[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news
 Back page

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The Python team moves - again. Last May Guido van Rossum, the Python BDFL (Benevolent Dictator For Life) announced that he was moving, along with much of the Python development team, to BeOpen. This move was intended to be a good thing for Python, allowing the language to develop more quickly than had been the case so far.

To some, BeOpen seemed like a bit of an awkward fit. And it turns out that it was - On October 27, Guido sent out a new announcement stating that the PythonLabs team was moving again - this time to Digital Creations. The hope, clearly, is that the new home will work out better: "We trust that Digital Creations will provide a stable home for Python for many years."

What went wrong with BeOpen? Consider that the Python group consists of five top-level hackers (Guido, along with Tim Peters, Barry Warsaw, Jeremy Hylton, and Fred Drake); just keeping them supplied with pizza could be an expensive proposition, and payroll even more so. BeOpen would not commit itself to such a drain on its checkbook without having some idea of just how the Python team would bring in revenue to offset the expense.

That idea, according to a conversation we had with Guido, was to build an advertising-supported Python portal site. But that's a hard business and it didn't work out; neither did any of the other ideas that came up. Says Guido:

In the end the plan was that the PythonLabs team would do Python consulting to bring in revenue to fund the entire company. But even that didn't work, and they couldn't pay our salaries. At that point we figured we'd waited long enough for things to get better, and decided to cut our losses.

Digital Creations, of course, will have the same sorts of concerns; will things go more smoothly this time around? The view from the outside suggests that it should. We talked with Digital Creations CEO Paul Everitt about this move, and it became clear that the company has the potential to be a good match for the Python team.

Digital Creations, of course, is the home of Zope, the Python-based, open source web application server that has been on a growth path for the last couple years. Zope has derived great benefit from Python and the capabilities it provides. It is also true, however, that Python has benefitted from Zope, which was the "killer app" the language needed to push it further into the mainstream.

The business case for hosting the Python group seems clear. Digital Creations is a classic example of the value of branding. Anybody can set up a Zope-based site, but DC is the company that created Zope. They will be the first provider on anybody's list when they are thinking about Zope. That branding effort can only be helped by also having on board the people who created Python.

There is also the little fact that DC has a lot of Python programming that it needs to get done. The PythonLabs group will spend part of its time doing DC's work, which can include hacking directly on Zope. The rest of their time is to be spent doing whatever they think needs doing to push Python forward. According to Paul Everitt:

One of our strongest differentiators is time-to-market, and Python is core to our ability to deliver on that story.

At the same time, the PythonLabs guys have some extremely unique experience in some problem domains of importance to us. They'll clearly help us shave months off the time needed to get technology into the market, and the value of that is very important to our plans.

So having the Python group around clearly makes sense, even without Paul's last reason, which could justify hosting this group by itself: "Finally, we've bet the business on Python. We need to help secure its future and increase its success."

There was another important bit of news in Guido's note: a non-profit organization (the "Python Software Foundation") is being created to hold the copyrights to the core Python code. Python will not be owned by Digital Creations. This is a good move on Guido's part; as the acquisition of Ajuba Solutions (covered in last week's LWN weekly edition) shows, a company's priorities can change very quickly. Digital Creations looks pretty solid as it is, but having Python set up to thrive if things change makes a lot of sense.

(See also: Paul Everitt's ZopeNewbies posting on the move; LWN's interview with Paul and with Guido, which have more interesting information, the Ninth International Python Conference, which should be a most interesting event next March, and this reminder that papers for that conference are due by November 6).

Turbolinux Inc. files for IPO. The pace is picking up: Turbolinux announced on October 30 that it has filed for an initial public offering of stock. As usual, we've gone and taken a look at Turbolinux's IPO filing. The result is an interesting picture of a true Linux software company - there is no reliance on service plans or web portals in this plan. There's also some interesting information on just how Turbolinux parted ways with its founders, Cliff and Iris Miller. Have a look at our writeup for the full scoop.

It seems that the Linux IPO drought may finally be coming to an end. No Linux company has managed to go public since Caldera Systems squeezed in last March, and many that were expected to didn't even try. But now there are three Linux companies with IPOs outstanding: Lineo, LynuxWorks, and TurboLinux. Actually, there's four if you count Transmeta, which is currently due to hit the market on November 6 or 7. OK, five if you count Rackspace, which still does not have a date.

Of course, filing for an IPO and actually accomplishing one are two different things, as Lineo (which filed in May) can attest. It remains to be seen whether any of these companies actually get their stock out there. The markets are hostile, and quite a few investors may be a little worried about Linux stocks. But then, Linux is stronger than ever, and people (outside the Linux community) may be beginning to figure that out. If they come back to the Linux market with more realistic expectations, things should be better off all around.

U.K. Patent Office consultation on software patents. The U.K. Patent Office has put up a request for comments on how software (and business method) patents should be treated in the U.K. and Europe. There is also some interesting information to be found in there, including the fact that some 15% of all U.K. patents now are "software-based."

They seem truly interested. "We want to know what you think about this so that Government policy is evidence-based and relevant to business, commerce, and consumers - in other words to you. So, whether you are in the software industry, financial services, are a software user, a consumer, or are otherwise interested, we want to hear from you." The deadline for responses is December 15. (Thanks to Alan Cox).

Linuxcare ups and ... well, ups. The news out of San Francisco this week was the appointment of Art Tyde as CEO to Linux services company Linuxcare. Tyde was one of the original founders, along with David L. Sifry, Linuxcare's Chief Technology Officer, who talked with us about Linuxcare's future.

LWN: Linuxcare has shut down its European operation, which unfortunately means a lot of people are out of work. The company has also put Art Tyde in as CEO (replacing Fernand Sarrat who was let go in April) after a exhaustive search for a IPO-targeted "brand name" chief. Why?

Sifry: Why is Art CEO? It was a business decision. As a company we've been in a search for a CEO since April/May. Various search agencies were helping (including Christian and Timbers, who helped put [Carla] Fiorina in charge at HP) - we wanted the right person, someone who understands open source and Linuxcare, which has grown up out of the community. Someone who understands that philosophy and not be like a hardware company. An advocate for the customer who understands the culture, but then also understands business. Someone who can take a company from $1M to $10M, who can deal with investors and the public sector. We wanted a leader, a visionary - someone who can motivate the company. You can find people with one or two of these attributes, but seldom all three.

There was no lack of candidates, but we had a hard time finding the right person. After 6 months the board thought they had set their standards too high for a single person. They looked around the company itself and found those attributes in various people - in fact two people. The board was happier looking inside the company instead of outside - continuance of leadership instead of someone coming in with their own people.

The business was doing well - deals with HP, Motorola, $30M in venture, all without a CEO. This was a testament to the company's business being fundamentally strong. The board said "lets get creative". They made Art CEO - the visionary, the business type - and backed him up with Christian Paul as COO. Art has overall responsibility for the actions of the company. He's focusing his time with customers and partners, as well as providing leadership and vision to the troops. Chris is responsible for managing the day-to-day business operations of the company, such as finance.

We then looked at our business and where we were making our money. For now, the majority of money is being made in North America and Asia. We weren't making a lot in Europe. When the market was hot we hired on a bunch of people, but things settled out and the way the market looks the business was not coming from Europe. If we can't play to win - if we're not willing to invest in the infrastructure then we shouldn't be there. It had nothing to do with the people - they were some terrific developers. But it came down to a business sense - were we really focusing on core markets.

We fully expect to be back in Europe in force, but when we can focus on a market that exists (when it does). We realized we had overextended a little. As a company we play to win, if we're going to be in a market we want to be the dominant player.

LWN: So is this the end of the Venture Capital driven strategy? Are VC's still driving Linuxcare?

Sifry: VC are interested in results. They aren't particularly interested in the details. As a company, they want to know if we have focus. Do we have a position in the markets we're playing in where we are dominant? That's what VC's (and investors) ask. Linuxcare's board, which only has 2 VCs, includes such people as:

  • John Drew - founder of INS, who sold to Lucent for several billion.
  • Regis McKenna - Intel, Compaq, Apple marketing whiz
  • Ted Schlein - general partner, Kleiner Perkins Caufield & Byers
The Linuxcare Board of Directors currently has 6 members.

LWN: Does the re-appointment of Art Tyde indicate that Linuxcare has a reduced interest in attracting investors? Have you had any negative feedback with Art's appointment?

Sifry: No negative feedback. He was already there, now it's just more permament.

LWN: Might the appointment indicate that the VC world is giving up on Linuxcare?

Sifry: We raised $30M earlier (in September I think), and we are hitting our numbers.

LWN: Will Linuxcare be seeking further investments in the near future?

Sifry: No current plans. We expect to be profitable by the end of next year.

LWN: What are the priorities for Linuxcare now? Where will the money be coming from? Has the business model changed?

Sifry: Revenue will come from services for open source software. We continue to see ourselves as scaling in more automated ways. Our focus will stay in professional services, with our knowledge base. You can expect more big announcements by the end of the year, but I can't give any details right now.

LWN: What lessons have been learned about how free software businesses should work with the investment community?

Sifry: We both have to learn a common language. We had to train our investors and board on what we do. Once they understood that and had their expectations correctly set it's been a smooth relationship. The need for a common language was key.

What they taught us was discipline and focus for the business. You have to be selective about what markets you target.

Summary: The closing of the European offices was unfortunate, but a definite sign that Linuxcare is refocusing to meet investor expectations and internal strengths. The company is slowly regaining its focus as a free software company, rather than an "IPO missile." Dave Sifry's summary suggests that things are on the right track: "I'm happier now than I've been in a year and half."

Inside this week's Linux Weekly News:

  • Security: Lessons from Microsoft hack, Princeton reports on SDMI technology.
  • Kernel: 2.4.0-test10; XML in the kernel; loadable modules patented?
  • Distributions: Progeny Linux Beta, MaxOS, Slackware on Sparc, Nanix.
  • Development:Qt/Embedded under GPL, Gnome UI team reorg, KDE multimedia, hypeware.
  • Commerce: Investing in open source; OpenSales changes name; JYACC releases Open Source POSSL.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

November 2, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Security page.


News and Editorials

Lessons from the Microsoft network intrusion. By far the most notorious of security news this past week was the admission by Microsoft that their internal network had been compromised, the FBI called in to investigate and the source code to Microsoft Windows and/or other Microsoft products possibly accessed by the intruders. Below, we've listed a compendium of sites that have coverage on the issue, so feel free to glut yourself.

Most of the coverage has looked either at the mystery of who the intruders were, what their intent was, or the possible repercussion. For better or worse, though, these are all speculation; real answers will come later or possibly not at all. We'd like to focus, instead, on the lessons to be learned from this intrusion.

First and foremost, the clearest message we see is that "all bugs deserve to be fixed". We cannot resist pointing out this old, and infamous, interview with Bill Gates in which he states, "There are no significant bugs in our released software that any significant number of users want fixed". The largest "bug", in this case, has been the vulnerability of the various Microsoft operating systems to viruses and the unintended execution of suspect binaries. Rather than fix this fundamental flaw, Microsoft allowed and encouraged an entire industry built on "protecting people" from its impact. Unfortunately, the ease in which new viruses can be developed, or mutated from previous viruses, plus the reality of the amount of personnel resources needed to keep virus databases up-to-date and computers secured, makes a joke of the ostensible purpose of this industry.

The real purpose of the virus-protection software industry is to make money and they were given a wonderful business model for it -- a never-ending supply of new viruses, guaranteeing that people would have to pay money, again and again, in order to "get the latest protection". People didn't end up truly secure, just poorer. In the end, it is poetic justice that Microsoft itself should suffer for its choice. What user cares about having this bug fixed? In this case, Microsoft is one user that must wish this bug had been fixed. They are far from the only one.

Another lesson from this intrusion is the fallibility of the closed source security model. Time and time again, security experts in the Open Source community have warned that security which has not been exposed or scrutinized cannot be counted on. Now with the possibility that the Microsoft operating system code has been exposed, and exposed to people with a track record for exploiting security vulnerabilities, we're about to get a graphic lesson on the topic. Given the wide-spread use of Microsoft products, what country, what company, is not currently wondering what impact this will have on them. Many people believe there are back-doors in Microsoft products -- if there are and the source code has truly been exposed, they will be exploited.

If I were a foreign government, I would be strongly tempted to make an international incident of this intrusion, demanding immediate disclosure of the source code, so that everyone at least has an equal chance of finding security vulnerabilities and protecting themselves against them.

In the end, the final lesson: while access to the source code can't protect you from security problems, it is an essential first step towards security. You can't protect yourself without it.

Press Coverage:

Princeton Team Cracks SDMI (Web Developer). The Secure Internet Programming team at Princeton chose to pick up the SDMI Challenge. As a result, they announced this week their defeat of the SDMI watermark technology, a critical part of SDMI's boasted security.

The Princeton team explained their decision to participate in the challenge in their FAQ, which is well worth a perusal. Here is one quote:

"Still, wouldn't it have been better for opponents of SDMI if you let SDMI go ahead and deploy a flawed technology, so music lovers could teach them a lesson by copying music despite the technology?

Of course not. This is scientific research: it is not our goal to engage in tactics such as tricking the industry into choosing a flawed system. Our goal is simply to analyze security systems and share our results openly with the scientific community.

Again, researchers who crack cryptosystems and security systems are not motivated by a desire to exploit these flaws later. They are merely subjecting systems to analysis, motivated instead by a desire to increase the existing body of knowledge about security systems.

Secondly, if the technology is cracked in deployment, rather than on the drawing board, everyone loses to some extent. The recording industry obviously, device manufacturers most certainly, but even opponents of SDMI. Even pirates! To an opponent of SDMI, even a broken, circumventable SDMI system is worse than no SDMI system at all. "

They go on to discuss the implications of the Digital Millennium Copyright Act (DMCA), which they felt would have made research into the SDMI Security outside the announced contest potentially illegal, and the glaring faults of the contest itself, which did not give contestants access to the software equal to that which a consumer will have if the software is deployed.

Princeton waived the potential reward in return for free disclosure of what they found. We can only hope that their work helps bridge the knowledge gap with proponents of SDMI.

Zero Knowledge marks Freedom milestone (Upside). Mike Shaver, Zero Knowledge's Chief Software Officer and well known Mozilla veteran, wanted to put an open source spin on the company's products. With the release of Freedom 2.0, they've made it official. "Freedom 2.0 is a software tool that lets users encrypt Internet communications and route those encrypted messages through a collection of independent servers which, in turn, add their own layers of encryption. Users who run the client on their desktop machines can use it to manage a collection of pseudonymous identities."

Tripwire Open Source, Linux Edition Now Available. Tripwire, Inc. has released Tripwire Open Source Linux Edition, a project being hosted on Sourceforge.

Interview with AES Winner (LinuxSecurity.com). Vincent Rijmen, co-author of the AES winning algorithm known as Rijndael, is interviewed by LinuxSecurity.com for his thoughts on the development of the Rijndael algorithm, its selection as the NIST algorithm of choice for AES, thoughts on Linux and security, and the future of Internet security. "Vincent Rijmen: ... I think there is an important challenge in making the distinction between complexity and security. Some people still believe that added complexity increases automatically security. This belief should be erased. We should keep on working towards secure and simple systems, that are as easy to understand for the people as a door lock, a sealed envelope, etc."

Security Reports

Samba 2.0.7 SWAT vulnerabilities. Multiple vulnerabilities in SWAT, the Samba Web Administration Tool, were reported this past week. They can be used to bruteforce username and passwords and, if logging is enabled, a race condition can be exploited locally to gain root access. Last, a denial-of-service attack can also be implemented. No fixes for this have been posted as of yet. Disabling SWAT, or restricting access to the service, is recommended.

nss_ldap race condition. Red Hat has reported a race condition in nss_ldap, a set of C library extensions which enable the use of X.500 and LDAP directory servers. Updated packages are provided. This problem will affect any Linux system using the nss_ldap package. No update from PADL Software, the official maintainer of nss_ldap, has been seen yet.

pam_mysql trusted input vulnerability. Pam_mysql, a pluggable authentication module used to authenticate users against a mysql database, uses the user-provided username and password to construct SQL statements. This can be exploited both locally and remotely to gain access to plaintext passwords/hashes or, with pam_mysql > 0.4, to gain an unauthorized login. Check the original advisory for additional details.

An upgrade to pam_mysql 0.4.7 will fix the problem.

bftpd buffer overflow. An exploitable buffer overflow was reported in bftpd 1.0.11. bftpd 1.0.12 has been released with a fix for this problem.

Multiple buffer overflows in tcpdump. FreeBSD discovered multiple buffer overflows in tcpdump 3.5 during an internal audit. They have released a patch to fix the problems.

Format string vulnerability in FreeBSD chpass utilities. FreeBSD reported a format string vulnerability which impacts multiple commands, including chfn, chpass, chsh, ypchfn, ypchpass, ypchsh, and passwd. Local root access can be obtained. They have released patches for the problem. Note that other BSD variants are likely affected; we do not know whether or not this code is shared with Linux.

dump-0.4b15 local root access. An input-trust vulnerability in dump-0.4b15 allows dump's environment variables to be used to gain local root access, according to this report on BugTraq. No patch for this has been released as of yet.

Red Hat cyrus-sasl advisory. Red Hat has released a security advisory for the cyrus-sasl packages shipped with Red Hat 7. Due to a bug, users who had been successfully authenticated were allowed to access resources that should have been blocked from them. Versions of cyrus-sasl shipped with earlier Red Hat Power Tools packages do not have the reported problem.

host 8.21 exploitable buffer overflow. An exploitable buffer overflow was apparently found and fixed in the host command some months ago, without announcement. host 8.21 has been verified as exploitable. No information on what version of host contains the fix for this is yet available.

lpr group permissions elevation. An IRC chat session reported vulnerabilities in lpr-0.50-4 and earlier which can be exploited locally to gain elevated permissions. In combination with a wu-ftpd install, it can be used to gain root. Note that newer versions of lpr are widely available, but you may want to check the version you are using.

Commercial products. There appears to have been a minor conspiracy to release advisories regarding security flaws in commercial products this week. The following commercial products were reported to contain vulnerabilities

  • The HTTP service facility in the Cisco IOS can be crashed and forced to reload in reaction to a remote command. Cisco has acknowledged the problem and made fixes and workarounds available. Note that unofficial reports indicate the Catalyst 2820 units with ATM interfaces are also vulnerable, although the advisory indicates they are not. Cisco has confirmed and an updated advisory is promised.

  • The Cisco Catalyst 3500 XL series switches are reported to allow execution of any command via the web interface without logging in. No response from Cisco has been posted yet.

  • The Cisco Systems' Virtual Central Office 4000 (VCO/4K) is reported to be exploitable via SNMP, allowing an attacker to gain administrative access. No response from Cisco has been posted yet.

  • iPlanet Web Server 4.x is vulnerable to a denial-of-service attack. No vendor fix or workaround is available, though the vendor was apparently notified multiple times as early as January, 2000. Netscape Enterprise Server 3.6sp3, fortunately, does not appear to be impacted.

  • iPlanet CMS and Netscape Directory Server have been reported vulnerable to both local and remote exploits via two bugs. The first bug allows a classic directory transversal exploit, where unauthorized files outside the webserver root may be accessed. The second accesses the administrator password, not difficult, since it is stored in plain-text. Patches for iPlanet have been made available from the vendor.

  • The Oracle Enterprise Server listener program is vulnerable to a remote attack from which server access and the ability to execute command can be gained. Oracle has made patches available for this problem.

  • Trusted Systems' TIS Firewall Toolkit (FTWK) is reported to contain a format string vulnerability in their X Windows gateway which can be exploited, in some cases, to execute arbitrary code on the firewall. The vendor does not appear to have been notified in advance. Rick Murphy posted some comments on this vulnerability, including a promise of an unofficial patch for the problem.

  • The Ultraseek Search engine is reported to be vulnerable to a denial-of-service attack. The vendor has made patches available.

  • Unify's eWave ServletExec, a plug-in used with Apache and other webservers, is reportedly vulnerable to both a denial-of-service attack and unauthorized remote command execution. ServletExec version 3.0E has been made available to fix these problems.

  • Allaire's JRun 3.0 is vulnerable to a denial-of-service attack. Allaire has acknowledged the problem and has released a patch.

  • CGIScriptCenter's News Update 1.1 has been reported to contain a vulnerability whereby the news administration password can be changed without previous authentication.


Conectiva update to XFree86 vulnerabilities. Andreas Hasenack of Conectiva sent in this update regarding our report on XFree86 vulnerabilities last week:

Regarding your story on XFree86 vulnerabilities, we have released an update for one of the vulnerabilities (in Portuguese)[bugtraq #1235) for the CL 5.0 distro (others, where applicable, were also updated). That update was done at a time when we were not sending update notices to lwn.net nor bugtraq, but only to our own local lists (in pt_BR). The other XFree86 issues are being investigated and will be addressed soon.

Apache mod_rewrite vulnerabilty. Files outside of the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.

This week's updates:

Previous updates:

Pine buffer overflow vulnerability. An exploitable buffer overflow in Pine was reported to BugTraq in early October. The problem involves Pine's handling of incoming mail during an open session. Check the October 5th LWN Security Summary for the initial report. Note that the FreeBSD update below is the first one we've seen for this problem.

Also announced this week was pine 4.30, which, judging by the Changes, fixes this problem.

This week's updates:

ncurses buffer overflow. Check the October 12th LWN Security Summary for the initial report of this problem. Updates for this vulnerability continue to trickle in more slowly than usual.

This week's updates:

Previous updates:

Boa webserver directory transveral vulnerability. Check the October 12th LWN Security Summary for more details. Boa fixes this problem.

This week's updates:

Previous updates:

NIS/ypbind format string vulnerability. A format string vulnerability in NIS/ypbind can be remotely exploited to run arbitrary code as root. An immediate upgrade is recommended. For more information, check the October 19th LWN Security Summary.

This week's updates:

Previous updates:

GnuPG false signature verification. GnuPG fails to correctly validate multiple signatures in a file. Check the October 19th Security Summary for details. GnuPG 1.0.4 has been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible.

This week's updates:

Previous updates:

Buffer overflows in ping. Multiple buffer overflows in Alexey Kuznetsov's ping were discussed October 19th.

This week's updates:

Previous updates:

GNU CFEngine format string vulnerability. Root access can be obtained on a local system by exploiting CFEngine's use of syslog and its related format string vulnerability. Check the October 5th LWN Security Summary for more details.

This week's updates:

Previous updates:


Upcoming security events.
Date Event Location
October 29-November 2, 2000. SD 2000 (Software Development Conference) Washington D.C., USA
November 1-3, 2000. Compsec 2000 Westminster, London, U.K.
November 1-4, 2000. 7th ACM Conference on Computer and Communication Security Athens, Greece.
November 3-5, 2000. PhreakNIC v4.0 Nashville, TN, USA.
November 8, 2000. Security Forum 2000 Vancouver, British Columbia, Canada.
November 13-15, 2000. CSI 27th Annual Computer Security Conference and Exhibition Chicago, IL, USA.
November 19-21, 2000. Privacy by Design Le Chateau Montebello, Quebec, Canada.
November 26-December 1, 2000 Computer Security 2000 and International Computer Security Day (DISC 2000) Mexico City, Mexico
December 3-7, 2000. Asiacrypt 2000 Kyoto, Japan.
December 3-8, 2000. LISA 2000 New Orleans, LA, USA.
December 10-13, 2000. INDOCRYPT 2000 Calcutta, India.
December 11-15, 2000. 16th Annual Computer Security Applications Conference New Orleans, LA, USA.
December 20-21, 2000. The Third International Workshop on Information Security University of Wollongong, NSW, Australia.
December 27-29, 2000. Chaos Communication Congress Berlin, Germany.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

November 2, 2000

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 Linux in the news
 Back page

See also: last week's Kernel page.

Kernel development

The current development kernel release is 2.4.0-test10. We could report on Linus's comments from his announcement of this release, but they really stand on their own:

Ok, test10-final is out there now. This has no _known_ bugs that I consider show-stoppers, for what it's worth.

And when I don't know of a bug, it doesn't exist. Let us rejoice. In traditional kernel naming tradition, this kernel hereby gets anointed as one of the "greased weasel" kernel series, one of the final steps in a stable release.

There has been the occasional objection that 2.4.0-test10 is not ready, but those have been very small in number. It looks like we're getting close.

The current stable kernel release is 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre18. This one comes with more than the usual number of warnings, due to the deep nature of one of the fixes; if anybody has been burned, however, they are keeping very quiet about it.

Timpanogas Research Group appoints Andre Hedrick as CTO. The Timpanogas Research Group has announced the hiring of Andre Hedrick as CTO. Andre is best known as "the Linux IDE guy," the person in charge of the IDE disk subsystem.

LynuxWorks patents loadable modules? LynuxWorks recently filed for an IPO. The casual reader of the (2.5MB) IPO filing might easily have missed this little bit of interesting material:

We have developed a patented technology that enables LynxOS to be configured to leave out portions of the operating system not required for a given application, thereby reducing the amount of memory used. [...]

In addition, we have filed a patent that covers technology that allows the developer to extend the functionality of the LynxOS kernel without modifying the source code by adding modules for new functionality.

We have not yet succeeded in either finding the relevant patents in the database or getting patent numbers out of LynuxWorks. But from this description, it sure looks like the company is talking about loadable modules. Such modules, of course, are an important part of most Linux installations, and have been a feature of many operating systems for a very long time. It would be surprising if LynuxWorks had really come up with something new in this area.

As always, though, these patents are worrisome. It is getting harder to build a system without encountering more and more of them.

A new Linux IPv6 project. The USAGI Project announced its existence this week. USAGI stands for "UniverSAl playGround for Ipv6"; the project is digging into the Linux IPv6 stack with the intent of bringing it up to modern standards. That work includes bringing the code into compliance with a number of IPv6 RFC's, integrating IPSEC, and a bunch of other stuff.

The project's first release was also part of the announcement. It's based on 2.4.0-test9, and includes a number of enhancements and bug fixes to the standard IPv6 implementation. They have even made an IPv6 version of khttpd. Further releases are planned on a two-week schedule.

More information may be found on the linux-ipv6 web page. (Thanks to Per Harald Myrvang).

/proc in XML? A posting from somebody identified as "Joe" raised an intriguing idea: why not have the /proc filesystem return data in XML format? In this scheme, a file like /proc/meminfo would have lines like:

	<MemTotal>63036 KB</MemTotal>
Instead of the current:
	MemTotal:     63036 kB
Such a scheme would have some advantages. Almost every language now has a library that makes parsing of XML easy, so parsing the /proc entries should not be a problem. If the new format were properly done, the past problems where changes in the format of /proc files breaks applications should happen no more. And, most importantly, think of the great buzzword compliance that an XML-generating kernel would provide.

On the downside, this would be yet another /proc format change that breaks applications. And all that XML boilerplate would bloat the kernel image a bit.

But the real reason why this change will never happen is that the vision for /proc is a bit different. The plan is to split apart /proc entries so that each contains a single value, replacing file formatting with a directory structure. There's no need or place for XML in such a scheme, and parsing problems mostly just go away. But it's a fun idea...

Other patches and updates released this week include:

  • Gary Lawrence Murphy posted an updated call for participation in his KernelWiki collaborative documentation project. KernelWiki is coming along, a fair number of people have contributed material.

  • SUBTERFUGUE 0.1.99 ("a foundation for building tools to do tracing, sandboxing, and many other things") was released by Mike Coleman; it was followed quickly by a bug-fix update.

  • H. Peter Anvin announced a new policy for cryptographic software on kernel.org, in response to a further liberalization of U.S. crypto export policy.

  • Jens Axboe released version 0.0.2d of his packet CD writing driver.

  • A new user-mode Linux release was announced by Jeff Dike.

  • Bartlomiej Zolnierkiewicz has released a backport of the 2.4 IDE patch.

  • Andreas Gruenbacher posted a new version of his extended attributes proposal.

Section Editor: Jonathan Corbet

November 2, 2000

For other kernel news, see:

Other resources:


 Main page
 Linux in the news
 Back page

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

First Progeny Linux Beta ships. Progeny Linux Systems is an effort by Debian founder Ian Murdock (and funded by the Linux Capital Group, headed by former Debian leader Bruce Perens). Its purpose is to "make Debian ready for the market" while preserving all that makes Debian special.

Progeny announced the first beta of its distribution on October 31. It's on the bleeding edge, being based on the unstable "woody" version of Debian. They have added some nice things, like hardware autodetection; in general making the Debian install a friendlier process seems to be a priority for Progeny.

Interestingly, you can not simply download the distribution itself; it is packaged as an upgrade to Debian 2.2. To install Progeny, simply make a one-line configuration file adjustment and run apt-get.

There will also be a formal beta testing program, with boxed sets being sent to the participants. Interested people should read the announcement and go fill out the application.

An interesting question is that of just how Progeny will keep its product unique. Proprietary software is anathema to the people involved; they will be giving all of their work back to Debian. So they may well push forward the state of the art, but Debian as a whole will follow them closely. The company must certainly have a plan in mind; it will be interesting to see it unfold.

Counting source lines of code. David A. Wheeler has posted a lengthy article in which he examines the amount of code present in a Red Hat 6.2 installation. He came up with over 17 million total source lines; a bit of number crunching leads him to conclude that this installation represents over 4500 person-years of development effort, with a value of some $600  million. Check out the paper for more, including a description of his methodology.

