[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


This week's LWN is a little earlier and lighter than usual due to the Thanksgiving holiday in the U.S. We'll be back at the regular time next week.

On legal DVD players for Linux. This week CNN ran an article (from IDG) entitled "Legal Linux DVD player on the horizon". We got some grief from our readers for passing through that headline unchallenged. At the time we were just pointing out the article for those who might like to see it. But, in fact, it contains a number of interesting assumptions that should be looked at.

The first, of course, is that of "legality." The LinDVD player from Intervideo mentioned in the article is certainly a legal good; it also happens to be licensed to decrypt DVDs. The problematic claim is that it is the first legal DVD player for Linux. The illegality of DeCSS (and players built using it) has not really been established even in the U.S., much less in the rest of the world. Assuming that the courts will eventually see reason, calling DeCSS illegal is, at best, a misunderstanding of the situation.

The article also suggests that, had LinDVD been available earlier, DeCSS might never have been developed. That could only be true if LinDVD were released as free software, which is certainly not the case. It is not sufficient to have a proprietary DVD player available; such a player lacks the freedom component. Why should Linux users accept a player that, in all likelihood, enforces the region code system, does not allow excerpting of films onto disk, and so on? Free software is about freedom from restrictions on what we can do with our own computers.

It is also hard to imagine a Linux DVD player that would not get reverse engineered in detail in a very short period of time. A little time spent with gdb would extract most of the secrets there were to find. The availability of a proprietary Linux DVD player may have, indeed, hastened the development of DeCSS, rather than hindered it.

The lesson from all this is that the free software community still has some educating to do. As long as the trade press can put out articles like this one without a second thought, we have not gotten our point across widely enough. Of course, examining one last statement from the article shows that things are even worse than that:

Though Intervideo is "trying to be the good guys" when it comes to copyright protection, [Intervideo VP Joe Monastiero] said that DeCSS was probably an inevitable development because of the "Unabomber types" who exist at the fringe of the computer world.

Mr. Monastiero, who would like to sell proprietary software to the Linux community, has chosen to do so by comparing Linux hackers to a technophobic nutcase who pursued his agenda by mailing letter bombs to college professors. That is, one might say, a little discourteous. But the fact that he could get a quote like that printed unchallenged in a major news outlet shows that much of the world still has not figured out what free software means. But there will come a time when the true fringe will belong to proprietary software vendors who express public contempt for their users.

LWN Comdex coverage. LWN folks Forrest Cook and Rebecca Sobol attended the Linux Business Expo and have written up their experience in detail. Check out the report for an interview with Caldera Systems CEO Ransom Love, a meeting with the iRobot, a look at the Linux-powered plotter made out of Lego blocks, and more.

Corel may be leaving the Linux business. Much press has resulted from Corel CEO Derek Burney's offhand comment that Corel may sell its Linux operation to some other company. In fact, very little is known about what Corel might really do, and a number of other alternatives are apparently under consideration. We will have to wait to see what Corel ends up really doing.

Nonetheless, it's interesting to look at this situation. Corel's move into Linux was widely considered to be a good thing for the company and for Linux both. Corel would get to ride the growing Linux wave and would have a new weapon in its continual fight with Microsoft. The Linux world would get a well-known corporate name, development support, and a distribution that would put Linux on the corporate desktop.

So what went wrong? Corel, certainly, was over-optimistic in its projections of how quickly users would adopt desktop Linux. What Corel was offering was not what many customers wanted. Yet another easy installer is a nice thing, but there are plenty of those. Selling desktop systems required providing a set of solid, well-integrated applications. Corel had hoped to fill that role with its proprietary programs, but they increasingly look like too little, too late.

Corel also set its hopes on software sales, which is an increasingly hard revenue model in the Linux world. Almost every other company operating in the Linux arena is looking for revenue sources that do not involve straight sales of software. Corel may be the real proof that the era of software as a product is coming to an end.

Linux will find its way onto the mainstream desktop, and sooner than a lot of people expect. But it is looking like Corel will not be the agent that brings it there.

Celeste Amanda Torvalds was born Monday evening - congratulations to Linus and Tove!

Inside this week's Linux Weekly News:

  • Security: Why Cover BSD? Wietse Venema wins an award, interest in biometrics grows.
  • Kernel: The elevator algorithm; playing with CML2.
  • Distributions: Esfia and RedBlue Linux, BasicLinux.
  • Development: gimpi:Gimp Images, embedded window systems, Snack sound toolkit for Python
  • Commerce: Linux stock lows, Patent Horror, EBIZ & Jones, Advantio & Orasoft
  • Back page: Linux links and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


November 23, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

Why Cover BSD?. One question that has been asked of us a few times is why we cover BSD security reports in LWN, including FreeBSD, NetBSD and OpenBSD. After all, LWN is dedicated to the Linux community, right? Well, in many ways, our community is the Free Software and Open Source community, to which the BSD operating systems definitely belong. So reporting on BSD is not totally outside our mandate. On the other hand, it could be quickly pointed out that other Free Software operating systems exist that we don't cover.

So why BSD? Well, aside from the kernel of the operating system, there is a tremendous overlap in applications between BSD and Linux. The shared Unix legacy guarantees that will continue. That means that a reported problem under OpenBSD or FreeBSD may very well impact one or more Linux distributions, if not all of them. So reporting BSD problems can give a heads-up of potential Linux problems. Of course, there are Free Software applications that overlap with other operating systems, both Free and commercial. Yet we don't cover those.

So why BSD? We've made no secret of our respect for the security work done by the OpenBSD team and their aggressive, pro-active stance on fixing bugs. We've encouraged Linux developers to review and learn from that work. We like the work that FreeBSD has done to improve its own security, including producing good quality advisories, with well-organized information. Yet that alone would not necessarily justify covering all BSD alerts.

In the end, it is the sum of those qualities above that has inspired our choice to include BSD. It is part of our goal to encourage cooperation and collaboration between Free operating systems based on the Unix model. BSD reports are sometimes the first report of a problem that we see, which may well impact Linux systems. Once we've covered some BSD reports, it seems best to provide consistent coverage, to allow people in the BSD community to benefit from the synthesis as well and to encourage free sharing of information between Linux and BSD security experts.

Most importantly, we don't want Linux to fall behind (or stay behind, depending on your perspective) the BSD operating systems when it comes to security. A healthy competition will hopefully inspire and produce better security for both Linux and BSD.

So for now, we'll continue to intermix BSD reports with the Linux reports. Whether you agree or disagree, you're always welcome to drop us a note to let us know what you think.

Forget your password -- fingerprint scans more and more common (Techserver.com). Biometric scanners are the subject of this Techserver.com article, which speaks of their growing use.

"I think people are a little bit suspicious that there will be some national database that will be put together and people will be tracked. I think that's a false fear," said James L. Wayman, an engineering professor at San Jose State University and former director of the U.S. National Biometric Test Center.

For example, fingerprint scanners do not keep the prints themselves on file, but merely record where patterns on the fingers end or change directions. That template of "minutiae points" cannot be used to re-create the original fingerprint, only to confirm that the print belongs to the right person, someone allowed to gain access.

November CRYPTO-GRAM newsletter. Bruce Schneier's Crypto-Gram for November is out. It covers digital signatures, the cracking of Microsoft, and various other security-related topics.

Wietse Venema receives NLUUG award. The board of the Netherlands Unix User Group NLUUG has chosen Wietse Venema as the recipient of their NLUUG 2000 award. "Wietse Venema receives this award as a token of appreciation for his many contributions to the community of Unix and open systems. Wietse's best known work has been targeted at improving the security of Unix systems in an internet environment. Amongst other things, he is the co-author of the security analysis tool "Satan". He is also the main author of "Postfix", a replacement for the notorious (security-wise) "Sendmail" program. His most recent work encompasses a toolkit for analyzing system status after an intrusion."

New Zealand Anti-Hacking Bill Faces Select Committee (Newsbytes). Those of you interested in security-related legislation outside of the U.S. or Europe may want to check out this Newsbytes article on proposed legislation in New Zealand. "A planned amendment to New Zealand's crime bill that would outlaw malicious hacking for the first time - while also controversially allowing security services the freedom to hack into citizens' computers and intercept e-mail and faxes - has passed through to the Government's Law and Order Select Committee".

Security Reports

cups. Two problems were reported with CUPS, the Common Unix Printing System. The first problem allowed printers served by CUPS to be accessible from anywhere on the Internet. A second bug caused CUPS to broadcast to everywhere, keeping open dial-on-demand lines. The Linux-Mandrake advisory below was our first sighting of the problem, but does not indicate whether or not this was discovered internally or reported externally.

This week's updates:

Vixie cron problems. Systems using vixie cron where the /var/spool/cron directory is given permissions 755 are vulnerable to a symlink attack that can be exploited to allow the execution of arbitrary commands. Check Michal Zalewski's original post or BugTraq ID 1960 for more details.

Debian systems and systems where vixie cron has been installed manually appear to be the most likely to be vulnerable.

A workaround is to reset the permissions on /var/spool/cron to 700.

This week's updates:

  • Debian
  • Slackware, unofficially reported not vulnerable (does not use vixie cron)
  • Linux-Mandrake, unofficially reported not vulnerable (correct permissions)
  • FreeBSD, unofficially reported not vulnerable (except to group wheel)
  • Red Hat and Red Hat-derived distributions, unofficially reported not vulnerable
Previous updates:
  • SuSE, not vulnerable (November 16th)

joe symlink vulnerability. A symlink vulnerability in the joe editor was reported this week (and a slight correction to the original report as well).

This week's updates:

ethereal buffer overflow. A buffer overflow in the ethereal network protocol analyzer was reported this week. The buffer overflow is very similar to the recently reported buffer overflow in tcpdump. ethereal 0.8.14 was released this week with a fix for the problem.

This week's updates:

gnomehack buffer overflow. An exploit for gnomehack was published this week. It uses a buffer overflow in gnomehack to gain egid games (presuming gnomehack is setgid games). It was commented that this same vulnerability likely exists in nethack as well. Check the SecurityPortal Linux Security List for the published exploit.

FreeBSD deny_incoming problem. FreeBSD reported a problem with ppp under FreeBSD only, where the behavior of the ppp code is inconsistent with its documentation. In particular, the use of deny_incoming is likely to produce unexpected, and potentially unfortunate, results. A patch to correct the problem is provided, though it is also recommended that a true packet filter be used instead.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

  • dcforum, a remote input validation vulnerability was reported and a vendor patch is available.
  • Dnstools version 1.10, a fix for a format string vulnerability was incomplete.
  • CGIForum 1.0 is vulnerable to a directory transversal problem. The author has been notified.
  • AdCycle banner management system, denial-of-service vulnerability and exposure of management passwords. A workaround is provided. It is believed that this vulnerability is being actively exploited.
  • Quikstore Shopping Cart, exposure of web-server files. The vendor has been notified and a fix is promised soon.
  • Big Brother CGI scripts prior to v1.5d3 can be used to view sensitive files or gather the names of valid accounts. A patch to fix the problem has been made available by the vendor.

Commercial products. The following commercial products were reported to contain vulnerabilities:

Updates

Local root exploit problem in modutils. Check last week's Security Summary and Kernel Page for the original report and details.

Modutils 2.3.20 was released this week. This version fixes the various local root compromise vulnerabilities found in all recent versions of modutils; an upgrade is recommended - even if you just upgraded to 2.3.19, which only fixed some of the problems. Expect the distributors to come out with packaged versions shortly.

This week's updates:

Previous updates:
  • SuSE (November 16th, partial fix only)

Hostile server vulnerability in OpenSSH. Check the November 16th LWN Security Summary for details. Upgrading to 2.3.0 is recommended.

This week's updates:

Previous updates:

BIND 8.2.2-P5 denial-of-service. A denial-of-service vulnerability was reported in BIND 8.2.2-P5. Check the November 9th LWN Security Summary for the initial report. BIND 8.2.2-P7 was released last week with a fix for the problem.

This week's updates:

Previous updates:

Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.

This week's updates:

Previous updates:

vlock vulnerability. Originally reported in the November 9th LWN Security Summary, vlock, a virtual console locking problem, was reportedly unlockable by an unprivileged user. Wichert Akkerman dropped us a note this week to confirm the problem, but only when pam_pwdb was used. Debian, for example, uses pam_unix and is therefore not vulnerable.

This week's updates:

Previous updates:
  • Red Hat 6.x, unofficially reported not vulnerable
  • SuSE, not vulnerable (November 16th)

quake server denial-of-service. Check the November 9th LWN Security Summary for the original report (or BugTraq ID 1900). This week, ProQuake 1.02 was released with a fix for this problem.

Multiple buffer overflows in tcpdump. Multiple buffer overflows in tcpdump were reported in our November 2nd edition.

This week's updates:

Previous updates:

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

Previous updates:

curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported in October.

This week's updates:

Previous updates:

Format string vulnerabilities in PHP. Check the October 19th LWN Security Summary for the original report. PHP 3.0.17 and 4.0.3 contain the fixes for these problems.

This week's updates:

Previous updates:

Pine/IMAP buffer overflow vulnerability. Check the October 5th LWN Security Summary for the initial report. Pine 4.30 contains a fix for the problem. Note, some of the updates below contain only pine updates, while others include both pine and imapd updates.

This week's updates:

Previous updates:

thttpd exposes world readable files. Check the October 5th LWN Security Summary for the original report.

This week's updates:

mgetty temporary link vulnerability. Check the August 31st Security Summary for details. An upgrade to mgetty 1.2.22 should fix the problem.

This week's updates:

Older updates:

man/makewhatis vulnerability. A /tmp file vulnerability was reported in makewhatis versions 1.5e and higher. Check the July 6th LWN Security Summary for the original report.

This week's updates:

Previous updates:

Resources

CERT Summary. The November 20th CERT Summary has been published. rpc.statd and ftpd lead the list of problems which continue to be actively exploited, while the recent bind problems have been added to the list, even though no reports of their exploitation have been received yet.

Weekly Security Tools Digest (SecurityPortal). For updated security tools, a good place to check would be SecurityPortal's Weekly Security Tools Digest.

Events

Upcoming security events.
Date Event Location
November 26-December 1, 2000 Computer Security 2000 and International Computer Security Day (DISC 2000) Mexico City, Mexico
December 3-7, 2000. Asiacrypt 2000 Kyoto, Japan.
December 3-8, 2000. LISA 2000 New Orleans, LA, USA.
December 10-13, 2000. INDOCRYPT 2000 Calcutta, India.
December 11-15, 2000. 16th Annual Computer Security Applications Conference New Orleans, LA, USA.
December 20-21, 2000. The Third International Workshop on Information Security University of Wollongong, NSW, Australia.
December 27-29, 2000. Chaos Communication Congress Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


November 23, 2000

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.4.0-test11. The -test11 release was announced on November 19; it contains a great many fixes. Among other things, a longstanding PCMCIA problem has been fixed; with luck, the much-maligned 2.4.0 PCMCIA implementation is finally stabilizing. In general, 2.4.0 is getting closer to a releasable state.

There is no 2.4.0-test12 prepatch available as of this writing. Alan Cox has come out with 2.4.0-test11-ac1 which contains a whole set of fixes that, for one reason or another, have not yet made it into the official Linus tree.

The current stable kernel release is still 2.2.17. The 2.2.18 prepatch is up to 2.2.18pre22. Some outstanding issues remain, so the 2.2.18 prepatch series is not done yet.

Riding the elevator. Discussion of the Linux elevator algorithm resumed this week with this posting complaining about occasional request starvation. That seems like as good a cue as any to look at how the 2.4.0 elevator works, so...

The job of the elevator is to sort I/O requests to disk drives for maximum performance. These algorithms have traditionally worked by keeping the disk head moving in the same direction for as long as possible, in a way similar to the way normal building elevators work. Sorting requests in this way, it is hoped, minimizes head movement (which is expensive) and insures that every request will be satisfied within a reasonable time period.

The Linux elevator does not currently work quite this way - and it occasionally produces results that are similar to those of the elevators in Les Suites at the Ottawa Linux Symposium. Whether you are a pending disk I/O request or an OLS attendee heading to dinner, starvation is a real possibility.

The problem on the Linux side is twofold. The first is that the system currently does not use a pure elevator; it will put requests with a low sector number at the top of the queue regardless of the current head position. Doing things this way was a deliberate design decision. The second problem is one of simple tuning of the code which is intended to prevent starvation.

Every request in the queue contains a sequence number; every time that request is passed over (another request is put ahead of it) that sequence number is reduced by one. When the sequence number reaches zero, the request has waited too long and will have no other requests placed in front of it. That should be sufficient to prevent request starvation, except that the default sequence numbers in 2.4.0-test11 are 1,000,000 for read requests, and 2,000,000 for writes. By the time an I/O request is passed over a million times, it will have been waiting for a very long time.

Help is available in the form of the elvtune utility, written by Andrea Arcangeli. elvtune was added to the util-linux package in version 2.10h. For now, the only thing you can do with elvtune is query the read and write latencies (default sequence numbers) and set them; Andrea recommends values of 500 and 1000, respectively. The longer-term plan is clearly to make it possible to plug in different elevator algorithms entirely, but that has not been implemented at this point.

For most system loads out there, playing with the elevator parameters will not change things much. The system must be generating enough I/O requests to create a reasonably full request queue, and those requests must be spread out over the disk. Big, busy servers may well benefit from elevator tuning; the typical desktop user will be hard put to see a difference.

LWN did some highly scientific tests to try to determine the effects of elevator tuning. They were: (1) build the kernel with make -j 10, (2) copy a 1GB file, and (3) compare the 1GB file and its copy. The results were as follows:

Test Read/Write
latency
Clock time
Kernel
compile
1M/2M3:58
500/10003:54
0/03:48
Copy 1M/2M7:17
500/10007:15
0/07:37
Compare 1M/2M10:00
500/100010:01
0/08:16

The results, clearly, are mostly in the noise, with one interesting exception. With the latencies set to zero (essentially disabling the elevator) the compare operation went much faster.

(Those wanting to install elvtune will likely have to build it by source, since a number of distributions have a version of util-linux which is too old to have it. The source is available from kernel.org. Beware, though, that completely reinstalling util-linux has a high probability of breaking your system if you are not careful; it's probably better to build and install elvtune only).

O'Reilly launches new Linux kernel book. O'Reilly and Associates has announced the availability of Understanding The Linux Kernel, by Daniel P. Bovet and Marco Cesati.

A look at CML2. Eric Raymond's CML2 language is intended, by Eric at least, to replace the current kernel configuration and build system in the 2.5 development series. The busy folks down at LWN Labs finally got it together to pull down cml2-0.8.3 from the CML2 site and give it a try.

Eric has publicly expressed a desire to see more people playing with the CML2 system. A this stage, however, it isn't really set up for casual experimentation. The CML2 tarball unpacks into a directory full of Python code and a basic README file. People accustomed to kernel add-ons might expect a patch that can be applied to hook CML2 into an existing kernel tree, but no such thing exists. For now, CML2 has to be run separately, with the resulting configuration file being copied into a kernel tree for building.

The process starts with a 2800 line kernel-rules.cml file describing all of the various kernel configuration options and how they relate to each other. It's fairly dense stuff, if you dig into it. A brief example:

    menu eth_3com_drivers # 3Com Ethernet cards
        EL1? EL2? ELPLUS?
        EL16? EL3? ISA3C515?
        ELMC? ELMC_II? VORTEX?
        APOLLO_ELPLUS?
Most people are unlikely to want to venture too far into this file - but then, very few people were interested in messing with the old Config.in files either.

The first step is to compile this file into a binary format for the other tools. This process took about 30 seconds on a Pentium 450 system - long enough that some people will certainly complain. Then you can run the cmlconfigure program, which will actually take you through the options and build a kernel configuration. This program supports the customary three modes of configuration - simple TTY mode, curses menu mode, and a graphical, window-oriented mode. It does not appear to have an equivalent of the important "make oldconfig" mode, however.

cmlconfigure needs some work. It has 15 options but no documentation of what they do (update: there is a cml2.sgml file with documentation that your inept editor missed the first time through). It complains if you don't specify a "macro file," but it's unclear what such a file would do. The graphical mode continually resizes its window, and requires a lot of "back" navigation. The defaults on many of the options make little sense. And so on - all stuff that can be worked out without too much trouble.

It produces a perfectly fine kernel configuration file at the end.

CML2 has most of what it needs to become the new kernel configuration scheme once the 2.5 series starts. The main thing remaining at this point is a Makefile patch that will enable prospective users to simply plug it in and type make config. And a bit of user interface work. Once it's easy to play with, people will see that it simply works and the only remaining issue will be whether certain kernel hackers will be able to get over having a Python-based tool in the kernel build process.

Other patches and updates released this week include:

  • Adam Richter has released isapnpmodules, a program which will figure out which modules correspond to ISA PNP devices installed on the system.

  • Jeff Garzik released a guide to submitting kernel patches, otherwise known as "The Unofficial Linus HOWTO."

  • Jeff Dike has updated user-mode Linux to 2.4.0-test11.

  • A new DC10plus video capture card driver was released by Serguei Miridonov.

  • Mikael Pettersson has announced version 1.6 of his x86 performance monitoring counters driver.

  • ulogd 0.9, which implements advanced logging in netfilter, was released by Harald Welte.

Section Editor: Jonathan Corbet


November 23, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

New Distributions

BasicLinux. BasicLinux is a multi-purpose mini-Linux that boots from CDrom, hard drive, or floppy (both 3.5" and 5.25"). The 2mb package provides the usual rescue/repair tools, but it can also dial an ISP and browse the net, or act as a router/firewall. BasicLinux provides a lot of functionality in a small footprint, and it would be a good introductory Linux "for a DOS dinosaur".

New kid on the embedded Linux block. LinuxDevices covers Esfia, a Taiwan-based embedded Linux software company and its RedBlue Linux operating system. "The Esfia RedBlue Linux operating system is an 'embedded Linux' distribution that will pave the way for future wireless communication solutions. Derived from the pre-release Linux 2.4 kernel, Version 1.0 of RedBlue Linux will include plug-and-play USB support and other features of importance to the rapidly emerging embedded Linux marketplace".

General-Purpose Distributions

Linux-Mandrake News. Da Linux French Page (linuxfr.org) has put up an interview (in French) with several folks from MandrakeSoft. The interview is long (some 50 questions) and covers a wide range of topics. A partial English translation is available via Babelfish.

SuSE Linux News. SuSE Linux AG announced that SuSE Linux 7.0 Professional Edition has received the "Best Server Solution" award in the 2000 Penguin Playoffs competition hosted by Linux Journal magazine. SuSE Linux 7.0 Professional includes preconfigured installation packages for creating Linux servers for web, print, email, and databases, as well as an extensive set of applications to support networking and Internet functions.

ComputerWeek is carrying a German language interview of SuSE CEO Roland Dyroff. It covers mostly business-oriented issues. English text is available via Babelfish.

Red Hat News. Compaq Computer Corp. announced the availability of ProLiant servers pre-installed with Red Hat Linux 7.0 on the ultra-thin ProLiant DL360 and the ProLiant ML330 server models.

Debian News. Debian was mentioned in a couple of awards this week, including its receipt of the Readers' Choice in the Infrastructure category at the Web Tools 2000 Conference and Exposition. Debian was also mentioned when VA Linux Systems announced they had won the 2000 Linux Journal Editors' Choice award for 'Best Web Server' with its VA Linux 2200 server running Debian GNU/Linux.

Debian news tidbits this week include the announcement of the new Debian help site, where you can ask questions and receive answers, and a contest for the best logo for the Debian Jr project.

For more Debian news, check out the Kernel Cousin Debian for November 16th and the Kernel Cousin Debian Hurd for November 15th. Due to our early publishing schedule, the Debian Weekly News for this week is not yet available.

Slackware News. The Slackware development tree changelog shows a generous helping of library fixes this week, including glibc and ncurses.

LibraNet 1.8.1 released. Jon Danzig dropped us a note to let us know that LibraNet 1.8.2 was available and now contains KDE 2.0 and Mozilla M18, among other goodies. LibraNet is based on Debian GNU/Linux.

Embedded Linux

e-smith Server and Gateway. e-smith, inc announced that the e-smith Server and Gateway, the company's flagship product, has edged out over 500 applicants to be selected as one of only 60 innovative products to be reviewed at the CRN Test Center at COMDEX Fall 2000 in Las Vegas. The e-smith server is based on a customized version of Linux.

Mini/Special Purpose Distributions

Coyote Linux News. Coyote Linux v1.22 has been released and is now available. This is a bug fix release and represents the latest stable release of Coyote.

floppyfw News. We received a note from Thomas Lundquist , maintainer of floppyfw. This floppy distribution is alive and well. The second development tree (1.9) is the 2.4/IP tables development tree. It is now at its second release, 1.9.2, so floppyfw now has a kernel 2.4(-test10), IP tables 1.1.2 and glibc 2.1.3 version. And everything is one single floppy, as usual.

Linux for Windows. Macmillan USA announced Linux for Windows. Linux for Windows is based on Linux-Mandrake 7.2, and provides users web browsing, email and a full suite of office software with K Office.

Section Editor: Liz Coolbaugh


November 23, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


Browsers

DOM Core Level 2 Conformance Tests. Bob Clary has put together as set of DOM Core Level 2 Conformance Tests which use the JavaScript bc TestFrame class to test browser functionality.

Databases

OraSoft tools to be supported by Advantio (Gnotices). Gnome's Gnotices has noted that a commercial entity known as Advantio has been set up to support Orasoft, the GPL licensed suite of Gtk and GNOME tools that interface to Oracle databases.

Education

Linux in Education Report for November 20th. Issue number 33 of the Linux in Education report is now online. Topics in this release include a discussion on the problems with finding true desktop publishing software and links to tools like TypingKoach, a typing tutor; and KQuick, a language translator.

Fabula project seeks help (mozDEV.org). Fabula is a Mozilla based program that consists of a reader and a maker. "Fabula is an easy-to-use program which allows children and teachers to create their own bilingual, multimedia storybooks complete with digital photos." Mozilla.org is looking for someone to take over the development and web page maintenance for the Fabula project, see the Fabula Contacts Page for more info.

Math War teaches math skills. Now your kids can learn math skills in the context of a Linux game with Math War. "MathWar is more or less like playing with flash cards, with the exception that there is a computer player who can attempt to answer if the human player is too slow. A game of MathWar consists of a set number of rounds. A round consists of two cards and a mathematical operator (add, subtract, or multiplication). The first player to guess an answer for a round gets that rounds point if the guess is correct. Otherwise, the correct answer is displayed, and no points are awarded."

Electronics

New gEDA PAL software: Icarus PAL (gEDA). The gEDA project has announced a new project, Icarus PAL. Icarus PAL aims to bring PAL software to the open-source world. Currently, it only supports the 22v10 PAL devices and can read JEDEC files. "My plan, as I'm sure you are aware, is to make an Icarus Verilog target module that makes uses this toolkit to generate 22v10 designs. We use a lot of 22v10 parts in my day job, so this is something *I* might even use:-)"

Embedded Systems

Embedded Linux GUI/Windowing Quick Reference Guide (LinuxDevices.com). LinuxDevices.com posted a reference guide for graphical interfaces suitable for use in embedded Linux devices. The guide lists numerous alternatives to the standard X Windows server/Toolkit UI used on desktop Linux systems. Most entries in the guide include typical memory footprints.

ThinkNIC modifications online. ThinkNIC, the Internet computer from Larry Ellison, has posted the list of changes and links to updated source for the GPL code in their Linux based system. A link to an ISO image for their 1.2 CD is also provided.

While not officially open to resellers due to the low profit margins on the base system, the company apparently is open to the possibility of value added resellers. (Thanks to Jay R. Ashworth.)

Network Management

OpenNMS Volume 1, Issue 35. The November 21, 2000 issue of the OpenNMS Update has been published. Topics include the current code freeze for the upcoming 4.0 release, stress testing, and giving some yearly thanks to those who deserve it.

Office Applications

Eazel Nautilus Preview2 impresses, frustrates (ZDNet). ZDNet takes a look at the 0.5 Preview2 release of the Eazel Nautilus file browser. "In use, Nautilus is flexible and fun. The user can quickly change themes and can further customize appearance by dragging and dropping color swatches and background images onto various Nautilus panes. Dragging two swatches onto opposite sides of the pane results in a gradient fill. The vector-based graphics theme is especially interesting, with its curvy icons."

gimpi: Gimp images group formed. An eGroup known as gimpi has been formed recently. The purpose of Gimpi is to exchange images that are created or manipulated with the Gimp.

On the Desktop

From the Desktop: I Stands For Ice, Ice, Baby and Intro spection (LinuxPlanet). IceWM is a GNOME compliant window manager which is now the default for Debian distributions. LinuxPlanet takes a closer look at IceWM. "Some particular strengths of this interface are the taskbar and an easily configurable collection of setting files in ~/.icewm. Using some clearly written documentation available on the IceWm site, I was able to quickly get things set up the way I wanted them."

GNOME on the Road; Rolling out the Red Carpet (LinuxPlanet). Linux Planet covers the portable version of GNOME with a discussion of Helix Code's Red Carpet package installer and the basic mail, graphics, and PIM desktop tools that GNOME provides. `Pronto's big strength is filtering. It handles this on a level we don't often see with other mail clients, with support for the normal globbing characters many are used to, or full Perl regular expressions for people looking for fine control. It also features virtual folders, which allow you to search for keywords or expressions and "can" the search into a folder for easy access without having to move mail around between them.'

On Writing A Bonobo Control. Dirk-Jan C. Binnema recently posted a tutorial on writing Bonobo Controls. Bonobo is the component model of the GNOME project and Controls are user interface components that are accessed via CORBA.

GNOMEnclature: Intro to Bonobo (IBM developerWorks). George Lebl continues his discussion on the Bonobo component architecture for GNOME in his IBM developerWorks column. "Components can also be used for things that have nothing to do with the user interface. A component for editing the password file, for example, can be used in the user administration application. In this case, the password file can be an abstract interface (which you wouldn't have to parse or write)."

Pango Status Report. Owen Taylor has posted an update to Pango, the project designed to abstract text rendering and layout issues from widget sets. Pango is an offshoot of GTK+/GNOME, although it is not tied to either project. This update is in association with the recent GTK+/Glib 1.3.2 developer releases.

Science

Stallman Replies to VistA Licensing Issues (Linux Med News). Linux Med News has posted a note from Richard Stallman concerning a licensing controversy with the VistA medical source code project. "I am not a lawyer, but I have spoken extensively with lawyers about copyright questions. Presuming that the VistA software is in the public domain, if you combine it with a GPL-covered program you must release the combination *as a whole* under the GPL. Using the VistA code in this way is allowed because public domain status permits practically anything."

FreeMed 0.2.0 (Phoenix) Released (Linux Med News). Linux Med news reports on the release of FreeMed 0.2.0. FreeMed is a GPL licensed Medical Record and Practice Management system with a web based interface.

Web-site Development

Zope Weekly News. Here is the Zope Weekly News for November 16. Documentation issues seem to be at the top of the agenda again.

Zope 2.2.3 released. Zope 2.2.3 has been released, see the announcement for details. This is a bugfix release. The 2.2.3 release was quickly followed by Zope 2.2.4 beta 1, which addresses some permission problems in 2.2.3. (Thanks to Paul Hewitt).

Section Editor: Forrest Cook


November 23, 2000


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


ERLANG

Updated XML tools for ERLANG. The ERLANG home page lists updated versions of the ERLANG's XMLtools and the verifying XML parser.

Java

Connection Pools (IBM DeveloperWorks). Siva Visveswaran has written an article on Java Based Connection Pools. This technique is used for sharing server resources among clients.

Make room for JavaSpaces (IBM DeveloperWorks). Susanne Hupfer writes about distributed data structures in Java. "The design of any space-based application typically revolves around one or more distributed data structures. These are data structures that exist in a space where multiple processes can access and work on them at the same time -- something that is often difficult to achieve in distributed computing models."

Perl

Perl5 porters for November 13-20, 2000. The Nov 13-20 Perl5 Porters digest is out. Topics covered include fixing the Regexp Engine, UTF8 and Charnames, and PerlIO, among other things.

PHP

PHP Weekly Summary for November 20, 2000. The November 20, 2000 issue of the PHP Weekly Summary is available. PHP CVS updates are discussed, as are OpenSSL encryption functions, a PHP versioning scheme, and a formal PHP language specification.

Python

Dr. Dobb's Python-URL! (November 20th). This week's Python-URL! is out. Topics include a comparison of Ruby and Python, and a discussion on turning lists into dictionaries with the tuple package.

Python-dev summary. Here is A.M. Kuchling's Python-dev summary for November 15. The Python developers are starting to look forward to the 2.1 release, and this summary covers some of the ideas that they are considering.

Programming with Python - Part 3: Extending Python (Linux.com). In this third issue of a continuing series Jason Tackaberry looks at the extensibility and embeddable nature of Python. "When you're programming strictly with Python, you don't have to worry about the particulars of reference counting, except to avoid cyclical references. Programming with Python/C is a different story, however. If you forget to decrement an object's reference, memory will be leaked, destructors won't be called, and the result will be a broken mess."

Snack Sound Toolkit 2.0.3 released. Version 2.0.3 of the Snack Sound Toolkit for Python has been released. This version includes bug fixes, better documentation, and an improved test suite.

Tcl/tk

Dr. Dobb's Tcl-URL! (November 20th). This week's Tcl-URL! is out. Topics include a discussion on the signficance of Postscript and another on module packaging alternatives.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


Linux lows are an investment in the future. If, like me, you own stock in one or more Linux companies, this year you've probably considered selling a kidney to break even. Things look bleak when viewed from Wall Street. One the other hand, the dot-coms are probably in worse shape than the Linux stocks. At least none of our better known (re: once high flying) public companies has folded yet.

Yet despite the dreary appearance of stocks, there is room for hope. In fact, there is room to be downright giddy. Over on C|Net, J. William Gurley took the wrappings off the silver lining in this bear of a market. In his article A Great Time for Building Great Companies he says:

The race we just ended was, in the end, unsustainable. Most investors that had seen a few cycles before likely knew this in the back of their minds, but had no incentive to mention anything. The conservative ones that cried wolf in 1994 and 1995 were run over and left behind.

When everyone jumped on the Linux Bandwagon, the euphoria that drove stocks to the unsustainable highs was based on the dot-com boom. As Gurley says, no one wanted to deny the boom - those that did missed the money. But that euphoria had no basis in reality. It was based on perception - the Internet is the next big wave so anyone involved with it must be a big money making machine. Yeah, right.

Does making a business off of free software make sense? Ask yourself this - what's more irrational - Drkoop.com paying AOL $89million so AOL could use Drkoop's content or Red Hat building a product and services business on free software? Valuations of dot-coms, and eventually Linux companies, left out the most traditional method of income: product. Dot-coms bet their futures on people paying for information. But information is free (consider those institutions known as "Libraries"). Linux companies can provide product. Not just Linux itself, but value added applications, enhancements, environments, platforms and services. Linux is not dot-com.

Later in his article, Gurley says:

Truly great companies aren't built by the greedy, but by the passionate. ... Today's market is a great filter for finding passion-driven entrepreneurs. It's really not about the money.

The passion that spurred the rise of Linux initially has never left. It remains in the surge of adrenaline that you see in places like SourceForge. Products arise from the open source world to build new companies on modified business models - models that still rely on product, not just information. But the soul of these new companies isn't in the money, it's in the work. Open source builds product. Dot-coms seldom do.

Savvy companies that adapt quickly and conserve capital may find themselves in a position with few to no competitors.

Linux companies will survive as long as they conserve capital. With valuations down, the ability to spend based on stock is severely limited - companies need real revenue. Fortunately, most of the bigger names can generate real revenue. And in the end, their stock prices will rise because of that revenue. From the revenue, they will invest in the next big project - perhaps a vector based page layout application. As a writer (and an investor) I can only hope.

The European Software Patent Horror Gallery. A group called The Association for the Promotion of a Free Informational Infrastructure has announced the creation of the 'European Software Patent Horror Gallery', a database of software patents which have been granted in Europe. "This database shows that software patents granted by the European Patent Office are even more trivial than software patents granted in the United States." It was unveiled on November 21 in Munich, with Richard Stallman there as a special guest.

VA Linux meets lowered earnings estimate (News.com). After warning earlier this month of lowered earnings, news that sunk their stock price to an all time low and carried other Linux stocks with it, VA Linux reported losses in line with revised estimates of 15 cents a share.

Red Hat Joins Standard 100. According to a Red Hat press release, the Linux distribution and services company was added on Monday to The Standard 100, a stock index of 100 Internet related firms.

EBIZ acquires Jones Business Systems. EBIZ has announced the signing of an agreement to buy Jones Business Systems, a "white box" computer manufacturer. Jones is selling for 8.3 million shares of EBIZ stock, which is worth just over $6 million at current prices. It is claimed that the resulting company will have $50 million in revenue.

Meanwhile, EBIZ also released its quarterly report. The company brought in $2.4 million in the quarter ending September 30 - down from $5.6 million in the same quarter last year. The drop is attributed to a new focus on higher-end Linux systems, rather than cheap Windows boxes. And, in fact, the result was a small increase in the company's gross profit.

Music software company releases Linux product. MusicMatch, Inc. released a WINE based music jukebox player/recorder for Linux. The package is free for download from their web site.

Macmillan USA Announces Release of Linux for Windows. Macmillan USA has released their latest version of Linux for Windows, the Linux-Mandrake based distribution for Windows users.

D.H. Brown Rates VA Linux Systems as No. 1 in Linux Strategy and Solutions. VA Linux Systems, Inc. (LNUX) announced that D.H. Brown Associates, Inc. (DHBA), a research and consulting firm, has rated VA as No. 1 in overall Linux strategy in DHBA's recently released multi-client study on "Linux Strategies and Solutions."

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • Advantio (GODFREY, IL) has been set up as a commerical entity around the Orasoft suite of Gtk and GNOME based tools for use with Oracle databases.

  • Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C. and SUNNYVALE, Calif.) announced with nBand Communications, Inc., a broadband wireless technology company, a port of the Red Hat GNUPro embedded development tools to nFlex, nBand's broadband wireless communications processor.

Commercial Products for Linux

  • Aladdin Knowledge Systems (CHICAGO) announced the release of HASP CD9 software for the HASP4 hardware-based software protection system that offers high-level security for Linux developers.

  • 3-G International, Inc. (SPRINGFIELD, Va) announced the release of Passage 3.0, an enterprise security solution that supports the Linux platform.

  • Verplex(TM) Systems, Inc. (MILPITAS, Calif.) unveiled BlackTie functional checker, a full-chip, multi-million gate capacity tool for the verification of system-on-a-chip (SOC) designs. This release includes a Linux version.

  • Nitrosoft LINUX (OTTAWA) announced the release of its e-Management software, N-able IT Monitor. N-able IT Monitor monitors your hardware and software server activity and provides real time statistical information.

  • Trustix AS (TRONDHEIM, Norway) announced the release of the eBusiness Systems management tool for Linux, XPloy 2.0.

Products and Services Using Linux

  • Inter-Con/PC, Inc. (LAS VEGAS, Nev.) announced that the company has chosen DiskOnChip, from M-Systems, as the local storage device for its Linux-based CyberSpider TV set-top box, a personal Internet computer device that uses a television as the monitor and includes a wireless keyboard.

  • Mission Critical Linux, Inc. (LOWELL, Massachusetts) and Panasonic announced that Panasonic DVD-RAM drives, and Terabyte libraries configured with the drives, support Mission Critical Linux's Convolo Cluster solution.

  • Neoware Systems (KING OF PRUSSIA, PA) introduced NeoLinux 2.0, the latest version of its embedded Linux operating system, at Comdex Fall 2000.

  • ThePlanet.com (DALLAS) launched a server appliance data center explicitly for Cobalt RaQ products from Cobalt Networks, Inc.

  • Zelerate, Inc. (SAN MATEO, Calif.) unveiled its Partners in Education Program (PEN) by announcing that DePaul University and Indiana University will offer e-commerce classes featuring the Zelerate AllCommerce application in Spring 2001.

Products with Linux Versions

  • Computer Associates International (ISLANDIA, N.Y.) announced the latest release of version 2.4 of its Unicenter TNG eBusiness management solution. This release now includes support for Red Hat, Caldera, SuSE and TurboLinux.

  • CyberTeams, Inc. (MT. AIRY, MD) announced the beta release of version 2.0 of the lite version of its WebSite Director product line. This new release includes significant enhancements, including User Interface Improvements, User-specific Working Directories, an integrated Mime Types Editor, and Dynamic Content (ASP, JSP, PHP, etc.) support. WebSite Director lite is available for Linux platforms.

  • MATRAnet, Inc. (REDWOOD SHORES, CA) announced the availability of M>WebTouch 3.0 on Linux and Oracle 8i release 2.

  • NetPlane Systems (DEDHAM, Mass) announced availability of the PowerCommunications Development Environment (aka PowerCode) for testing new communications software systems.

  • RAM Mobile Data (UTRECHT, Netherlands) has chosen BakBone Software's NetVault storage management software to safeguard applications and data for transportation companies throughout the Netherlands.

Java Products

  • Empower Interactive Group Ltd. (LONDON) released its Java-based Empowered WAP Gateway to the open source community.

  • Franz Inc. (BERKELEY, Calif.) shipped its newest cross-platform Lisp and Java development environment, Allegro CL 6.

Books and Training

  • New Horizons Computer Learning Center (SANTA ANA, Calif.) announced it will provide training to clients based on content developed by Sair Linux Inc.

  • Viking Systems Inc. (PHOENIX) announced that founder and President Evan Blomquist has become the first SAIR Linux/GNU Certified Instructor in the world. Blomquist also has a seat on the SAIR Linux/GNU Advisory Board.

Partnerships

  • NetNation Communications, Inc. (VANCOUVER, B.C) was selected by GlobalMedia.com to host twelve Internet broadcast radio stations.

  • Sangoma.com (TORONTO) announced its partnership with Tech Data Canada where Tech Data will distribute sangoma's line of connectivity hardware and software products for networks and Internet infrastructure.

  • Software AG and Birdstep Technology ASA (SAN RAMON, Calif. and OSLO, Norway) announced a partnership to permit the exchange of information between Software AG's Tamino XML database and Birdstep's DataBase Engine on hand-held platforms.

  • TeamLinux (DAYTON, Ohio) announced a strategic partnership with Bruewer Woodwork.

  • Texas Instruments Incorporated (HOUSTON) entered into an agreement with Jungo Software Technologies Inc. to add Jungo's Linux residential gateway software onto TI's broadband Bluetooth-enabled cable modems.

  • TimeSys Corporation (PITTSBURGH) and GoAhead Software announced they will be offering a software solution for complex telecom and Internet systems. As part of this agreement, TimeSys will also be joining the GoAhead Integration Alliance (GIA).

Investments and Acquisitions

  • EBIZ Enterprises Inc.(SCOTTSDALE, Ariz.) announced it was acquiring Houston based JBSi (Jones Business Systems, Inc.).

  • Firstwave Technologies, Inc. (ATLANTA, Georgia) announced plans to acquire Optomi, Inc., a provider of B2B e-commerce solutions.

Financing and Financial Results

  • GlobalMedia.com (VANCOUVER, British Columbia) announced that it has signed definitive share purchase agreements for the purpose of raising US$1 million from Standard Radio Inc. (with participation from two of its executive officers, Gary Slaight and David Coriat) and from Jeffrey Mandelbaum, Global Media's Chairman, President and CEO. In connection with the current financing, GlobalMedia's Board of Directors has been restructured.

  • VA Linux Systems (FREMONT, Calif.) reported record revenue of $56.1 million for the fiscal first quarter, 2001, ended October 27, 2000, an increase of 278% compared to the same period of fiscal 2000 and an increase of 11% compared to the prior fiscal quarter.

Personnel

  • GlobalMedia.com (VANCOUVER) announced that Board Member Barr Potter has joined the company as President and Chief Operating Officer.

  • RidgeRun, Inc. (BOISE, Idaho) announced the appointment of Rudy Prince as CEO and Chairman of the Board. Additionally, Rick Seger has been appointed Vice President of Business Development.

  • Sangoma.com (TORONTO) announced the appointments of Gary Collins as its President & CEO, and Michael Hubbert to its Board of Directors.

  • TeamLinux Corporation (DAYTON, Ohio) appointed Yit K. Lee as its new Chief Operating Officer.

  • Xybernaut Corporation (FAIRFAX, Va.) announced Tod R. Rehm has joined the company as President and COO and Dewayne Adams has joined the Company as Chief Strategy Officer.

Other

  • Compaq Computer Corp. (HOUSTON, TX) announced the offering of their ProLiant Servers preinstalled with Red Hat 7.0.

  • Enhanced Software Technologies, Inc. (PHOENIX, AZ.) announced that HP Ultrium Tape Drives have been certified to be Linux compatible.

  • knowledgelinx Inc. (OTTAWA) announced that knowledgelinx 2000, a Web-based knowledge-sharing and management software application, is available immediately.

  • Merlin Software Technologies (BURNABY, British Columbia) unveiled a new look on its web site.

  • The New Internet Computer Company (SAN FRANCISCO), the company backed by Oracle CEO Larry Ellison, announced a limited time price cut on its NIC bundle to $319.98.

  • TimeSys Corp. (PITTSBURGH, PA.) announced the launch of its Japan-based sales and support office, TimeSys Japan, K.K. Located in suburban Tokyo in the college-town of Kichijoji.

  • Turtle Beach Systems (LAS VEGAS) began taking orders for its home-networked digital audio appliance, the AudioTron. It is compatible with all major operating systems, including Linux.

  • Xybernaut Corporation (FAIRFAX, Va.) provided a summary of highlights of the Comdex 2000 show held in Las Vegas, Nevada.

Section Editor: Michael J. Hammel.


November 23, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


KDE League

.comment: Weaseling a Good Idea (LinuxPlanet). Here's an opinion piece on LinuxPlanet on the KDE League. "The fact that many of the backers of the Gnome Foundation are also involved in the KDE League suggests that after their two decades with a Microsoft monopoly they do not wish to be stuck with a single desktop now that they see Linux as the key to the iron-clad-locked chains of Redmond. And it couldn't come at a better time."

IBM, KDE Relationship Deepens (LinuxNews). The IBM, KDE and ViaVoice partnership is getting more deeply entwined. LinuxNews interviews Sheila Harnett, the Technical Lead in IBM's Linux Technology Center. "The choice to enter the KDE League and encourage development on that desktop does not indicate exclusivity, Harnett said. 'We are also a part of the GNOME Foundation, and the intent of both of those organizations is to help promote each of those desktops,' she explained."

KDE League looks much like Gnome Foundation (Upside). Upside has posted a look at the KDE League. "If imitation is the sincerest form of flattery, Gnome developers must be feeling pretty flattered right now."

Open Source Applications

Free Radical: Ian Clarke has Big Plans for the Internet (O'Reilly Net). The O'Reilly Network talks with Freenet founder Ian Clarke. "You could look at [Freenet] like an ant colony where instead of food you have pieces of information, and instead of ants you have requests, which travel around this network."

The coders' collective (ZDNet). ZDNet comments on FreeDevelopers.net. "It's hard enough to make a buck from Linux and free software the old fashioned way. Yet FreeDevelopers.net seeks to reinvent the way companies produce software, and to bring to development models the same kind of ethical imperatives and innovation that drive the FSF in its efforts to create and advocate its GPL license."

Customizing vim (LinuxNewbie). Vim is an updated version of vi, the long time Unix text editor. In this article from LinuxNewbie, configuration options are examined in depth for customizing vim from an experienced users perspective. "First of all, there is one file whose place is not at all optional. This is your .vimrc file. This MUST be in your home directory. This file will also pretty much be the key to all of our customizations."

Open source garners WebTechniques WebTools Awards. While the value of awards and honors are best judged by the individual, it is nice to note when open source projects are recognized by the world at large. This time around, WebTecniques magazine presented their Editors' and Readers' Choice awards for 2000. Open source winners included Apache (Editors' Choice, Infrastructure), Debian GNU/Linux (Readers' Choice, Infrastructure), PHP4 (Honorable Mention, Programming) and GIMP (Honorable Mention, Design).

Business

SCO-Caldera deal brings high-end features to Linux (News.com). News.com looks at the Caldera/SCO merger. "SCO's clustering software is a respected package that analysts say is ahead of competing products from established server giants such as Sun Microsystems, and as such, is a considerable boost to efforts to make Linux a more serious operating system. But the high-end Linux situation is complex. For one thing, Caldera Systems and SCO won't bring the full suite of clustering software to Linux, at least initially. For another, Caldera Systems' competitors, such as Red Hat, Turbolinux and Mission Critical Linux, are working on clustering software of their own. And Caldera Systems, with slim revenue and a bruised stock price, has left analysts cautious about its prospects."

Linux server maker finds European partner (News.com). News.com covers Penguin Computing's deal with Bull. "The alliance elevates the Linux prospects of two companies striving to deal with larger or better-known competitors. San Francisco-based Penguin Computing plays second fiddle to Linux specialist VA Linux Systems, and Penguin Computing and Bull both face competition from big-name companies such as IBM, Hewlett-Packard, Compaq Computer and Dell Computer."

VA Linux vs. the big guys (ZDNet). VA Linux has to move from the dying dot.com world to the enterprise market, a segment dominated by big name harware players like Dell, Compaq, IBM, and HP who have recently begun to entrench their Linux strategies. "But those sales from the business-to-consumer dot-coms aren't coming back. That means VA Linux has to take on the big guys to complement its booming sales to the likes of Akamai."

There's Plenty of Life Left in VA Linux (Business Week). Business Week thinks VA Linux Systems has potential despite its ravaged stock price. "But don't toss VA Linux onto the ever-growing trash pile of Net stocks that were once mighty. This company still has a good business plan, an admirable market niche, and a big pile of cash to keep it running until it reaches profitability, which should be sometime before the end of 2001. Despite that first-quarter sales hiccup, this company's revenues are still impressive."

Linux at a Crossroads (SmartMoney.com). Smart Money takes a look at the business climate and Linux, likening the market for open source to selling water. "In a nutshell, companies attempting to profit off the Linux operating system are having the same problems as those looking to make a buck off selling water: How do you make money when your product is ubiquitous and free? Furthermore, now that the hype surrounding these stocks has past, investors are paying attention to what they really knew all along - slaying the beast in Redmond will take much more than just angry talk and good intentions."

Corel falls as CEO says it may sell Linux business (The Globe and Mail). The Globe and Mail is reporting that Corel's drop in stock price on Monday was directly related to the possible sell off of it's Linux business. "A Corel spokesperson said selling the company's Linux unit is just one of many options. 'This is really nothing new,' said Anne Vis, who pointed to a range of possible examples. 'We could merge with someone.'" (Thanks to Michael Walma)

New Members For The Java Community Process (ZDNet). The election of members to the two boards of the Java community process has finally been completed, according to this ZDNet article. "For the Micro Edition Committee, the 10 Sun nominees were also all ratified, in the following order: Motorola and Nokia tied for top vote-getter, each garnering 98 percent. 3Com's Palm unit, maker of the Palm Pilot, was second with 95 percent; Philips, the Dutch electronics maker, was third with 92 percent; IBM was fourth with 90 percent."

DVD Piracy Judge Tells All (Wired). Wired News talks with the DVD case judge. "U.S. District Judge Lewis Kaplan doesn't truly dislike hackers and open-source programmers, not exactly. Kaplan, who sided with the motion picture industry in a landmark DVD-descrambling lawsuit this year, simply views them as lawless miscreants."

Commercial Products

Device profile: Gateway Connected Touch Pad (LinuxDevices.com). LinuxDevices.com profiles the Gateway Connected Touch Pad, which is a Crusoe-based device running Mobile Linux. It doesn't seem aimed at the typical Linux user, though. "The device is preconfigured to offer instant-on access to a suite of AOL services including email, instant messaging, calendar, address book, chat, and full Internet access. The AOL service will also provide easy access to content of particular interest to users in the kitchen or family room -- for example: recipes, grocery and gift ideas, TV and movie listings, online music, etc."

Will Cube copy bring Apple's wrath? (ZDNet). A G4 Cube-like Linux server made it's way to Comdex this week. ZDNet wonders whether Apple will let this box play on. "Apple watchers across the Web are speculating whether the latest apparent homage to the Mac maker's industrial design will draw a legal response from Cupertino."

Linux in Use

NZ Army targets Linux simulation (Stuff). A New Zealand site called "Stuff" has an article about Linux usage down under. "The New Zealand Army is among a growing band turning to open source operating system Linux, using it to stage virtual combats." (Thanks to Ian McDonald).

Resources

Freeware Port Scanners: Plug the Holes (ZDNet). ZDNet describes the use of port scanners for the security conscious. "If a port lets data flow out, it also lets data flow in. A port is essentially an opening into your computer, and it can be hacked. Someone can infect your machine with a Trojan horse in this way, and that's only one of a host of distressing possibilities."

Comdex

Users: Interface problems hold back Linux (CNN). CNN covers Linux user interface issues through the eyes of Miguel de Icaza, who gave the keynote at the Linux Business Expo Conference, one of the special programs at Comdex Fall 2000. "de Icaza bemoaned the fact that systems administrators still struggle to install applications on Linux and that antiquated versions of Gnome, a graphical-oriented user interface for the operating system, continue to ship with different distributions of Linux."

World Domination? Heh. (Linux Journal). Linux Journal senior editor Doc Searls covers the girth of platforms supporting Linux at the Linux Business Expo during last week's COMDEX. "I stopped [at the Internet Appliance booth] to check the place out because I was sure that anything called a 'server appliance' probably had to run on Linux. And sure 'nuff, it does. So, it seems, does nearly everything else that's called 'thin' or an 'appliance'." (Thanks to Jay Ashworth)

Linux inside (MSNBC). MSNBC reports from Comdex. "It was nice to see all the companies that have become well known in the Linux field: Red Hat, SuSE, Corel, Caldera, Slackware, Best, Storm -- you name them, they were there, showing of their wares and telling attendees how their version of the open software operating system was better than all the rest."

Reviews

Cobalt RaQ 4r Review (LinuxLookup). The Cobalt RaQ 4r is reviewed in depth in this LinuxLookup article. "The Raq4 comes pre-configured with Apache web server, ProFTPd FTP server, Sendmail, DNS, FrontPage 2000 server extensions, Arkeia backup client, 128-bit SSL, web-publishing (ASP, CGI, Perl and PHP) options, Virtual-domain support, and Cobalt's bandwidth management service."

Interviews

People Behind KDE: Lars Knoll. In its latest interview, the People Behind KDE series talks with Lars Knoll, the author of the HTML rendering widget found in the KDE web browser Konqueror.

Section Editor: Rebecca Sobol


November 23, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

UK's Largest Online Training Directory Reaches 10,000 Courses. Training Pages announced that it had just passed the landmark of ten thousand (10,000) distinct and separate courses. Training Pages runs entirely on open source software, including the Linux operating system, the Apache web server, the MySQL database and the PHP scripting language.

Events

Linux.conf.au program posted. linux.conf.au, happening in Sydney on January 17 to 20, 2001, has posted its conference program. Keynote speakers are Alan Cox, David Miller, and Andrew Tridgell. The registration process is also open.

LINUX Business Expo Delivers Open Source Alternatives. Key3Media Group, Inc. put out this press release on the growth of the LINUX Business Expo. "LINUX Business Expo debuted in 1999 at COMDEX/Fall. Since its inception, LINUX Business Expo has grown from 17,700 square feet to more than 40,000 square feet. The growth of LINUX Business Expo is a reflection of the tremendous growth within the Linux community, especially in embedded systems."

November/December events.
Date Event Location
November 25, 2000. Australian Open Source Symposium Adelaide, Australia.
November 28 - December 2, 2000. IEEE International Conference on Cluster Computing Technische Universitšt Chemnitz, Saxony, Germany.
December 2 - December 3, 2000. LinuxCertified's Linux for beginners Cupertino, CA.
December 3 - December 5, 2000. Wireless DevCon 2000 San Jose Doubletree Hotel, San Jose, CA.
December 3 - December 8, 2000. LISA 2000 New Orleans, LA.
December 5 - December 6, 2000. LinuxUser 2000 Conference Chelsea Village, London, England.
December 15 - December 17, 2000. LinuxFEST Belgrade, Yugoslavia.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

User Group News

LUG Events: November 22 - December 7, 2000.
Date Event Location
November 22, 2000. Linux User Group of Assen Assen, Netherlands.
November 25, 2000. Central Ohio Linux User Group Columbus, Ohio.
December 4, 2000. Rice University Linux Users Group Rice University, Houston, TX.
December 4, 2000. Baton Rouge Linux User Group The Bluebonnet Library, Baton Rouge, LA.
December 5, 2000. Linux Users' Group of Davis Z-World, Davis, CA.
December 6, 2000. Kansas City Linux Users Group Kansas City Public Library, Kansas City, MO.
December 6, 2000. Southeastern Indiana Linux Users Group Madison/Jefferson County Public Library, Madison, IN.
December 6, 2000. Silicon Valley Linux Users Group Cisco Building 9, San Jose, CA.
December 7, 2000. Edinburgh Linux Users Group Holyrood Tavern, Edinburgh, Scotland.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


November 23, 2000

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


Ever wonder what LinuxToday co-founder Dave Whitinger is up to these days? A look at Dave's Garden shows a rather more low-tech approach to life...

Have you ever come up with a good idea, but lacked the time to develop it? If so, check out ShouldExist, the page of Good ideas that are free for all. Read about using paper as a data storage medium and writing a markup language that encodes speech.

Section Editor: Jon Corbet


November 23, 2000

   

 

This week in history


Two years ago The LWN staff was taking a much needed week off for vacation.

One year ago The LWN staff was taking another much needed week off for vacation.

This year we decided to work a little harder, that way we won't have so many press releases to deal with next week.

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
From: Marko Samastur <markos@vidra.net>
Date: Thu, 16 Nov 2000 12:20:31 +0100
To: letters@lwn.net
Subject: KDE League

Hi,

I just wanted to make few remarks about KDE League. In editorial you 
wrote:

"That intent is clearly sincere, and no doubt the KDE developers are 
determined to make things turn out that way. But in a world where many 
of those developers are employed by League members, what is going to 
happen when the League starts to claim that its PR and marketing goals 
would be helped if certain development directions were taken? One can 
see a distinct potential for conflict."

No, one can not, if this one actually reads bylaws of KDE League. Board 
of directors, that will lead the whole thing, will have three kind of 
members. Companies can be either CE or CA members (depending on how 
much they pay) and there's also a developer community (KD). So, what do 
bylaws say about this board?

In section 4.1:
"...No person shall be qualified to become a director if such person is 
employed by or affiliated with any company or corporation which has 
appointed another director of the League."

This means that respresentatives of KDE community will REALLY be that, 
since they are not allowed to work for or be paid by companies that are 
part of KDE League.

In section 4.2:
"The directors shall have voting power on all matters to be voted on by 
the Board as follows. Each CE Director shall have five (5) votes. Each 
CA Director shall have one (1) vote. The KD Directors shall have an 
aggregate number of votes equal to the sum of (i) five (5) times the 
number of CE Members, plus (ii) the number of CA Members, such votes to 
be divided as nearly as practicable among them, with any remaining 
votes being conferred on the KD Directors in the order appointed by the 
KD Member."

This means, KD (KDE developers) will have exactly the same number of 
directors as companies. Together with 4.1 this makes them equal 
partners.

And then there's section 4.7:
"At all meetings of the Board of Directors one-half of the entire Board 
(rounding upwards in case of an odd number of directors) shall 
constitute a quorum for the transaction of business. The vote of 
two-thirds (rounding downwards in case the number of directors is not 
evenly divisible by three) of the votes of the directors present at a 
meeting at which a quorum is present shall be the act of the Board 
unless the Certificate of Incorporation or these Bylaws shall require a 
vote of a greater number...."

This effectively means that no half of directors could simply out-vote 
the other half, because every action needs at least 2/3 majority vote.

I think it's clear that your fears are not justified.  

Kind regards,

	Marko
   
Date: Thu, 16 Nov 2000 13:18:06 +0100
From: fermigier <sf@fermigier.com>
To: lwn@lwn.net
Subject: KDE League vs Gnome Foundation.

Hi,

For the first time in 2 1/2 years, I do not agree with one of your analyses
when you say " Not stated, but clearly implicit, is that each is promoting
its system in competition with the other. The KDE League is not (at this
point) promoting KDE over Windows, and it is not (they say) influencing
development. Its target, for now at least, is GNOME." I haven't seen
this message in the announcement of the KDE league. The Gnome foundation,
when it announced its existence last summer, has probably been a little
too far, and the media has pushed the story even farther. I don't
think the Gnome Foundation will play that angle ever again, since this
was certainly not well perceved but the community (cf.
http://www.linux-mandrake.com/en/pr-kgwar.php3).

And by the way, I fully support the 6 companies who chose to belong to both
organisations (of course, there a companies like Troll Tech or Helix who
have no interest in the other toolkit, so I can't blame them), and I hope
that they will be able to prevent last August's PR mess from happening
again.

Cheers,

	S.

-- 
Stťfane Fermigier, Tel: 06 63 04 12 77 (mobile).
Portalux.com: le portail Linux.
"How will Microsoft develop Windows 2015? Hire 1 million programmers and
2 million code scrubbers?" Business Week
   
Date: Fri, 17 Nov 2000 11:41:42 -0500
From: andrew@pimlott.ne.mediaone.net
To: lwn@lwn.net
Subject: Trouble with modutils

LWN wrote:
> The problem is interesting to look at, since it shows how hard it can
> be to get things right. 

It's only "hard to get right" if you adopt the Unix attitude that even
critical facilities should be half-ass designed, underspecified, and
poorly documented.

Consider the following, each a shortcoming on its own, and a horror in
combination (for modprobe, I am refering to versions prior to this
incident):

- There is no consistent policy for whether a non-privileged user should
  be able to cause modules to be loaded, and if so which modules.
  modprobe does not permit non-privileged users do anything, while the
  kernel thinks they should be able to load any module.
- The kernel does not pass enough information to modprobe for modprobe
  to know which user caused the request, why the request was made, or
  whether the request is "tainted".
- modprobe does not offer any facilities for controlling what modules
  may be autoloaded (as opposed to explicitly loaded).
- The kernel fails to use the standard GNU getopt end-of-arguments flag
  "--".
- modprobe offers no way to disable pattern expansion

Probably the safest policy would be "no autoloading, period".  This is
in fact a quite workable policy for most systems.  Needed modules could
be added to a list by installers, by configurators, or by hand.  PCMCIA
and hotplug daemons would explicitly load drivers for detected devices.

Another reasonable policy would require autoloadable modules to be
listed in modules.conf.  Another would be that only "well-known" modules
(and module aliases) could be autoloaded, where well-known is a boolean
argument passed from the kernel to modprobe.  Standard modules like
"sunrpc" would be "well-known", but module names coming directly from
non-privileged users would obviously not be.

> The sad truth is that validating user input is hard

This is a meaningless sentence in this context.  There is no such thing
as validating when ther is no agreement about what should be allowed.
Given such an agreement, validation should not be hard at all.

Andrew
   
Date: Tue, 21 Nov 2000 23:17:35 +0100
From: "Michael Thayer" <thayer@web.de>
To: letters@lwn.net
Subject: Modular kernel

Hello,

This is a slightly late letter about your discussion a month ago of the
possibility of modularising the kernel.  You said that the main argument
against was that too much compatibility code would get left in the kernel.
However, I don't quite follow the problem - I think that interfaces would
be expected to remain stable within stable kernel versions, but I'm sure
that no one would expect the same interface to remain from say 2.6 to 2.8.
Most free programs compile on about twenty different operating systems - is
it too much to ask for kernel componants to compile for two or three
different kernel versions?

Regards,

Michael Thayer
_______________________________________________________________________
1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de
IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de

   
Date: Fri, 17 Nov 2000 21:04:51 GMT
From: Duncan Simpson <dps@io.stargate.co.uk>
To: letters@lwn.net
Subject: "Designed" software vs. grown software

You fail to point out that a lot of software which grows organically
sometimes gets a clean design during upgrade. In particular the
maintaner decides that some hack is one feature too far for the
present design and cleans up the code before adding the feature. (IN
particular in development versions, which are not nescarily visible,
for example I know of a clean version of word2x (which is on my box
right now)).

Of course, some software just gets featuritis and dies when the design
proves insufficient. I perosnally think that open source software is
more likely to get the proper redesign by someone than commercial software
The fetaure the marketing department wants gets there faster by
going via the dirty and bug producing route. Experience has thaught me
than an imposed external design can be a big mistake... shall I say that
it is the difference between ~50K overhead and working programs (what I
have now) with a lot more overhead and dud programs (what the previous
design got to, before it died).

I could cire other example, for example the move in checkps from hairy
toilet roll section to a nicer version with that code moved into a
library. I am sure plenty of other programs could tell a similar tale.

Duncan (-:

   
Date: Thu, 16 Nov 2000 20:30:58 +0530
From: Ramakrishnan M <rkrishnan@ti.com>
To: letters@lwn.net
Subject: Netscape 6...it's not for me.

Hello
      I had been following the development of Mozilla, and had been using it
from M6 onwards. I have also tried using the infamous PR releases of Netscape.
As the several postings at different places showed, people are not happy with
the new installation style of Netscape 6. I had never succeeded in installing
the PR releases as well as the final release of Netscape 6. Though there are
proxy settings, it simply does not work for me.(I do not know why). There may
definitely be work arounds. But it was annoying for me, and after several
unsuccessful attempts, I aborted the mission. As a loyal Netscape user, I am
still using 4.5 version(under Windows NT 4.0), and obviously am not happy with
it. I feel GNU/Linux still lacks a best-in-class browser. Netscape fonts sucks,
and the brand new Mozilla renders things too slowly, and also crashes too
often. We need a better solution to progress. It's a shame if the Free Software
community did not come up with a better solution, and show the world once
again, that they can outperform the best!

cheers
--                    
Ramakrishnan.M           | Voice over Packet Group
Software Design Engineer | Texas Instruments, India
   
Date: Thu, 16 Nov 2000 09:38:12 -0800 (PST)
From: "Robert A. Knop Jr." <rknop@pobox.com>
To: letters@lwn.net
Subject: I'm alarmed about LinDVD

   [Note: this is longer than most letters to the editor on the back
   page, but it is something that I believe needs to be pointed out as
   often as possible.  If this is too long for the Back Page, and if you
   have a place for "Op Ed" pieces, please consider this as a submission
   for that forum.]

I alarmed about LinDVD-- not its existence, which many celebrate, but
rather what it represents as the latest development in a larger alarming
situation.  The article which LWN Daily pointed to on November 16 itself
was alarming in its assumed attitudes about commercial and open source
software.  I was surprised that there were no editorial comments in the
LWN Daily link; I can't wait to see what is said about it in the next
full release of LWN.

In the "good old days," some pieces of hardware were not supported by
Linux because the companies who produced the hardware refused to release
information necessary to write drivers for them without an NDA that
would permit distribution of those drivers.  Eventually the company
might come to its senses, or some open-source hacker might
reverse-engineer the thing well enough to release a driver that would
work pretty well.  By and large, though, Linux users learned to avoid
hardware from clueless companies, and to buy hardware from companies
that released the information Linux hackers needed to write drivers for
their hardware.  Although this would often limit options, there were
other products available to solve the same problem.  For instance, there
was a period when many new laptops were using the neoMagic graphic
chipset, but the information necessary for an XFree86 driver wasn't
available.  But even then, there were other laptops availble to Linux
users.

Even today, when many commercial interests consider Linux support a
worthwhile investment, a dichotomy exists.  Consider, for instance, 3d
video cards.  You can get what are reported to be very good Linux
drivers for NVidia cards-- but they're proprietary drivers, available
(if I'm not mistaken) in binary form from the vendors.  This leads
"Linux Journal" in a recent article to recommend a lower-performing
Matrox or 3dfx card over the NVidia card. Matrox and 3dfx have a clue
and give out the information necessary to develop truly open source and
free drivers for their cards (LJ, November 2000, p. 82).

In industries where you have a choice between different pieces of
hardware, or different solutions to the same problem, this is fine.
Many Linux users are happy to sacrifice a bit of performance, which in
many cases they won't even notice, for better (or even philosophically
preferable) support of their hardware.  With DVD, we've got a whole new
ugly trend arising.  Now, it's not individual hardware manufacturers who
are refusing to play nice: it's the very format!  LinDVD is trumpeted as
a "legal" DVD player.  But it's not free, it's not open source.  You
can't look at the source code, and it's not going to go into a lot of
distributions.  I don't know if it will even be free in the "free beer"
sense of the word.  When there is an open source effort to play DVDs on
Linux, its writers and distributors face legal penalties; the article
linked to by LWN about LinDVD labels them as "Unibomber" types.

This is where laws such as the DMCA have taken us.  The very act of
trying to create an open source driver for a whole class of increasingly
popular devices is now compared to a terrorist act-- and, alarmingly, a
lot of public opinion (or at least media spin opinion) seems to be
agreeing with this patently ridiculous idea.  This should scare open
source advocates much more than Microsoft's latest overt maneuverings,
and much more than incompatabilities and advertising sidebars in
Netscape 6.  DVDs are hugely popular, but it looks like Linux will
always and forever more be beholden to commercial software vendors to
play them-- not for technical reasons, but for legal reasons!

If the stupid laws like the DMCA are going to stand despite how contrary
they are to the concepts of freedom on which the USA was putatively
founded, Linux users really have only two choices.  Admit defeat and
surrender to the proprietary commercial forces that many in the
community have been resisting for so long, or boycott DVDs altogether.
The latter will be difficult, because the format is the only game out
there in its performance class, and because DVDs are becoming hugely
popular.  But the MPAA stranglehold on the *format*, which seems to
prevent even the possibility of free drivers, is unacceptable.

Alas, if only the freedom of Linux were receiving as much press as the
"Microsoft alternative" aspects of Linux.  If it were, then it might
conceivably be practical for a company or consortium to develop a viable
alternative to DVD with equivalent convenience and performance
characteristics.  This new format could have its formats and standards
released openly.  Linux *could* support that, and so could Windows, and
so could stand-alone players.  With a lot of luck, that format might
take off; the shortsighted over-legalistic power-grabbing policies of
the folks behind DVD would send it spiraling the way of DIVX.

I realize, of course, that I am dreaming.  If only the popular media and
the population at large understood the issues of freedom that were truly
at stake, and if only they understood the difference between software
pirates (who want to steal others' work) and open source developers (who
merely want the ability to choose how they play and use the DVDs that
they already leagally own).  Never mind understanding the difference
between open source developers and mail bombing terrorists!

In the real world, DVDs almost certainly represent a turning point for
Linux.  In the past, there were only technical reasons for our not
having a fully functional Linux desktop (e.g. because nobody had written
a full featured open source WYSIWYG word processor).  Technical reasons
could in principle be overcome, and it's clear that most of the
technical reasons that used to beset Linux are currently being overcome.
However, henceforth it is going to be illegal in the USA to have a fully
functional Linux desktop, because nobody will be ALLOWED to legally
write an open source DVD reader.  What else is going to fall into this
category after the DVD?  How many open source devlopers are going to go
to jail under the DMCA and similar government-supplied blunt instruments
for big business before we all give up and admit defeat?

This is highly tragic.

-Rob Knop
rknop@pobox.com

   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds