[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news
 Back page

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŰl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Is the GPL really less business-friendly? As long as there is free software (which will be a very long time), there will be license debates that go with it. Different people have very different goals when they release software, and the licenses they use will attempt to reflect those goals. So we will continue to see different licenses in use.

The two most common free software licenses out there are the GNU General Public License (GPL) and the whole set of BSD-like licenses. They differ in a number of respects, but the core difference between the two comes down to one thing:

  • The GPL does not allow changes in the terms of the license that would restrict the rights of others. BSD-like licenses, instead, allow code to be redistributed under other, more restrictive licensing terms.

The BSD license has often been touted as being more friendly to business interests, since it allows companies to create proprietary products from (previously) free code. Few people have questioned that assessment.

It is worth thinking for a moment about why a company releases code. In general, a code release happens because the person or company releasing it wants to see that code find users and be successful. The hope is that free code will attract users, be improved, and generally thrive. Those who released the code then hope to benefit from its greater popularity.

The code, along with those who work with it, benefits every time somebody contributes an improvement. If somebody adds to the code and takes the result proprietary, instead, the users of the code as a whole lose. Companies in particular need to fear the possibility of a competitor using their code to produce a value-added, proprietary version. But those who take code proprietary pay a cost too, since their work can not benefit from the free software process.

Suppose your company has made a powerful enhancement to a BSD-licensed program. The choice must now be made: should that enhancement be contributed back under that same license, or should it be kept proprietary? Keeping it proprietary greatly reduces the value of that code, since it can not participate in the free software process. But releasing it risks helping a competitor who will not return the favor. It's a classic example of the prisoner's dilemma - a system where seemingly rational behavior brings about a poor result for everybody involved.

And herein lies the value of the GPL in this situation: it takes away the prisoner's dilemma. A company that releases code under the GPL need not fear what its competitors will do - the risk of competing against proprietary enhancements is gone.

As an extreme example, think about what a Microsoft Linux distribution would look like, and compare it to what MS-BSD could be.

There will never be a single license that works in every situation, and neither license can be said to be superior to the other. They are both free software licenses. But the GPL may well win out in the hard calculations that go into farsighted business decisions.

Review: The Book of Linux Music & Sound. In a long-overdue update to our Book Reviews page, we present this review of The Book of Linux Music & Sound. The book is written by Dave Phillips, and is the first in the Linux Journal Press imprint published by No Starch Press. It goes a long way toward filling in the void in Linux audio documentation, and provides a wonderful catalog of the wealth of audio software available for Linux. Beginning audio users, however, will find that it is relatively short on entry-level information.

The fun patent of the week, as pointed out at the Embedded Systems Conference: Hewlett-Packard has a patent on embedded web servers. This patent, which was filed in October, 1996, covers the idea of having a device interoperate through the use of a standard, public protocol. HP, thus far, has made no move to enforce this patent.

The Red Hat Network launches. At the same time that it announced a new major release of its distribution (covered on this week's Distributions page), Red Hat announced the launch of the "Red Hat Network." This offering is the latest in a series of attempts by Red Hat to shift its revenue model in the direction of services. As such, it's an indicator of where the distributors are likely to go in the future with regard to supporting their products.

So what does the Red Hat Network offer? At the current time, customers get:

  • A package update service. Options vary from simply getting a notification that an updated package exists through to having packages automatically downloaded and installed.

  • Online tracking of registered systems. Administrators, for example, can get a list of which of their systems are affected by a package update.

  • An array of support services, many of which appear to be "community based."

  • A web-based interface to the whole thing.
Future features include active system monitoring, security checks, product discounts, web-based application configuration tools, and more.

Looking at the offering, a number of interesting questions come up. With regard to the package update service, there appears to be little there that is new. Any Debian user will laugh at the idea of automated updates being an innovative service. But the real question might be: is it going to get harder to get package information and updates out of Red Hat without giving them a credit card number? Red Hat responds quickly to problems, but its "redhat-watch" list tends to deliver alerts days late, and Red Hat's free FTP servers are hard to get into in the best of times. As Red Hat tries to push customers into the Network offering, that situation is unlikely to improve.

The system tracking feature means that Red Hat maintains an online database of the configuration of all its customers' systems. One can only hope that both their privacy policy and security practices are robust. A database of systems, their configurations, and their current security vulnerabilities is going to be a tempting target.

Nonetheless, the Network service is likely to be of interest to a number of customers. It will be interesting to see the extent to which Linux users go for this sort of offering - it will tell a lot about how likely the service-oriented Linux offerings of the future are to succeed.

The open source panel debate at ESC. LWN's Forrest Cook was at the Embedded Systems Conference panel entitled "The Open Source Movement: Boon or Bane for Embedded Developers?" Quite a bit of interesting conversation took place between proponents of open source and proprietary solutions to embedded systems problems. Have a look at LWN's report for a summary of how the event went.

Inside this week's Linux Weekly News:

  • Security: Intel open sources CDSA while Network ICE's Altivore gets a peek, the Privacy Foundation purrs about :CueCat, and SDMI - success or failure?
  • Kernel: Where to find prepatches; new VM growing pains; Linux on the GS320
  • Distributions: Red Hat 7 arrives; a new distribution for multimedia, LinuxPPC security updates
  • Development: Development rules for Tcl and Python; Perl's Inline module
  • Commerce: Red Hat, Lineo, LinuxOne, a busy week.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

September 28, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Security page.

News and Editorials

Buzz on Intel's CDSA software. Intel introduced an open source software implementation which they're calling CDSA - Common Data Security Architecture.

CDSA, developed by Intel's Architecture Lab, is a specification for the creation of interoperable, security-enabled, e-Business applications. CDSA allows applications to gain access to security services like encryption, biometrics, and the management of digital certificates and authorization credentials.

In a related announcment, Caldera and Bull announced their support of this new software.

So what is this thing? According to Intel's Developers website:

CDSA is a security middleware specification and reference implementation that is open source, cross-platform, interoperable, extensible, and freely exportable**. The Open Group (TOG) has adopted CDSA as an Open Group Technical Standard that successfully completed TOG formal consensus process for member acceptance and approval. CDSA is a set of layered security services that is enabling a new generation of interoperable e-Business solutions for the Internet.

"Exportable" except to those countries which the US currrently has embargoes against. Anyway, CDSA is essentially an API from which developers, especially Web-based developers, can make use of existing security technologies such as the Public Key Encryption Standard (PKCS).

While a useful addition to the toolsets available to programmers for making use of secure processing across network connections, it's not a pancea for security. It won't, for example, deal with the all too common issues of format string buffer overflows. These are two unrelated types of vulnerabilities. Format string bugs are problems associated in how an API is used - CDSA is just an API for accessing services which provide secure transactions.

Since Intel has open-sourced CDSA we may be hearing more about this in the near future.

Open source carnivore. ZDNet took a look this week at Network ICE's Altivore, an open source snooping package meant to be a replacement for the FBI's Carnivore. "The program currently only consists of source code and may be buggy, the company said on its Web site. However, Robert Graham, chief technology officer for the San Mateo, Calif., company, believes that the open-source community will quickly get the code ship-shape, as well as add new features to it."

Without irony, the article concludes with: "So far, the open-source community has largely remained silent on the source code."

LinuxNewbie also carried a brief discusson on the same subject.

Red Hat GLINT symlink vulnerability. glint, Red Hat's original graphical configuration tool, blindly follows a symlink in /tmp, overwriting the target file, so it can conceivably be used to destroy any file on the system. The problem affects Red Hat 5.2 only since glint doesn't work with RPM 3.0 or later. On systems with RPM 3.0 or later, just remove the package to eliminate the problem.

Note that glint is not delivered with most non-Red Hat derived distributions of Linux. For example, SuSE would not be affected by this problem. SuSE does note that...:

...the "xglint" package that is on newer SuSE distributions is an accelerated X-server for GLINT/PERMEDIA/PERMEDIA-2 based graphics cards and has nothing to do with the glint package mentioned in the RedHat Security advisory.

In other words, don't confused "xglint" with "glint". They aren't related.

Selective rejection in sendmail. It seems even BugTraq is getting dangerous, security-wise. A recent message talked of seeing a Windows DLL file included in another message. Discussion on how to prevent such attachments led to a discussion on using libmilter, a program to selectively filter out mail with certain attachments. This was followed up by discussions of other tools and methods for taking the bite out of MIME-based email attacks.

Another tool was mentioned in this thread as well: MimeDefang, an e-mail filter program which works with Sendmail 8.10 or 8.11

More information about securing email from such attacks can be found online.

Privacy Foundation on :CueCat. The Privacy Foundation has issued its opinion on Digital:Convergence and their :CueCat handheld bar code reader. The primary concern is whether Digital:Convergence intends to track individual users using the information the :CueCat returns to the company.

... the :CueCat software attaches a unique user ID to each scanned bar code. This unique ID number, along with the bar code, is then sent back to Digital:Convergence Corp. computer servers. This feature could potentially allow the company to track the :CueCat scans of every consumer who registers for the service.

Conflicting reports on SDMI participation. The music industry's effort to find copy protection options for digital recordings - known as SDMI and which was covered last week by LWN - may or may not be getting serious attention from the hacker community, depending on who you talk to.

News.com reports that hackers are snubbing the SDMI's 'hacking contest'.

"But Linux Journal's Marti said that many expert hackers, including hacking superstars who cracked the encryption codes on DVDs, had agreed not to participate in the SDMI's challenge."

However a followup article in ZDNet claims

A threatened Linux community boycott doesn't seem to be putting a chill on a hacking challenge sponsored by the music industry.

Interestingly enough, Linux Journal's Don Marti is quoted in both articles, with a hardened stance in the first and a softer in the latter after a talk with SDMI's executive director Leonardo Chiariglione. The Economist also reported on the "crack SDMI" challenge.

"Writing in the Linux Journal, one programmer, Don Marti, called upon his fellows to boycott the contest rather than do SDMI's dirty work for it by offering what is, in effect, free consulting. And many hackers, including Eric Raymond, the guru of open-source software, object to helping this particular enemy on the grounds that if SDMI succeeds, it will prevent legitimate 'fair use' copying of music as well as preventing piracy."

Linux security quick reference card. Dave Wreski announced the Linux Security Quick Reference Card from LinuxSecurity.com. The cards are currently in PDF and Postscript formats and are now part of the Linux Documentation Project.

Caldera security update to LPRng. Chris Evans reported to BugTraq on a format string bug in LPRng that almost certainly exposes a system to remote-root access. The first posted update related to this problem came from Caldera, who issued this security update to the LPRng print system which fixes the problem.

Because of the remote exploit possibility with this problem you can expect to see updates from most major distributions in the coming week. Updating LPRng with these updates, when available, is highly recommended.

Chris later posted a simple test he ran to find this vulnerability, something many people may find useful in doing their own search for similar format string problems.

eSound /tmp file vulnerability. Linux-Mandrake was the first distribution to post a security advisory and updated packages to BugTraq for esound that address that packages use of domain sockets in the /tmp directory.

Versions of esound prior to and including 0.2.19 create a world-writable directory in /tmp called .esd which is owned by the user running esound. This directory is used to store a unix domain socket. The socket is also created world-writable, so a race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable.

Security Reports

SuSE 6.4 httpd configuration. An apparent configuration problem may exist with the httpd.conf file as provided in SuSE 6.4 distributions. The configuration allows visitors to a site to peruse the packages installed by viewing the /usr/doc/packages directory. The fix is simple enough - apply directory specific deny rules for the /usr/doc/packages directory.

SuSE, monitoring the BugTraq announcement, was quick to provide a modified configuration to address this issue. Alternative configurations were offered to BugTraq.

The key is to determine a policy for who should be allowed access to those directories and implement the policy with the appropriate Apache Location rules.

Commercial products. The following commercial products were reported to contain vulnerabilities:

DoS possible with nmap in OpenBSD. A vulnerability in nmap on OpenBSD was reported to BugTraq this past week that involves the protocol scanning option (-sO). Empty AH/ESP packets sent to OpenBSD 2.7 can put it into debug mode, followed by a kernel panic. The problem appears to only be related to OpenBSD, as both Linux and FreeBSD were specifically found to not be vulnerable.

09/28 Correction: The problem here is with OpenBSD's handling of these packets, not with nmap itself.


Update to Cisco PIX issue. Ioannis Migadakis posted to BugTraq that the recently reported SMTP content filtering problem in Cisco PIX Firewall's was not a new issue.

It has been posted to BUGTRAQ on 9 Jul 2000 by Lincoln Yeoh with a title "Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies"

However, the original post did not say anything about Cisco PIX.

Meanwhile, as suggested in last week's Security Reports, Cisco has come out with fixes for this problem.

Update to IMP vulnerability. Conectiva posted a fix for the previously reported format string vulnerabilities in IMP/Horde. Previous updates:

Update to xpdf race condition exploit. Linux Mandrake posted an addendum to its previous update for this problem. This version resolves an incorrect dependency in the t1lib package from previous udpates to the 6.x and 7.0 releases of Linux Mandrake.

Other previous updates for this problem:

Security updates to sysklogd. Yellow Dog has wandered in with a security update to sysklogd, fixing the format string vulnerability in that package.

MandrakeSoft has issued a new security update to sysklogd which supersedes the original, September 18 update. This version includes an additional fix that is worth having.

SuSE noted that ftp server problems caused older versions of syslogd packages to be provided instead of the recently released patched versions.

Previous updates for this problem (all from last week):


Updated security tools. Here are some Open Source security tools which were announced, released, or for which minor updates have been made available in the past week:

  • Cryptcat - A verstion of netcat with encryption.

Resource announcements. Here are some other announcements related to Linux security that were made this past week.

  • SecurityPortal now has a linux security mailing list. The list is moderated, and is intended to be a reliable and complete source of security alerts.


Upcoming security events and announcements.

Date Event Location
October 2-4, 2000. Third International Workshop on the Recent Advances in Intrusion Detection (RAID 2000) Toulouse, France.
October 4-6, 2000. 6th European Symposium on Research in Computer Security (ESORICS 2000) Toulouse, France.
October 4-6, 2000. Elliptic Curve Cryptography (ECC 2000) University of Essen, Essen, Germany.
October 11, 2000. The Internet Security Forum Edinburgh, Scotland.
October 14-21, 2000. Sans Network Security 2000 Montery, CA, USA.
October 16-19, 2000. 23rd National Information Systems Security Conference Baltimore, MD, USA.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

September 28, 2000

Secure Linux Projects
Bastille Linux
Secure Linux
Secure Linux (Flask)

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Linux Security Audit Project
Security Focus


 Main page
 Linux in the news
 Back page

See also: last week's Kernel page.

Kernel development

The current development kernel release is still 2.4.0-test8. The 2.4.0-test9 prepatch series is up to 2.4.0-test9-pre7. This patch is said to fix the sound problems that have afflicted recent -test9 prepatches, but some complaints on the subject are still being posted.

The current stable kernel release is 2.2.17. The 2.2.18 prepatch series is currently at 2.2.18pre11. A great many fixes and updates are still going into this series; recently these include a bunch of USB updates and a native Yamaha YMF7xx sound driver ("a result of high-speed collision between ymfpci.c of ALSA and cs46xx.c of Linux.").

So where do the prepatches live, anyway? Every now and then somebody drops us a note asking that question. It makes sense - the announcements for prepatches only rarely say where you actually have to go to pick them up. The answer is:

  • For stable kernel prepatches, and related releases by Alan Cox, go to the directory pub/linux/kernel/people/alan on your favorite kernel.org mirror. The 2.2.18 prepatches live in 2.2.18pre within that directory.

  • For development kernel prepatches produced by Linus, look in the directory pub/linux/kernel/testing.

Your closest kernel.org mirror, of course, will be found at ftp.*.kernel.org, where the * is replaced with your country code. So folks in the U.S. should go to ftp.us.kernel.org, for example.

Bear in mind, of course, that prepatches are exactly that. They are out there for a first round of testing, and have the potential to crash your system, corrupt your files, fry your monitor, drink all your beer, or make you believe that LinuxOne is for real this time. Use with caution.

As an example of what can happen with prepatches, consider the case of the new memory management code. Rik van Riel has been working for some time on an improved memory management scheme; Linus integrated the results of his work in 2.4.0-test9-pre2. It seems that there were still a few glitches still needing to be worked out; quite a few people started reporting system deadlocks.

Some of these problems have proved hard to fix. Low-level deadlocks can be one of the hardest sorts of problems to track down. It also didn't help that Rik van Riel headed off to attend the Linux Kongress in Germany. Things got to the point where Linus threatened to back out the VM patches if the problems didn't get fixed soon.

Progress is being made on that front, and others are counseling patience. The memory update really does seem to make things work much better for a number of people. Removal of these changes would create some discontent.

Meanwhile, Andrea Arcangeli has stated his intent to revive his "classzone" patch as the Real Solution to the VM situation. Classzone got put on hold after the Ottawa Linux Symposium as it was decided to concentrate on Rik's approach; evidently Andrea has changed his mind. It will be interesting to see what sort of results Andrea gets, but the chances of including a completely new, more complex VM solution at this point in the 2.4 process seem pretty small.

Linux on the AlphaServer GS320. Here's the fun boot log of the week. Some folks at Compaq got Linux to boot and run on a 31-processor, 256GB AlphaServer GS320 system. It reports a total of 46,170 BogoMIPS. As they say, "things like kernel builds run really fast."

One more look at kernel patch management. Last week's kernel page asked "why not BitKeeper?" in response to the proposed new patch management system. A few tidbits that have wandered in since that article went up:

  • It turns out that the proposed patch management system is only intended (by Linus) to be used until 2.4.0 comes out. Since 2.4.0 is, hopefully, not too far away, this system will not be around for long.

  • BitKeeper perhaps isn't as hard to understand as some people make it out to be. See, for example, this testimonial from Cort Dougan, who has been using it to maintain the PPC and RTLinux trees for some time.

  • Linus still does, evidently, intend to try BitKeeper. No word as to just when, however.

Those interested in how BitKeeper can be used to track changes in the kernel may want to have a look at the kernel repository browser on the BitMover site.

Other patches and updates released this week include:

  • Jamal Hadi Salim posted a proposed interface change for network drivers that would facilitate the development of a blazingly fast forwarding system for packet routing. He's hoping to see the change go into 2.4.0.

  • LIDS 1.0.1 (the Linux Intrusion Detection System) was released by Xie Huagang. This is the first version of the LIDS patch for 2.4-test kernels.

  • Eric Raymond has released CML2 0.8.0, the latest version of his new kernel configuration and building system.

  • The linux-crypto mailing list was announced by Marc Mutz. This list is intended for discussions of cryptographic code at the kernel level, and will be the forum for developers of the international kernel patch.

  • Keith Owens released kdb v1.5beta1. This is a major rework of the kdb debugger, and isn't recommended for people who prefer not to have to debug the debugger itself.

  • Keith also released modutils 2.3.17. Remember that you need a recent version of modutils to use modules with the 2.4.0-test kernel.

  • A document on debugging early kernel hangs was posted by, well, Keith Owens.

Section Editor: Jonathan Corbet

September 28, 2000

For other kernel news, see:

Other resources:


 Main page
 Linux in the news
 Back page

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Red Hat 7 is out. Red Hat has announced Red Hat 7 - the latest major release of its flagship operating system. A few things have changed with this release - starting with the missing ".0". Evidently somebody in marketing has decided that it looks better that way. The distribution has also grown. Red Hat has been a one-CD installation since the beginning; this time around there are not only two software disks, but the documentation has been booted off onto a disk of its own as well.

So what's new in this release? There's a lot of updated packages, including the 2.2.16 kernel (presumably with some patches) and XFree86 4. MySQL has been thrown in, as have utilities for digital cameras and the latest development compilers. Perhaps most significant for many will be the addition of OpenSSH - a utility that was often the very first add-on for many administrators. Red Hat also claims that the default install is more secure, which is certainly an overdue step.

Strangely, you have to buy one of the more expensive versions if you want StarOffice in the box.

In case you're worried about being able to buy a system with Red Hat 7 installed: we have already seen announcements from VA Linux Systems, Penguin Computing, and Dell that they will be installing the new distribution. That these companies had to rush out releases expressing their support shows the degree of importance that the Red Hat distribution has attained. Not too many other distributors get that sort of response to their releases.

A project to create a multimedia-oriented distribution is starting up. The force behind this effort is Curtis Lee Fulton, the author of an upcoming book on Linux video editing, and the producer of a video documentary about Linux.

According to his announcement, the new distribution is intended to serve as the standard desktop for people using multimedia applications. It will be based on Debian, but will have the vast bulk of the packages hacked out of it. They will be replaced with a large collection of multimedia tools, the ALSA sound drivers, low-latency patches, etc. The hope is to end up with a CD image of 100MB or less.

This project is in an early stage, and Mr. Fulton is looking for people who are interested in helping out.

The project highlights what is still a strangely unpopulated territory. A tremendous number of distributions exist, but very few of them address domain-specific tasks. Where is the scientific distribution, the packet radio distribution, or the AI hacker's distribution? In each case, a specialized distribution could provide a depth of tools and domain-specific configuration that the general purpose distributions would be hard put to match. There may well be more activity in this area in the future.

Distribution Reviews

The beginnings of a distro NHF (LinuxNewbie.org). LinuxNewbie.org has put up a help file comparing several distributions. "Just for the record, the distro you should buy is the one that comes with the big fat book you are gonna go out and buy. As far as book recommendations, I recommend Slackware Linux Unleashed (isbn# 0672317680) or Redhat Linux Unleashed (isbn# 0672319853), both from Sams."

Tom's Root Boot reviewed in NTK. NTK.net has put up a brief review of the tomsrtbt distribution. "Oh sure, you've got your fancier picoLinuxen and your Linux Router Project derivatives elsewhere, but only Tom's distribution manages to combine a 2.0.37 kernel, network card mods, pcmcia, ftp/wget'ish downloader, and more rescue utils than you really want to think about right now." There's also coverage of Demon's decision not to shut down a customer site carrying the DeCSS code.

Debian GNU/Linux 2.2 (DukeOfUrl). The DukeOfUrl reviews Debian 2.2. "Unless you were lucky enough to grab a copy at Linux World, Debian 2.2 will cost you at least two CDs and the download time. Of course, you can probably purchase a copy, but who wants to do that, these days?"

New Distributions

Timpanogas announces Ute-Linux and Ute-Cluster-Linux. The Timpanogas Research Group has announced Ute-Linux and Ute-Cluster-Linux. Both are based on TRG's NetWare file system; the cluster version, of course, adds clustering capabilities. Availability is October 1 for Ute-Linux, and October 15 for the cluster variant.

What little information that is currently available on these distributions can be found on the TRG web site. UTE-Linux is an RPM-based distribution assembled, according to CEO Jeff Merkey, from packages taken from both Red Hat's and Caldera's distributions. It's sold on a per-server basis; that's because one of the important components (the M2FS clustered NetWare filesystem) is proprietary to Timpanogas.

The bet Timpanogas is making, essentially, is that there is a market in companies that are trying to move to Linux while not disrupting their large, NetWare-based networks. UTE-Linux is part of their plan to service that market.

Accelent Systems introduces acceLinux. Here's today's new distribution: Accelent Systems has announced the availability of "acceLinux," an embedded distribution oriented toward the StrongARM platform.

General-Purpose Distributions

Debian dropping support for 2.1. Here's a message from the Debian Project confirming the phaseout of support for the 2.1 distribution. They have decided to extend that support through the end of October for the i386 and m68k architectures, for security patches only. All the rest goes away as of September 30.

Debian Weekly News. The September 26 Debian Weekly News is out. It covers a set of problems in the "unstable" distribution that make it earn its name, Debian support of IPv6 and capabilities, and more.

SuSE cryptographic packages available. SuSE has announced the availability of a set of cryptographic packages for the 7.0 release. These packages were omitted from the U.S. version of the distribution for the usual crypto law problems. If you want them, grab them now; they will be removed from the FTP site in a few weeks time.

Have you seen your Caldera Linux Technology Preview rebate? Evidently, not too many others have either. The word from those who have done Caldera's rebate deals in the past is to be patient - it can take up to three months to get the promised money back. In this case, the first of the LTP rebates are just beginning to trickle in.

Caldera's OpenLinux eDesktop 2.4 Traditional Chinese Edition a top seller in Taiwan. Caldera Systems has put out this press release proclaiming it's top-three position in a survey of retail software sales for August in Taiwan.

Where are the LinuxPPC security updates?. Some LinuxPPC users have begun to ask about the lack of security updates for LinuxPPC. After all, LinuxPPC's security updates page says that there are currently "no known issues" with the distribution. Readers of the LWN Security Page know that quite a few security incidents have gone by recently. Are the LinuxPPC folks really so good that they managed not to be hit by those problems?

LWN asked that question of LinuxPPC's Jason Haas, who responded "We RULE!"

The truth of the matter, though, is that Jason's automobile accident set the company back in a serious way; it also has not helped that the person in charge of security updates left to pursue other opportunities. Jason is now back on the job and doing better every day, and the various customer service problems noticed by LinuxPPC users are being dealt with. Security is on their list, and will be addressed shortly. See this page on the LinuxPPC web site for an explanation of the situation.

Meanwhile if there is anybody who is interested in coordinating LinuxPPC security updates on a volunteer basis, they are encouraged to contact the company.

NTT selects TurboLinux. TurboLinux has announced that NTT Communications, said to be the world's largest telecom firm, has chosen TurboLinux for its information service systems platform.

TurboLinux Powers Fujisoft ABC's payroll system. In another in its series of success story releases, TurboLinux has announced that Fujisoft ABC Inc. will be running its payroll system on TurboLinux.

Embedded Distributions

Embedix 3.0 is out. Lineo announced the release of Embedix 3.0 at the Embedded Systems Conference. It sticks with the current trend of providing hard real-time performance - they guarantee 30 microsecond response times. The announcement does not say so, but one assumes that the RTAI real-time extensions are being used to provide this level of response. This version of Embedix also includes enhanced debugging capability, and bundles the Linux Trace Toolkit as well.

Section Editor: Liz Coolbaugh

September 28, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 Linux in the news
 Back page

See also: last week's Development page.

Development projects

News and Editorials

Development projects get organized. Recent changes in how a couple of free software projects handle their development processes are interesting to look at. While they resemble each other greatly in some ways, they also have some important differences.

  • Proposed new rules for Tcl. John Ousterhout has announced a new set of proposed rules for the Tcl Core Team. This team has already been set up as the controlling body that decides what sorts of changes can go into the Tcl code base. It has a number of rules which are aimed at preserving code quality; it will be interesting to see how it all works out.

    The new part of the scheme is the set of proposed maintainer rules. The proposal sets up a group of maintainers, each of which has ownership of a portion of the Tcl/Tk code. All patches must go past the maintainers, who are the only ones who can commit changes. Patches that are not bug fixes must additionally be part of a "project" that has been previously approved by the core team.

    There has been a bit of opposition to the proposal. Not everybody likes the requirement that maintainers must be part of the Core Team - there are almost certainly people who are qualified for the maintainer role who are not on the Team. It also splits Tcl into a set of individual empires, and discourages people with a more general orientation.

    Also proposed is a Tcl Improvement Proposal (TIP) mechanism, which is meant to be the path by which new features are defined. It looks much like the Request For Comments (RFC) process that has served the Internet well for many years. It does differ, though, in that TIPs have their own markup scheme, based on embedded Tcl commands.

    Discussions are still underway, so it is not clear what rules will ultimately be adopted.

  • The new Python development process is more similar than one might think. In the Python world, the changes took place earlier in the year when the Python group moved to BeOpen. This process has now been documented very nicely by A.M. Kuchling as part of the "what's new in Python 2.0" document.

    Python, too, has an (unnamed) team with the ability to commit changes; in this case, that team is made up of 27 people. This group, however, has no defined areas of competence; if you can commit to Python, you can commit anywhere.

    A completely open process, however, turned out to be problematic, with some changes going in that maybe should not have. So there is now a voting process for each patch; each developer can vote to accept or reject a patch, or, essentially, to abstain with a slight positive or negative bias. The one exception is that Guido van Rossum has the option of casting a +/- infinity vote, as befits his status as "benevolent dictator for life."

    There is also a mechanism like Tcl's TIP scheme - but it's called the "Python Enhancement Proposal" or PEP. Quite a few of these PEPs already exist; they can all be seen in the index of PEPs, otherwise known as PEP 0. Python developers avoided the temptation to use their language to mark up their documents - PEPs are written in plain text.

What we are seeing in both cases is that these projects are growing up. The early stages of many development projects are dedicated to the implementation of a long list of desired features. There comes a time, however, where the emphasis switches toward the exclusion of features. Either a project develops a mechanism to keep out poor and unneeded code, or it collapses under its own weight.


A revised Mozilla roadmap has been posted. Among other things, a new version numbering scheme has been devised; after the M18 milestone release will come Mozilla 0.9, and things will go up from there.


SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for September 25 is out. It looks at the new kmLinux distribution and several other topics.

High Availability

Piranha 4.17-2 is out. Red Hat has released version 4.17-12 of the Piranha clustering system. It fixes a number of problems; users of Piranha should probably upgrade. Of course, you'll need to look at the followup posting to find out where the upgrade is...


The Wine Weekly News for September 26, 2000 is available. It looks like a slow week in the Wine world, but there is a move afoot to beef up the documentation as part of the 1.0 release effort.

Network Management

OpenNMS Update. The OpenNMS Update for September 27 is out. It describes the team's meeting with IBM cyberevangelist Doug Tidwell, and a number of other development topics.

On the Desktop

Not paying the piper. Piper is "a system for managing multi-protocol connections between Internet-distributed objects." It's based on a number of GNOME components (Loci, GMS, and Overflow), and is seen as an open source answer to Microsoft's ".NET". The project is in its early stages, but has gotten far enough to have a screenshot up.

They are, of course, looking for people who want to help. For more information, see the Piper web page and this GNOME News writeup.

KDE 2.0 release schedule. An updated KDE 2.0 release schedule has been posted. It calls for a final freezing of the code on October 2, with only the most urgent of fixes allowed. The actual release is set to happen on October 16.

People behind KDE: Stephan Kulow. The "People Behind KDE" series continues with this interview with Stephan Kulow. " I guess, I'm one of the most central persons within KDE development. It's hard to develop for KDE and haven't heard of me. It's not that I'm that great, but that I give away CVS accounts, 'moderate' the kde-core-devel mailing list (I decide, who posts and who doesn't), I maintain all the stuff around building KDE."

Kugar 1.0 is out. The release of Kugar 1.0, a business report generator and viewer, has been announced. It relies on some other application to actually generate the data; once it's there, it applies a template to present the data in proper pointy-haired fashion. It's implemented as a KPart, and can thus be easily used within other KDE applications.

New KDE news site. Navindra Umanee, who wrote the KDE updates that appeared in LWN (and elsewhere) a while back, has resurfaced with KDE Dot News, a news site covering happenings in the KDE community.

Section Editor: Forrest Cook

September 28, 2000

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Tritonus 0.3.0 is out. Tritonus is a free implementation of the Java sound API. This release is considered to be a developer's release, with the intent of stabilizing things before the 0.4.x series. It includes a number of new features, with more on the way; see the announcement for more.


Perl.com talks with Dr. Ilya Zakharevich. Recommended reading: this interview with Dr. Ilya Zakharevich which appears on the Perl.com web site. On the Perl 6 effort: "Currently, I have only one sentiment about this effort: It should be terminated ASAP. There are many problems with Perl, but I would consider a ground-up rewrite as the last alternative for fixing these problems. The only aspect in which a ground-up rewrite would help is PR. While PR is important, I would think that there should be less wasteful ways to improve PR than locking the resources into a possible vaporware for 2 to 3 years."

Inlining other languages into Perl code. Looking for a way to make your Perl code more interesting? Or perhaps just faster? The Inline module (now at release 0.26) allows you to embed code from other languages in the middle of a Perl program. Currently the only supported "other language" is C; using C not only allows writing fast code, but that code gets full access to the internals of the Perl system. The potential for fun and adventure is obvious.

The real fun, though, will come when other languages are added. Inline assembly is obviously called for, and inline BASIC should sit well with the Perl crowd. But how could anybody resist the temptation of mixing in Lisp code? Maybe the ActiveState folks would like to do inline Visual Basic as well?

The Obfuscated Perl Contest will never be the same.

Report from YAPC::Europe. Thanks to Charlie Stross, we have a summary report from YAPC::Europe (YAPC being, of course, "Yet Another Perl Conference"), which was held in London last week. It looks like it was far too much fun...


Python 2.0b2 is out. This is, with luck, the last beta release before 2.0 goes live. The What's new in Python 2.0b2 page gives a list of what's in this release - it's mostly a long list of bug fixes.

According to the Python 2.0 release schedule (otherwise known as PEP 200), the final release should happen around October 10.

Distutils 0.9.3 released. Distutils is a Python package intended to make the packaging and installation of modules easier and more standard. It's already part of the 2.0 beta release; if you're running an older Python system, however, you may need to install distutils separately to be able to install and use some modules. See the announcement for details.

This week's Python-URL. Here is Dr. Dobb's Python-URL for September 25 with the latest Python news. Among other things, you can get an answer to the important question of just what "lambda" is good for.


This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for September 25, with a roundup of what happened in the Tcl/Tk development world over the last wekk.

Section Editor: Forrest Cook

Language Links
IBM Java Zone
Perl News
Daily Python-URL
Tcl Developer Xchange

 Main page
 Linux in the news
 Back page

See also: last week's Commerce page.

Linux and Business

A busy week for Red Hat. Of course there was the release of Red Hat Linux 7, covered in this week's distributions page. Akopia Interchange will be included with the Deluxe edition and a trial version of Computer Associates' ARCserveIT will ship with the Professional Edition.

Red Hat also announced the "Red Hat Network" subscription service at about the same time. The "Red Hat Network" is an Internet-based service which allows Red Hat to provide support and service via the Internet. The company also announced that the service also works for embedded customers.

Other companies announcing support for Red Hat Linux 7 and Red Hat Network include Computer Associates, IBM Corporation, Lotus, Novell and Tivoli.

Red Hat has put out another set of announcements. It seems that Samsung has awarded them a "million dollar contract" to port the GNUpro tools to Samsung's processors. Red Hat has also announced its "RedBoot" embedded debugging/bootstrap tool, along with the EL/IX "Level I compatibility layer" for eCos.

Red Hat also announced a couple of partnerships, this one with Interactive Objects to develop a new digital audio device, which will be based on Red Hat's eCos, and this one with Jabber.com the purports to "make it easy for developers of embedded Linux applications to add real-time messaging and XML routing to their applications."

A busy week for Lineo. Lineo has sent out an announcement for uClinux 2.4, based on the 2.4 pre-release kernel series. uClinux is a version of the kernel tweaked to work on systems that lack a memory management unit.

The company has run embedded Linux on a custom FPGA core. Open source cores are already available including the ESA LEON processor. By utilizing FPGAs, it is now possible to fully simulate both the hardware and software prior to production.

There are new partnerships with Dia Semicon Systems and Kanematsu Semiconductor Corporation, both of Japan. Lineo hopes to advance the presence of Linux-based solutions in equipment including cell phones, set top boxes, and global positioning.

They announced a deal with ACCESS Co to provides the NetFront embedded browser for Embedix.

Metrowerks, a subsidiary of Motorola, has announced its intent to invest $22.5 million in Lineo. That money will buy 3 million shares of the company.

Finally, there is a partnership with Samsung in Korea. "'We intend to leverage Lineo's technical expertise and its dedicated focus on embedded systems technology to push the frontiers of embedded device innovation', said Young Won Park, executive director of planning, Samsung Electronics."

LinuxOne is back. A company called International Mercantile Corp., which does business as Micromatix.net has announced its intention to merge with LinuxOne and adopt LinuxOne's name. However, they are getting the announcement out early, given that "the parties have not settled upon terms of the merger." LinuxOne, it seems, is a "developer of embedded Linux thin client systems" these days.

In a separate announcement Micromatix.net, LinuxOne and Concierge Inc. unveiled plans to develop a file server targeted to the B2B server market.

Concierge announced a joint venture agreement with LinuxOne "to coordinate the companies' efforts in several strategic markets." That's about as specific as it gets, however.

Also Patrick Flaherty, executive vice president of Concierge Inc., will join the board of directors of LinuxOne.

See last week's "this week in history" column for some more background on LinuxOne.

BSDi to deliver packaged BSD system. BSDi has announced its intent to distribute the new "BSD Desktop Edition," which will be available at large retailers throughout the U.S. It's based on FreeBSD 4.1, and will cost $130. Availability is in October.

BSDi is not limiting itself to software, however; the company has also announced a new 1U rackmount server product (the "iXtreme") which can be had with either BSD or Linux.

Software is bundled with hardware companies through LinuxBoxen.com. LinuxBoxen.com has put out a press release plugging its new e-commerce site. Their angle is that with just about any piece of hardware you buy you also get a custom CD with Linux driver software for that hardware and "popular Linux software titles related to the product."

Timpanogas to demonstrate M2FS on Linux at Networld+Interop. The Timpanogas Research Group has announced that it will be demonstrating its "M-Squared Clustered NetWare File System" product at the Networld + Interop conference.

NuSphere ships MySQL distribution. NuSphere has announced the availability of "NuSphere MySQL," a boxed product with the MySQL database, along with Apache, PHP, and Perl. It bills it as "the first packaged software product for the open source database market." Price is $79.

Trolltech, Opera, and PalmPalm team up in Asian wireless market. Opera Software, PalmPalm Technology Inc., and Trolltech announced the formation of a strategic alliance for the Asian wireless Linux market. The three companies will jointly develop the "Linux Total Solution for Wireless Internet Appliance" using Opera's "Opera for Linux" Web browser, Trolltech's "Qt/Embedded", integrated with PalmPalm's "Tynux", a Linux distribution optimized for the wireless Internet.

Trolltech also announced a partnership with the Korean firm MiziResearch. Mizi will help Trolltech with its Asian marketing, and will include Qt/Embedded with its "LINUETTE Linux" embedded distribution.

Sun releases Grid Engine 5.2. Sun has announced the open source release of its "Grid Engine" product - a loose clustering package oriented toward making use of idle desktop systems. It currently only runs on Solaris. It's also currently binary-only, despite the "open source" claims - the source will become available in December under "an industry-accepted open source license." More information is available on Sun's Grid Engine page.

Sun announces plans to establish accessibility lab. Sun has announced that it plans to build a laboratory aimed at developing technology for people with disabilities. They plan to use GNOME as the base of their efforts.

Press Releases:

Open Source Products

Unless specified, license is unverified.

Commercial Products for Linux

  • Allaire Corporation (NEWTON, Mass.) announced its sale of the 1,000th ColdFusion 4.5 Server for Linux since its release only six months ago.

  • C I Host (BEDFORD, Texas) announced availability of instant setups on all new Linux-based Web hosting accounts.

  • IBM announced evaluation copies of DB2 Universal Database Version 7.1 and other Linux applications available for download.

  • Inprise/Borland (SCOTTS VALLEY, Calif.) will present a sneak preview of the Kylix(TM) Project, a high performance Linux rapid application development environment that will support Delphi, C and C++.

  • Kaspersky Lab (Moscow, Russia) announced a new version of Kaspersky Anti-Virus (AVP) for Linux.

  • Keller Group (White Bear Lake, Minnesota) announced the availability of a free beta version of PMfax for Linux.

  • Mylex has announced the availability of its Global Array Manager, a RAID management product for Linux. It is freely downloadable.

  • Tridia Corporation (ATLANTA) launched the beta of TridiaVNC 2.0 (virtual network computing), a commercially supported release of open-source, virtual network computing software that views and controls Linux consoles.

Embedded Systems Conference Announcements

  • Ariel Corp. (CRANBURY, N.J.) announced that it has standardized on IBM's Netfinity 4500R server running Linux for the RAS portion of BypaSS7, Ariel's SS7-enabled network access system.

  • BiTMICRO NETWORKS (SAN JOSE, Calif.) unveiled a 2.5-inch Ultra EIDE E-Disk ATX25 intelligent solid state flash disk. A number of platforms are supported, including Linux.

  • Embedded Planet (SAN JOSE, Calif.) announced the availability of RPX Super, a computing platform for developers of intelligent networks. Operating system support will come out of the box from MontaVista and their Hard Hat Linux distribution.

  • General Micro Systems (SAN JOSE, Calif.) announced Lightning, a PMC networking module for CompactPCI and VMEbus baseboards. Linux drivers are available.

  • LynuxWorks, Inc. (SAN JOSE, Calif.) and Highlander Engineering, Inc. announced VisiBroker for Embedded Systems is now available for LynxOS.

  • LynuxWorks, Inc. (SAN JOSE, Calif.) introduced VisualLynux, a product which integrates the Microsoft Visual C++ Integrated Development Environment (IDE) with development tools for the Linux operating system.

  • Metrowerks (SAN JOSE, Calif.) announced new industry alliances. These include: embedded Linux (Lineo Inc.), embedded real-time Java (NewMonics Inc.), database (PointBase), design automation (I-Logix Inc.) and embedded development tools (Applied Microsystems Corp.)

  • MontaVista Software, Inc. (SUNNYVALE, Calif.) announced it has worked with Avocent to deliver a new series of digital-based Keyboard/Video/Mouse (KVM) switches. The embedded Linux-based DS1800 is based on MontaVista's Hard Hat Linux and is designed to provide access to servers and devices from remote locations.

  • NEC and MontaVista have announced that Hard Hat Linux has been ported to NEC's VR series of microprocessors.

  • OnCore Systems Corporation (HALF MOON BAY, CA.) announced the immediate availability of a full-function pSOS applications programming interface (API), allowing pSOS applications to run on top of the OnCore Microkernel within a Memory Management Unit (MMU) protected partition.

  • Phoenix Technologies Ltd. (SAN JOSE, Calif.) announced its participation as a corporate executive member of the Embedded Linux Consortium.

  • Rise Technology Company (SAN JOSE, Calif.) unveiled the SCX501, the first member of the iDragon System-on-Chip (SOC) product family. The iDragon SCX501 reference board runs a tiny Linux kernel.

  • VMIC announced that it will be delivering a line of Linux-based single-board computers that have Linux pre-installed on an M-Systems DiskOnChip flash disk. Distributions from Red Hat and LynuxWorks may be chosen.

Products with Linux Versions

  • ACE Associated Compiler Experts bv (SAN JOSE, Calif.) is now shipping the CoSy compiler development system.

  • Cirrus Logic Inc. (SAN JOSE, Calif.) announced the newest member of its Maverick(tm) processor family, the EP7312 processor, completing the range of security options for manufacturers of consumer Internet products.

  • Hewlett-Packard Company (PALO ALTO, Calif.) announced that Linux support has been added for its Chai Appliance Platform, a suite of integrated software components for creating Internet-enabled information appliances.

  • IBM (RESEARCH TRIANGLE PARK, NC) introduced the newest ThinkPad A Series and ThinkPad T Series models. Caldera Open Linux eDesktop 2.4 can be factory installed on both.

  • IBM's Lotus Development Corp. (BERLIN) announced an enhanced release of Domino R5.

  • Intrinsyc (VANCOUVER) announced that it is introducing a new networking technology that links Linux-based devices to Windows enterprise systems.

  • Intrinsyc (VANCOUVER) unveiled software that enables customers to OPC-enable their Linux-based automation systems.

  • Metagon Technologies (Charlotte, NC) announced the debut of DQagent, an intelligent analytic tool that monitors all designated enterprise systems for user-specified events and then performs user-specified notification and other tasks when event triggers occur. DQagent works in conjunction with DQbroker.

  • MMC Networks (ATLANTA) announced a new C/C++ compiler for its nP7000 family of high-speed, policy-enabled network processors.

  • Novell, Inc. (ATLANTA) announced general availability of DirXML 1.0, Novell NDS eDirectory 8.5, and Novell Account Management 2.1, eBusiness infrastructure.

  • REBOL Technologies (UKIAH, Calif.) announced REBOL/Command 1.0, a commercial extension to its Internet application development product REBOL/Core 2.3.

  • Sendmail, Inc. (EMERYVILLE, Calif.) announced the availability of Sendmail Switch 2.1, now available for Red Hat 6.1, 6.2 systems.

  • SevenMountains Software Inc. (LONDON) announced 7M Integrate v1.2, which allows users to gain access to a universal, extensible thin-client user interface through which they can access the company's internal information resources and applications.

  • Stonesoft and Finjan Software, Inc. (ATLANTA) announced Stonesoft's StoneBeat SecurityCluster with support for Finjan's SurfinGate security product. Both will be available for Red Hat Linux.

  • StorageTek (LOUISVILLE, Colo.) announced the immediate availability of the StorageTek L20 Tape Library, the latest addition to its L-Series tape libraries.

  • Tarantella, Inc. (SANTA CRUZ, Calif.) announced Tarantella Enterprise 3 web-enabling software and Tarantella Enterprise 3 ASP Edition software, for mission-critical, Internet-based computing.

  • Trend Micro Inc. (ATLANTA) announced the development of InterScan VirusWall 3.6 and InterScan eManager 3.5 for the HP-UX and Linux platforms.

Java Products

  • Apogee (CAMPBELL, Calif.) announced that Apogee's Aphelion, a development environment for creating and deploying Java technology-based embedded system applications, and Sun's early version of CDC (Connected Device Configuration) J2ME (Java 2 Platform, Micro Edition) VM (Virtual Machine) have been ported to IBM's PowerPC 405GP embedded processor running MontaVista's HardHat Linux.

  • Espial (SAN JOSE, Calif.) announced the availability of Espial TotalIA, a Linux & Java based Internet appliance reference platform.

  • Inprise/Borland (SANTA CLARA, Calif.) announced the shipment of Borland JBuilder 4, the new version of its pure Java cross-platform development environment.

  • NewMonics, Inc. (LISLE, Ill.) announced PERC 3.1, a suite of development tools and run-time modules built on a clean-room implementation of a Java-compliant Virtual Machine.

Books and Training

  • Digital Creations has announced a set of Zope training courses. The San Diego courses are over, but you can still get into the Denver class, October 2-5.

  • O'Reilly has announced the release of Managing IMAP by Dianna Mullet and Kevin Mullet.

  • ibooks.com (AUSTIN, Texas) announced a strategic relationship with Oracle Corporation, to create an online resource of technical reference books. Naturally, a number of Linux titles will be included.


  • BeOpen.com and PyBiz (SAN JOSE, Calif.) announced a strategic partnership to support and promote Python.

  • MandrakeSoft (Pasadena/Paris) announced it will be launching strategic partner programs designed for different market players including software and hardware vendors, as well as with systems integrators (SIs).

  • MaximumLinux.com (BRISBANE, Calif.) signed six new affiliate sites. The newest affiliates are OmniLinux, DestinaionLinux, LinuxBeyond, LinuxRangers, LinuxZombies and LinuxWebring.

  • Metrowerks (SAN JOSE, Calif.) will be bundling products with NewMonics, Inc. and Lineo. Metrowerks' CodeWarrior, NewMonics' PERC and Lineo's Embedix should be available, in bundled form, by the end of this year.

  • MontaVista Software, Inc. and SBS Technologies, Inc. (ALBUQUERQUE, N.M.) announced that they have entered into a strategic partnership to accelerate the delivery of optimized solutions for embedded Linux applications.

  • MontaVista Software, Inc. (SUNNYVALE, Calif.) announced the MontaVista Players Program, "an initiative designed to provide customers and vendors with the relationship support, expertise, and Linux certification to meet their customers' needs".

  • Novell, Inc. (ATLANTA) announced that Red Hat has selected NDS eDirectory and Novell's DirXML technology to provide the directory services infrastructure for Red Hat Network worldwide.

  • ParaSoft (MONROVIA, Calif.) announced the release of CodeWizard v3.2, an advanced coding standard enforcement tool for C/C++.

  • QSI Payments Inc. (LOS GATOS, Calif.) announced that its Universal Payment Client software will be included on the Red Hat Linux Applications CD.

  • RadiSys Corp. (HILLSBORO, Ore.) announced a collaboration with GoAhead Software. RadiSys' CP80 CompactPCI system platform, complete with an enhanced High Availability Linux OS and NEBS capabilities, was selected as the initial reference platform for the GoAhead SelfReliant 7000 service availability software.

  • sangoma.com (TORONTO) announced a distribution partnership with TheLinuxStore.com.

  • ServiceWare Technologies, Inc. (OAKMONT, Pa.) announced that it has expanded its Linux solutions channel on RightAnswers.com to include the Red Hat Linux product lines.

  • TimeSys Corporation and MIPS Technologies, Inc. (PITTSBURGH) announced a cooperative agreement whereby TimeSys Linux/RT will port to the MIPS Technologies' MIPS32 and MIPS64 architecture platform. TimeSys will also become a member of the MIPS Alliance Program.

  • Tridia Corporation (ATLANTA) announced its TridiaVNC Strategic Partnership Program, a joint development and marketing program for companies willing to use TridiaVNC as part of their Linux product and/or service offerings.

  • Trustix and Linux Central (TRONDHEIM, NORWAY) announced that Linux Central has become the first reseller of Trustix products in the US market.

  • TurboLinux has announced a deal with Acer Europe in which Acer will be bundling TurboLinux on some of its AcerPower and Veriton systems.

Investments and Acquisitions

  • ActiveState (VANCOUVER, British Columbia) announced the closure of its latest round of financing. ActiveState makes tools for the Perl and Python communities.

  • CodeWeavers, Inc. (MINNEAPOLIS) announced a private investment deal worth $1.8 million to fund the continued development of its applications which allow users to run Windows(R) software on the Linux operating system.

  • Metro Link has announced the receipt of $5.6 million in funding from Linux Global Partners.

  • VA Linux Systems has announced the establishment of a Japanese subsidiary (VA Linux Systems Japan, K.K.). An investment from Sumitomo is helping to set up this subsidiary, and there are planned investments from NTT Communicationware, NEC, and Toshiba Engineering as well.

Financial Results

  • Corel Corporation announced third quarter revenues of $36.4 million, producing a net loss of $10.7 million.


  • NuSphere (BEDFORD, Mass.) announced the appointment of Ellen Daniels as vice president of development. Daniels will be responsible for the continued development of NuSphere MySQL.

Linux At Work

  • Forlink (BEIJING) announced that it has been selected by Legend Group as the exclusive contractor to build its wireless portal.

  • SteelEye Technology Inc. (MOUNTAIN VIEW, Calif.) announced that Open Ratings has selected its LifeKeeper for Linux high availability clustering solution.

  • Neoware Systems (KING OF PRUSSIA, Pa.) announced that Security Applications, Inc. has selected Neoware's Eon information appliance platform and NeoLinux software to power its new, fully networkable security panel, e-Panel.


  • Evans Data Corporation (SANTA CRUZ, Calif.) released a Linux Developers Survey that shows a 75% increase in XML usage among Linux developers over the last 6 months.

  • Tridia Corporation (ATLANTA) announced that it will award $5000 US for the judged best name for its TridiaVNC `Alien' mascot. Contest ends ends Thursday, November 30, 2000.

Section Editor: Rebecca Sobol.

September 28, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Linux in the news page.

Linux in the News

Recommended Reading

License to be good (Salon). Salon looks at free software licenses. "Yes, open-source licenses are boring, complicated, obtuse and multiplying in number faster than porn spam. But they are also the heart of the flourishing open-source software scene. The way they are used, or more to the point, the way they are not abused, is worth paying close attention to. Particularly if you are part of an industry like, say, the music business, where there currently seems to be a wee problem of copyright violation."

LinuxMonth Issue Three available. LinuxMonth has returned from its vacation with its third issue. This issue contains articles on ssh, configuring X, an introduction to perl, the Open Source Tech Support Partnership, ten reasons not to log in as root ("The six month background check gets really tiring when fourth cousins start to complain about the NSA surveillance"), and, well, an interview with LWN's editors.

Patents and Licenses

Cisco response to LWN article on NAT patent. The "Linuks" site in Germany has posted an article containing LWN's coverage of Cisco's NAT patent in last week's weekly edition along with a response from an (unspecified) Cisco office. "This is right. But be careful. Linux is not scaling in large Networks where you have to monitor and protect 10.000 sessions for example." Not reassuring.

Fair wages for Trolltech (LinuxWorld). Nicholas Petreley worries about the Qt GPL release in this LinuxWorld column. "But I am afraid for Trolltech that it won't play out that way. The problem for Trolltech is that you still can't sell commercial software based on Qt without paying Trolltech a license fee. In contrast, due to the LGPL nature of the GNOME libraries, you can sell proprietary software based on the GNOME libraries without paying anyone a cent."

Open Source Debate

Open Source Point/Counterpoint (ESP). Embedded Systems Programming has put up a pair of articles debating the usefulness of open source in embedded systems. The anti- side of the debate brings up the old "open source does not innovate" charge: "It is significant that the major open source companies are all leveraging already existing open source products, which were originally written with no commercial motivation. I contend that these companies will fail to ever truly innovate. Innovation requires a level of risk, and the returns will never justify the risk when the playing field has been levelled by an open source philosophy."

And here is the other side of the debate. "The truth is that the free software movement is a long overdue course correction that reverses the software technology industry's progression towards a state that holds the rights of software vendors in higher regard than the rights of software consumers. Furthermore, products of the free software movement provide models that demonstrate how software should be designed, managed, and marketed in the coming years."

(Thanks to CÚsar A. K. Grossmann).

The Great Open Source Debate of ESC West 2000 (LinuxDevices.com). LinuxDevices.com covers an Embedded Systems Conference panel session on open source vs. proprietary solutions. Quoting John Fogelin of Wind River Systems: "The embedded market is inherently fragmented, and therefore does not lend itself to being supported by a community-based open source development process. One way or another, in the embedded market, you really must invest in unique technology, because the needs are truly individualized. Innovation really does cost money."


TheKompany.com: A New Approach to Linux Business (LinuxPlanet). LinuxPlanet talks with Shawn Gordon of theKompany. "And so began a series of projects. Most are open source, free software. But in addition, Gordon and his company, theKompany.com, are producing specialized development tools that, while typically Linux-based, will work on multiple platforms and will be sold to businesses. This hybrid -- producing open-source software, helping with existing projects, and working on proprietary projects, too -- is a thin wire to walk, but Gordon says it's working."

BSD System Takes On Linux (ZDNet). ZDNet looks at BSDi. "BSDi also touts the security features offered with the BSD OS. Problems such as the common Unix buffer overflow exposure, where a malicious hacker crashes a system by putting too many characters into a command field and feeds the system rogue commands as it restarts itself, were identified and eliminated in BSD, primarily through the painstaking work of independent software developer Theo de Raadt."

There is also this companion piece highlighting the differences between the BSD variants.

Red Hat to unveil Linux subscription service (ZDNet). ZDNet reports on Red Hat's new subscription service, which it calls a "bold new concept." This bold concept looks much like the old RHMember service of years gone by. "This is essentially a subscription service that connects customers to Red Hat's central office, allowing them to receive all Red Hat Linux software updates and patches as well as news of kernel and other Linux developments for a monthly fee."

Red Hat Is Now at Your Service (Industry Standard). The Industry Standard looks at the Red Hat Network. "Web-based service is particularly well-suited to open-source software, which is developed collaboratively and doesn't have the benefit of version control, as does proprietary software." No comment.

Bumpy road(map) to Mozilla browser (ZDNet). ZDNet looks at the latest Mozilla roadmap. "The updated roadmap calls for Mozilla.org to release Mozilla 1.0 in the second quarter of 2001. The roadmap distinguishes this 1.0 release from the Netscape 6 implementation of the Mozilla code, but doesn't elaborate on the differences. The Mozilla.org team also is continuing to work on projects beyond the browser, including an LDAP-based directory, instant messaging/chat facility, e-mail reader and other open-source deliverables."

Motorola places big bet on Linux developer Lineo (ZDNet). ZDNet reports on Motorola's investment in Lineo. "A company spokesman said Motorola was committed to establishing Linux as the open platform choice for embedded development, particularly as its customers require increasingly more complex capabilities in embedded devices."

Sun-Cobalt deal boosts confidence in Linux sector (Upside). Upside examines the effect of Sun's purchase of Cobalt on other Linux stocks. "VA and Cobalt weren't really going head to head, but with Cobalt gone, VA Linux and its own low-cost server line certainly becomes more attractive fodder for companies hoping to match Sun's move."

S3 spins off Net appliance venture (ZDNet). Here's a ZDNet article on S3's spinoff of FrontPath, which will go into the Internet Appliance business. "The device will weigh less than three pounds. It will run the Linux operating system and use a Transmeta processor. A 10.4-inch touch screen will come with the device, which will have wireless communications capabilities and work within a local area network."

Fiorina outlines HP's role in e-biz 'renaissance' (ZDNet). ZDNet covers HP CEO Carly Fiorina's keynote at NetWorld+Interop. "Fiorina described the move to open-source computing as 'inevitable and natural.' Open-source initiatives are successful and already mainstream, she maintained. 'We're supporting Linux across all of our systems, software and services,' she said."


Gnutella is going down in flames! (ZDNet). ZDNet predicts the death of Gnutella. "Unfortunately, we have found that Gnutella is not as scalable as the centralized Napster network. Translation: the more users, the less efficient. In recent weeks, doing a search or query with the program yielded little or no results."

That (other) f-word (ZDNet). This ZDNet column looks at Linux on mainframes and the stresses those platforms put on kernel development. "I heard similar whines about GUIs a few years ago, and from here it looks like the Linux desktop has surpassed the tired Unix offerings of Motif and CDE, both in usability and popularity. So let's turn to the area of big iron, and see just how long it will take before Linux can play with the big boys."

What's Wrong With Linux Services? (Andover News). Here's an Andover News column looking at why investors are down on Linux services. "Several that I spoke to suggested that the very nature of Open Source made it too easy for new firms to enter the market. They worry about a glut of new Linux-based service vendors depressing profit margins and stalling growth of individual companies. They point out that international markets may already be closed to U.S.-based Linux specialists because local vendors are rapidly establishing themselves in local markets." (Thanks to CÚsar A. K. Grossmann).

Music To Their Ears? (TechWeb). TechWeb contemplates the use of Linux by musicians. "So why the move to Linux? According to industry experts, it offers an affordable and stable way to manipulate electronic music. Today, without looking too hard, users can find more than 750 Linux-based music applications both online and off." (Thanks to Scott Dowdle).

Keep tech simple, stupid (Upside). Here's an Upside column on the need for simplicity in tech products. "The most successful Linux company in the world, Red Hat (RHAT), specializes in taking the complexity out of Linux. Note that Red Hat does not deliver on the promise of diversity, of tapping into every Linux developer's mind, but on the approach of limiting choices. It takes the complexity of choosing what version and which applications to use away from the customer. The Red Hat executives and technicians decide that for you, making the choice easier."


LinuxDevices.com Embedded Linux Weekly Newsletter. The LinuxDevices.com Embedded Linux Weekly Newsletter for September 21 is out.

Embedded Linux Market Survey -- Sept. 2000 Snapshot (LinuxDevices.com). LinuxDevices.com has put together a snapshot of the results of its Embedded Linux Market Survey. Have a look for a hefty dose of pie charts on why and how people are using embedded Linux.

Program Your Computer to See (O'Reilly Net). Here's an O'Reilly Network article on using Intel's open source Computer Vision Library. "The facilities provided by the library vary from the common and easy-to-understand to the very complex. Some of the former include camera calibration, image statistics and histograms, gesture recognition, arbitrarily sized matrix math support, edge detection, and flood filling. The more complex include optical flow algorithms, segmentation, eigen objects, and embedded hidden Markov models."

From MFC to GTK: A Developer's Journey (Linux.com). Linux.com has put up this tutorial article on porting Windows applications to the GTK toolkit. "Legality aside, don't forget your end users; not only are win32 wrappers considered to be 'cheating' by the Linux community, no one wants to run a native Linux application that looks like a native Windows application. After all, if we wanted to use Windows programs, we'd just run Windows in the first place and save all this hassle. Your users demand more from you. Do not cheat them out of it."


Installing Nautilus: An Emerging Linux File Manager (O'Reilly Net). The O'Reilly Network reviews the Nautilus installation process. "Clearly, these installs are not meant for the typical Linux newbie at this point ... but it's encouraging that, with a little sense of adventure, I was able to get Nautilus running on the desktop."

Nautilus buffs desktop Linux (ZDNet). ZDNet reviews the Nautilus preview release. "In tests of the first preview release, Nautilus shone particularly brightly in comparison with the GNU Midnight Commander file manager that ships with the GNOME desktop. Nautilus also impressed us more than the KFM file manager that is included with the KDE (K Desktop Environment) Linux package. However, we expect KDE to show significant strides in usability when Version 2 ships later this year."

Building a low-cost router appliance with Embedded Linux (LinuxDevices.com). LinuxDevices.com has run this how-to article on building a Linux-based router. "Building an embedded Linux device just got a whole lot easier. A new set-top box computer form-factor from Allwell (in Taiwan) enables embedded Linux developers to create great looking products without the hassle and huge expense of building it themselves."


Raymond... Eric Raymond (Government Technology). Government Technology interviews Eric Raymond. "Anybody who believes that closed-source helps their system be secure needs to go have a therapeutic conversation with a cryptographer immediately and get rid of this delusion. Cryptographers have known for 15-20 years now that it's folly, absolute, utter folly, to make the security of the system depend on the security of the algorithms."

Up Close with Microsoft's Paul Maritz (Crosstalk). Crosstalk talks with Paul Maritz, VP of Microsoft's development group. They don't really talk about Linux, but one little gem slips in: "Is Linux an open operating system? You have free access to the source but is there any official standard party that controls the interfaces to Linux? No. Is that an open process or not? I do not know." (Thanks to Soren Lundsgaard).

Section Editor: Rebecca Sobol

September 28, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Announcements page.



New Linux job site Lolix.org launches. Lolix.org, which has been around as a French-language free software jobs site for a while, has launched a new US/English section. It's free for job seekers and posters both.


Linux.conf.au submissions closing. For those of you wanting to speak at linux.conf.au in Sydney next January, take note of this announcement that the deadline for submissions is the end of this month.

September/October events.
Date Event Location
October 5 - October 7, 2000. LinuxWorld Conference and Expo Frankfurt, Germany.
October 10 - October 14, 2000. Atlanta Linux Showcase Cobb Galleria, Atlanta, Georgia.
October 16 - October 18, 2000. Wireless Developer Conference Santa Clara Conference Center, Santa Clara, CA.
October 23 - October 25, 2000. Apachecon Europe Olympia Centre, London, England.
October 27, 2000. Embedded Linux Expo & Conference Wyndham Westborough Hotel, Westborough, MA.
October 31, 2000. Linux Expo Canada Metro Toronto Convention Center, Toronto, Ontario
October 29 - November 2, 2000. Software Development Conference & Expo 2000 East Washington Convention Center, Washington, D.C.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

LUG Events: September 28 - October 12, 2000.
Date Event Location
September 30, 2000. Rice University LUG (RLUG) Installfest Houston, TX
October 2, 2000. Baton Rouge Linux User Group The Bluebonnet Library, Baton Rouge, LA
October 3, 2000. Linux Users' Group of Davis Meeting Z-World, Davis, CA
October 4, 2000. Southeastern Indiana Linux Users Group Madison/Jefferson County Public Library, Madison, IN.
October 4, 2000. Silicon Valley Linux Users Group Cisco Building 9, San Jose, CA
October 7, 2000. Roanoke Valley GNU/Linux Users Group, Virginia Tech Linux/Unix Users Group and Red Hat, Inc. host a Linux Installfest Roanoke College, Salem, Virginia
October 12, 2000. Boulder Linux Users Group NIST Radio Building, Boulder, CO

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

September 28, 2000



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news
 Back page

See also: last week's Back page page.

Linux Links of the Week

As you may have noticed, trying to download a distribution right now is a difficult undertaking, even if you are not after that new release that's in the news. One place to look is LinuxISO.org, which has CD images of a number of distributions. Most of LinuxISO's servers seem to be in Europe. There is also the SourceForge mirror server, though even its heavily hyped massive bandwidth appears to be a bit stressed at the moment.

And don't forget, of course, the Tucows Linux library. It has mirrors worldwide, and is especially good if you're looking for something a little older.

Section Editor: Jon Corbet

September 28, 2000



This week in history

Two years ago (October 1, 1998 LWN). This was the week when Intel and Netscape announced investments in an obscure company called Red Hat. If you were not paying attention at the time, you will likely have a hard time understanding the impact that those investments had. Money from Intel now shows up on Linux business plans sometime shortly after getting the incorporation papers signed.

At the time, however, it was the first direct statement from an established technology company that Linux was going to go somewhere. It brought a new legitimacy to the Linux business arena. To a great extent, this investment changed the situation overnight.

In a way, the investments could be looked at as the day Linux bought a suit and shaved. Linux, a Unix-like operating system, so far has mostly been an underground computing phenomenon.
- News.com, Sep. 29, 1998

LWN reviewed GNOME 0.30. Things have come along since then.

Cygnus released the first version of its eCos embedded operating system.

Red Hat, which had a proprietary CDE offering back then, discovered that it was full of bugs. Not only that, but Red Hat couldn't fix them. So they dropped the product, and pretty much got out of the proprietary software business altogether.

The development kernel was 2.1.123. This kernel came out with a bunch of compilation errors due to a messed up patch application. After the screaming reached too high a point, Linus threw up his hands and left to take a vacation. This was one of the famous "Linus does not scale" events of the 2.1 development series, and served notice that something had to change.

Two years later, the 2.3 development has been free of such episodes. Some of the changes made, wherein more patches pass through various "lieutenants" before getting to Linus, appear to have helped.

Caldera officially launched its 1.3 distribution. SuSE announced its "Office Suite 99" -- essentially a package built around its distribution and the ApplixWare office suite.

One year ago (September 30, 1999 LWN): Then, as now, the Embedded Systems Conference was in progress. The big players were Cygnus, with its new EL/IX platform, and Lineo, which had a thing called "Embedix" in the works.

PC Week put up a "Hack PC Week" challenge; its Linux server was promptly hacked. The problem, as it turned out, was a third-party ad serving script they had put on the system, along with a distinct lack of attention to application of security updates.

Then, as now, somebody was trying to get a project management system for the Linux kernel adopted.

The first release of GNOME's Bonobo component system happened.

[The penguins] are, in fact, trained actors used to appearing before hot lights and cameras. Some of their commercial credits include Batman (the movie), as well as several frozen food ads. However, it would now appear that their career as the Magic penguin (nicknamed 'MeL' by the Company) is at an end.
-- The animal rights activists win, and the Magic Software penguins get pink slips

Linus Torvalds was awarded an honorary doctorate at the University of Stockholm.



Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
Date: Thu, 21 Sep 2000 12:37:08 -0400
From: "Bill Rugolsky Jr." <rugolsky@ead.dsa.com>
To: letters@lwn.net
Subject: NFS in 2.2.18pre9


Just a quick note: Alan has only merged Trond Myklebust's
NFS client patch (SunRPC/NFSv2 fixes, TCP,NFSv3 added).

Dave Higgen's knfsd patch, which applies over Trond's patch,
has not been merged.  Alan may still have concerns about
compatibility or particular implementation details; he hasn't elaborated

On the positive side, even if the knfsd patch doesn't go in, it
is relatively localized to lockd and nfsd, and so should apply fairly
cleanly going forward.  

Still, it would be nice to have Linux NFS client/server works
out-of-the-box; this is a principal requirement in NFS-heavy
environments such as our workgroup.  Once 2.4 is stable, it will be a
non-issue, but that is several months away, at minimum.


   Bill Rugolsky
Date: 24 Sep 2000 00:43:02 -0000
From: Eric Smith <eric@brouhaha.com>
To: letters@lwn.net
Subject: Eric Raymond on closed-source security


On September 22, you quoted a Government Technology interview with
Eric Raymond:  "it's folly, absolute, utter folly, to make the security
of the system depend on the security of the algorithms."

I did a double-take when I read this.  Then I followed the link and was
astonished to see that you did in fact accurately quoted the GT article.
Of course, I don't know whether GT accurately quoted ESR.

What ESR should have said is that it is folly to make the security of
the system depend on the *secrecy* of the algorithm.

I imagine that secrecy is what he meant when he said security, and
perhaps secrecy is a form of security, but it's only one aspect.  In
general it is not even possible to have a secure system without a secure
(but not necessarily secret) algorithm.

If your algorithms aren't secure, it matters little whether they are
secret or not.  Part of this is to use crypto algorithms that are
secure, i.e., to use triple-DES rather than XOR with a small constant.

However, many people think that just because they use a good crypto
algorithm, their program is secure.  Unfortunately, while the use of a
good crypto algorithm is necessary for a program to be secure, it is not
sufficient.  Read any issue of Bruce Schneier's Crypto-gram newsletter,
and you'll find listings of cases where people have built insecure
programs by improperly using a good crypto algorithm:


If you wonder how a program that uses a very secure algorithm can still
be insecure, read Bruce's essays "Why Cryptography is Harder than it Looks"
and "Security Pitfalls in Cryptography":


Eric Smith
Date: Thu, 21 Sep 2000 16:06:26 +0100
From: Dave Peacock <davep@netscape.com>
To: letters@lwn.net
Subject: Outrage at Debian dropping security for 2.1

Who the hell do Debian think they are?!

How dare they make people wait a _ridiculously_ long time
for an official release, and then drop sec support within
a few months? That is completely unacceptable.

Security is a _vital_ aspect of any software, _especially_
an OS.

Debian has been dropping in my opinions for a while now, 
for various reasons, but this is really the icing on the cake. 

Debian, you have _totally_ lost my support.

_Maybe_ I can understand dropping support for non-sec 
bug fixes this early, but security fixes should at _least_
be worked on for a year or two, ideally, indefinately.

I think I will replace my 2.1 machines with a dist that
has a better release cycle, no bloatware (read - wannabe
crappy packages with no value in a base OS dist), and 
some kind of concept that sec fixes are _critical_.

Debian developers/maintainers/people of power:
Please re-consider and maintain sec stuff for _at least_
a year.

Dave Peacock                    Technical Support Engineer
davep@netscape.com                     +44 (0)208 564 5121
iPlanet E-Commerce Solutions               www.iplanet.com
I/O, I/O, It's off to disk I go, a bit or byte to read or
~~~~~~~~~~~~~~~ write, I/O, I/O, I/O, I/O ~~~~~~~~~~~~~~~~
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds