevices.com has put up a tutorial article explaining real time applications and the various approaches to real time that can be found in the Linux world. "First, we'll define terms like real-time, hard real-time, soft real-time, and learn how real-time performance is characterized. Next, we'll learn what sorts of systems need real-time, and how much they need. Then, we'll compare some of the basic approaches used to add real-time to Linux."

When hard real-time goes soft (LinuxDevices.com). LinuxDevices has run a guest column by Jeff Dionne of Lineo on the distinction between hard and soft real time applications. "Of course you need to define the response time requirements for your real-time system. However, it is the fact that you have strictly defined those requirements (say, before the spacecraft goes out of view or before the shaft on the motor you're controlling turns more than 0.3 degrees) that have made your system hard real-time as opposed to soft real-time."

Red Hat

Can Linux Make Money? (ZDNet). ZDNet looks at Red Hat's prospects. "A year ago it was enough to have a dream, a hot technology and a good name. Today, however, tech stocks--such as Red Hat, the leading Linux distributor--need more. They need, if not profits, than solid bottom-line improvements. Red Hat delivered."

Linux seller Red Hat narrows losses (News.com). News.com reports on Red Hat's quarterly results. "Companies that hired Red Hat in the past quarter to help push Linux into embedded devices included Samsung, Eastman Kodak, Hitachi, Ericsson, Cirrus Logic, Cradle Technologies and Intel, Red Hat chief operations officer Tim Buckley said during a conference call today. Such contracts typically have garnered Red Hat revenue from $100,000 to more than $1 million each, he said."

Downgrade, sell-off zap Red Hat shares (News.com). News.com reports on the fall in Red Hat's stock price despite the company's good quarterly results. "Meanwhile, Oracle sold off 800,000 Red Hat shares for $19.4 million, and Novell sold off 50,000 for $1.35 million, according to regulatory filings yesterday and today."

Sun buys Cobalt

Sun to buy Cobalt in $2 billion stock deal (Reuters). Here's a Reuters article reporting that Sun intends to buy Cobalt Networks for $2 billion in stock. Each share of Cobalt will be replaced with a half-share of Sun.

Sun buys Cobalt in $2 billion deal (News.com). News.com covers Sun's purchase of Cobalt Networks. "The deal also means that Sun, at least for the time being, will be adopting two foreign technologies into its product line: Intel-compatible Advanced Micro Devices CPUs and the Linux operating system."

Sun Buys Cobalt Networks (ZDNet). ZDNet looks at Sun's purchase of Cobalt. "Sun Microsystems is presenting its stock-for-stock merger with leading Linux network appliance maker Cobalt Networks Inc. as primary being a way to accelerate Sun's entry into the server appliance marketplace. That's one way to take it. The other, while not mentioned by Sun in its press release, is that it gives Sun an instant entry into the Linux market. Unlike the quiet Solaris on Intel efforts, this move gives Sun not only its first Linux products, but it also marks the first time that Sun has made a splashy entry into the non-Sun hardware product market."

Companies

Commentary: VA Linux tees up in the storage server market (News.com). News.com is carrying a column from the Gartner Group on VA's new network attached storage product. "For the regional ASPs that are experiencing explosive storage growth and companies that run storage-hungry applications, VA Linux's NAS products are a much less costly alternative. VA Linux, on the other hand, should enhance its storage management software features."

TurboLinux wins supporting role in Hollywood bank (News.com). News.com looks at the use of TurboLinux at the First Credit Bank of Los Angeles. "Winning over financial institutions is an important step in establishing the legitimacy of comparatively new companies such as San Francisco-based TurboLinux. But there's plenty of room for improvement, as First Credit Bank will be using the TurboLinux servers only for relatively minor server tasks such as sharing files, sending print jobs to printers and transferring files over the Internet, TurboLinux said."

An Open-Source Maven Closes In on Oracle (Business Week Daily). Business Week Daily looks at Great Bridge Software and its plans for the PostgreSQL database. "But convincing corporations that an open-source database, created by thousands of unknown contributors, is secure and stable enough to trust could prove difficult. That reluctance comes, in part, from the crucial role databases play in everything from stock-market transactions to air-traffic control -- a role many information architects claim is even more crucial than that of operating systems."

Embedded Linux Development Site Set to Unveil (InternetNews). InternetNews.com reports on DevelopOnline, an embedded Linux site set to launch at the beginning of October. "Targeted primarily at the embedded Linux community, the site offers developers open source software (multiple versions of Linux) and a database of complete open hardware platforms, including reference designs, schematics and board layouts."

Lesser-known Linux companies join forces (News.com). Here's a News.com article about Caldera's investment in EBIZ. "Although Caldera is one of the Linux companies that went public before Wall Street grew testier this spring, analysts say it doesn't have the revenue or brand recognition of Linux companies such as Red Hat or VA Linux Systems."

Business

Gnome needs a facelift (ZDNet). ZDNet comments on GNOME and the GNOME Foundation. "If you've ever attempted to use the Gnome desktop, you'll know that even in its newer, much improved incarnations, it's not going to find favour with many IT support departments. They will not want to do battle with its installation routines, and explain its complicated file management processes to users. If the Gnome Foundation is serious about making Gnome a viable mainstream solution, it needs to look further than using it as a vehicle for pushing the open source message, and begin to apply some real design expertise."

Console makers face a brand new game (Upside). Upside reports on the next generation of game consoles, including the Linux-based Indrema. "So which strategy will be successful? Indrema's won't. The L600 consoles will end up as high-end engineering curiosities, like the DeLorean, if they ever get made."

Yggdrasil riddle (ZDNet). Evan Leibovitch looks at Yggdrasil, a once-prominent Linux distributor. "[Yggdrasil owner Adam] Richter said the company didn't go after the venture capital, staffing expansion or marketing blitzes of other Linux companies of the last few years because the company wasn't ready for it -- then."

Linux and Napster users: Cut from the same yarn (Upside). Despite its title, this Upside article has nothing to do with Napster. It is, instead, a comparison of the Linux community with modern music producers. "After all, today's hackers and DJs share more than just a penchant for expensive electronic toys and ill-advised haircuts. In a world characterized by information overload, both cultures have emerged as separate appendages of the same post-modern beast. Whether it's Gnome hackers appropriating the GIMP tool kit for their own benefit or musicians such as DJ Spooky overhauling Metallica's 'For Whom the Bell Tolls,' throwing in hip-hop samples underneath, the underlying creative concepts are the same: Take the best. Dump the rest. Integrate and start over."

MP3.com yanks song with illegal DVD-hacking code (News.com). News.com covers the banning of the DeCSS song from MP3.com. "The song, called DeCSS.MP3, offers an English language rendition of computer code that, depending on whom you ask, is either a harmless exercise in experimental software engineering or a missile aimed at the heart of Hollywood."

Building a Black Hole with OpenGL (O'Reilly Network). This lengthy O'Reilly artcle looks at the physics of black holes and OpenGL. "What we can do fairly inexpensively is simulate the physics of a very strong gravity field acting upon a number of particles. By simulating a thousand particles or so, a very pleasing visual display can be created. Using a simple iterative solution, the physics can be calculated quickly, while still resulting in true "Kepler" orbits, within limits.

We'll use OpenGL as the 3D API in order to leverage any 3D hardware that might be available on the machine."

Resources

.comment: Visiting the Kernel (LinuxPlanet). LinuxPlanet plays with the 2.4.0-test kernel. "As Eric S. Raymond has famously noted, programming in our sphere is done because the programmer has an itch he or she wants to scratch. I'd like to extend that--pre-release software is installed by itchy users."

LinuxDevices.com Embedded Linux Weekly Newsletter. Here is the LinuxDevices.com Embedded Linux Weekly Newsletter for September 14. As usual, it contains a detailed summary of embedded Linux happenings over the last week.

Reviews

Helix Code GNOME 1.2 (DukeofURL). Here's a long look at Helix Code's GNOME 1.2 from the Duke of URL. "Thanks to intelligent design, if you already have a desktop environment, installing Helix Code GNOME is as easy as a couple commands. If you don't have some sort of desktop environment installed already, it's no harder than KDE or other environment. Installation can be done via RPM or source, and can be done with Helix Code's handy installer."

DigitalDevices: From old PC to powerful server (ZDNet). ZDNet reviews the NetMAX Professional Suite. "Installation isn't pretty during the first section, consisting of bewildering Linux text messages scrolling up the screen. Linux-phobes aren't asked to do anything even resembling a command, however; the program just answers a few quick questions and continues to the browser-based installation screens, which are clean and attractive."

Opening a Few Windows with PHP (ZDNet). ZDNet has run a lengthy article on PHP - for Window systems. "The intention of this article is not to engage in platform warfare, but to simply inform folks that PHP is not just for Linux."

Interviews

Information on a Korean combo cell phone + PDA (LinuxDevices.com). LinuxDevices.com talks with Minsuk Lee of PalmPalm Technology, which is working on a new, Linux-based cellular phone/PDA system. "There were some some disadvantage in using Linux in embedded applications: It's BIG! It needs much more memory than typical embedded RTOSes, but still less than WinCE"

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

The return of Kuro5hin. Rusty Foster has announced that Kuro5hin.org would return to the net effective Monday, September 18th, after nearly two months of absence. The announcement stated the site was to be up at 10:00 AM U.S. Pacific time (GMT - 7).

New Linux job site. A Linux-oriented job site, called MonsterLinux, has hit the net. Immediately after launching it was throttled into a name change by Monster.com. The site is now called Mojolin.com. The new domain should be up and working very soon.

Events

Planet IT Roundtable on Linux. Alex Samonte, chief engineer at SiteSmith, is leading a Linux roundtable discussion on Planet IT based on his background in network administration and software engineering in the Linux environment. The roundtable will run from September 15, 2000 through October 14, 2000. Note that this page requires a member login.

Not Your Parents' Appliances. Here's a look at what's coming to the upcoming Embedded Systems Conference, September 24-28, 2000 at the San Jose Convention Center in San Jose, Calif.

Keynotes at LINUX Business Expo - Atlanta. Here's a press release about the keynote addresses at the upcoming LINUX Business Expo. Robert Young, Red Hat Chairman and Co-founder and Nicholas Petreley, Linux Journalist and Caldera Systems Linux Evangelist are both giving speeches. Conference tracks, workshops and show highlights are also listed.

Atlanta Linux Showcase and Conference. The 4th Annual Linux Showcase & Conference is coming up, October 10 - 14, 2000 at the Cobb Galleria in Atlanta, Georgia. This press release is about the USENIX Association's contributions to the event and it introduces the keynote speakers.

September/October events.

Date	Event	Location
September 20 - September 22, 2000.	7th International Linux Kongress	Erlangen, Germany.
September 24 - September 28, 2000.	Embedded Systems Conference 2000	San Jose, CA.
September 25 - September 28, 2000.	LINUX Business Expo	Atlanta, Georgia.
September 27, 2000.	Linux - Open Source Day	Comdex, Tel Aviv, Israel.
September 27 - September 30, 2000.	Linux Asia 2000 - email: Zaid Karim Shaari	Putra World Trade Centre, Kuala Lumpur.
October 10 - October 14, 2000.	Atlanta Linux Showcase	Cobb Galleria, Atlanta, Georgia.
October 16 - October 18, 2000.	Wireless Developer Conference	Santa Clara Conference Center, Santa Clara, CA.
October 23 - October 25, 2000.	Apachecon Europe	Olympia Centre, London, England.
October 27, 2000.	Embedded Linux Expo & Conference	Wyndham Westborough Hotel, Westborough, MA.
October 31, 2000.	Linux Expo Canada	Metro Toronto Convention Center, Toronto, Ontario
October 29 - November 2, 2000.	Software Development Conference & Expo 2000 East	Washington Convention Center, Washington, D.C.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

Central Ohio Linux Users Group. COLUG is meeting on September 27, 2000. Presentations on SSH and OpenSSH and much more.

The people of Delfzijl are introduced to Linux. Linux will be introduced to the people in Delfzijl (a harbour on the north east coast of the Netherlands), in three meetings:
October 12, Introduction - November 9, Installation - and December 14, Running Applications.

These meetings will start at 20:00 and will occur at wijkcentrum Kuilsburg, Camperlicht 1, Delfzijl. The language at the meetings will be dutch.

LUG Events: September 21 - October 5, 2000.

Date	Event	Location
September 24, 2000.	Perth Linux Users Group InstallFest	Canning College, Perth, Western Australia.
September 27, 2000.	Central Ohio Linux User Group Meeting	Columbus, Ohio
September 27, 2000.	Linux User Group of Assen Meeting	Assen, Netherlands
October 2, 2000.	Baton Rouge Linux User Group	The Bluebonnet Library, Baton Rouge, LA
October 3, 2000.	Linux Users' Group of Davis Meeting	Z-World, Davis, CA
October 4, 2000.	Southeastern Indiana Linux Users Group	Madison/Jefferson County Public Library, Madison, IN.
October 4, 2000.	Silicon Valley Linux Users Group	Cisco Building 9, San Jose, CA

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Employment

Linux Today Jobs. Linux Today has a new job site. Job posters are charged $45; no charge for job seekers.

Software Announcements

Sorted by section and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux Links of the Week

A related site is EFF's Campaign for Audiovisual Free Expression. Check it out for news from that front of the fight for freedom.

Section Editor: Jon Corbet

This week in history

However, writing new drivers for the thousands of peripherals on the market is a daunting task. Hence, Project UDI is hoping the Linux community will help... A reference platform will be distibributed as freeware for Linux, and the Project UDI members will be counting on the Linux community to work on device drivers...
-- ZDNet.

The Linux community showed little enthusiasm for the idea of providing device drivers for the convenience of proprietary Unix vendors, and UDI faded away.

The development kernel release remained at 2.1.122. Linus called for a change in how the network drivers worked, because it was all wrong at the time. The changes called for happened, but not until 2.3.43.

IBM finally got around to announcing that its DB2 database would be made available for Linux. Sybase, too, got in on the act with its release of "Adaptive Server Enterprise."

One year ago (September 23, 1999 LWN): A previously obscure company called LinuxOne released a new distribution (called by some "Red Hat with the serial numbers filed off") then promptly filed for an IPO. Needless to say, this move was not well received. One year later, now, the IPO has not happened.

Corel Linux went into beta test. The event was overshadowed, however, by a rather severe nondisclosure agreement that beta testers were expected to sign. Linux-Mandrake 6.1 was made available for download.

LinuxOne was not the only IPO filing that week; Andover.Net also put in for an offering. They had rather more success at it.

Letters to the editor

Date: Thu, 14 Sep 2000 14:18:20 -0600
From: yodaiken@fsmlabs.com
To: lwn@lwn.net
Subject: RTLinux story

Your story was very nice, but, of course, I have to complain about
something.  And the something is

	RTLinux makes many changes to the standard kernel source, while
	RTAI takes a minimalist approach to kernel changes.

RTLinux has always done only minimal changes to Linux: working only at the
lowest level of the architecture dependent interrupt handling. RTLinux on
PowerPC requires no changes at all to Linux kernel and on x86 and Alpha the
changes are all localized.  In fact, from the beginning of this project,
making it easy to track the kernel and staying out of the core operating
system have been priorities for us.

-- 
---------------------------------------------------------
Victor Yodaiken 
Finite State Machine Labs: The RTLinux Company.
 www.fsmlabs.com  www.rtlinux.com

From: Massimo Dal Zotto <dz@cs.unitn.it>
Subject: Re: Cisco patents NAT
To: lwn@lwn.net
Date: Wed, 20 Sep 2000 22:06:39 +0200 (MEST)

Hi,

the Cisco patent on NAT was filed on 3 Nov 1995 and my old copy of the
linux-1.3.20 kernel, dated approximately August 1995, already contains many
references to the constant CONFIG_IP_MASQUERADE, so we have a clear case of
prior art in the linux kernel itself.

Should this be enough to invalidate the Cisco patent or do we need some
legal battle to defend our version of the same idea?

-- 
Massimo Dal Zotto

+----------------------------------------------------------------------+
|  Massimo Dal Zotto               email: dz@cs.unitn.it               |
|  Via Marconi, 141                phone: ++39-0461534251              |
|  38057 Pergine Valsugana (TN)      www: http://www.cs.unitn.it/~dz/  |
|  Italy                             pgp: see my www home page         |
+----------------------------------------------------------------------+

Date: Wed, 20 Sep 2000 15:03:18 -0500
From: Dave Finton <surazal@chef.nerp.net>
To: letters@lwn.net
Subject: Am I the only one?


Lately I've noticed a big trend with Linux news sites.  Due to it's
rather populist roots, Linux advocates have always been extremely
passionate about their beliefs (I know this because I'm from the same
camp myself).  No more is this true than with those who run popular
Linux-oriented web sites, such as Slashdot and LinuxToday.  This, too, 
is the result of a long history, where these types of web sites were
the voices of Linux and Open Source in the earlier days.

Nowadays, Linux is jockeying for position in multiple markets
(successfully in many cases) and the concept of "Open Source" or "Free 
Software" (or whatever your preferred buzzword is) has taken root even
in business executives' minds.  Linux has hundreds of millions (if not 
billions) of dollars surrounding it when counting public and private
companies together.  Times have changed, in other words.

So why haven't our advocacy methods changed at all?

Take the recent ruckus with online polling between LinuxToday and
MSNBC.  MSNBC has so far refused to comment in great deal concerning
the mess.  They have so far refrained from trying to sully
LinuxToday's reputation.  This is simply because LinuxToday is doing a 
fine job of shooting itself in the foot on its own.

What the Paul Ferris's and the Rob Malda's of the world have to
realize is that it ain't the best strategy to provoke an opponent to
react to outrageous actions they've committed and then whine when the
opponents do react in some way.  I can't fault MSNBC for rigging its
own polls, because LinuxToday forced them to.  Yes, we all know online 
polls are a joke, but I disagree with the methods being used to combat 
their use in public discourse.

What is LinuxToday trying to accomplish with this?  Are they pointing
out that MSNBC is owned by a corporation with a conflict of interests
a mile long when it comes to technical journalism?  Well no duh.  Are
they trying to say that MSNBC was at fault for reacting to a
(what could be interpretted as) legitimate attack on their servers?
Maybe, but personally I am beyond caring at this point.  Are they
trying to improve their corporate image?  If so, man do they ever need 
help in that department.  Personally I find the behavior of the Linux
advocates highly questionable, simply because it just looks like (to
me) a provocation done for the sake of provocation.

Even though I single out LinuxToday in this rant, a lot of news
publications devoted to Linux are guilty of the same misdeeds.  And
when someone like me (a Linux advocate who's more than likely ventured 
out into the land of zealotry on more than one occasion in the past)
finds that behavior extreme, what does it say to "the unwashed
masses"?  Do they think that this is supposed to make themselves look
good to the public?  If so, how?

My criticism is harsh, but I think the point needs to come across some
of the "great leaders" of this big movement that we need to move on.
When trying to paint a friendly face on Linux and Open Source, it's
best to put your best face forward, not scream and hollar like
children whenever things don't go the way we want them to.  We must
all learn to adapt.

If we don't, soon we'll find ourselves starting at square one all over 
again.

-- 

                          - Dave Finton

---------------------------------------------------------
| If an infinite number of monkeys typed randomly at    |
|   an infinite number of typewriters for an infinite   |
|   amount of time, they would eventually type out      |
|   this sentencdfjg sd84wUUlksaWQE~kd ::.              |
| ----------------------------------------------------- |
|      Name:      Dave Finton                           |
|      E-mail:    surazal@nerp.net                      |
|      Web Page:  http://surazal.nerp.net/              |
---------------------------------------------------------

Date: Thu, 14 Sep 2000 11:44:25 -0600
From: Jim Easter <jre@sni.net>
To: letters@lwn.net
Subject: A hit with a bullet?

Regarding "MP3.com yanks song with illegal DVD-hacking code (News.com)":

Years ago, my family lived next door to a man named Dolf, who had grown
up in Poland during the 1940s and 50s.
We were talking about popular music one day, and Dolf told us about how
new songs had gotten exposure in the Poland of his youth.  He said that
the coffeeshops and bistros of Polish cities had a kind of permanent
open-mike policy, and that aspiring musicians would hang out there in
search of fame.  Some got well-known over the course of time, but the
best shortcut to renown was the government censor.  Each coffeehouse had
a government representative sitting at the side of the stage, whose job
it was to stop performers from singing political satire which strayed
into forbidden territory.  When that happened, the censor would step
forward and firmly state that the song in question could not be sung.
According to Dolf, the coffeeshop would then empty out as people ran to
their friends' houses with the new song: "Didja hear the song the censor
just shut down?  It goes like this ..."

I can't speak for anyone else, but this story was all the encouragement
I needed to download Joe Wecker's hilarious song from the (perfectly
legal) Gallery of DeCSS Descramblers [1] maintained by Dr. David
Touretzky.  Give it a listen.

It should be noted that MP3.com is a reluctant censor, acting out of
fear rather than malice, but the effect is the same as if the DVD CCA
had been sitting at the side of the stage.  Fortunately, the end result
is that these threats tend to backfire.  You can't buy that kind of
publicity!

[1]  Touretzky, D. S. (2000) Gallery of CSS Descramblers. Available:
http://www.cs.cmu.edu/~dst/DeCSS/Gallery, (14 Sept 2000)

Date: Fri, 15 Sep 2000 04:56:52 -0500 (CDT)
From: <shane@time-travellers.org>
To: Jon Corbet <lwn@lwn.net>
Subject: Teensy ELF Executables

[Regarding last week's link of the week on teensy ELF executables: 
    http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
]

Given that this isn't really an ELF file that you end up with, why not
just use the following:

  $ echo -n 'exit 42' > a.out
  $ chmod +x a.out
  $ ./a.out ; echo $?
  42
  $ wc -c a.out
        7 a.out

Frankly, I'm tired of those bloated 45 byte executables.  BTW, this works
on all Unix variants.

Shane

p.s. Yes, this requires a interpreter, but given that /bin/ash is about 60
Kbyte and /boot/vmlinuz is about 600 Kbyte, I'd say that's fair.  :)

Date: Wed, 20 Sep 2000 12:34:22 +0100
From: Richard Kay <rich@driveout.demon.co.uk>
To: jim@mischel.com, letters@lwn.net
Subject: Failure of the free software movement ?

Your article in Dr Dobbs Journal might describe the as yet incomplete
success of what to some seems an extreme ideology perhaps. The many
examples of adoption of open-source development methodologies which you
record for perfectly good commercial reasons also suggests very
considerable pragmatic success of this movement.

I also don't see the core free software ideology as anti-commercial, though
a few who claim to support this may seem to do so for such motives. Another
factor you miss is the noticeable drift of important semi-free software
such as Netscape/Mozilla, Star-Office and KDE towards becoming completely
free software, also for very pragmatic commercially-driven reasons.

Your anti-GUI ease of use argument is way out of date.  I might accept your
critique that Linux is less easy for newbies to use in respect of my more
than 2 year old Slakware 3.4 FVWM95 system. Having very recently upgraded
this using the new Mandrake 7.1 basedKDE desktop this gives such a
significant improvement on the GUI ease of use front that this is an
improvement over Windows 98 and NT4 in this area, let alone Windows 3.1.

There exists a core issue to do with the principles behind free software
which your article fails to address. The progress of the free software
movement described and the general advantages to inventors, authors,
programmers and artists of having access to free distribution not mediated
by powerful corporations is leading many of us to question in whose
interest the copyright and patenting system works. This leads to a definite
political question: should the state be involved in the protection of the
private vested interests which patent and copyright laws involve ? To what
extent do these laws protect the interests of inventors and authors as
opposed to those of corporations and publishers ?

There was clearly a case for such state protection 200 years ago when a
well capitalised printer could readily cream the commercial value of an
impoverished author's work, but copyrights and patent laws are no longer
seen to protect those in whose interests they were originally passed. It is
now up to those who would seek to maintain these protections to justify why
the general public should be deprived, by the force of law, of their
pre-existing natural right to make copies of works considered worth
copying.

Richard Kay