Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Way back in the late 1980's, John Ousterhout, then at the University of California at Berkeley, put together a programming language called Tcl - the "Tool Command Language." Tcl had many of the features that have since come to be expected of scripting languages: it was interpreted, embeddable within applications, and easily extendable. With the addition of the Tk user interface library in 1990, Tcl/Tk became a widely popular tool for application development. Its mindshare may have fallen somewhat in the intervening years (and wasn't helped by Richard Stallman's famous "drive-by flaming" in 1994), but it remains popular and Tk is at the core of the GUI libraries used by Perl, Python, and other languages.

After a period at Sun, Mr. Ousterhout decided to create his own company around Tcl/Tk. This company, called Scriptics, put forward a combination of open source and proprietary products, with the TclPro development environment being perhaps the flagship product on the proprietary side. Scriptics recently recast itself as Ajuba Solutions and took on a broader approach, with XML products for putting businesses on the web and such. (See John Ousterhout's Tcl history page for more on Tcl's roots).

Interwoven has purchased Ajuba (announcement here) for $31 million in stock. The company has absolutely no interest in Tcl; what they wanted was Ajuba's XML expertise. So Ajuba's product line, including TclPro, will be discontinued.

This is, of course, a blow to the Tcl community. The loss of the products will hurt some, but the loss of Ajuba's developers will hurt more. Ajuba was the corporate champion of Tcl/Tk, and put in a large part of the total development effort. Those developers will now be off doing proprietary XML stuff for Interwoven, and Tcl/Tk will have to do without them.

Beyond the loss of developers, what are the implications for Tcl/Tk? The company has tried to answer those questions on this page about the acquisition. Among other things:

• The development of TclPro will be stopped. They are "considering" putting the product on the net for free, in either binary or full open source form. The Tcl community, clearly, would like to see the open source option.

• Again, Interwoven has no interest in Tcl, and will not fund its development. So Tcl is losing Mr. Ousterhout, its creator and long-time leader. This, as it turns out, was one of the reasons for the creation of the Tcl Core Team (which was discussed in the September 28 LWN Development Page). Ajuba made an effort to move the core of Tcl development outside of the company before the acquisition happened; with luck, this move will help to ease the transition.

• The Tcl source is moving to SourceForge.

• The Tcl community web site will be finding a new home, likely at TclTk.org.

So things could be worse.

There are some lessons in this series of events that are worth noting. Increasingly, free software projects have prominent corporate sponsors. Think of gcc (Red Hat), GNOME (Helix Code), Mozilla (Netscape/AOL), OpenOffice (Sun), PHP (Zend), PostgreSQL (Great Bridge), Python (BeOpen), Qt (Trolltech), and many others. This sponsorship certainly helps get the software developed and keep free software developers employed; it is thus a good thing. But the corporate world is volatile, and the tech corporate world doubly so.

Fortunately, the free software community has everything it needs to cope with corporate changes - even those that are more hostile to free software than the Ajuba acquisition. Free software licenses, of course, are the first line of defense. Ajuba may no longer be in the Tcl business, but they can not take Tcl/Tk away. Software that is free will remain so.

This acquisition shows, however, that it is also important to have a diverse developer base. A project that is too heavily dependent on developers at a single company will collapse if all those developers go away. Tcl is diverse enough to survive; some other projects could have a harder time.

It is also important that crucial project resources live independently of the hosting company. Ajuba is working to find a new home for the Tcl development site; other companies might not bother. To this end, having sites like SourceForge around is a good thing - as long as nobody buys VA Linux Systems. It still would be nicer to see a community of SourceForges, again for the sake of diversity.

Expect to see these issues come up again in the future. Linux and free software are part of the commercial world, and cannot hope to remain unaffected by it.

KDE 2.0 is out. The long-awaited KDE 2.0 release is finally available. Mindful of its PR needs, the project has sent out a press release on Business Wire, complete with supporting quotes from Ransom Love, Dirk Hohndel, Gaël Duval, and others. The announcement on the KDE site is rather more satisfying, in that it skips most of the quotes and talks more about what KDE 2.0 has to offer.

So, what's in KDE 2.0? At the user level there's a great many changes. Perhaps top on many peoples' lists will be KOffice and Konqueror. KOffice is the KDE office suite, which is said to be moving along nicely, though it is not yet being presented as ready for Grandma. Konqueror, instead, is the new file manager/web browser, and is said to be quite ready. It handles just about everything a web browser is supposed to do, including Java, Javascript, and SSL. There are also new window manager styles, advanced theme support, extensive internationalization capability, and, of course, the much-hyped new icons.

There is a great deal of new stuff under the hood as well - much of the KDE project's effort over the last year has gone into the creation of a new advanced infrastructure. High on the list, of course, is the new KParts component system, which is claimed to be lighter-weight and easier to deal with than GNOME's CORBA-based implementation. The larger applications, such a KOffice and Konqueror, use KParts to assemble themselves out of smaller components. There is also DCOP, which allows applications to talk to each other, and KIO, supporting network-transparent I/O. The XMLGUI layer uses XML to store the details of an application's layout; it also maintains a global "style sheet" which helps to ensure consistency across the set of applications.

Two years ago, critics were still saying that the free software world was not capable of producing something as complicated as a modern desktop. How much fun it is to point out to those critics that we now have two... The KDE project has raised the bar considerably with this release; congratulations to all the developers who worked to make it possible.

Microsoft says penguins can mutate. Do check out this Microsoft advertisement scanned from the print version of c't magazine. It contains a set of distorted penguins, and claims that open source systems can mutate on you - so it's better to go with proprietary stuff.

There are those who claim that the ad is interesting because it is the first direct Microsoft attack against free software. That, however, is not quite true - the Linux Myths page showed up on the Microsoft page just over a year ago. The ad does show that Microsoft sees a threat, though, and is looking for ways to counter it.

This one is not likely to get them very far. The creator of the Word file format is not in much of a position to criticize other systems for changing - at least changes in the free software world are documented and in the open. It is an amusing ad, though, and unlikely to be the last such from that direction.

Announcing...Mountain View Data. A company called Mountain View Data announced its existence this week. The first thing that catches the attention with this company is that its principals are Cliff Miller and Iris Miller, the founders of TurboLinux, along with Peter Braam, the designer behind the Coda and Intermezzo filesystems.

The Millers, of course, have been easing out of their roles in TurboLinux for a while. Large venture investments have a way of pushing aside a company's founders in favor of more presentable (to investors) executives. So they are off to Mountain View, which gives them a chance to create another successful open source company.

Mountain View intends to provide services around data storage needs. To that end, they have brought in Mr. Braam's Intermezzo filesystem, and Mr. Braam himself as CTO. The filesystem is being presented as an ideal high-availability solution, especially when complemented with the SnapFS filesystem (which allows taking easy snapshots of the filesystem state) and the LinuxDisk storage area network system.

Mountain View is clear on its technology and personnel; what is not so clear at this point is just how the company plans to make money. The software is, after all, open source. There is a lot of talk about how corporations have increasing needs for data storage, and increasing trends toward outsourcing. Mountain View clearly plans to be involved in that outsourcing, but its services page only says "We will be offering managed storage services, early 2001."

We asked Mr. Braam about what the company will sell, and were told:

The business model is to manage data centers and offer storage to customers. We take care of the backups, installation, management and growth in these centers and will probably charge by the "byte"

There are a few other companies operating in this area, but Mountain View is the only one explicitly working with open source software. Through the use of this software and commodity hardware, the company expects to price its offerings far below those of its competitors. It's an ambitious plan, but the company may just have the right people to pull it off.

LynuxWorks files for an IPO. Just as this LWN Weekly Edition went to "press", LynuxWorks announced that it had filed for its initial public offering of stock. We've done a quick pass over the company's IPO filing, and written up our impressions as a feature article. LynuxWorks has an interesting business model in mind; it's not necessarily going to be an easy path.

Inside this week's Linux Weekly News:

• Security: XFree86 security problems, the case for exploits, the Cybercrime Treaty.
• Kernel: poll() and scalability; extended attributes on files
• Distributions: LSB-FHS test suite issues, Dirk Hohndel interview, the future of Linux-Mandrake
• Development: Jython, Linux For Kids CD, PostgreSQL slides.
• Commerce: Open Source corporate sponsers; European Commission to research software patents.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and Editorials

XFree86 security problems. XFree86 security problems have become an ongoing issue. Chris Evans pointed out on BugTraq this week an increasing number of XFree86 security problems for which vendors have not released security updates, including:

• XFree86 Xserver Denial-of-Service vulnerability (May 18th, 2000).
• Multiple X applications stack corruption vulnerability (June 19th, 2000), requires a setuid xterm or other X application.
• XFree86 4.0.1 /tmp Vulnerabilities (July 2nd, 2000).

Given Linux' heavy dependence on XFree86, the current situation is definitely not good. We cannot tell, from the lack of response, if the problems above have been investigated and found to be invalid or valid, whether fixes haven't been released because no one took the time or because the issues are too difficult, intrinsically, to fix properly. Fixes for the problems may even have been put into the XFree86 development tree without announcement or back-port to the stable versions in general use; that has happened in the past.

Chris Evans' response to this has been the release of an exploit for at least one of the problems he personally reported, and the encouragement for others to do the same. As a result, the need for fixes for these problems has just increased an order of magnitude. Most of us can't afford to stop using X, therefore security updates for XFree86 are a real necessity. In the meantime, while we continue to wait, a check on your firewall to make sure you are blocking X packets is one good idea.

The case for exploits. Chris Evans' choice to develop and release exploits for a security problem for which no fixes have been developed after several months is a good example of why exploits became so necessary in the computer security world. Particularly with commercial software, where the customer has no option other than to wait for a vendor to release a fix, exploits and negative publicity are about the only tools available. Negative publicity is easier to generate for a problem with a proven exploit, so the two go hand in hand.

Last week, discussion on BugTraq mentioned and highlighted a couple of additional reasons for the use of exploits. One security problem seen last week had been reported as a bug many months before, but the person who reported it, and others that read the bug report, couldn't quite envision how the bug could be used to actually broach security. As a result, the bug was left unfixed -- until last week, where someone proposed a theoretical manner in which it could be exploited, and then proved their theory with an exploit. Needless to say, the bug was quickly fixed.

That particular example could quickly take us to a discussion of why every bug is important to fix, but that's not our topic this week. Let's concentrate, instead, on other ways that exploits help us. For systems administrators who are actively following and applying patches for security problems, exploits allow them to first identify whether or not their system is vulnerable (and adjust the priority of the security update) and also to test an applied "security fix" to see if it has really removed the problem.

Much publicity and attention is going to the negative aspects of such exploits, the way in which they have been used by "script kiddies" to proliferate attacks on systems across the Internet. However, it is very difficult to see how computer security would have ever improved to even today's wobbly standard without them. Blaming the exploits obscures the real culprit: the software/hardware is vulnerable and needs to be fixed.

The Cybercrime Treaty. It is important to understand the need for exploits, and other tools that are used by systems administrators and script kiddies alike. A lack of that understanding is frighteningly demonstrated by the draft Cybercrime Treaty from the Council of Europe.

This is not a new draft; it is dated April 25th, 2000. It was discussed on Slashdot in September. However, this week, MS NBC covered the treaty, stating that it would create a new class of persecuted artists: computer hackers. This article is, obviously, fairly inflammatory and does not bother to reference the text of the original treaty, nor use accurate quotes from it. However, we don't disagree with the heart of the article, that this potential Treaty could have serious negative impacts on software developers.

What, exactly, in the treaty generates such concern? Much of it stems from the necessarily vague language of a treaty that involves forty-one European nations, as well as the US, Canada, Japan, and South Africa. In particular, the treaty outlaws "Illegal Devices", and then proceeds to define them as follows:

Article 6 - Illegal Devices

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law when committed intentionally and without right:

a.the production, sale, procurement for use, import, distribution or otherwise making available of:

1.a device, including a computer program, designed or adapted [specifically] [primarily] [particularly] for the purpose of committing any of the offences established in accordance with Article 2 - 5;

2.a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with intent that it be used for the purpose of committing the offences established in Articles 2 - 5;

a.the possession of an item referred to in paragraphs (a)(1) and (2) above, with intent that it be used for the purpose of committing the offenses established in Articles 2 - 5. A party may require by law that a number of such items be possessed before criminal liability attaches.

Another reason for concern is the fact that this treaty is so far-reaching, yet the process of developing it side-steps the internal process of the U.S. and other countries for guaranteeing input and review from citizens. For more specific details on such concerns, you may want to refer to this additional MS NBC article in which a coalition of 28 cyber-rights organizations slam the treaty. ""Police agencies and powerful private interests acting outside of the democratic means of accountability have sought to use a closed process to establish rules that will have the effect of binding legislation," the GILC stated in its letter."

People working with computer security are particularly affected, since much, if not all, of the software used for computer security purposes can be adapted for illegal purposes. It may even, depending on the individual's point of view, have been designed for computer intrusion, yet be an essential tool for security experts and systems administrators. All exploit code would fall into this category. As a result, this statement of concerns has been signed by a number of "leading security practitioners, educators, vendors, and users of information security". They state bluntly, "We are concerned that some portions of the proposed treaty may inadvertently result in criminalizing techniques and software commonly used to make computer systems resistant to attack."

There is no indication that the draft has been changed in response to these expressed concerns.

Happy birthday to OpenBSD. Thanks to Alexandre Dulaunoy, who pointed out that October 18 was the fifth anniversary of the beginning of the OpenBSD project. Congratulations, and we wish you many more!

U.S. crypto winners -- Belgian heroes (Wall Street Journal Interactive. Jokingly, they were presented with a pseudo-gold medal, draped around the neck of an inflatable Tux. This Wall Street Journal Interactive article takes a look at Vincent Rijmen and Joan Daemen, creators of the Rijndael encryption formula, selected by NIST to become the new Advanced Encryption Standard.

"Rijndael is the fruit of symbiotic intellectual relationship. Though he has the more assertive personality and even shows a cocky side at times, Daemen says he considers himself less gifted in math than the shy, understated Rijmen -- something Rijmen doesn't seem to dispute. But both say they couldn't be successful without being able to test ideas and theories through each other. And Rijmen may be the better mathematician, but Daemen's creative ideas are sometimes what put them on track toward a breakthrough, they say."

Security Reports

Oracle vulnerabilities. The Oracle LDAP daemon, oidldapd, contains a buffer overflow that can be exploited via the use of an environmental variable, whose value is not properly checked before use. For details, check the original BugTraq report. Oracle 8.1.6 on Linux is affected, as is Oracle Internet Directory 2.0.6. Oracle has responded and promises a fix next week.

MySQL authentication weakness. The CORE SDI team reported an authentication weakness in MySQL this week. MySQL uses a challenge/response authentication scheme to avoid passing passwords across the network in plaintext. The CORE SDI team demonstrated that this authentication scheme can be detected and, after the observation of such challenge/response interactions, fake passwords can be generated to interact with the server and gain access to client data and privileges.

This is a known security weakness of MySQL, documented in the MySQL manual. To avoid it, ssh-tunneling should be used to support MySQL client/server interactions outside a local network. The manual section makes other configuration suggestions to minimize the problem.

Slackware PPP vulnerability. A Slackware-specific configuration error in the ppp-off script could allow an unprivileged user to overwrite any file on the system. A new Slackware PPP package has been issued to correct the problem.

ntop '-i' buffer overflow. The "-i" option of ntop can be exploited to pass in a command which is then executed by ntop. If ntop is installed setuid root, this can lead to a root break-in. Check this BugTraq report for more details.

Exploits for ntop have also been published, so you may want to disable ntop until a security update is available. Alternatively, Christophe Bailleux reported that ntop-1.1-5.i386.rpm is not installed setuid and is not vulnerable.

Red Hat lpr print filter vulnerability. The lpr package shipped with Red Hat 6.2 (and possibly earlier versions) contains a print filter with a configuration error that can be exploited to run arbitrary commands under the lp group. This, in turn, can be exploited to gain root privileges. Red Hat 7.0 is reported not to be vulnerable. For more information, check out BugTraq ID 1834. This problem was reported by Zenith Parsec on October 20th.

Commercial products. A security fix for Half-Life, a popular first-person shooter game, was included in the 1.1.0.4 release of Half-Life, now available for download.

Updates

Apache mod_rewrite vulnerabilty. Files outside the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.

This week's updates:

• Linux-Mandrake, updated advisory
• Red Hat

• Caldera (October 12th)
• Conectiva (October 12th)
• Trustix (October 12th)
• Slackware (October 19th)
• Linux-Mandrake (October 19th) (OUTDATED!)

GnuPG false signature verification. GnuPG fails to correctly validate multiple signatures in a file. Check last week's Security Summary for details. GnuPG 1.0.4 has been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible.

This week's updates:

• Caldera
• Red Hat
• Linux-Mandrake
• Immunix

Format string vulnerabilities in PHP. Multiple format string vulnerabilities in PHP 3 and PHP 4, including one involving the use of syslog, can be exploited remotely to execute arbitrary code under the web server's identity. PHP 3.0.17 and 4.0.3 contain the fixes for these problems. For more information, check last week's LWN Security Summary.

This week's updates:

• Red Hat
• Immunix

• Debian (October 19th)
• Caldera (October 19th)
• Linux-Mandrake (October 19th)
• Conectiva (October 19th)

NIS/ypbind format string vulnerability. A format string vulnerability in NIS/ypbind can be remotely exploited to run arbitrary code as root. An immediate upgrade is recommended. For more information, check last week's LWN Security Summary.

This week's updates:

• Linux-Mandrake
• Red Hat
• Immunix

• Debian (October 19th)
• SuSE (October 19th)

xlockmore. Check the August 24th Security Summary for details. An update to xlockmore 4.17.1 is recommended.

This week's updates:

• Slackware (xlockmore 4.17.2)

• Conectiva (August 24th)
• Debian (August 24th)
• Linux-Mandrake (August 31st)
• FreeBSD (September 7th)

curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported last week.

This week's updates:

• Red Hat

• Debian (October 19th)

Buffer overflows in ping. Multiple buffer overflows in Alexey Kuznetsov's ping were discussed last week.

This week's updates:

• Red Hat
• Immunix

Resources

• Bastille Linux 1.1.1, a hardening script for Red Hat-based Linux systems. It includes some initial work on support for Red Hat 7.0, meaning it probably is not yet ready for use on Red Hat 7.0 systems, but they are "working on it".

Events

Upcoming security events.

Date	Event	Location
October 29-November 2, 2000.	SD 2000 (Software Development Conference)	Washington D.C., USA
November 1-3, 2000.	Compsec 2000	Westminster, London, U.K.
November 1-4, 2000.	7th ACM Conference on Computer and Communication Security	Athens, Greece.
November 3-5, 2000.	PhreakNIC v4.0	Nashville, TN, USA.
November 8, 2000.	Security Forum 2000	Vancouver, British Columbia, Canada.
November 13-15, 2000.	CSI 27th Annual Computer Security Conference and Exhibition	Chicago, IL, USA.
November 26-December 1, 2000	Computer Security 2000 and International Computer Security Day (DISC 2000)	Mexico City, Mexico
December 3-7, 2000.	Asiacrypt 2000	Kyoto, Japan.
December 3-8, 2000.	LISA 2000	New Orleans, LA, USA.
December 10-13, 2000.	INDOCRYPT 2000	Calcutta, India.
December 11-15, 2000.	16th Annual Computer Security Applications Conference	New Orleans, LA, USA.
December 20-21, 2000.	The Third International Workshop on Information Security	University of Wollongong, NSW, Australia.
December 27-29, 2000.	Chaos Communication Congress	Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre17. More fixes have gone in, but there's still a list of things that need to be dealt with before the real 2.2.18 release can happen.

Should applications be allowed to bind to any IP address? "Binding," of course, is how a server gets set up to accept connections. The current 2.4.0-test implemention allows binding to an arbitrary address - even if the system has no interfaces at that address. Such an action would seem to make no sense; if there are no interfaces which can receive packets to an address, a server that has bound to that address will have very little to do.

The reasoning behind allowing that sort of binding is that an interface could conceivably come up in the future which does correspond to the given address. Not all interfaces are up all the time, and life may be simpler for servers if they do not have to be continually checking to see if the network is there yet.

There are a couple of problems with that behavior, though. It turns out that the POSIX standard requires that a bind to a nonexistent address fail. And it turns out that some applications try to bind to an address as a way of determining whether the address is local or not. The Java virtual machine, in particular, does this; the 2.4.0 semantics confuse it and causes the compatibility test to fail.

As a result, the ability to bind to nonexistent addresses will be going away. There will, however, be a sysctl option added that will allow the system administrator to restore that behavior if need be.

A new Linux event handling interface? Readers of linux-kernel this week were treated to a lengthy discussion of how Linux makes event information available to applications, and the beginnings of a new interface that may improve on things in the future.

The mechanism used by most applications for tracking events is the poll() system call. poll() essentially takes a list of open files (and devices and network sockets...) and blocks until one or more of them is ready to perform I/O. The classic example of a user of poll() is the X window system server, which has a long list of client connections and must be able to respond to input events on any of them.

Dan Kegel started things off by posting the results of some benchmarks he did with poll(). To stress things a bit, he tried an application watching 100, then 10,000 file descriptors on both Linux and Solaris. Solaris did rather better than Linux did; in particular, it showed only a factor of 6.5 time difference between 100 and 10,000 sockets.

Some people were quick to downplay the results, pointing out that they almost have to indicate a large setup time on the Solaris side that will penalize programs polling a small number of sockets (which is most of them). Linus was in this camp:

Basically, for poll(), perfect scalability is that poll() scales by a factor of 100 when you go from 100 to 10000 entries. Anybody who does NOT scale by a factor of 100 is not scaling right - and claiming that 6.5 is a "good" scale factor only shows that you've bought into marketing hype.

Others pointed out that the Linux implementation of poll() is not ideal, since it requires four passes over the list of file descriptors: (1) reading them into kernel space, (2) querying drivers and setting up wait queues, (3) querying again after an event happens, and (4) copying results back to user space. Every pass over a large array hurts.

The Linux poll() implementation could probably be improved to perform fewer passes over the list. The real problem, though, is that poll() requires the system to pass over such a large array in the first place. To make things worse, the array is entirely under the application's control, so every call to poll() is like the first one. Clearly there is some room for improvement here, and this conversation got people thinking about a better way of doing things.

So Linus posted a new interface design reflecting one of those better ways. Read the posting for the details; in very simple terms, the proposed interface allows the application to tell the kernel about events of interest. The kernel maintains the list, and thus knows when the list changes. Each process has a queue of events waiting to be processed, which it may look at with a system call. Whenever an event actually happens (a network connection arrives, for example) the kernel adds it to the list of every process that is interested - but only if an event of that type is not already on the queue.

The business about putting only one event of a given type on the queue is important. An event notification from the kernel means that one or more events are pending, and the application must be sure to deal with them all. This requirement makes life a little bit harder for applications, but much easier for the kernel. Among other things, the kernel need not worry about running out of memory should a large blast of network packets show up.

Of course, nothing much is new under the sun...Dan Kegel pointed out that Linus's scheme bears a strong resemblance to the FreeBSD kqueue mechanism. It has evolved somewhat under discussion as well. Nobody, yet, has rushed out to implement this approach - it would be a 2.5 item in any case. But something along these lines will likely happen before too long. The fun of free software is that you can see it take form in the early stages.

Access Control Lists and extended attributes. Andreas Gruenbacher released version 0.7.0 of the Access Control List (ACL) patch. This release was the first stable release in some time... except that it was closely followed by 0.7.1 to fix up a few details..

On a more general level, Andreas also posted a proposal for the implementation of "extended attributes" (such as access control lists) in the Linux virtual filesystem. The ACL project has had an extended attribute patch for a while; they would now like to begin the process of getting it into the kernel.

Something will almost certainly go in at some point, but the extended attribute interface may well see some changes first. Stephen Tweedie posted a separate extended attribute specification which was evidently hammered out at the recent storage workshop in Miami. This version takes a wider view of things; it tries to handle things like the ACL's found on the NT filesystem and NTish identifiers that can be used by Samba. It's a complicated problem, and the kernel developers would like to solve it properly.

Once again, of course, this is 2.5 material, so there is some time to work out the details. The 2.6 kernel will likely have a much more extensive security scheme as a result.

KernelTrap.com hits the web. A new site called KernelTrap has turned up on the net. It is dedicated to kernel hacking in general, but its content is very much Linux-oriented.

Other patches and updates released this week include:

• The Linux Advanced Routing & Traffic Control Mailing List has been announced. It is being run by the folks who wrote the HOWTO on the same subject, and is aimed at helping those who are using Linux in routing applications.

• Eric Raymond has released version 0.8.2 of his CML2 kernel configuration and build system.

• Keith Owens posted a warning that the get_module_symbol() and put_module_symbol() functions in the kernel will go away shortly, unless somebody can come up with a good reason why they should stay.

• Keith also released modutils-2.3.19. Remember that, if you're thinking about running a 2.4.0-test kernel, you need to be running at least version 2.3.15 of modutils...

• Jens Axboe posted a patch adding support for ATAPI DVD-RAM devices.

• A new version of hfsplusutils (tools for the HFS filesystem) was released by Klaus Halfmann.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

LSB-FHS test suite issues. Early in the week we received a notice from SuSE regarding the results of the LSB-FHS test suite run against the SuSE 7.0 distribution. While the results are obviously very good for SuSE, their claim to be the most compliant distribution could be questioned. SuSE scored 238 passed tests and 5 failed tests, a good mark undeniably, but just how valid were the tests? Debian Project leader Wichert Akkerman later sent out a response to the LSB-FHS test suite results which showed SuSE as the most conformant distribution. Looking at the places where Debian ran into trouble, Mr. Akkerman takes issue with some aspects of the test, and admits to trouble on Debian's part for others.

Not all of the test results are fair in my opinion: some are real bugs in Debian, others are bugs in the test-suite or the result of using an incomplete install.

The messages began flying on the Debian Development list (and were copied to LWN) discussing the methods and madness behind the LSB-FHS tests. Andrew Josey, LSB Test leader, and author of the LSB-FHS test suite wrote in with his own view of the FHS test suite and it's status along with the latest LSB test news.

"The first milestone for LSB test development is now complete. This has been in setting up the test framework for integrating tests into. The framework adopted is the Test Environment Toolkit, with the VSXgen (generic VSX test framework) layered on top of that. As proof of concept the first testsets, the LSB-VSX and LSB-FHS testsets have been integrated into the framework."

Despite this work, Andrews stated that "[the community] should not be expecting any distributions to pass the current version of the test suite. Although [LSB] believes it to be a fair and accurate test of the LSB FHS 2.1 specification, there are issues with the specification and tests that need to be resolved."

This argument was backed by Daniel Quinlan, who wrote in to the Debian Development list:

"I just checked the old version of the LSB test web pages and while they didn't warn people to not claim compliance, they do refer to LSB-FHS-2.1-1 as "the latest development release" and it was noted that (1) the test results weren't believed to be accurate and (2) that there are issues that would be fixed in FHS."

So the moral of the story? The standards are, well, not standard yet. While FHS is both desirable and necessary, its existence and availability does not make it complete. Press releases related to the FHS need to be put into context and, most importantly, distribution vendors need to be aware of what they are doing when it comes to the LSB FHS. Certainly, at a minimum, they should be aware of what is and isn't standard.

TurboLinux Founders move to storage startup. TurboLinux founders Cliff and Iris Miller, along with file system and data storage authority Dr. Peter Braam, announced the launch of a new, global storage service company -- Mountain View Data.

The new company will sell storage services on the open-source InterMezzo file storage software. The Millers retain their majority stake in TurboLinux but control of that company has been handed over to Paul Thomas, who took over as CEO in June.

More information is available on the Front Page.

Getting To Know SuSE Linux. SuSE was in the news a number of times this week:

Dirk Hondel, SuSE's Chief Technology Officer, is interviewed by ISPworld. "SuSE has a strong focus on security within its distribution. We not only have an internal security team within SuSE Labs that audits all major packages and closely follows all relevant information sources, but we also maintain an active dialogue with our customer base through mailing lists and security alerts." (For a related-article, check our coverage of the SuSE Security Team in the September 14th LWN Security Summary).

SuSE also expanded its international presence with a new subsidiary in France. The European Linux heavyweight opened a new sales and service office in Paris. The new office provides installation support by phone, fax, and e-mail for the French version of SuSE Linux, which was introduced two years ago.

Finally, Marc Heuse wrote to let us know about a new document available on SuSE's web site describing, in a step by step fashion, how to install a secure Web server.

North Carolina State University EOS runs Red Hat. NC State's College of Engineering project EOS was used to show the school's committment to the open source movement. "IBM provided deep discounts on hardware for the Eos project, including a large mainframe computer that runs Linux. Red Hat's 3-month-old University Program provided software and technical assistance to N.C. State. The Linux company's ties to the engineering program there actually date to Red Hat's earliest days."

It's not the color, it's the network. And finally, from the "I don't speak that language" department: A reader wrote in last week concerned about the use of colors in the naming of Linux distributions - Red Hat, Yellow Dog Linux, and so forth. One of the projects mentioned was the Red Escolar Project. Numerous readers wrote in to let us know that "red" in spanish means "network". So that would be the "School Network" Project, not the "Red School" Project.

Life is never as black and white as it seems, eh?

Distribution Reviews

Review of Conectiva Linux 5.0 - Duke of URL. The Duke of URL this week carried a review of Conectiva Linux 5.0, a Red Hat-based distribution which is known for its large selection of software and language support. "Conectiva Linux features much of what we've come to expect, SMP, graphical installation, optimized kernels, SSL, hardware detection, and more, but also brings to the table a few new features. One of these new features is two CDs full of commercial applications, something not normally seen in your typical Linux distributions."

SAMS Red Hat 7 Unleashed. While not a review, SAMS has followed Red Hat's release of their verion 7 distribution with their own Red Hat 7 Unleashed text.

General-Purpose Distributions

The Future of Linux-Mandrake. Now that the Linux-Mandrake 7.2 release has been frozen (no new features will be added), discussion was opened on where Linux-Mandrake should go from here. Some of the wish list items readers asked for included:

• Font foundries
• XFree86 Render Extension
• Helix GNOME
• More USB support
• More multimedia applications (MP3 players and graphics editors)

Best Linux 2000 Release 3. SOT Finnish Software Engineering Ltd. issued a new release for its Best Linux Operating System for desktop and server applications. The new release of Best Linux includes, in addition to many other improvements, support for the Portuguese language, improved sound card support, modem configuration, and the new KDE 2.0 desktop environment.

ROCK Linux 1.3.11 released. The ROCK Linux team has announced the release of ROCK Linux 1.3.11. ROCK Linux is a distribution "for admins, hackers, geeks, and skilled Unix users;" this release is based on the 2.4.0-test9 kernel and a number of other current software releases (they stopped short of gcc-2.96, though).

Red Flag Linux. Sun Wah Linux Limited and Red Flag Software Company Limited, of the Chinese Academy of Sciences ("CAS"), have officially launched the Red Flag Linux Server - Traditional Chinese Version, which is aimed specifically at the Chinese market. Included in this launch are Red Flag Linux Server 2.0 and Red Flag E-business Start Kit 1.0. The former runs on 32-bit, 64-bit or higher-end machines and optimizes server hardware performance. It provides an operating environment that is secure, stable and reliable, and supports key Internet/Intranet-based applications.

Caldera eServer 2.3 Wins Network World Blue Ribbon Award. Caldera announced that OpenLinux eServer 2.3 has received Network World's Blue Ribbon award for use as an enterprise server. Caldera eServer led the list of five Linux server-side distributions based on the following criteria: LAN administration and setup, added applications and value, installation, service support policies and documentation.

Debian News. The Debian Weekly news this week discusses LSB-FSH issues and why Helix Gnome isn't in Debian yet.

Mizi Linux 1.5 released. MIZI Linux OS is a Linux distribution version developed by MIZI Research. Its goal is to develop a distribution version that can be used in desktop environment.

ODDAS-Linux 0.2. ODDAS-Linux was released earlier this week. This release fixes some network initialization scripts and provides better documentation.

easyLinux. We haven't heard much about easyLinux/ since about February 2000, but they contacted us to see if they could be included in the list of distributions. A quick look at their web site shows the distribution to be available on CD-ROM and in a boxed package. The RPM based distribution has won a few awards (according to their web site) and offers shares of the company in exchange for contributions to the distribution and for purchases made. While not public, one wonders how valuable such shares might be (or how many you can get in the long run). Interesting concept.

Special-Purpose Distributions

WinLinux 2000. Last covered in March of 2000, WinLinux 2000 sent LWN a press release suggesting it was a new release. No web site was provided in the press release but we already had the URL: http://www.winlinux.net/

Other updates.

• Green Frog Linux 1.0.0 - replaced Postfix with OMTA, netkit inetd with xinetd, w3m with wget, and isapnptools with the 2.3/2.4 isapnp backport, deprecated proftpd and bind (manual builds required)
• DragonLinux v2r1 - added Loopback filesystem, distribution now available on CD.
• PeeWeeLinux 0.53 - updated configuration file handling.

Embedded Distributions

Tynux expands into Japan. According to a LinuxDevices.com report, PalmPalm Technology, makers of the Tynux embedded Linux distributions, will open its Japan office, PalmPalm Japan, on October 25th.

Errata

e-smith 4.0. Last week we covered the release of e-smith 4.0 server and gateway products. In that coverage we incorrectly stated that the server and gateway software is used on their line of Internet appliances. Kirrily Skud Robert, who recently joined the e-smith team, wrote in to set the record straight:

I notice you list e-smith 4.0 on your distributions page, based on my freshmeat announcement from a few days ago. I wanted to point out to you that the e-smith server and gateway does *not* run on a specialised internet appliance, and in fact e-smith has no such appliance product. The e-smith server and gateway runs on any Intel-based PC (eg a commodity Pentium) and, as it's fully GPL's, can be used at no cost -- though of course e-smith do provide support and software subscriptions at a very reasonable rate.

We apologize for the confusion and hope this clarifies the situation.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's Development page.

Development projects

News and Editorials

Speaking of Python variants, David Mertz of Gnosis Software discusses several other versions of Python, including Vyper and Stackless Python. The article delves into the issues of multiple language implementations.

Browsers

Mozilla Sidebar Tools. There are several new tools for working with the Mozilla sidebar panel. Eric Hodel has added some requested new features to the Links Sidebar Panel, and D.J. Adams has written a perl script called My Sidebar which allows for the creation of a Mozilla 5 sidebar panel from "an RSS data source of your choice".

Jabberzilla Alpha 1 for M18. Eric Murphy has released an Alpha 1 version of Jabberzilla, which combines Jabber and Mozilla technologies. "Jabber is a peer-to-peer messaging system that is XML-based and lets you use Instant Message systems like AIM, ICQ, IRC, MSN, Yahoo Chat, etc. from a single application."

DOM 1 Reference published. Jiri Znamenacek has published a Document Object Model (DOM) level 1 reference. He is looking for XML contributions to the reference.

Databases

PostgreSQL tutorial slides (PostgreSQL). The PostgreSQL site has published a set of slides for an upcoming talk by Tom Lane and Bruce Momjian. The talk will be presented at the Open Source Database Summit on October 30 and 31, 2000 in San Jose, California.

Education

Linux For Kids releases CD Collection. The Linux For Kids site has just announced the release of an ISO image of its version 1.03 CD software collection. Now you can burn your own CD and have lots of Linux educational and game software in one handy location.

SEUL/edu report #31. The October 23 edition of the SEUL/edu report is out. Check it out for the latest news concerning Linux in the schools.

Interoperability

Wine Weekly News #66. The October 23 edition of the Wine Weekly News is out. This issue announces a new Winehq search engine, new mailing lists, and some Wine history.

Network Management

OpenNMS Update. The latest OpenNMS Update has been sent in, providing updates on various projects, including a MIB compiler and the scope of the OpenNMS project for the month of November.

Office Applications

Kivio First Public Beta Available. KDE Dot News reports on the first beta release of Kivio, a KDE-based diagram and flowchart editing tool. "Kivio is the first and most complete diagramming tool for KDE".

Gimp 1.1.27 and 1.1.28 released. Manish Singh, Gimp build master, released Gimp 1.1.27, a new developer's version of the Gnu Image Manipulation Program, back on October 4th. After some build problems were reported, Gimp 1.1.28 was released on October 16th. These releases contain mostly bug-fixes and documentation changes.

Gnumeric Spreadsheet 0.57 released. Version 0.57 of the Gnumeric Spreadsheet program has been released.

On the Desktop

The People Behind KDE: Claudiu Costin. This week, the People Behind KDE series interviews Claudiu Costin.

Trolltech releases an open source localization tool. Trolltech has released a fully functional preview of Qt Linguist, an application language translation system. Qt linguist is licensed under the open source BSD license. Qt Linguist works in conjunction with Qt, Trolltech's cross-platform GUI application framework. "Qt Linguist, localization tool, allows users to seamlessly convert Qt-based programs from one language to another, simply and intelligently. Qt Linguist helps with the translation of all visible text in a program, to and from any language supported by Unicode and the target platforms".

Evolution 0.6 announced (Gnome.org). Gnome.org has announced the release of Evolution 0.6, code named Procompsognathus, truly a coded name in this case. This release features lots of additions to the Mail program, and numerous bug fixes among other things.

Reorganizing the UI team (Gnome.org). Miguel De Icaza has posted an article on Reorganizing the UI team for the Gnome project.

The executive summary follows:

• A call for volunteers to extend the life of the GNOME User Interface team.
• A call for people who want to coordinate the individual parts of the team.
• If you are interested in a managing role in the project, please read to the end of this message for further instructions ;-).

The Alternative Languages in Gnome Matrix. Erik Bågfors has published The Alternative Languages in Gnome Matrix with a large table of languages that may be used for developing Gnome applications.

Science

Medical software's free future (BMJ). The British Medical Journal has run an editorial by Douglas Carnall on Medical software's free future. "Free software concepts make particular sense in medicine: although peer review has its problems, medical knowledge is becoming more open, not less, and the idea of locking it up in proprietary systems is untenable". Worth checking out.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Erlang

Erlang Conference Proceedings. The proceedings from the October 3, 2000 Erlang/OTP user conference have been made available. Take a virtual tour of the conference.

Java

Blackdown releases Java2 SE v1.3.0-FCS. Blackdown has released its Java2 SE v1.3.0-FCS for Linux. This release contains many bug fixes.

Perl

Programming GNOME Applications with Perl, Part One (Perl.com). O'Reilly's Perl.com has published a feature article on Programming GNOME Applications with Perl. The article takes you through the process of developing a simple gnome application with Perl.

Perl 5 Porters gets new author. Simon Cozens has recently taken charge of the Perl 5 Porters digest. The latest issue contains discussions on virtual values, slow unshift response, and the handling of integers and floating point values.

PHP

PHP Weekly Summary #8. The October 23 issue of the PHP Weekly Summary is out. News includes a pl1 release of PHP 4.0.3 that fixes a problem with the Apache php_value mechanism, among other things. PHP 4.0.3pl1 can be downloaded here.

Python

Python-dev summary for October 1-16, 2000. The Python-dev summary for October 1 - 16, 2000 is now available. A summary of recent discussions about Python's handling of floating point numbers was posted.

This week's Python-URL. Here is Dr. Dobb's Python-URL for October 23 with the usual collection of goodies from the Python development world. Topics include hints on math operators, IEEE 754, watch variables, assertions, and exceptions

Python Bindings and Scripting for KDE Updated. theKompany.com announced the release of VeePee v1.0 and SIP/PyQt/PyKDE version 2.1. "VeePee is the Python-based scripting environment for KDE, and SIP/PyQt/PyKDE are the Python bindings for Qt and KDE. These updates are to support Python 2.0 as well as numerous feature additions and some bug fixes".

Mod_python beta 2.6 announced. Gregory Trubetskoy has announced the release of Mod_python beta 2.6. This release features bug fixes, faster operation, and improved installation thanks to a switch to the autoconf system.

py_cpp Python/C++ binding system announced. A new Python/C++ binding system, py_cpp, has been announced.

SGML

Installing and using SGMLtools-Lite (IBM Developer Works). IBM's developer works has run an article on Installing and using SGMLtools-Lite by Joe "Zonker" Brockmeister. The article covers the installation of this tool and its use in converting SGML into HTML, PostScript, text, and other languages.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 23 with the latest from the Tcl/Tk development community. This week's edition discusses accessing tape drives, closing out applications correctly, and terminal i/o among other things.

Software Development Tools

LSB test news. The Linux Standards Based released this announcement regarding the status of their testing processes. "The first milestone for LSB test development is now complete. This has been in setting up the test framework for integrating tests into. The framework adopted is the Test Environment Toolkit, with the VSXgen (generic VSX test framework) layered on top of that. As proof of concept the first test sets, the LSB-VSX and LSB-FHS test sets have been integrated into the framework."

More information on this can be found in the Distributions Page.

See also: last week's Commerce page.

Linux and Business

Open Source corporate sponsers. Open Source activity has certainly been strong this week. As was mentioned in this week's front page, corporate sponsors play a large part in keeping the open source community going. Who are these corporate sponsors and what are they up to this week?

The Open Source Development Network (OSDN) is a division of VA Linux. The old Andover.net is now incorporated into OSDN. Of course the Andover.net site is still there, but the OSDN site has all the same departments, and lots more besides. Through OSDN, VA Linux supports open source in many ways. Freshmeat.net and SourceForge.net are just a couple of the many examples. OSDN has an opportunity to support open source in other ways as well. The recently announced Open Source Database Summit provides a different type of forum for developers. (More info on the Summit can be found in this week's announcements page.)

Corporations make alliances to better support open source. This alliance between OSDN and Jabber is a good example. Webb Interactive is the corporate sponsor/developer of the open source messaging system, Jabber (found at jabber.com). OSDN will soon feature the Jabber system on both SourceForge.net and OSDN.com.

DevelopOnline.com is a collaborative, online development center for programmers and engineers geared towards the embedded market. Sponsors include Intel, Avnet, Lineo and, according to this announcement, MontaVista. DevelopOnline recently announced support for Linux developers wishing to work on Compaq iPaq and StrongArm based handheld devices.

Smaller companies may not have the resources of VA Linux or Intel, but ID-PRO has found another way to help. They are holding an auction to raise money for the Free Software Foundation Europe and KDE. They will be auctioning the prototype version of PAUL, ID-PRO's communications server, which has been signed by a number of Open Source luminaries such as Linus Torvalds and Jon "maddog" Hall.

The Danish Parliament supports open source, showing us that governments can also supply support. Danish MP Knud Erik Hansen had put out a press release regarding a proposal in the Danish Parliament on open source. "In the report the parties clearly express their support for Open Source and for provision of a good framework for development of Open Source by the state. This will be a part of the state's IT policy in the future. The report recommends that the state henceforward use Open Source in the development of its own software, that the state provides possibilities for bids with Open Source software, and that the state disseminates information about experiences with Open Source." (Thanks to Peter Toft, via Stéfane Fermigier).

More open source announcements can be found below in the press release section.

European Commission to research software patents. Here is a release from the EuroLinux Alliance on a move by the European Commission to study the economic and social effects of software patents in Europe. It seems they are beginning to figure out that there could be some trouble there. The EuroLinux Alliance is trying to help them out with well-written input; they are looking for contributions from people in Europe. This issue directly affects a lot of our readers; consider helping them out if you can.

Axis announces 2120 network camera. Axis Communications has announced the availability of the 2120 network camera. This camera resembles the 2100 model, reviewed by LWN last May, in that it has a built-in Linux system and web server, and plugs directly into the net. The new version has a number of new features, including full motion JPEG output and motion detection capability.

Codemesh needs Beta testers. Codemesh is porting its JunC++ion product to several *nix platforms, including Linux. "The UNIX platforms that customers have expressed the most interest in are Solaris, Linux, AIX, and HP-UX. If you're interested in becoming a beta test site for one or more of these UNIX platforms, e-mail Codemesh at beta@codemesh.com."

Press Releases:

Open Source Products

• 5NINE (MONTREAL) announced that WMLBrowser.org, an open source development project for creating a Wireless Markup Language (WML) Browser to work with all types of Linux environments, is supporting RIM blackberry devices.

• ActiveState released ActivePython 2.0, a free binary distribution of Python for the Linux, Solaris and Windows platforms.

• American Coders, Limited (RALEIGH, NC) announced another release of its product Open Business Objects For EDI (OBOE). OBOE translates between several Electronic Data Interchange (EDI) document formats and EDI/XML files. The base package for OBOE is available with an open source license.

• Covalent Technologies has a set of product and service offerings around the open source Apache web server. The services announcement includes training courses and commercial support options. On the products side, they have the "SNMP Conductor," which is a network management product; "Nettruss" - for Apache management; and a set of security products.

• Microcross, Inc. announced the availability of GNU X-Tools, a suite of 21 target microprocessor software development tools.

• NETDUMP (VIENNA, Austria), the project for the exchange of data garbage (mainly of the artistic kind), which has won prizes such as the Prix Ars Electronica 00, is being released as Open Source.

• Stratabase (ABBOTSFORD, BRITISH COLUMBIA) released a new Customer Relationship Management (CRM) software application.

• The Software Group Limited (BARRIE, ONTARIO) released Linux drivers and administration utilities for its SGP hardware adapter to the public domain under the Free Software Foundation's General Public License, version 2.

• Zero-Knowledge Systems announced the release of the source for its "Freedom 2.0" client, and plans to release its entire Freedom Privacy suite.

Commercial Products for Linux

• Avnet Inc. (PHOENIX) announced that it will offer its extensive design service technology to design engineers and Linux programming developers through DevelopOnline, an online development center designed to accelerate product time to market.

• Concert (NEW YORK) introduced Concert IP Secure, extending the capabilities of Concert IP Extra, the company's suite of Internet security and VPN solutions.

• Informix has a couple of announcements related to the Linux world. The first is the release of their Red Brick Decision Server 6.1. The second covers the release of their Extended Parallel Server Developer's Edition for the Linux platform.

• Keller Group announced the release of PMfax for Linux, a full-featured fax and voice messaging application.

• NetSilicon, Inc. (WALTHAM, Mass.) announced the availability of NET+Lx, a complete environment for building embedded Linux applications.

• Overland Data, Inc. (SAN DIEGO and PHOENIX) and Enhanced Software Technologies, Inc. (EST) announced that Overland's AIT LibraryPro automated backup tape library is certified to run under Linux.

• VirtualTek announced plans to release Joydesk 2.11 for the Cobalt Qube 3 server appliance. Joydesk 2.11 is an integrated web-based Intranet solution.

Products Using Linux

• Cyber Digital, Inc. (NEW YORK) created its GoCyberWeb.com Division to provide sophisticated web hosting solutions for small to medium size enterprise (SME) customers. Cyber Web Server (CWEB) software technology is based on Cyber Digital Linux and Red Hat Linux.

• Gateway Guardian Enterprise (VANCOUVER, BC) announced an advanced version of Gateway Guardian, Linux-based technology that protects computer networks from unwanted intruders.

• IBM (ARMONK N.Y.) announced its new line of eServer appliances. Many Linux distributions are well supported.

• IBM (MILPITAS, Calif.) will be using Adaptec's Compatibility Test Lab to ensure system compatibility between Adaptec's host bus adapters and IBM's eServer xSeries servers.

• InterVideo, Inc. announced its LinDVD Linux DVD player/decoder will be used for the DVD video/audio playback in the ZapMedia ZapStation.

• Siemens Medical Systems, Inc. (ISELIN, N.J.) introduced CATHCOR LX Desktop, the newest member of the CATHCOR LX family of cath lab information and recording systems. It's based on the Linux operating system.

Products with Linux Versions

• Akamba Corporation (LOS GATOS, Calif.) announced the release of its first product, the Velobahn Accelerator, an accelerator specifically designed to enhance the performance of Web servers.

• Coyote Point Systems (Santa Clara, CA) announced the release of Equalizer 5.0, a UDP-enabled version of its load balancing appliance that will work with WAP devices and serverless storage devices. Equalizer is based on FreeBSD.

• Dell (ROUND ROCK, Texas) introduced the PowerEdge 300, a new workgroup server. The PowerEdge 300 can be ordered with Red Hat Linux 7.

• Espial (OTTAWA) announced a new integrated business model to enable the rapid growth of the Pervasive Internet.

• FOCUS Enhancements, Inc. (WILMINGTON, Mass.) announced that the Cocom Group has released a new addition to their set-top box lineup, the Voyager 7.

• IBM (RESEARCH TRIANGLE PARK, NC) announced enhancements to WebSphere Transcoding Publisher Version 3.5, its software designed to translate Web content to a variety of handheld devices.

• ichat, inc. announced that the next generation of ROOMS, a chat room tool, is now in beta. ROOMS 5.0 will support Linux servers.

• Information Management Research, Inc. (Denver) unveiled AlchemyXML (AXML), a set of self-describing XML-based components that acquire, index, store, retrieve and present unstructured data for a complete e-business infrastructure.

• Integrated Research Ltd (SYDNEY, Australia) announced PROGNOSIS IP Telephony Manager, the latest addition to its systems and application management solution, PROGNOSIS.

• Macromedia, Inc. (NEW YORK) announced Macromedia Flash 5 Generator Studio, a complete solution for designing and automating high-impact Web sites. It is available for Red Hat Linux.

• MGI (NEW YORK, NY) introduced MGI ZOOM Image Server 4.0, a new imaging server platform.

• NEON Systems, Inc. (SUGAR LAND, Texas) announced that the NEON iCopy product, a next generation IMS database management tool, is now generally available.

• NETWORK HARMONi Inc. (SAN DIEGO) announced the HARMONi Suite, an all-in-one performance monitoring agent for instrumenting enterprise IT infrastructures.

• Professo (NEW YORK) introduced AppStreamer, an application service management platform. It is available initially for Red Hat Linux and Solaris.

• Strategic Concepts, Inc. (BENTONVILLE, Ark.) released Strategy5, its new street-level mapping interface. It is available for Red Hat servers with Windows clients.

• webwasher.com AG announced the launch of a new server-based enterprise version of its WebWasher intelligent Internet management software. It will support Linux clients.

Java Products

• NetDIVE (SAN FRANCISCO, CA) announced the release of WeMessage Portal 5.0, an instant messaging software based on a Java client/server architecture.

• worldweb.net, Inc. (NEW YORK) announced the launch of the beta version of its next-generation content management software, Expressroom I/O v2.0.

Books and Training

• Caldera Systems Inc. (OREM, Utah) announced that the first three courses for their OpenLinux Solution Series are complete. "Linux Essentials," "NDS on OpenLinux," and "Samba on OpenLinux" will be available by the end of October. Three additional courses will be available before the end of the year.

• Computer Associates International, Inc. (ISLANDIA, N.Y.) and Caldera Systems, Inc. announced an agreement to create and deliver instructor-led courses and computer-based and Web-enabled content as part of Caldera's OpenLinux Solutions Series.

• IDC (FRAMINGHAM, Mass.) says "Linux training in the United States alone could be a $311 million market by 2004".

• O'Reilly announced the release of both Java Performance Tuning, by Jack Shirazi, and Network Printing, by Matthew Gast & Todd Radermacher.

• Sams Publishing (Indianapolis, IN) announced several new Linux titles, including Red Hat Linux 7 Unleashed, Linux Programming Unleashed, Second Edition, as well as the release of Sams Teach Yourself Java 2 in 21 Days, Second Edition.

Partnerships

• AOL Europe, S.A. (LONDON & MADRID, Spain) and Banco Santander Central Hispano, S.A. announced a new joint venture to launch AOL-branded interactive services in Spain, including AOL Avant. AOL Avant is an appliance with 64 MB of RAM, 4Gb hard drive and a wireless keyboard with five "smart keys" to take the user directly to the web or content partners. The appliance will operate on a customized version of the Linux operating system.

• Baymountain, Inc. (RICHMOND, Va.) announced that eGrail, a next-generation content management software provider, has selected Baymountain as its first preferred hosting partner.

• Dialtone Internet, Inc. and Chili!Soft, Inc. (FORT LAUDERDALE, Fla., and BELLEVUE, Wash.) announced that henceforth, all new dedicated Linux servers and Cobalt RaQ server appliances will include Chili!Soft ASP as an integral part of Dialtone Internet's bundled hosting solutions.

• EdgeMatrix (HONG KONG) announced their partnership with Sun Wah Linux (SW Linux) to bundle their mobile Internet solutions in Hong Kong.

• Experts Exchange Inc. (SAN MATEO, Calif.) announced a new partnership with Zend Technologies, the leader in PHP (PHP: Hypertext Preprocessor) technology.

• NEC Electronics Inc. (SANTA CLARA, Calif.) and Luxxon Corporation have signed a strategic alliance agreement to develop streaming multimedia solutions for wireless internet devices. Support for Linux is planned.

• NeTraverse (AUSTIN, Texas) announced an authorized reseller program as part of the rollout of Win4Lin Desktop Version 2.0. The CD box set will be available in November, followed by a planned release of a server version in early 2001.

Investments and Acquisitions

• IBM (SOMERS, N.Y.) announced that it has acquired OpenOrders Inc., a provider of enterprise-scale order management and fulfillment software for e-commerce. OpenOrders' software is available in Linux versions. IBM will incorporate OpenOrders' technology into its' WebSphere Commerce Suite software.

• International Mercantile Corp. (BALTIMORE) has signed a Stock Exchange/Merger agreement with LinuxOne, Inc.

Financial Results

Applix, Inc. reported third quarter growth over last year due in part to increased customers and strategic partners, but still showed a larger loss from the same period.
• Ariel Corp. (CRANBURY, N.J.) reported net sales of $2,180,597 for the third quarter ended September 30.

• SCO (SANTA CRUZ, Calif.) announced the net loss for the fourth fiscal quarter was $10,162,000.

• Webb Interactive Services Inc. (DENVER) developers of Jabber.com, announced record financial results for the third quarter.

New Offices/Personnel

• Caldera Systems Inc. (OREM, Utah) announced the appointment of David Acheson as director of education. Acheson will be responsible for the globalization of Caldera OpenLearning.

• Covalent Technologies, Inc. (LONDON) announced three new additions to its management team; Mark Losh, Jim Zemlin and Scott Albro.

• Coventive Technologies (TAIPEI, Taiwan) a software company focused on custom Linux solutions for systems and embedded information appliance use, announced the appointment of Randy Tan to the position of chief executive officer.

• Eazel has hired Brian Croll, veteran Sun marketing directory, as their new vice president of marketing.

• PalmPalm Technology (Seoul, KOREA) opened an office in Japan. Key activities of PalmPalm Japan include providing Embedded Linux support services, and to deliver Embedded Linux solutions based on PalmPalm's Tynux OS to Japanese Internet appliance manufacturers.

• SuSE Linux amplified its presence in the French market by opening a sales and services office in the Greater Paris area.

• Tim O'Reilly, has joined the Board of Directors of Webb Interactive Services, Inc., owners of open source instant messaging provider Jabber.com.

Linux At Work

• Red Hat announced it was being used on the server side of 3Com's new Kerbango Internet Radio service. "'Our Web servers running on Red Hat Linux are currently experiencing an uptime of 308 days with roughly 99.9 percent availability worldwide,' said John Bryant, director of Internet development for 3Com's Internet Audio Division. 'We selected Red Hat because of its reliability and position in the Linux space. Its pre-made Linux packages and overall support of Linux development made it the obvious choice for us'."

• SimpleDeal Inc. (BOZEMAN, Mont.) announced the roll-out of the SimpleDeal Network, the automobile industry's first and only full-service, dealer-to-dealer auction host operating totally online. And its all on a Linux-based cluster system.

• TurboLinux, Inc. (SAN FRANCISCO) announced that Worldlingo, Inc., a company doing foreign-language e-mail translation, is using TurboLinux Cluster Server 6 and Dell Poweredge Servers as the clustering infrastructure for its new Web business.

• The World Bank (CAMBRIDGE, Mass.) has selected ArsDigita Corporation's open-source ArsDigita Community System (ACS) suite of applications to power its new Global Development Gateway Web service.

Other

• While it doesn't state the extent to which their Linux products will be covered, Corel has announced it is working to extend access to their products for the disabled.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

KDE 2.0

KDE 2.0 released. The much-awaited KDE 2.0 Kopernicus release is now available. According to KDE founder Matthias Ettrich: "We think that current KDE users will be pleasantly surprised with the remarkable improvements we have achieved. KDE 2 offers the desktop user the benefit of standards compliance and an array of new technologies, from Konqueror, a full featured web browser and file manager, to KOffice, an integrated office suite, as well as a slew of usability enhancements, such as KDE's expanded themeability and configurability and a new KDE Help Center". Happy downloading!

Linux planet takes a look at KDE2 in a feature article by Dennis E. Powell.

Looking at KDE, Waiting for the Other Guy (Andover News). Jack Bryar looks at what the Linux desktop, in particular the new KDE 2.0 Linux desktop, means to business. "Which would you rather do, wait for a Gee-whiz desktop interface and office suite that can do everything you want (and more) -- or would you rather get something that actually works? Or would you still do nothing?" (Thanks to César A. K. Grossmann).

Norwegian language movement says: `Boycott Microsoft - use KDE instead' (KDE Dot News). KDE Dot News is running an english translation of a Norwegian newspaper article about an organization asking Norwegian schools to swtich to KDE from Microsoft tools. "Since KDE now provides both Bokmål and Nynorsk, Norsk Målungdom wants schools to use KDE instead of MS Windows."

Companies

Bigger, not necesarily better (ZDNet). ZDNet looks at the StarOffice release. "Mind you, just because you can get the source code to OpenOffice, doesn't necessarily mean you're going to want it. The sheer volume of the code requires more than three gigabytes of hard disk space in which to build, and compiles have been reported to take more than 20 hours to complete."

Sun dances the dance, pours the source (LinuxToday). The Australian LinuxToday has put up this look at the StarOffice release. "The GNOME project have plans to take the StarOffice release and run with it, abandoning their current office projects, Abiword and Gnumeric, for their big brother OpenOffice. I would say that in about 2 years time we'll start seeing a decent, workable GNOME Office on people's desktops. The GNOME team wants to take OpenOffice and rip it apart, applying their BONOBO architecture and making it integrate well with their object model. All I can say is, well they'd better know German."

Get your Red-hot Linux apps (ZDNet). Chiliware is set to release 4 new applications for the Linux Desktop, says this ZDNet News article. "'Open source is a great service, but if you just do open source, it's hard to make enough money to pay everybody', said company CEO Kenneth Eppers".

Covalent mixes proprietary and open source software (Upside). Upside looks at Covalent's apache-oriented business model. "For a company that has long been trying to emulate the branding success of Red Hat for the Apache market, this willingness to stick with the traditional, proprietary approach is an interesting point of contrast."

Welcoming back an old Amiga (News.com). The Amiga is set to make a comeback, according to C|Net's News.com. "Amiga's future, however, lies chiefly in its software, in particular its new Amiga Digital Environment software, which can run as an operating system of its own or atop other operating systems, including Linux and Windows CE, [Amiga President Bill] McEwan said."

Back to the future: Novell's new vision for success (NetworkWorld Fusion). Novell has staked its future on Netware - or has it? In this article from NetworkWorld, Jeff Shapiro thinks Linux may be the heart of Novell's new soul. "In speculating, I wouldn't be surprised to see NetWare operating in a Linux microkernel environment, with support for NetWare storage systems, Novell Distributed Print Services and legacy NetWare Loadable Modules running as daemons."

Details of Linuxcare complaint come to light (Upside). It looks like Linuxcare's troubles are not over yet. This article in Upside covers a sexual harassment suit against the company and its former CEO Fernand Sarrat. "After dinner with Sarrat and another Linuxcare executive, Bowen was offered a job as Sarrat's personal assistant. The post paid $110,000 a year and carried options to purchase 115,000 shares of Linuxcare stock, according to the documents on file with the court." The article goes into some unpleasant detail from there.

Business

Linux taking hold in India. LinuxNews.com looks at Linux in India. Quoting Atul Chitnis: "Not sure about the rest of the country, but in the state of Karnataka (whose capital is Bangalore), the study of Linux is compulsory in technical education."

Bidding on Linux (Inc.com). It's an older article (June 2000), but Inc.com did a nice article investigating just how well you can run your company using Linux. "Linux can also save small companies money because it runs well on older, less powerful machines. When Campbell installed E-mail and a firewall -- a security gateway between the company's computers and the Internet -- at James G. Murphy Co., two years ago, he used an old 486 computer that Murphy was preparing to jettison. `I could have sold them a new computer,' Campbell says. `But Linux runs just fine on that computer, so why sell them hardware they don't really need?'"

World Bank Launches `Development' Portal (Interactive Week). The World Bank Group is setting up a separate company to run the Global Development Gateway, a portal where it hopes residents, businesspeople and officials from emerging countries can collaborate on economic and social development projects with their peers around the world.

Testing the Enterprise Linux Load (LinuxWorld Austrlia). In this article from LinuxWorld Australia, Caldera, Red Hat Software, Stormix Technologies, SuSE and TurboLinux are evaluated to assess whether these companies are coupling their distributions with the tools and services necessary for enterprise server use. "The best installation process was offered by Caldera eServer, which appeared to have total command of each platform we installed it on, followed very closely by Red Hat 6.2 and TurboLinux Server 6.0. The other distributions seemed to be less capable of sensing the platform environment in one way or another."

.comment: TechnoPolitics (LinuxPlanet). LinuxPlanet has noticed that Linux companies do not show up in the list of U.S. presidential campaign donors. "The philosophical argument is that Linux really has nothing to do with government. It's free, knows no borders, and the community is highly apolitical... But there's another argument, a practical one. There are some things at stake that matter, or ought to matter, to Linux users and to those to whom Free or Open Source software is important. In fact, like it or not, the community has been shot through with political issues all year."

Linux has already won (LinuxToday Australia). LinuxToday Australia ponders the question: Has Linux already achieved world domination? "I have a theorem that Linux has perhaps the largest number of free development tools for any platform available ... Take into consideration its "ability to talk to any medium except smoke signals" ... and you have a combination which, given time, cannot be anything but successful."

What Makes a Virtual Organization Work? (Sloan Management Review). The MIT Sloan Management Review Fall 2000 issue contains a brief look at the open source workplace. "What motivates people to participate in open-source projects? And how is participation governed in the absence of employment or fee-for-service contracts? The answers revealed some important lessons for traditional organizations about the challenges of keeping and motivating knowledge workers and the process of managing in the new arena of networked or virtual organizations."

Lights, camera and net interaction (London Evening Standard). Can open source style collaboration migrate to other realms? In this article from the London Evening Standard, script writers get a chance to collaborate on a potential movie script in an open source fashion. "Of course, guidance is required and the project will be overseen by professional writers, known as Navigators, including Joe Minion, the wordsmith behind Martin Scorsese's After Hours, who will set tasks for the community. In the first instance, members will create, in 2,250 words or less, the central character for a detective thriller. When the deadline closes a "peer review" will invite members to evaluate one anothers' work."

Open Sources: Running afoul of the AMA (ZDNet). An extension of the open sources philosophies to the medical world seems appropriate in this article on one mans run-in with the American Medical Association and their Medicare code numbers used for setting prices for services.

Fragmentation fears within Linux (ComputerWeekly). Perhaps too much effort is expended worrying about Linux fragmentation. This ComputerWeekly article looks at fragmentation as method of differentiation amongst distributors, primarly from the point of view of Caldera.

Linux Boosts Unix (ZDNet). Unix vendors feel they have little to worry about with Linux in this article from ZDNet. In fact, they seem to be happy with the upstart OS. "The comment is a reflection of what the Unix vendors feel is a remarkable turnaround in their fortunes over the last 18 months. Having lived for years in fear of the growing power and scalability of Microsoft Windows, they now sense that they have in Linux a little champion on their side, one with charisma and a popular following. Unix vendors aren't used to feeling that way."

Resources

Embedded Linux Newsletter - October 19th, 2000. The latest issue of the LinuxDevices.com Embedded Linux Newsletter is now available.

A look at embedded devices running Linux. This LinuxDevices.com reference guide looks at the myriad of embedded devices currently in development that use Linux as the heart of their hardware.

Programming GNOME Applications with Perl, Part One (Perl.com). This article on Perl.com discusses one man's journey to learn the Perl interface into GNOME. "I recently needed to write a GNOME application and hit this barrier [no documentation for Perl/GNOME], and I had to figure the whole thing out pretty much for myself. So, I decided to write these tutorials so that you, dear reader, don't have to. In this first episode, we'll create an extremely simple application, but one with a full, standard GNOME interface."

It's time to kiss your BIOS goodbye! (LinuxDevices). Linux Devices summarizes the goal of Red Hat's new Red Boot project - to provide an open source bootstrap process for embedded PCs - and points readers to the associated whitepaper.

Python Roadmap (O'Reilly Net). The O'Reilly Network looks at whether Stackless Python will make it into the mainstream. "It seems reasonable to expect Stackless will make it into Python 2.1. This is likely to unleash a burst of activity, as higher-level interfaces -- microthreads and coroutines, among others -- are shaken down for 2.2. Stackless is a sufficiently interesting change that it might take many months to grasp all its consequences."

How prone is Linux to forking?. Does forking in Linux happen more than in BSD? Does it matter? Newsforge looks at forking in both Linux and BSD, with comments from Bruce Perens, Chairman of Progeny Linux Systems and well known Linux advocate.

Wine: It Gets Better With Age (LinuxToday). The Australian LinuxToday looks at the Wine project. "After seven years as alpha code, Wine's developers expect to have a 1.0 release of the software ready some time in the next six to twelve months - though it's not clear how events at Corel might change that timetable."

Reviews

Linux Gets Smaller (ZDNet). ZDNet Reviews is carrying an introductory article on embedded Linux and some of the companies working in this arena. "Embedded Linux will lead to a wide range of diminutive products running the open-source operating system. In fact, many believe embedded-Linux devices will outnumber Palm devices in two years."

Device profile: FrontPath portable info appliance (LinuxDevices). LinuxDevices.com takes a look at the FrontPath ProGear, a Transmeta-powered tablet device. "The device is intended to provide an easy-to-use information appliance for a wide range of specialty applications, in markets such as health care, real estate, restaurants, hotels, and cruise ships."

Sendmail Multi Switch 2.1 Gives Powerful Features a Simple Face (Network Computing). This article in Network Computing reviews Sendmail Multi Switch 2.1, a commercial version of the open source Sendmail. "Multi Switch lets you set up and maintain multiple mail-stream queues. This allows for parallelism, especially on SMP (symmetric multiprocessing) servers and clusters. Individual queues can have their own rule sets and configuration peculiarities, and you can make some queues faster or slower than others. The standard open-source version of Sendmail doesn't let you do this. "

Device profile: Nokia Media Terminal (LinuxDevices. Rick Lehrbaum takes a look at the Nokia Media Terminal in this LinuxDevices.com article. "The Media Terminal's software architecture consists primarily of Linux, the Xfree86 windowing system, and the Mozilla web browser (enhanced for PAL and NTSC display)."

Penguins in South America? (DukeOfUrl). The DukeOfUrl reviews Conectiva Linux 5.0. "One area you may look to Conectiva is if you're sick of distributions biased towards the English language. This would be a fine choice for users seeking good Portuguese support. Additionally, if you want the easiest installation in the business, look no further."

Device profile: Ericsson Cordless Screen Phone (LinuxDevices). Another embedded Linux device profile from LinuxDevices.com - this one on the Ericsson Cordless Screen Phone, which runs an embedded version of Red Hat Linux and the embedded version of Qt.

Device profile: empeg car audio player (LinuxDevices). Yet another embedded Linux device profile from LinuxDevices.com - this time Rick looks at the empeg car audio player, a StrongArm based embedded Linux computer that fits into your car radio slot. Unlike other embedded Linux products this one is actually available for sale and its parent company - empeg - encourages hacking of the device!

Interviews

Interview with Linus Torvalds (c't). C't has posted this interview (in German) with Linus Torvalds. If past experience holds, they will likely post the English version eventually; until then, a partial translation is available via Babelfish. (Thanks to Albrecht Fritzsche).

A Good-Looking Geek Magnet (Fox News). Fox News.com is running a fluff piece on the beauty of the Linux Desktop, based on a short interview with themes.org Site Manager Greg Sanders and a high level overview of our beloved X Window System.

Miscellaneous

Highlights of Atlanta (Annual) Linux Showcase (Linux Journal). From last week, but worth a look anyway: Don Marti's ALS summary on the Linux Journal site. "Red Hat's rush to ship C++ fixes at the cost of confusing, ok, enraging, old-school Red Hat users is good news. It shows that Red Hat is getting service and support contracts from corporate customers who are porting C++ programs that depend on features that have been weak historically in GCC. Face it, nobody needs a bleeding-edge compiler to rebuild the old reliable tools written in C."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

Linux Advanced Routing & Traffic Control HOWTO. The Linux Advanced Routing & Traffic Control HOWTO team announced the creation of a mailing list dedicated to discussion of the topic of their HOWTO.

Events

Proceedings: Open source software in the space business. A conference entitled "The role of open source software in the space business: technical issues, use guidance, legal implications" was held on October 5 in Noordwijk, The Netherlands. The proceedings from the conference are now available on line. The contents of several talks are available, though most are in PDF format. (Thanks to Bernard Lang and Stéfane Fermigier).

JavaPlus Comes to San Jose. JavaPlus opens October 29 in San Jose, California. This event offers keynote presentations, panel discussions, developer workshops, technical briefings and an Exhibit Hall.

Open Source Development Network. Two open source developers, Bruce Momjian and Tom Lane, both from Great Bridge LLC, will keynote the Open Source Database Summit, hosted by the Open Source Development Network, October 30 and 31 in San Jose, California.

Linux Expo Keynotes announced. Linux Expo Canada has announced their keynote speakers for their October 31st sessions. Speakers from Oracle, Red Hat, MandrakeSoft, and the Free Software Foundation are scheduled to talk. Here's a separate announcement about ParaSoft CTO, Marc Campbell. He will present "How to Create a More Effective Development Process".

Linux TechTracks at Bangalore (India) IT.COM 2000. Linux TechTracks is a series of almost 30 talks delivered by Linux Community members about various aspects of Linux and its usage. "The TechTracks address technical, corporate and "newbie" audiences, and will run from November 1-4 (both days inclusive). The schedule is available online at http://itcom.linux-india.org."

October/November events.

Date	Event	Location
October 27, 2000.	Embedded Linux Expo & Conference	Wyndham Westborough Hotel, Westborough, MA.
October 29 - November 2, 2000.	Software Development Conference & Expo 2000 East	Washington Convention Center, Washington, D.C.
October 30 - October 31, 2000.	Open Source Database Summit	Hayes Mansion Conference Center, San Jose, California.
October 30, 2000.	First Annual Federal GNU and Linux Users' Conference And Awards Presentation	Washington, D.C.
October 30 - November 1, 2000.	Linux Expo Canada	Metro Toronto Convention Center, Toronto, Ontario
November 1 - November 5, 2000.	Linux@IT.COM	Palace Grounds, Bangalore, India
November 4 - November 10, 2000.	SC2000 - SuperComputing	Dallas Convention Center, Dallas, TX.
November 7 - November 9, 2000.	Embedded Systems Conference Europe	Maastricht, Netherlands.
November 10 - 11, 2000.	Linux Meeting 2000	Rome, Italy.
November 12 - November 15, 2000.	XML DevCon Fall 2000	San Jose, California.
November 13 - November 17, 2000.	LINUX Business Expo	Sands Convention Center, Las Vegas, Nevada.
November 25, 2000.	Australian Open Source Symposium	Adelaide, Australia.
November 28 - December 1, 2000.	IEEE International Conference on Cluster Computing	Technische Universität Chemnitz, Saxony, Germany.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

The Linux Game Tome Shows ShowMeLinux How the Game is Played. ShowMeLinux announced the addition of Linux Game Tome to their team. Linux Game Tome will be authoring ShowMeLinux's 'Game Room'. The Game Room is a column offering a monthly review of new or upgraded Linux games.

BountyQuest Launches Internet Destination. BountyQuest has launched a high-stakes knowledge marketplace at www.BountyQuest.com that rewards individuals across the globe for what they know and helps companies settle critical patent disputes more quickly and cost-effectively. Site backers include Jeff Bezos and Tim O'Reilly.

YourWriters.com. Here's a web site that will help you find technology/business writers.

InformIT Adds Live Expert Consultations. EXP.com, an online marketplace for expert advice and services, announced it has teamed with InformIT to provide personalized answers to specific technology and business questions on InformIT's Web site.

User Group News

Linux Users Group of Davis donates books. LUGOD will be donating a collection of Linux- and Unix-related books to the Davis branch of the Yolo County Library on Saturday, October 28th, 2000. Following that event, LUGOD will be demonstrating the Linux operating system at Border's Books.

LUG Events: October 26 - November 9, 2000.

Date	Event	Location
October 28, 2000.	Simi Conejo Linux Users Group LUG Fest III	Nortel Networks, Simi Valley, CA.
October 28, 2000.	Central Ohio Linux User Group	Columbus, Ohio.
October 29 - October 30, 2000.	Italian LUG community meeting	University of Bologna, Italy.
November 1, 2000.	Kansas City Linux Users Group	Kansas City Public Library, Kansas City, MO.
November 1, 2000.	Southeastern Indiana Linux Users Group	Madison/Jefferson County Public Library, Madison, IN.
November 1, 2000.	Silicon Valley Linux Users Group	Cisco Building 9, San Jose, CA.
November 2, 2000.	Edinborough Linux Users Group	Holyrood Tavern, Edinborough, Scotland.
November 6, 2000.	Baton Rouge Linux User Group	The Bluebonnet Library, Baton Rouge, LA.
November 6, 2000.	Rice University Linux Users Group	Rice University, Houston, TX.
November 7, 2000.	Linux Users' Group of Davis	Z-World, Davis, CA.
November 9, 2000.	Boulder Linux Users Group	NIST Radio Building, Boulder, CO.
November 9, 2000.	Phoenix Linux Users Group	Phoenix, AZ.
November 9, 2000.	Linux Installation	Delfzijl, Netherlands.
November 9, 2000.	The autumn conference of the Unix User Group - the Netherlands	"De Reehorst", Ede, Netherlands.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Software Announcements

Sorted by section and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Back page page.

Linux Links of the Week

Fscktris. Tired of waiting while your multi-Gigabyte disks run through an fsck upon reboot? Fscktris may be your answer! Now you can play a Tetris clone while your disks are being cleaned up. Note carefully, however, the caveats from Fscktris' web-page: "Fscktris should only be used if you really don't care about your data. Whilst I've had no problems with it, it comes with no guarantee of safety. This could hose your filesystem ! (although I would say it's unlikely :)".

The website formerly known as LiLAC. The website formerly known as LiLAC has been renamed MobiliX. The emphasis is on information related to Unix/Linux, laptops, PDAs, etc., though the Ecology-HOWTO and Medicine-HOWTO can also be found here.

Section Editor: Jon Corbet

This week in history

We have less specific information on the status of the Red Escolar project, since the Red Escolar News Page hasn't seen an update since June 28th. Fortunately, other pages on the site have been updated more recently, including the status page, which was updated yesterday. It still indicates implementation of the Red Escolar project is only moving forward in the San Luis Potos area.

Debian got congratulations on their port of Debian to the Netwinder two years ago. The Netwinder, however, has remained an infrequently used device, not quite living up to the promise we thought it had back then.

Corel announced its support for the Wine project, choosing it as a platform to bring their products to Linux and promising an infusion of new developers to the project as well. Two years later, the Wine project is finally approaching its first stable release. Meanwhile, of course, the financial state of Corel, and the recent large investment in Corel by Microsoft, have led to questions about Corel's possible future involvement, or lack thereof, both in Wine and in Linux.

One year ago (October 28th, 1999): To no one's surprise, licensing problems between Qt and the GPL were in the spotlight a year ago, with Corel's development as the catalyst. Corel liked using Qt for developing the software they added to the Corel Linux distribution, but their developers were much less likely to be aware of potential licensing conflicts when mixing the Qt with GPL'ed code from Debian. Of course, such problems have now been largely eliminated by the dual-licensing of Qt under the GPL, a possibility not even under discussion last year.

Last year, Comdex' standing policy of not admitting any person under the age of eighteen was under scrutiny, spawning much debate. The policy is no different at this year's Comdex. We have noticed other computer conferences, though, where such age restrictions have been removed.

Speaking of Comdex, Miguel de Icaza will be delivering one of the keynotes at Comdex this year, on Tuesday, November 14th. It was only a year ago that Miguel quit his day job in Mexico and moved to the United States. At that time, his new company Helix Code, Inc., was spoken of only in terms of "secret investors". Nowadays, they've hired a great deal of talent from the Gnome developer team and are in the process of figuring out how to make some money.

Letters to the editor

Date: Thu, 19 Oct 2000 22:56:34 -0600
From: Joe Brockmeier <jbrockmeier@earthlink.net>
To: lwn@lwn.net
Subject: Red Hat Editorial

Hey Guys,

Hope all is well at Linux Weekly News. 

Read the front page bit about the Red Hat release. I've got
to say, I think you're letting Red Hat off pretty easy. Red
Hat presents its software as being production-ready, and as
such it should be as production-ready as possible. Red Hat
is supposed to be the market-leader and as such they should
recognize that they're going to be a lot of people's first
distro. If they get a distribution that has serious bugs,
why should they consider Linux any better than Windows?

Most of the people who are going to find these bugs are not
going to understand them, and certainly won't appreciate being
part of the bug-cleaning crew. And, in their minds they're
not getting the benefits of free software - they paid good
money for it. 

Many long-time Linux users recogize that a .0 or .1 release
of Red Hat is going to have issues. But newcomers will not,
and this is not the time to be springing buggy software onto
newcomers to Linux. It's time Red Hat, and the other distros,
start releasing just one major release every year and make
the rest of them developer releases or updates. It's just not
good for retail or for end users who are not developers - a 
much larger percentage these days. 

Okay - enough tirade. Just my humble opinion.

Take care,

Zonker
-- 
Joe "Zonker" Brockmeier
jbrockmeier@earthlink.net
Zonker@Linux-Mag.com
Zonker@UserFriendly.org

Date: Thu, 19 Oct 2000 08:59:50 -0800
From: Arthur Corliss <corliss@odinicfoundation.org>
To: lwn@lwn.net
Subject: Red Hat's early software release

Greetings:

I wholeheartedly and emphatically disagree with your assesment of RH's action.
I agree that the glib issue was helped by them, but you're talking about
apples and oranges.  As I recall, glib was a *hell* of a lot more mature than
gcc 2.96 is when they did so, and so the end result were pure bug patches.
Gcc, on the other hand, has experimental features and methodologies that might
not make it into a stable release at all.  This isn't hastening adoption, this
is just ludicrous decision making, pure and simple.

One final thing that everyone seems to be forgetting:  screw what Red Hat
wants, doesn't the gcc project managers have any say about the inclusion?
Even *they* publically denounced the inclusion into a "stable" distribution
release.  RH obviously cares little about the maintianing developer's
recommendations.

So let's get this straight:  RH did no favours to anyone.  They included a
release *against* the wishes of the package maintainers, and foisted a product
onto the unsuspecting consumer that has experimental features that may even
make it incompatible with the *next* stable release.  This does *nothing* to
debug the product, it only makes RH users guinea pigs in the truest sense of
the phrase.  That's wrong.  Period.

Your endorsement of their actions is reprehensible.

That said, outside of your ridiculous editorial highlighted above, you have
one of the finest Linux e-rags out there, and I read you religiously.  Keep up
the good work.  ;-)

	--Arthur Corliss
	  Bolverk's Lair -- http://www.odinicfoundation.org/arthur/
	  "Live Free or Die, the Only Way to Live" -- NH State Motto

Date: Thu, 19 Oct 2000 10:36:23 +0200
From: Federico Di Gregorio <fog@mixadlive.com>
To: lwn@lwn.net
Subject: about this week editorial

hi,

	in your defense of redhat you compare gcc release with glibc2
release. there are big differences. when redhat released 5.0 debian
had already used the new libc for months. in unstable. and almost all
debian developers and *a lot* of other people run unstable (that is not
so much unstable, but that's a problem with debian slow release 
cycle...) so that library was not so much new or incompatible with
anything else.

	gcc was taken from *cvs* and released with a new version number
without ever worrying for compatibility with other linux systems. that's
different.

	another point is that using the userbase (the *paying* userbase)
as a testbad for broken products is a practice i can't approve. it
remainds me too much of M$ techniques of shipping broken software. the
should have a choice: stable software or over-the-edge-but-buggy one.

friendly,
federico
 
-- 
Federico Di Gregorio
MIXAD LIVE System Programmer                           fog@mixadlive.com
Debian GNU/Linux Developer & Italian Press Contact        fog@debian.org
  Put a GNOME on your desktop! [http://www.gnome.org]
                                      -- brought to you by One Line Spam

Date: Fri, 20 Oct 2000 21:37:10 +0000 (GMT)
From: Mike Fisk <mfisk@lanl.gov>
To: letters@lwn.net
Subject: Software testers needed

Back when everybody had to download and compile tarballs manually, we all
made implicit decisions about when we wanted to upgrade a package and if
we wanted to try a development, prerelease version or the latest stable
version.  Now that so many people just use whatever their favorite
distribution has seen fit to give them, there's less experimentation with
new versions --- unless that's what your distribution gives you.

I applaud distributions pushing the envelope with applications, but they
should advertise those distributions as being "tests", "developer
releases", "betas", etc.  As you state (in the lead article of the October
19th LWN), this is part of the open development process*.  But, I don't
care for Red Hat's eagerness to shrink-wrap these releases and advertise
them as a full release.  Microsoft and Apple will sell you test releases,
but they're clearly labelled as such and the stable versions are still on
the shelf.

People who want more reliability with Red Hat have learned to stay behind
the curve of new releases.  I think other development processes like the
Linux kernel and the Debian project achieve the same goals, but are more
up-front about it.  Many of us choose to track the development kernels or
Debian frozen/unstable trees in order to get the latest features in
exchange for being guinea pigs.

But these development versions are acknowledged as not necessarily being
the best choice for stability or usability.  For production systems, we
may choose to use stable releases.

From the IT perspective, having your staff track the unstable kernels and
distributions on their desktops or test systems also gives them
familiarity with new features before they show up on your production
systems.

*The increase in public betas of commercial software is evidence that the
need for wide exposure in testing isn't specific to open source.

-- 
Mike Fisk, RADIANT Team, Network Engineering Group, Los Alamos National Lab
See http://home.lanl.gov/mfisk/ for contact information

Date: Sat, 21 Oct 2000 12:29:27 +0200
From: Toon Moene <toon@moene.indiv.nluug.nl>
To: letters@lwn.net
Subject: When is the right time to release free software? 

Jon, Liz,

On this week's LWN Front Page you write:

> When is the right time to release free software? Red Hat has
> taken some grief recently for releasing development versions of the
> compiler and C library with Red Hat 7. One reason (of many) that has
> been put forward to explain this decision is that Red Hat is seeking
> to help stabilize the development of gcc 3.0 by increasing the
> development version's user base. By increasing the number of testers
> (also known as "users"), Red Hat 7 will flush out the remaining bugs
> and provide motivation for the gcc team to get 3.0 out there.

[ Note that I write the following as GNU Fortran maintainer, and
  do *not* speak for the GCC Steering Committee ]

Perhaps I can correct one misunderstanding from the start:  Red Hat did
not just "drop" a development *snapshot* of GCC into Red Hat 7 - they
took the 20000731 snapshot and applied a boatload of bug fixes to it
before they shipped it as Red Hat 7's system compiler.

In fact, this is not unlike the way the GCC team organises new
releases:  A CVS branch is made and is beaten on until we think we
ousted all known bugs.  Therefore there's no a-priori reason to assume
that Red Hat's GCC "2.96" is buggier than the official GCC releases.

Because the relevant bug fixes were "fed back" into the official GCC
development tree, it *did* help to flush out bugs, but in a different
way you foresee (although the effect you mention above will exist).

No, Red Hat's move is interesting in a different way:

*Nobody knew what they were doing until days before it happened*.

On the 23rd of September I sent the following note to the SC list:

> Listening to the rumor mill on the Internet, I get the impression that
> the (GNU/)Linux distribution according to Red Hat, version 7.0 - due
> early next week, will contain an (ammended) snapshot version of GCC
> 2.96.

> I do not oppose this move per se; however, due to the fact that the
> projected release time for GCC-3.0 was "end of the year", I also 
> didn't particularly take care of bundling related Fortran Frontend 
> updates that are interdependent.

In fact, what happened was (as became clear in hindsight) that the
snapshot on the 31st of July - which is the basis of Red Hat 7's system
compiler - was taken right in the middle of those updates I mention
above.

Now, fortunately, the damage is small - the (g77) compiler will crash if
you feed it both -g and -fdebug-kludge options when compiling Fortran
source with COMMON BLOCKs in it; at least it won't generate incorrect
code ...  Furthermore, four weeks after the release, apparently nobody
has run into this problem yet (at least I haven't seen a bug report
about it) ...

However, it could have been worse, and to come to the point of my
message:  It could have been avoided !

If Red Hat had communicated with the developers of GCC, this could
easily have been corrected by:

1. Red Hat waiting to take the "quiescent" snapshot that would be
   the basis for their system compiler.

2. Me working somewhat faster to meet their deadline.

3. Red Hat applying the changes _after_ taking the snapshot.

I sincerely hope that this non-communication was an unfortunate
incident, and won't happen again.  We volunteers in various free
software projects have to work with the information presented to us; if
someone just takes the work and runs, they get what they asked for ;-)

Perhaps it's good to stress again that I write this as my personal view
on the matter, in my function as GNU Fortran maintainer.

Cheers,

-- 
Toon Moene - mailto:toon@moene.indiv.nluug.nl - phoneto: +31 346 214290
Saturnushof 14, 3738 XG  Maartensdijk, The Netherlands
GNU Fortran 77: http://gcc.gnu.org/onlinedocs/g77_news.html
GNU Fortran 95: http://g95.sourceforge.net/ (under construction)

From: "David C. Spaeth" <dspaeth@taskiss.com>
To: <lwn@lwn.net>
Subject: Thank you!
Date: Fri, 20 Oct 2000 23:36:05 -0500

You've summed up my opinion about Red Hat's 7 release more succinctly than I
ever could!  Thanks! I really appreciate Red Hat's efforts in reguard to
it's releases. With their work, my systems are steadily becoming more and
more able to assist me in managing UNIX systems (SCO, Linux, AIX, and
Solaris/SunOS) for my customers. I also run Linux on about 6 systems at
home...3 as only Linux, 3 as dual-boot (my kids lie StarCraft and Diablo
II). Thanks for not slamming Red Hat!

David Spaeth
Sr. SysAdmin
Taskiss.com

To: letters@lwn.net
Subject: Secure Deletion
Date: Sat, 21 Oct 2000 17:56:31 -0500
From: Christopher Browne <cbbrowne@hex.net>

The "File That Would Not Go Away" problem is indeed more of a problem
than people expect, and the "Oh, I'll Just Delete The File" thing
represents a perpetually misleading Deus Ex Machina in literature and
Television.  And the misunderstandings of Hollywood do not just fall
out of their ignorance; I don't think that the issue is, generally
speaking, well-understood even by those that should know better.

Just this week, the TV show "Dark Angel" trotted the situation out
where the hacker friend of the protaganist prevents the bad guys from
pulling her picture out of prison records by, at the last possible
moment, "deleting her record from the database."

COMPETENTLY RUN prison information systems are likely to be running a
journalling database system [any of the major names, Oracle, Informix,
DB/2, Sybase, Microsoft SQL Server, should do] for their database
needs.  The Bad Guy may react to this setback with a little less
fatalism:

  "Oh, well, let's just take the last cold backup, sitting on
   tape, along with the Oracle archive logs, continuously being dumped to
   tape as they are produced, and recover them to a duplicate system."

Keeping data ephemeral on systems intended to keep it persistent is
about as problematic as keeping data persistent on ephemeral systems.

The "most ephemeral" thing is data that sits in memory that will get
destroyed as soon as power goes off.  Mind you, that is misleading when:
 - RAM on my PalmPilot _isn't_ lost when I shut it off;
 - Data might get swapped out to disk

At the other end of the scale, databases tend to be characteristic of
the "least ephemeral thing;" transaction logs, if carefully backed up,
can't be deleted via anything a remote hacker might try to do.  After
all, if updates get dumped onto tape immediately, and the tape quite
quickly gets processed through, dropped into archives, it may become a
tremendously challenging thing to try to remove data.

This implies that the typical Hollywood scenario of "We'll have to
hack in to purge the records from the police files" represents so much
nonsense.  The last I heard, the RCMP was using Trusted Oracle for
such applications; I'm sure similar is true for many other police
forces.

The funniest relevant anecdote I've heard is of a payroll system where
they didn't want to have the high salaries of corporate executives
available to the computer systems staff.  Every couple weeks, an
executive assistant, entrusted with this data, would temporarily enter
the rates into the system, run cheques, carefully keeping them from
the eyes of the rest of the computer centre staff, and then remove the
salaries, leaving everyone none the wiser.  Or so they thought.  The
net result of the process was that the "fingerprints" of the executive
pay information was being recorded three or four EXTRA times since the
DBMS logged each modification.  Back to the drawing board...

Files fall somewhere in between in terms of robustness.  They are
certainly more "stable" than RAM, but are less so than a
transaction-logged DBMS.  Every time someone adds DBMS technology,
such as logging/journalling, to a filesystem, files become a little
more difficult to _comprehensively_ purge.

The answer may ultimately be to implement some sort of "Secure
Temporary File System" providing semantics to guarantee that files can
be securely deleted, where temporary files become _truly_ temporary.
--
cbbrowne@hex.net - <http://www.hex.net/~cbbrowne/linux.html>
"C++ is more of a rube-goldberg type thing full of high-voltages,
large chain-driven gears, sharp edges, exploding widgets, and spots to
get your fingers crushed. And because of it's complexity many (if not
most) of it's users don't know how it works, and can't tell ahead of
time what's going to cause them to loose an arm." -- Grant Edwards

Date: Thu, 19 Oct 2000 11:41:16 +0000
From: Oliver White <ojw@iinet.net.au>
To: strombrg@nis.acs.uci.edu, letters@lwn.net
Subject: RE: kde and gnome and pr and licensing

>KDE has fixed their license problem finally, but it's probably
> (hopefully) too late for KDE to recover from Gnome getting the
> critical mass of developers.

Licencing is a major issue. However, there are several technical reasons
that still keep developers from working with Gnome rather than KDE. The
Gnome folk are, for the most part, 'Old School' hackers. They depend on
Emacs, C and think diagrams are for the weak.

This is all very well. However, there is a certain snobbishness towards
people who want to develop in C++, using more modern (not necessarily
better) techniques for communication like UML, and who'd like to use an
Integrated Development Environment.

As far as I can see, while KUML is comming along nicely, nobody is
interested in developing a Gnome UML tool, though the potential to share
code and resources early on is there. Support for C++ Gnome development
is comming along quite slowly, and gIDE is a long way behind KDevelop.

These cultural reasons, rather than reasons of idealism, are enforcing
the divide between the KDE and Gnome projects, I can only hope that in
future the choice will simply be based on which environment the
developer prefers.

--
Oliver White
www.worldforge.org

Date: Sun, 22 Oct 2000 14:01:41 -0300
From: Horst von Brand <vonbrand@sleipnir.valparaiso.cl>
To: letters@lwn.net
Subject: Red Escolar (Re: Stop the colors already!)

Peter Samuelson <peter@cadcamlab.org> said:

[...]

> So now, according to the LWN sidebars, we have the five mentioned above
> plus Black Cat Linux, BluePoint Linux, White Dwarf Linux and Green Frog
> Linux, not to mention the variations Darkstar Linux, Red Linux, Redmond
> Linux, Think Blue Linux and the Red Escolar Project.  Oh, and don't
> forget the ones that incorporate the Red Hat name directly, like VA/Red
> Hat and KRUD.

"Red Escolar" is Spanish for "School Network", "red" is "network". No
colors were harmed when naming this.
--
Horst von Brand
vonbrand@sleipnir.valparaiso.cl
Casilla 9G, Vin~a del Mar, Chile                               +56 32
672616

Date: Sat, 21 Oct 2000 08:24:28 +1100
From: Tim Josling <tej@melbpc.org.au>
To: letters@lwn.net
Subject: Undefined expressions in C

"The hunt for undefined code. 

Here's one kind of problem that a new compiler can turn up. Most
C 
programmers learn early on to avoid code like: 

a[i] = i++;

The results of this kind of code are undefined; the array
assignment could happen either before or after the value of i is
incremented."

The expression above, as no doubt many people have pointed out,
is actually OK. Section 3.3 of the 1988 ANSI C standard says that
you can only assign once to a variable in an expression.  So for
example


i = i++ + 1;

is not allowed because i gets assigned to twice.

But 

a[i] = i++; 

is OK - i is only assigned to once, and the value used for the
array subscript is the value before the auto-increment.

Tim Josling

Date: Fri, 20 Oct 2000 15:42:41 +0100
From: John Winters <john@linuxemporium.co.uk>
To: lwn@lwn.net
Subject: Kernel development page - 2000-10-19

Hi there,

At the risk of flogging a dead horse I'd just like to pick up on
something said on your kernel development page this week:

Quote============================

The hunt for undefined code. Here's one kind of problem that a new
compiler can turn up. Most C programmers learn early on to avoid code
like: 

    a[i] = i++;

The results of this kind of code are undefined; the array assignment
could happen either before or after the value of i is incremented.

End Quote========================

The final sentence is the problem.  Yes, it's undefined but the last
part gives more than a passing impression that the undefinition is
confined to when the increment occurs.  That's not true at all.  The
code simply has no meaning within the confines of the C language - you
might get the result you expect; you might get a result consistent with
the increment having happened before or after the assignment; you might
get any behaviour at all.  The classic defence of such code is, "I don't
care whether the increment happens before or after.  Either will do what
I want."   This alas fails because there's no guarantee that the
increment will happen at all (or that the assignment will happen, or
that the code will even compile).

Apologies if you already know all this but even as a simplified
explanation the quote above can lead to problems.

Regards,
John Winters

-- 
John Winters.  Wallingford, Oxon, England.

The Linux Emporium - the source for Linux CDs in the UK
See http://www.linuxemporium.co.uk/