Distribution reviews

Making Linux Work in the Workplace: Installing Linux Mandrake (Linux Orbit). A brief look at installing Linux Mandrake vs Microsoft NT, this article from Linux Orbit is well written if not exactly detailed. "The Linux Mandrake 7.1 installation program, like most other top-notch Open Source software, is generally an almost-ready-for-prime-time product. It definitely has the eye candy factor to its advantage, it has tons of options, and great features (the progress stars, notably). Aside from problems configuring X, the installation can be buggy, as it will sometimes install items that had not been selected, or worse, it will not install items that had been selected."

The Virtues of MaxOS (TechRepublic). TechRepublic has an in depth interview with Dexter Dombro and Donald Warman, the creators of yet another Linux Distribution - MaxOS. "The other thing we set out to do was deliberately exclude any GNOME, because of the instability problems. Every single application and utility we have on our desktop we know is stable. And at the same time, all the resources you could possibly ask for are in there. So whether you're a developer or gamer or somebody who wants to run a network, you'll still have Apache, and you'll have Kdeveloper."

VMWare is also included as a 30 day trial package. The Alta Terra team focused on ex-Microsoft users: "So we have something like My Computer. It says Max Computer, and you go in there and it shows you a C: drive and an A: drive, and things like that, and we've created a Control Panel setting for people so that they're not immediately wondering 'Well, what do I do with the console?'"

The article is in two parts (Part 1, Part 2). While no contact or URL information is provided, LWN already had MaxOS (skipping the Flash introductory page) listed on the Weekly Distributions Page.

New Distributions

Nanix. Another of the embedded class Linux distributions hit the streets this week: Nanix, from Charmed Technologies. Charmed is a company focused on wireless (and apparently wearable) computing. According to the website,

NANIX[tm] is a Linux-based operating system distribution optimized for small wireless Internet devices. Support will be included for power management, wireless connectivity (802.11, IRDA, Bluetooth), and non-conventional input/output such as handheld keyboards, voice-recognition, head mounted displays, and palm-sized LCD monitors.

General-Purpose Distributions

Black Lab Linux to be shown at SC2000. Terra Soft Solutions will be demonstrating CSP, Inc's. high-density, multiple G4 processor Fast Cluster as well as a 6 node, Apple G4 cluster running Black Lab Linux at the Super Computing 2000 show in Dallas, Texas from November 7th to the 9th.

Caldera ratings and awards. Caldera Systems Inc. (OREM, Utah) reported that OpenLinux was given the highest rating in VARBusiness' 2000 Annual Report Card.
Caldera Systems also announced that OpenLinux eDesktop 2.4 received the CNET "Editors' Choice" Award.

Debian gets a search engine. Visitors to the Debian web site have long been frustrated by the lack of a working search engine. No longer, however; the Debian Project has announced that UdmSearch will be used as the search engine on the site. It is up and running now.

Linux-Mandrake News: 7.2 released and OpenOffice RPMS.. Linux-Mandrake 7.2 (aka Odyssey) has been released. This release includes the ViaVoice voice recognition software and the latest GNOME 1.2 release.

Linux-Mandrake also sent word of the availability of the OpenOffice RPMS. They claim to be (to their knowledge) the first company to publish such a package. "It feels good to know that all this code REALLY compiles on Linux box. FYI, it took Frederic ca. 1 week of work to get it all compiled, so it really wasn't trivial..."

SuSE News: KDE 2.0 and S/390 support. SuSE Linux this week announced the availability for download of the latest version of the Linux desktop KDE and the forthcoming release of an update package for KDE 2.0.

SuSE also rolled out the big iron this week, announcing support for IBM S/390 servers.

Rumor mill: Slackware goes Sparc. Slashdot had quite a bit of activity around a rumor that Slackware had released a version of their distribution for the Sparc. The supplied URL to the supposed distribution took visitors to an FTP repository of the Slackware packaging tool, protopkg. No sign of the supposed Sparc port could be found at that site.

A number of posters to the discussion thread wondered if Slackware was responding to Red Hat's decision to drop Sparc support. However, this also turned out to be a rumor as Red Hat has not officially dropped support for Sparc. They simply didn't release a version of Red Hat 7 for that platform.

One Slashdot poster noted that the Slackware distribution actually did exist but the announcement regarding its availability was meant for Slackware developers only and that the distribution was available only via an rsync download. Attempts to contact Patrick Volkerding directly to confirm this possibility - and the existence of the Slackware Sparc port - were not successful.

Embedded Distributions

Lineo ports to IDT's RC32334 integrated processor. Lineo has ported their Linux product, Embedix, to the IDT RC32334 integrated processor, a MIPS based CPU with an on-chip PCI bus.

Section Editor: Liz Coolbaugh

November 2, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 Linux in the news
 Back page

See also: last week's Development page.

Development projects


Mozilla Chameleon Theme Builder makes progress. Progress is being made on the Mozilla Chameleon Theme Builder, a tool that is used for customizing the appearance of your browser screen. The screenshots of Chameleon look pretty interesting.


Oracle could face a Linux-like threat (CBS). CBS MarketWatch's Mike Tarsala discusses the threat of open-source databases on proprietary database companies. "'Databases have been overpriced for a long time,' said Michael Widenius, founder of MySQL, the most widely used open-source database. 'The bigger market we get, the more the commercial database companies don't get. Their profit returns are going to decrease rapidly.'"


Linux Documentation Project updates. The LDP has received a slew of updates since the last time we reported on them. A stronger emphasis is being placed on categorizing and maintaining documents, and a summit was held to talk about future directions for the project.

Embedded Systems

Embedded Linux Newsletter (Linux Devices). The latest edition of the Embedded Linux Newsletter has been posted. Included is a feature article on the RedBoot open source BIOS, and profiles of several embedded devices. Check it out for news from the Embedded Linux world.

Trolltech to Add GPL Licensing to Qt/Embedded. Trolltech announced that the current version of Qt/Embedded will be licensed under the GNU General Public License (GPL) and also a commercial license. Linux Devices has a related article that discusses Qt/Embedded. "Thanks to application program interface (API) commonality between Qt/Unix and Qt/Embedded, Linux programs can easily be recompiled to run on embedded systems, making a large number of programs immediately available to newly developed embedded devices."


Wine 20001026 snapshot available. A new snapshot of Wine, dated October 26, 2000 has been announced. Visit the download site for your copy. This version includes many bug fixes, exec support from DOS mode, and header fixes for Winelib compiles.

Office Applications

Eazel Will Influence Re-vamped GNOME Interface Team (LinuxToday). LinuxToday covers the recent UI team reorganization over at GNOME. "Currently the team at Eazel is busy with the upcoming Nautilus release, but the efforts should be fully blended. While Eazel is currently focused on Nautilus, other people can look at other applications in the whole GNOME desktop and contribute to each application," [GNOME leader Miguel de Icaza] said.

What's New with GnuCash (LinuxNews.com). LinuxNews.com talks with GnuCash hacker Rob Browning. "'Right now we have four full-time developers, and we're about to hire a few more,' he said, attributing the growth of the staff--and the project--to financial backing from Gnumatic Incorporated, announced August 14, 2000."

Gimp 1.1.29 released. Release 1.1.29 of the Gimp is now available, this version is a release candidate for stable version 1.2, bug reports are requested should you find anything amiss.

On the Desktop

Candidates for GNOME Foundation Elections Announced. The candidates for the first GNOME Foundation board of directors election have been announced. The list includes a number of prominent names (de Icaza, Gettys, Levien, Pennington, Perens, Mena Quintero), but there are many other interesting candidates as well. There's still time - barely - to register to vote if you've contributed to the GNOME project. Eleven of the 33 candidates will be elected.

GNOME Documentation Project Status Report #3. The third GDP Status Report was just released. "Nautilus is getting even better at rendering SGML documents, ScrollKeeper is quickly approaching its first beta release, a bunch of new people have joined the GDP and started writing various documents, a solution to licensing issues has been found, a number of documents have recently been finished, more Sun contributors have trickled in and quietly started working, a GNOME style guide is slowly being prepared for discussion on the mailing list, and more."

New Plans for KDE Multimedia (KDE Dot News). A draft proposal concerning the update of KDE multimedia applications and infrastructure has been placed online. While "multimedia" seems to mean many things to many people, this proposal appears to be aimed mainly at audio issues.

People Behind KDE: Reginald Stadlbauer (KDE Dot News). This week The People Behind KDE interviews Reginald Stadlbauer, the programmer originally behind such things as KPresenter and KWord. "I posted to the KDE lists that I would write a PowerPoint clone. As I was new to C++ and Qt/KDE, nobody took me seriously."

KDE 2.0 Developer book online (Andamooka). A KDE 2.0 book for developers is scheduled for a November release both in print and online versions. The book is being published under an open content license.

Linux Mandrake KDE2 tutorial. Linux Mandrake has published an online beginner's tutorial for KDE 2.0 The tutorial provides a nice overview of KDE2 for beginners and is a good way to view the capabilities and features of KDE2.


Will free software come to the rescue of the UK's health service? (ZDNet). ZDNet's UK division has an article that discusses the advantages of using open-source software in the British health service. "'Free software concepts make particular sense in medicine,' says Dr Douglas Carnall, associate editor of the Journal. 'Once a customer is "locked into" proprietary software, its makers can demand premium prices, safe in the knowledge that the client would find it even more expensive to change. Much better instead to invest time on a system licensed under the General Public License that will always be free,' he says."

Web-site Development

Zope Weekly News for November 1, 2000. The late breaking November 1 edition of the Zope Weekly News has been published. News includes the addition of the Python Labs group to Zope, progress on the Write Locking and HiperDom projects, and several new proposals.

Zope Weekly News for October 25, 2000. The October 25 edition of the Zope Weekly News is also available. The status reports of various Zope projects are featured. Michel Pelletier and Amos Latteier have published an alpha release of their upcoming Zope book and are interested in feedback. "Documentation has been an albatross for Zope for a long time and this book is a huge opportunity to rectify that - please do your part in making it the best it can be by taking an early look and contributing your thoughts or concerns!"

MoinMoin release 0.4. Release 0.4 of the MoinMoin collaborative hypertext environment has been announced. MoinMoin is a Python based clone of a WikiWikiWeb system.

Section Editor: Forrest Cook

November 2, 2000

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Erlang R7B available as rpm. An RPM packaged version of Erlang version R7B has been made available by Goeff Wong. If you are interested in getting Erlang on your system, this should be a quick route.


Larry Wall gives ALS Keynote. Larry Wall gave a keynote at the Atlanta Linux Showcase in which he discussed his current thinking on the state of Perl. An MP3 version of the talk is available as are the slides and the full text.

Simpleware vs hypeware - Why PERL isn't dead yet (CNET). Srikant Sreenivasan has written an interesting article that discusses the pitfalls of moving code from older, more stable languages to trendy new languages. "Don't get me wrong. I'm no frenzied zealot of an anti new languages or technologies movement. My only passion is technology. But I really see that all these so called new languages are not enhancing my productivity as a developer nor giving me any major benefits in a production environment." This article is worth reading even if you aren't working with Perl.

University of Perl Day 1.3 (Use Perl). Nathan Torkington has published Day 1.3 in his continuing series of journals from the traveling University of Perl classes. Check it out for a glimpse into the world of Perl culture.


PHP Weekly Summary for October 30, 2000. The October 30, 2000 edition of the PHP Weekly Summary is out. News includes Apache 2.0 support, and work on serializing references. A new feature wish list has been included as well.


This week's Python-URL. Here is Dr. Dobb's Python-URL for November 1 with the latest in python development news, including Guido's announcement of the PythonLabs move and some discussions on locking mechanisms.

Call for Papers: Ninth Python Conference. November 6, 2000 is the deadline for submitting papers for the Ninth Python Conference which will be held from March 5 through 8, 2001 in Long Beach, California.

Python-dev summary, October 17-31, 2000. The October 17-31 issue of the Pythondev summary is out. Included are discussions of the Python team's migration to Digital Creations, and questions about the future of Python and Tcl/tk.


This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 30 with the latest in Tcl development news, including a look at the acquisition of Ajuba Solutions and whether [incr Tcl] should be part of the core distribution.


XML Matters #4 (IBM developerWorks). David Mertz has put together the fourth article in his series on XML Matters. He discusses the use of the DocBook XML dialect for pulling many document formats into a single standard XML format.

The XML Elements of Style (O'Reilly). O'Reilly author Steve Muench presents his own Elements of Style (ala Strunk and White) in this article on the rules for creating a well-formed XML document. "The first, outermost element in an XML document is called the document element because its name announces what kind of document it is--<FAQ-List>, <Book>, <Transaction>, <TrackingStatus>, etc. You must have only one document element per document."

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 Linux in the news
 Back page

See also: last week's Commerce page.

Linux and Business

Investing in Open Source. Here are a couple of companies that have found new investors. EBIZ, Inc. has acquired an equity investment from the Canopy group. EBIZ is the parent company of several Linux/open source related web sites, including TheLinuxStore.com and the recently acquired LinuxMall.com. The announcement states that the investment is for 2.5 million shares of EBIZ and creates $2.5 million in cash for the company. The investment will be used for debt reduction and future growth.

BSDi announced that they have received a $5 million strategic investment from Livin' On The Edge (The Edge), a Japanese Internet solutions provider. It seems The Edge uses FreeBSD extensively, and the company intends to work closely with BSDi to ensure the ongoing development and commercial viability of the BSD platform. BSDi will use the proceeds from the investment to continue to develop and market advanced BSD operating systems and its iXtreme Series line of Internet server computing systems and to provide ongoing backing for the FreeBSD Project.

OpenSales changes name, expands services. San Mateo-based OpenSales announced a name change - to Zelerate. The Zelerate AllCommerce e-business application suite is licensed under the GPL. Zelerate plans a December launch of an open source warehouse management system, which will also be licensed under the GPL. The company has also expanded its consulting services.

JYACC releases Open Source POSSL. A company called JYACC, Inc. announced the availability of the source code for its POSSL (Panther Open Source Software for Linux) technology and the establishment of a new open source online community at possl.org. POSSL is an enterprise application development environment that simplifies the building of transactional, component-based Web applications. CollabNet is providing its SourceCast environment as the infrastructure for the possl.org community site. POSSL's source code license is modeled after the BSD license.

Caldera releases Volution to beta. Caldera Systems Inc. announced Caldera Volution (Volution). Volution is a browser- and directory-based management product for Linux systems that utilizes the inherent strengths of LDAP directories. Formerly known by its internal codename "Cosmos", Volution is currently in open beta.

EFI Announces Fiery X3 Server, Minolta copier support. We noticed that EFI (Electronics for Imaging), a fairly well known printer solutions company, has released a new server for use with a large range of Minolta copiers in a networked environment. While the announcement doesn't stress the point, hidden inside is the part we wanted to hear: "Regardless of the size of most files, the Linux-based Fiery X3 Pi5500 drives the Di550 and Di450 at their full-rated speeds for greater overall throughput." Linux, it seems, does copiers too.

Indrema Offers Alternative to Hard-to-Find PlayStation2. Indrema has put out a humorous press release with ten reasons why people should buy its game console instead of the competition. "#2: Xbox says: 'We are Microsoft. Resistance is futile.' Indrema says: 'We are Open Source. Viva la resistance!'"

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • Akopia (RESTON, Va.) announced the release of Interchange 4.6, "software that increases efficiency, improves productivity and simplifies the management of e-commerce."

  • NuSphere (BEDFORD, Mass.) announced that it is partnering with the MySQL open source database community to develop a row-level locking capability for the MySQL database. Code-named "Gemini," this project will be part of MySQL Version 4, targeted for release in the spring of 2001.

Commercial Products for Linux

  • Axis Communications (LUND, Sweden) announced an embedded system platform intended for running a native Linux environment. At the heart of this platform is the ETRAX 100LX, a newly optimized systems-on-a-chip processor appropriate for a wide range of networking and embedded applications.

  • Computer Associates International, Inc. (ISLANDIA, N.Y.) announced the availability of ARCserve 7 for Linux, an automated, native data protection solution for Linux environments.

  • Force Computers (SAN JOSE, Calif.) announced it will support the Linux operating system on its DECtalk Text-To-Speech (TTS) speech synthesis technology for StrongARM and Intel processor-based wireless devices.

  • Intel Corporation's Dialogic subsidiary (MIAMI) announced that its broad range of CompactPCI (cPCI) building block products will now include full support for the Linux operating system.

  • Linux2order.com (PROVO, UTAH) launched Priority Download, designed to provide users with access to all of its software, at download speeds up to 110Kbps.

  • Macro 4 (Parsippany, NJ) launched its UniQPrint solution for Linux on the S/390.

  • Metro Link Inc. (FORT LAUDERDALE, Fla.) is porting its X Window System products for use on Intel's IA-64 Itanium processor. This software will be ported to the IA-64 Linux and Monterey operating systems initially.

  • MigraTEC, Inc. (DALLAS & AUSTIN, Texas) announced that the company has established the MigraTEC Migration Center to assist enterprises in porting applications to Intel's 64-bit Itanium processor platform.

  • PartnerAxis (OREM, Utah), a wholly owned subsidiary of EBIZ Enterprises Inc., announced the availability of channel consulting services that are designed to help manufacturers and solutions providers take their products and services into the Linux channel.

  • PortalSphere Inc. (OTTAWA) showcased its eSolutions at Linux Expo Toronto, including MyGOLFportal.com, a reservation system and MyCRMportal.com a suite of e-business products.

  • Professo (New York) announced the release of AppStreamer, an application service management platform for ISPs and other businesses offering Internet and ecommerce services. AppStreamer runs on Red Hat Linux version 6.2 and Solaris 2.5.1 operating systems.

Products Using Linux

  • Applied Data Systems (Columbia, Maryland) introduced the Tandem*, a two-headed single board computer system designed for multi-user applications and it runs Linux.

  • Lineo, Inc. and IDT, Inc. (LINDON, Utah) announced the availability of Lineo's Embedix on IDT's RC32334 integrated processor, featuring a 32-bit MIPS instruction set architecture (ISA).

Products with Linux Versions

  • Applied Information Systems (CHAPEL HILL, N.C.) announced that it has released version 5.0 of the XESS spreadsheet products. This includes the XESS spreadsheet, the xsBasic Macro Option, and the XESS Software Developers Kit (SDK).

  • Bristol Technology, Inc. (DANBURY, Conn.) announced a new release of their cross-platform software, Wind/U.

  • Command Software Systems Inc. (JUPITER, Fla.) introduced "Command On Demand," an online instant virus scanning and disinfection service for ISPs, ASPs and Web portals.

  • ELSA GLADIAC has begun shipping the GLADIAC Ultra card. Based on the GeForce2 Ultra from NVIDIA and packing 64MB of DDR memory, it apparently will come with Linux drivers in the retail packaging.

  • Inovie Software (SAN DIEGO) announced the availability of TeamCenter 4.0, an e-Workplace for managing complex, collaborative business endeavors.

  • The iSpark Group (FORT WORTH, Texas) introduced BillMax Version 1.5.3, a turnkey billing application.

  • Loki Software, Inc. and QERadiant.com released GtkRadiant 1.1 beta for Linux and Win32. GtkRadiant is a cross-platform version of the Quake III Arena level editor Q3Radiant.

  • NetObjects, Inc. (REDWOOD CITY, Calif.) announced NetObjects Matrix, an integrated suite of online services for small businesses.

  • Rainfinity (SAN JOSE, Calif.) introduced the first in a family of software modules for its RainFront multifunction platform: RainWall 2.0 for firewall high availability, and RainSLB 2.0 for server load balancing.

  • Stonesoft Corporation (HELSINKI, Finland and ATLANTA) announced its vision for the Highly Available Enterprise and its strategic corporate initiatives designed to focus on emerging customer trends in the global eBusiness market.

  • Swedish Xpedio and Japanese Access (STOCKHOLM, Sweden) formed a partnership to develop and market solutions for mobile Internet based on the cHTML format.

  • TGS (SAN DIEGO, CA) announces the release and immediate availability of Amira Standard Edition and Amira Developer Edition version 2.2. Amira is an end-user visualization software tool for dynamic data.

  • WARP Solutions, Inc. (NEW YORK) launched the WARP Performance Suite, initially consisting of WARP Intelligent Content Distributor, WARP Global Load Balancer and WARP Load Balancer.

Java Products

  • NetDIVE (SAN FRANCISCO, CA) announced WeMessage Portal 5.0, an instant messaging software based on a Java client/server architecture.

  • worldweb.net, Inc. (NEW YORK, NY) announced the launch of the beta version of its next-generation content management software, Expressroom I/O v2.0.

Books and Training

  • NuSphere (BEDFORD, Mass.) announced that it will host Polycon's MySQL open source database training seminar from November 13- 17 at the NuSphere corporate office in Bedford, Mass.


  • 1mage Software, Inc. (ENGLEWOOD, Colo.) and Omaha, Neb.-based Custom Computing Corporation jointly announced the formation of a strategic alliance to provide integrated document management (IDM) software to the insurance claims management industry. CCC will operate 1MAGE on a Linux platform.

  • Coventive Technologies(SAN JOSE, Calif.) and Metro Link announced the formation of a strategic partnership that will combine Coventive's embedded Linux operating system kernel and Metro Link's graphic display technology to create a complete embedded Linux solution for Information Appliance (IA) manufacturers.

  • Infoteria Corporation (BOSTON, and TOKYO) partnered with Digital Design Inc. to deliver an appliance available for accessing business-to-business (B2B) electronic marketplaces/exchanges. Infoteria provided XML software and Digital Design provided Linux-based hardware.

  • Lutris Technologies Inc. (SANTA CRUZ, Calif. & TOKYO) announced an agreement with NECSoft Ltd. to distribute Lutris Enhydra, a commercially-supported Open Source Application Server, to the Japanese and Asian markets.

  • MaximumLinux.com (BRISBANE, Calif.) has signed gaming Website Evil3D.net to become part of its growing affiliate network.

  • MMC Networks (WASHINGTON) and MontaVista Software, Inc. announced a joint public demonstration of a high-speed Internet Protocol (IP) router reference design based completely on off-the-shelf network processing hardware and Linux-based software.

  • OEone Corporation (Toronto, ON) and Tatung Co. of Canada Inc. announced that they have entered into a joint agreement to bring fully-integrated, Linux-based Internet Computer solutions to leading OEM customers.

  • Point of Sale Limited (RA'ANANA, Israel) announced that it has finalized an agreement to provide TESCO PLC with key components of the web-based application software that powers Point of Sale's recent global Application Service Provider (ASP) initiative. The agreement also includes a corporate license for Point of Sale's soon to-be-released checkout system that runs on the Linux operating system.

  • Red Hat (RESEARCH TRIANGLE PARK, N.C.) announced that it is working with Square D Company to design next generation, Internet-based power management solutions built on Red Hat Embedded Linux.

  • Sendmail, Inc. (EMERYVILLE, Calif.) announced a global alliance agreement with EDS. Through the partnership, EDS will integrate its consulting services with Sendmail, Inc.'s Internet message routing and hosting technology.

  • TurboLinux and VERITAS are partnering to include the VERITAS NetBackup Client with TurboLinux Workstation 6.1.

Financial Results

  • internet.com (NEW YORK) reported record results for the quarter ended September 30, 2000.

Personnel/New Offices

  • TimeSys Corporation (PITTSBURGH) launched TimeSys India Private Limited in the southern city of Coimbatore. TimeSys's technologies include TimeSys Linux/RT.

  • Tucows Inc. (NEW YORK) announced that Robert F. Young, Co-Founder and Chairman of Red Hat, has been appointed to its board of directors. Tucows is LWN's parent company.

Linux At Work

  • Blackstone Technology Group (WORCESTER, Mass.) announced that it will build a large-scale, Linux on Intel based, distributed computing solution for Biogen.

  • Demon Server Hosting (UK) is using Linux on Cobalt RaQ 3i servers.

  • MSC.Software Corporation (LOS ANGELES & COSTA MESA, Calif.) announced the delivery of a Linux cluster system to Dana Corporation's Spicer Light Vehicle Axle Group. The MSC.Software turnkey solution was based on Intel processors in Hewlett-Packard systems and included the company's simulation software.

  • Oingo Inc. (LOS ANGELES) launched the second version of its domain name suggestion product, DomainSense 2.0, which uses Linux-clustered server farms to deliver millions of domain search results per day.

  • Turbolinux, Inc. (SAN FRANCISCO) announced that Birkenstock.com is using Turbolinux Cluster Server 6 to cluster the Web application and database servers for its booming online store.

  • Viata Online (HONOLULU, HI) is developing Linux-based internet solutions for the travel industry.

  • Virtual Press Office, Inc. (SAN DIEGO) has selected BakBone Software's NetVault storage management software for Linux.


  • iMimic Networking Inc. (HOUSTON) announced that its DataReactor Core technology delivered the best combination of price/ performance, in the 3rd Web Cache-off. iMimic DataReactor Core supports both FreeBSD and Linux operating systems and runs on Intel x86 and Compaq Alpha.

  • The Linux Professional Institute (LPI) released LPI News for October 24th, 2000.

  • The Object Management Group (Needham, MA) announced that LogOn Technology Transfer GmbH has an expanded role as international representative to include all of continental Europe. LogOn produces trade shows, including the Linux@work European Days.

  • Zona Research, Inc. (REDWOOD CITY, Calif.) announced its latest Zona Market Report, The New Religion: Linux and Open Source.

Section Editor: Rebecca Sobol.

November 2, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Triumph of the free-software will (Salon). The spirit of the open source world runs the gamut of emotion, from short chastising to verbal battery to praise and worship. Andrew Leonard takes a deeper look at himself and the movement in this Salon piece: "Accusations of betrayal cut pretty deep. And yet, even as I wince every time I check my mail, I am paradoxically heartened by the anger. I originally became obsessed with covering the free-software movement because I was fascinated by the passion that motivated so many free-software developers or advocates. The severity of their response to my article proved to me, once again, that I was playing with a fascinating holy fire."


Red Hat boss joins Tucows board. The word is out: this story in the National Post covers the appointment of Red Hat founder Bob Young to the Tucows board of directors. "Mr. Young has earned a reputation as a pioneer and respected activist in the Open Source and Linux communities. Because of that he will bring an additional degree of legitimacy and notoriety to Tucows, known to most consumers as a repository of popular software programs." Tucows is, of course, LWN's parent company. (Thanks to Gary Lawrence Murphy).

Riding on the open-source wagon (ZDNet). ZDNet looks at how e-commerce players Akopia and Zelerate (formerly OpenSales) are dealing with an open source business model. "There's no question that commercial versions of applications that are built in adherence to open-source development procedures are proliferating. To qualify as a true open-source product, software is expected to be licensed under the GNU General Public License. Any changes made to the base source code by vendors, service providers, and/or customers must be returned to the developer community."

Covalent mixes proprietary and open source software (Upside). Upside looks at Covalent and Transmeta in this two part article on open source related companies. "Because translating programs through a layer of software takes longer than running the instructions on base silicon, Crusoe chips operate slowly at first as they adapt to programs they run. Once this adaptation process is complete, however, Transmeta demonstrations have shown that the chips do achieve speeds and efficiencies competitive with traditional chip designs."

Can Transmeta buck the IPO market? (CBS MarketWatch). CBS MarketWatch (via ExciteNews) takes a brief look at Transmeta's history and IPO future. "But perhaps the most notable member of the Transmeta team is Linus Torvalds. Yep, he's the guy who invented Linux and revolutionized computing with open source development. At Transmeta, he helped develop the Code Morphing software." Ok, maybe invented might not be the right word here...

Linuxcare co-founder resumes CEO job (News.com). News.com reports on the latest from Linuxcare: co-founder Art Tyde is back running the company, and the entire European operation has been shut down. The article says that only sales and administrative people were laid off, but Linuxcare most certainly did have technical staff in Europe, too.

Linux firm Lineo woos industry veterans (News.com). Changes in the management team at embedded Linux vendor Lineo is the focus for this C|Net News.com article. " Lineo has wooed three new executives from better-established companies in its effort to hasten the adoption of Linux in non-PC computing devices."

Fork gets Samba back in tune (Upside). Upside has posted a lengthy article on the split in the Samba project. "So what lessons can the open source community learn from the Samba-TNG episode? [Jeremy] Allison sees it as a reminder that forking can and should be a healthy part of the open source development process."


IBM Japan to Install 15,000 Linux Servers in Lawson Stores (AsiaBizTech). In one of the larger rollouts of Linux systems we've seen in some time, IBM will be installing 15,000 Linux-based "e server X Series" systems in Lawsons stores throughout Japan. Total rollout of this installation should be complete by March 2001. (Thanks to Maya Tamiya)

Those nagging open source details (Upside). Open source databases and the developers who love them is the focus of this Upside piece. "Open source database developers have a reason to be optimistic. At a time when projects such as Apache and the Linux kernel are losing their media luster, aging database projects such as MySQL and PostgreSQL have suddenly been recast as the fresh-face of the open source community."

The Fourth Member of ZZ Top? (Business 2.0). Business 2.0 worries that there is no succession plan should Linus get tired of kernel work. Much of the article is spent talking about Alan Cox's appearance (thus the title) and mistakenly puts him in England (he's in Wales). "When a corporation is headed by a charismatic leader who won't spell out a clear path of succession, investors usually get spooked. Are Linux customers worried? There is little evidence at the moment. But they may be unaware of how loose and uncertain is the structure that Torvalds sits upon."

But will user expectations spoil its chances? (ZDNet). ZDNet reports on the OpenOffice release, and raises some interesting concerns... "Mike Doyle, IT manager at charity Cooperation Ireland, where Office 97 is deployed, said managing user expectations could be a problem with an open source office suite. 'If people know we have the source code they may expect us to fix a bug, but we are not staffed up to do this sort of work. Managing user expectation, which is already difficult enough, will become even more difficult.'" (Thanks to Wesley Darlington).

Office politics (ZDNet). Depending on who you talk to or what you read, GNOME seems to be replacing AbiWord with Sun's recently released OpenOffice word processor. ZDNet has posted an article fanning the flames of this debate, questioning if the politics of GNOME are more than they appear. "How can I put this lightly? The GNOME Foundation, clearly salivating over OpenOffice and Sun's embracing of its desktop, appears to be abandoning some of GNOME's longtime friends."

Getting Beyond the Innovation Fetish (Fortune). Innovation overflows in our computer culture, and in this article from Fortune, credit for at least part of this is given to the open source community. "The `open source' movement--perhaps the most influential initiative in software today--is the apotheosis of these innovation economics."


Redboot -- an open source boot/debug environment (ZDNet). A closer look at the Redboot bootstrap and debugging environment comes from a reading of this article from ZDNet. "Because RedBoot is based on eCos, which is capable of running on many architectures, and because its debugging support is based on gdb, RedBoot can become a common embedded standard." One statement suggests Redboot could replace the standard BIOS in PCs. Note that the article was written by someone from Red Hat.

Plain Text Editors - Unsung Heroes. WebTechniques is carrying an article on the use of text editors for developing HTML, a rather interesting comparison of using Netscape Composer and DreamWeaver versus a traditional text editor. "Another problem with generated markup from a visual tool is that it's less organized. Dreamweaver's markup is all jammed together. I would write my document with a lot of white space, flush certain tags to the left, and add comment tags. I would add the DOCTYPE declaration and accessibility features like the ALT attribute, and follow a standard. If I were truly writing this code today, I'd write it as XHTML 1.0, which Dreamweaver UltraDev-a brand new product-can't do."

November Linux Gazette is out. The November 2000 issue of the Linux Gazette is out. It includes an article by Chris Jones on The Australian History of Tux (the penguin): "During the 1940s and 50s in Australia there was a literary magazine called, of all things, The Angry Penguins. This magazine was an avant-garde modernist poetry magazine edited by Max Harris and had modernist painters and writers grouped around it whose names are now legend in Australian art. But at that time they were just considered weird and way out. You know, the stereotype of mad deluded poets and artists starving and living in sub-standard housing."


KDE brings Linux closer to corporate desktop (ZDNet). eWeek takes a look at KDE 2.0 and decides Linux must be ready for the desktop. "In eWEEK Labs' tests of the software's final release candidate, KDE2 impressed us with the progress it has made in the areas of user experience and included applications -- we recommend that sites looking at Linux as a future desktop alternative take the time to evaluate KDE2." The review isn't of the official 2.0, but the reviewers seemed pleased anyway.

.comment: KOffice Is A Good Start (LinuxPlanet). LinuxPlanet reviews the KOffice suite as found in KDE2. "KDE2 in general benefitted from the participation of someone at Corel Corporation who did little but find and holler about inconsistencies among applications. As a result, KDE2 has a consistent design. Because Corel also markets its own office suite for Linux, it did not provide this service to KOffice, and it shows."

Linux is cooking in my kitchen (The Guardian). The Guardian Unlimited gives us another " I tried Linux" article, this one with a little success, a few failures and some basic honesty. "A first piece of advice: read the (expletive deleted) manual. Linux may well be, as claimed, stable as a rock compared with Windows, logical and in open code for teccies; but intuitive it is not." Note - "teccies" is the authors spelling, not LWN's.


Interview: Richard Stallman (France-Invest). France-Invest.com has posted an interview (in French) with Richard Stallman. It covers the sale of free software, software patents in Europe, and other topics of interest. English text is available via Babelfish. (Found in Da Linux French Page).

Interview: Sergey Brin (O Linux). O Linux interviews Sergey Brin of Google.com. "Linux is used everywhere...on the 6,000+ servers themselves, as well as desktop machines for all of our technical employees. We chose Linux because if offers us the price for performance ratio. It's so nice to be able to customize any part of the operating system that we like, at anytime."

Section Editor: Rebecca Sobol

November 2, 2000


 Main page
 Linux in the news
 Back page

See also: last week's Announcements page.



IBM launches developerWorks China. IBM announced the launch of the beta version of its developerWorks site for China.

IBM developerWorks Highlights Linux Usability. IBM developerWorks* announced a two-week discussion forum on Linux usability trends from October 31 through November 15 to help boost developers' Linux know-how.

LinuxPrinting.org now offers forums. For those of you who are dealing with printing under Linux, LinuxPrinting.org offers several new forums from the general to the specific.


Toronto Linux Expo. Stefane Fermigier sent in a detailed view of Linux Expo in Toronto. Day 1: "This first edition of Linux Expo Toronto is more a conference than an expo, with just 15 registered exhibitors, and none if the big names like Red Hat, MandrakeSoft, SuSE, Corel, Caldera, VA or Lineo. Fortunately, the conference program is rich [with] tutorials [and] keynotes [including] Bob Young - Red Hat [and] Jacques Lemarois - MandrakeSoft."

Day 2, keynotes from Bob Young and Jacques Lamarois: "Open source is not only sharing code, it is a development process. You have to behave accordingly: share information, release frequently, be close to your users to build a strong community. You also have to use the right tools (Web site, CVS, mailing lists).."

IFIP Namur Award. The International Federation for Information Processing has announced the acceptance of nominations for the IFIP Namur Award. This award will be "...for an outstanding contribution with international impact to the awareness of social implications of information technology." Past winners include Joseph Weizenbaum. It seems that there should be a place for a well-crafted nomination for one or more free software figures...

Netherlands Unix Users Group fall conference. NLUUG will have their fall conference on November 9, 2000. Talks include: JFS Journaling File System for Linux by Moshe Bar and Linux Failsafe by Lars Marowsky-Brée (SuSE).

XML DevCon 2000 Panel. Here's a press release on the speakers for XML DevCon Fall 2000, to be held in San Jose, California, from November 12 to 15, 2000.

LinuxCertified holds Linux for beginners. The Linux for beginners course is designed for busy professionals with no prior experience with Linux or any other flavor of UNIX. Attendees get a Linux laptop to take home. The course will be held in Cupertino, California, December 2 - 3, 2000.

November/December events.
Date Event Location
November 1 - November 5, 2000. Linux@IT.COM Palace Grounds, Bangalore, India
November 4 - November 10, 2000. SC2000 - SuperComputing Dallas Convention Center, Dallas, TX.
November 6, 2000. Second Annual EXTREME BEOWULF BASH Adam's Mark Hotel, Dallas, TX.
November 7 - November 9, 2000. Embedded Systems Conference Europe Maastricht, Netherlands.
November 10 - 11, 2000. Linux Meeting 2000 Rome, Italy.
November 12 - November 15, 2000. XML DevCon Fall 2000 San Jose, California.
November 13 - November 17, 2000. LINUX Business Expo Sands Convention Center, Las Vegas, Nevada.
November 25, 2000. Australian Open Source Symposium Adelaide, Australia.
November 28 - December 1, 2000. IEEE International Conference on Cluster Computing Technische Universität Chemnitz, Saxony, Germany.
December 3 - December 5, 2000. Wireless DevCon 2000 San Jose Doubletree Hotel, San Jose, CA.
December 3 - December 8, 2000. LISA 2000 New Orleans, LA.
December 5 - December 6, 2000. LinuxUser 2000 Conference Chelsea Village, London, England.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

LUG Events: November 2, 2000 - November 16, 2000.
Date Event Location
November 2, 2000. Edinburgh Linux Users Group Holyrood Tavern, Edinborough, Scotland.
November 6, 2000. Baton Rouge Linux User Group The Bluebonnet Library, Baton Rouge, LA.
November 6, 2000. Rice University Linux Users Group Rice University, Houston, TX.
November 7, 2000. Linux Users' Group of Davis Z-World, Davis, CA.
November 8, 2000. Columbia Area Linux Users Group Capita Technologies Training Center, Columbia, MD.
November 9, 2000. Boulder Linux Users Group NIST Radio Building, Boulder, CO.
November 9, 2000. Phoenix Linux Users Group Phoenix, AZ.
November 9, 2000. Linux Installation Delfzijl, Netherlands.
November 9, 2000. The autumn conference of the Unix User Group - the Netherlands "De Reehorst", Ede, Netherlands.
November 11, 2000. Route 66 Linux Users Group La Verne, California.
November 14, 2000. Long Island Linux Users Group SUNY Farmingdale, NY.
November 15, 2000. Arizona State University Linux Users Group Tempe, AZ.
November 15, 2000. Linux User Group of Groningen Groningen, Netherlands.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

November 2, 2000



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news
 Back page

See also: last week's Back page page.

Linux Links of the Week

ZeligConf is the "European meeting of digital counter-cultures." It will be happening in Paris, December 15-17. The program covers a number of topics of interest, such as software patents. Could be fun if you're in the neighborhood...

LinuxDevices.com turned one year old on Halloween. Congratulations to Rick Lehrbaum for a great year, and here's to many more!

Section Editor: Jon Corbet

November 2, 2000



This week in history

Twelve years ago: The Internet Worm was released, rendering the entire Internet unusable for two or three days.

Two years ago (November 5th, 1998): The first of the infamous Halloween memos from Microsoft was leaked to the public. The topic of the first memo was Microsoft's possible responses to the Linux/Open Source Software phenomena. If you're new to Linux, we strongly recommend you check out these documents.

OSS poses a direct, short-term revenue and platform threat to Microsoft, particularly in server space. Additionally, the intrinsic parallelism and free idea exchange in OSS has benefits that are not replicable with our current licensing model and therefore present a long term developer mindshare threat.

The Linux 2.2 kernel was poised for release, but the NFS implementation was known to be substandard. This problem has plagued Linux for a long time. Fortunately, the current Linux 2.2.18 prepatch series has a decent NFS implementation in it, so, once the next stable kernel is released, that problem should finally be behind us - two years later.

Matthew Szulik became President of Red Hat. That was the beginning of the change of guard, with the gradual departure of most of the Red Hat founders from the very top. Here's the current Red Hat Executive bios.

Red Hat 5.2 was announced. LWN's impressions of the release were mostly positive, but it contained so many security-related bugs and unnecessary setuid programs that Chris Evans set up a website just to track them and harass Red Hat to fix them. That website survived through the Red Hat 6.0 release and its subsequent series of updates, but now reports "no known issues".

The Debian 2.1 freeze began. Debian 2.1 was finally released four months later, in early March, 1999.

Supercomputing 1998 hosted Beowulf talks for the first time. Supercomputing 2000 will start this Saturday, November 4th, and run through November 10th. Here is a summary of Linux or Beowulf-related talks planned for this year.

And, not to be forgotten, Worldforge, a project to develop a complete system for massive multiplayer on-line role-playing games, came into being. They celebrated their first birthday a year later.

One year ago (November 4th, 1999): The DeCSS source code was made publicly available. The repercussions from this are ongoing. The curtailment of free speech peaked with a federal judge ruling that linking to a site that contained the source code was also prohibited by the Digital Millennium Copyright Act. Plans are in the work to appeal that decision to the Supreme Court (financed by the Electronic Frontier Foundation).

Last year, Don Marti and others organized Burn All GIFs day, an event planned to eliminate all GIFs on the Internet, in protest of the Unisys patent. Many GIFs went away, including some on the LWN site, but many, many more remain.

64GB memory on the IA-32 became a reality! Support for up to 64GB of memory slipped into the 2.3 kernel series, courtesy of Ingo Molnar. This removed an embarrassing limitation of the Linux kernel. Each individual process, though, can only use up to 4GB of virtual memory.

Red Hat announced the Red Hat Center for Open Source. Money for the new center was donated, in cash and stock, by Red Hat and three of the initial founders. The Red Hat Center has focused primarily on awarding grants for activities to entities such as the Electronic Frontier Foundation. They operate now under a shortened name, Red Hat Center, and a new mission statement in support of "transparent technology".

Slackware 7.0 was announced. Patrick Volkerding also explained his decision to "join the crowd" and jump Slackware from 4.0 to 7.0.

The planned feature freeze for Debian 2.2 was postponed, finally occurring almost three months later, in January of 2000. The official release of Debian 2.2 happened eight months after that, in August this year.



Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
To: letters@lwn.net
Subject: GNOME
From: Maciej Stachowiak <mjs@eazel.com>
Date: 26 Oct 2000 02:57:33 -0700

The Oct 26 issue of Linux Weekly News cites GNOME as an example of a
project with "a prominent corporate sponsor", namely, Helix
Code. Actually, things are even better than that for the GNOME project
- it has many prominent corporate sponsors! Helix Code as well as
other companies, including Eazel, Red Hat, Sun, Henzai and Gnumatic
are contributing significant amounts of code to GNOME and supporting
the platform. Better yet, the GNOME Foundation, a membership
organization of the people who have created GNOME, is in charge of the
platform' future as an independent voice. 

It is true many corporations and non profit organizations (including
the ones mentioned above, plus HP, IBM, Compaq, the FSF and the OMG,
with more along the way) have joined the Foundation advisory board,
showing a broad base of corporate support. But the Foundation itself
is holding elections where the developers, documentors, artists,
designers and organizers of GNOME will represent the project on a
Board of Directors.

While GNOME does enjoy a healthy level of corporate support, it
remains a community project and its fate is not tied to the future of
any one company; so it's incorrect to lump it with projects that may
be in trouble if the one sponsoring company does not do well.


Maciej Stachowiak
Member, GNOME Steering Commitee
Hacker, Eazel Inc.

Date: Thu, 26 Oct 2000 14:55:08 -0400 (EDT)
From: Joe Klemmer <klemmerj@webtrek.com>
To: letters@lwn.net
Subject: Re: KDE2

	On the front page of issue 1026 -

> Two years ago, critics were still saying that the free software world
> was not capable of producing something as complicated as a modern
> desktop. How much fun it is to point out to those critics that we now
> have two...

	I want to point out that there are three open source modern
desktop options available.  XFce <http://www.xfce.org> is extremely
capable and more advanced than GNOME and KDE.  It was the subject of one
of the talks at ALS and it received a very strong and favorable response
from people who saw it there.

	I would recommend that anyone looking for an alternative to GNOME
or KDE that uses _much_ less resources and is easier to manage and use to
look at XFce.  I know that Sun and IBM _might_ possibly be looking at it
in place of GNOME.

Disclaimer:  I am <B>NOT</B> trying to start another desktop holy war!  
GNOME is good!  KDE is good!  There is nothing wrong with using either of
them.  I just wanted to point out another option.  The strength of open
source is the power of choice.  The more choices we have the better off we

There are just 67 days till the beginning of the 21st century and the next

Date: 26 Oct 2000 17:38:37 -0000
From: Eric Smith <eric@brouhaha.com>
To: letters@lwn.net
Subject: Treaties


In your 26-October-2000 issue, you talk about problems with the Cybercrime

> Another reason for concern is the fact that this treaty is so
> far-reaching, yet the process of developing it side-steps the internal
> process of the U.S. and other countries for guaranteeing input and
> review from citizens.

By their very nature they are not developed through the same process as
the internal laws of nations.  In this regard the draft Cybercrim treaty
is no different than any other treaty.  There's no reason to be upset
about the process, but we should still try to influence it.

I'm only familiar with the treaty process as applied to the US, though I
assume other countries deal with them similarly.  As US citizens we have
three additional ways to prevent bad treaties from taking effect:

1)  Convince the US Administration not to sign the treaty

2)  Convince the US Congress not to ratify the treaty

3)  Convince the US Congress not to pass legislation enacting or
    enforcing the terms of the treaty.  (This is harder to do if the
    previous steps fail.)

Without our signature, ratification, and legislation, the treaty has
no effect on us.

In any case, no treaty can supercede our Constitution (as amended).  The
*only* way to do that is to pass a new Constitutional Amendment.  As a
last resort, the courts can be used to block implementation of any
unconstitutional provisions.  For instance, there are currently
conflicting circuit court rulings on whether software source code is
speech, and thus protected by the First Amendment.  This issue may be
decided by the Supreme Court within the next few years.  It may turn out
that even if this horrible Cybercrime Treaty is signed and ratified,
that the imposed limitations on source code may end up being

Eric Smith
From: rongage@att.net
To: lwn@lwn.net
Subject: Microsoft cracked - personal perspective
Date: Fri, 27 Oct 2000 13:32:18 +0000

Hi folks:

You just recently posted the note about the Microsoft 
breakin along with the comment "It's not really a Linux 
story, so we'll pass these on and be done with it".

Well, that's not entirely true.  You see, since Microsoft 
has (for some time) been telling the world that the Linux 
security model is insecure, it is entirely appropriate 
for "us" to prominently note anything that "refutes the 
FUD".  Sure, we can take the "high road" and remain 
silent but I would suggest to you that doing this would 
be a huge mistake.  As we all can currently see with all 
the election garbage on the TV and radio, the candidate 
that does not respond effectively to the garbage gets 
trampled and eventually loses the effort.  

This breakin story is a Linux story.  It's a testimonial 
about how effective the Windows security model really is. 
 If Microsoft can't defend itself, how on earth can the 
corporate world possibly hope to.  This is where Linux 
comes in.  By being effectively immune to these sorts of 
attacks (software that installs itself into a trusted 
system), Linux (and other unix based system like *BSD, 
Solaris, HP/ux, and Tru64 to mention a few) is shown to 
be the truely superior security model.  

Yes, this story is indeed a Linux story - it's probably 
some of the best advertising we could ever hope to get! 

Ron Gage - Saginaw, MI
Date: Mon, 30 Oct 2000 15:44:28 -0500 (EST)
From: "Donald J. Barry" <don@astro.cornell.edu>
To: don@isc4.tn.cornell.edu, felten@cs.princeton.edu, letters@lwn.net

Dear Dr. Felten,

You'll receive dozens of moralistic letters about your team's
attack on SDMI: this is one of them.

It's convenient for scientists to hide under cover of the claim that
pure analysis is apolitical---after all, it's a lot of fun.  But there's
always a political subtext when the subject is so charged as a technology
which either affects the lives of millions or stands as a barrier between
people and millions in potential profits.  

In this case, SDMI is one part of a broad deployment of both technological
and legal barriers intended to containerize information.  Its advocates are
a distinct political entity, and its effects, in practice and in intended
function, are to eliminate, among many other things, existing standards of
fair use.

Because of this, I regard it as unfortunate that your team has chosen to
do intellectual work complementary to that of the SDMI advocates.  Ultimately,
this type of analysis, when done prior to deployment, aids and abets those
seeking to deploy practically effective technology.  It does so because you 
neglect the legal part of the DMCA which seeks to force analysis underground.  

If one's goal is to protect freedoms, in particular that of fair use, which
I hope you would share as a fellow academic, then an analysis of method 
including both the purely technical aspect and the sociological aspect of 
contributing one's art and industry is essential.  Without this sort of 
approach, one's creative labors too easily find themselves in the service 
of ends which, in the full analysis, we would oppose.


Don Barry, 
Cornell University
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds