[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


FreeDesktop.org Window Manager Spec 1.0 released. FreeDesktop.org has announced the release of version 1.0 of the Extended Window Manager Hints Specification. This spec describes how the window manager interoperates with graphical applications; it is essentially an extension of the venerable ICCCM (Inter-Client Communication Conventions Manual).

The actual contents of this specification are pretty dry. Have a look if you're fascinated on how virtual desktops should best be implemented, or if you have a burning need to know how shading is handled. Most of our readers, we suspect, have little interest in the details of how these things work, as long as they work well.

What makes this specification interesting is that it was developed jointly by the GNOME and KDE projects. Both the kwin and sawfish window managers implement the conventions in this specification. We have moved one step closer toward cooperation and interoperability between the two primary Linux desktop projects.

A few more developments like this one and even the most sensationalist media outlets will have a hard time continuing to beat the drums of "holy war." There is no war, just two projects that are trying to make the best desktop they can in their own ways. There will be many times when cooperation is the best way forward, and, at least some of those times, that is what will happen. This is how the two projects will deal with each other; "holy war" has nothing to do with it.

Biting off small pieces of the open source space. Some announcements this week show that the Linux business community is more active than ever. There are a few interesting business models being tried out; sooner or later the best ways of making an open source business work will be worked out. Meanwhile, it is worthwhile to look at what some companies are up to.

The original Linux businesses tended to be based around distribution building; they had names like Yggdrasil, Red Hat, Caldera, SuSE, and Pacific HiTech, WGS. Somebody still tries to get into that business occasionally, but it's a hard place to get started in this stage of the game. What we are seeing instead is businesses that carve out a smaller piece of the free software landscape and attempt to sell services around that. Many examples exist: Sendmail Inc. (sendmail), Gnumatic (gnucash), Helix Code (GNOME), theKompany.com (KDE tools), and many others, including Cygnus (development tools), which may well be the first company to have operated in this arena.

A couple of relatively new companies made their moves this week. One is Great Bridge. This company's turf is [Postgres boxed set] the PostgreSQL relational database management system. Great Bridge has gone about hiring PostgreSQL hackers, including three of the six members of the "Global Steering Committee." This week Great Bridge announced the availability of its commercial, boxed version of the database. But the company's real hopes are clearly based around its service offerings, which include support contracts, developer services, consulting, and training.

Great Bridge (and PostgreSQL) are not without competition, however. [NuSphere MySQL] NuSphere also chose this week to announce its own set of products and services, all based around MySQL. These include, yes, a boxed version of the MySQL database, developer support, consulting, and training. NuSphere's offerings appear to be aimed at a more price-sensitive market than Great Bridge's, but the idea is the same.

Great Bridge and NuSphere might just be onto something. The commercial database market is dominated by large systems with even larger price tags. If PostgreSQL and MySQL can prove themselves capable of playing in that league, they may find no end of willing buyers. That is a big "if," though. Companies tend to be conservative about their database systems.

Also this week, CodeWeavers put out an announcement of the "Preview Edition" of CodeWeavers Wine. Wine, of course, is the long-awaited utility that allows Windows applications to run on Linux. CodeWeavers, too, has been out snarfing up hackers; its team includes Alexandre Julliard and a number of other prominent Wine developers. Like Great Bridge, CodeWeavers sees Wine as the vehicle which will carry it to success.

There will doubtless be a "Wine in a box" offering once the 1.0 release is out. But, again, the real emphasis appears to be on services. CodeWeavers offers training, support, development and porting services, and even marketing. The intended customer base is not people who want to run Wine; instead, CodeWeavers is going after software companies that have a product they would like to sell to Linux users. For these customers, the available services go from basic consulting through to the "Caribbean Option":

You provide us with all of the materials we need to build your product for Linux and retire to a Caribbean Island. We evaluate the product and create a certified Linux native version. Through our partnerships, we can even arrange product sales and support. A few months later, we mail the checks to the Caribbean island you've retired on!

If the next wave of Linux users hits as expected, there's likely to be a great many companies with products to port, quickly, to Linux. CodeWeavers could find itself busy.

An entirely different approach could be characterized as "invest a great deal of money and make some high-profile sales demonstrating that you are a total Linux solution provider." Along those lines, see this week's Linux in Business page for coverage of IBM's latest moves.

Interview: Eric S. Raymond. Maya Tamiya, creator of the Japanese Linux site ChangeLog.net, recently had an opportunity to interview Eric Raymond while he was at the Linux Conference 2000 Fall in Kyoto. Maya has now graciously provided the English version of the interview to LWN as a feature article. Have a look for a far-ranging discussion on events in the Linux world, software patents, Linux on the desktop, Linux stocks, running an open source project, and more.

(Note that this feature contains a lot of pictures of Eric. For those with slow connections or a lack of interest in the photography, there is a low-image version available).

Inside this week's Linux Weekly News:

  • Security: m-o-o-t, Norwegian Carnivore, cross-site scripting problems continue, CERT advisory on LPRng.
  • Kernel: Disk corruptions, supporting the Pentium IV, RSBAC, and kORBit
  • Distributions: Apt with an RPM backend, CClinux, NetBSD 1.5 and new releases from Coyote, e-smith, SmoothWall and Vector.
  • Development: Linux PDAs, KDE Themes, QuantLib.
  • Commerce: IBM's latest moves, more Red Hat news.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


December 14, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

Is it moot?. m-o-o-t is an interesting security project in a nascent phase. The project is based in the UK and spurred on by the passing of the RIPAPart3 law, which gives the government broad power to demand plaintext copies or cryptographic keys for deciphering encrypted content. Between this type of law and activities such as the US FBI's Carnivore, people are quickly finding the truth of the old saying, "the only safe place is inside your head".

Well, even if the m-o-o-t project had a working prototype, we can't say it would be everyone's cup of tea for every day activity. M-o-o-t would be burned to a CD, from which the system would be rebooted in order to use it. No data would be written to the local disk, only to RAM. Transmitted information would be entirely encrypted and only stored in "off-shore havens", data storage facilities located in areas where the laws did not interfere. Even there, the safe havens would only be allowed to store portions of the data, in case a given off-shore haven is compromised. Given such restrictions, m-o-o-t is likely to be used only when you really, really care.

Some of their starting concepts should be examined closely. For example, a m-o-o-t system must connect to another m-o-o-t system in order to work. As part of this, they intend to build protection into the CD so that on this end, you can tell whether or not the remote side is really using a valid m-o-o-t CD. After all, if the remote system has been compromised, you've gained no security. That's true, but verifying that the remote CD is the real thing could be as difficult as, well, preventing a DVD from being transferred from a CD to a disk, for example.

In addition, they envision only producing a type of m-o-o-t CD every three years or more -- hmm, they aren't anticipating potential security problems or programming errors, are they? It won't be compatible with any other kind of security software -- say what? Then they'll be reinventing the wheel and using software that won't be heavily used, audited or vetted by other security experts, greatly increasing the potential for as-yet-undiscovered security flaws.

We repeat again, though, that this project is in a design phase, prior to the development of a prototype. They're asking for feedback and we certainly hope that the community will provide it. Whether it is this tool or another, software to enhance the privacy of people's communication is a good thing.

Cross-site scripting issues exemplified. This week, an alert went out regarding security problems with Charles Schwab's on-line trading system. The security issue at hand is an application of cross-site scripting, a security problem that we've discussed several times this past year. Although Apache and other web browsers have provided patches to make cross-site scripting more difficult, security experts have always known that this security issue has not gone away.

The current example at Charles Schwab can result in an attacker taking control of a user's on-line trading session or possibly tricking a user into taking an action they did not intend to take. Charles Schwab should not be singled out in this case; similar problems were reported with E*Trade's system in the recent past. The likelihood is high that other systems will eventually be found vulnerable as well.

So what is a cross-site scripting vulnerability and why is it so difficult to prevent? A cross-site scripting vulnerability is based on the unsanitized use of provided input. A server is vulnerable to cross-site scripting when it runs programs that generate dynamic webpages without checking their data sources carefully enough. As a result, the server can be tricked into generating malicious HTML. CERT provided an advisory on this problem in early February.

Prevention of cross-site scripting vulnerabilities lies upon the applications programmer, someone who may or may not be trained to thoroughly understand security issues. As a result, every dynamic web-based application has the potential for problems, if not properly designed and implemented. In this case, however, it appears that Charles Schwab took close to five months to respond to the initial security report. Given the large sums of money involved, this is totally unacceptable. Just like any bank, on-line brokerages will fail if they cannot maintain the trust of their customers. The security of their web-based systems is a growing portion of that trust.

Meanwhile, everyone developing a web site of any kind needs to be aware of this issue and program defensively to handle it.

For those interested, here is some commentary from Elias Levy on the topic.

Norwegian Carnivore. Norway is facing its own "Carnivore-style" controversy as information surfaced recently that Norwegian military, police intellicence and the country's top 15 companies have been cooperating in internet surveillance for some unknown length of time -- without the knowledge of the Norwegian National Assembly.

As usual, the initial claims about the purpose and capabilities of the system are relatively benign, but the secrecy of the collaboration and the potential capabilities are wide enough to have generated demands for review of the system. Yet more fun ... and another spur for international cooperation to enhance individual privacy.

CERT advisory on LPRng. Format string vulnerabilities in LPRng were first reported in this Security Summary in September. Now, CERT has issued an advisory about the problem. As usual, this means that they are continuing to see active exploitation of this vulnerability.

If you have not yet upgraded your version of LPRng, don't put it off any longer. Updates are available for most flavors of BSD and Linux. Check our October 19th edition for our most extensive list of updates.

Security Reports

Zope security update. All Zope versions up through 2.2.4 have a security vulnerability that could allow anonymous users (i.e. anybody on the net) to do things inside the server that they should not be able to do. A security update has been issued by Digital Creations; it is highly recommended that people running Zope apply this fix.

This week's updates:

KTH Kerberos vulnerabilities. Multiple vulnerabilities have been reported in KTH Kerberos, the implementation of Kerberos used in FreeBSD and OpenBSD. Note that one of these vulnerabilities may also impact the MIT version of Kerberos, popular in Linux distributions, but that has not been confirmed. An upgrade to KTH Kerberos 4 version 1.0.4 should resolve the problems. Check BugTraq IDs 2090, 2091, 2092 and 2093 for more details.

DNS-based IRC server denial-of-service vulnerabilities. Multiple IRC clients, including BitchX 1.0c17-2 and earlier, are vulnerable to both a denial-of-service attack and possibly remote access by someone in control of their own reverse DNS mapping, due to a buffer overflow in the resolver code included in the clients. Check the original report or BugTraq ID 2086 and BugTraq ID 2087 for more details.

This week's updates:

rp-pppoe denial-of-service vulnerability. Roaring Penguin Software's PPPoE client (a user-space PPP-over-ethernet client) contains a boundary condition exception that can be exploited to cause the connection to drop when a malformed TCP packet is received. rp-pppoe 2.5 has been released to fix the problem. Check the problem report, BugTraq ID 2098 or the Roaring Penguin home page for more details.

APC apcupsd denial-of-service vulnerability. apcupsd is a daemon provided by APC with its UPS products. It is used to monitor the UPS and start system shutdowns upon power failure. Its key configuration file is world-writable by default, allowing a local user to modify it and use it to crash other portions of the system. An upgrade to apcupsd Version 3.8.0 will fix the problem (as will, presumably, modifying the permissions on the configuration file).

Check the original problem report by Mattias Dartsch or BugTraq ID 2070 for more details.

This week's updates:

pico symbolic link vulnerability. Joining the ranks of joe, tcsh, bash and other long-time Unix/Linux commands, this week pico was found to contain a symbolic link vulnerability as well. Pico is a very basic text editor from the University of Washington. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

ssldump format string vulnerability. ssldump is an SSLv3/TLS network protocol analyzer. A format string vulnerability in ssldump was reported to BugTraq on December 8th. This vulnerability could be exploited to execute arbitrary commands. No fix for this has been reported, as of yet. Using tcpdump to capture packets and then running ssldump off-line was recommended unofficially as a workaround.

Oops buffer overflow. Oops is a GPL'd proxy server. A buffer overflow in oops 1.4.22 and earlier was reported this week, which can be exploited to execute arbitrary commands under the uid of the oops server. Version 1.5.1 has been released with a fix for this problem.

Multiple vulnerabilities in bftpd. Both a format string vulnerability and multiple additional buffer overflows were reported in the bftpd server this week. bftpd 1.0.13 was released with many bug fixes, including, hopefully, fixes for all of these problems. An upgrade is strongly recommended. Check BugTraq ID 2120 for more details.

Lexmark MarkVision printer driver local root vulnerability. Secure Reality Pty Ltd put out an advisory warning of a local root vulnerability introduced via buffer overflows in the Lexmark MarkVision printer drivers. Note that, though these are distributed by Lexmark, they are included automatically in a number of Linux distributions, such as Red Hat and Caldera (as well as other Unix systems). An upgrade to version 4 of the drivers will resolve the problem. Check BugTraq ID 2075 for more details.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

  • phpGroupWare, a suite of php scripts that provide group support for email, calendars, etc., makes insecure calls to the include() function of PHP, which can be exploited to execute arbitrary commands on the remote server. phpGroupWare 0.9.7 has been released to resolve the problem. An upgrade is strongly recommended. Check BugTraq ID 2069 for more details.

  • MailMan WebMail 3.0.25 and earlier can be exploited to execute arbitrary commands on the server. Version 3.0.26 of these Perl-based scripts is now available and an upgrade is strongly recommended.

  • simplestmail.cgi contains a remote command execution vulnerability. No vendor response or fix so far.

  • everythingform.cgi contains a remote command execution vulnerability. No vendor response or fix so far.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • IBM DB2 Universal Database is shipped with a known default password; no vendor response as of yet. Change your passwords.

  • Cisco Catalyst Memory Leak leaves Cisco Catalyst systems open to denial-of-service attacks. The link is a full advisory from Cisco; fixes are available. Check BugTraq ID 2117 for more details.

  • VPNet VPN devices authentication can be circumvented, allowing access by a remote user via the use of source routing. This can allow access to hosts within the private network. No response from the vendor has been reported so far.

  • Allaire Cold Fusion 4.5.x, the example search engine script can be exploited to execute a denial-of-service attack. Check this Allaire web page for a workaround or BugTraq ID 2094.

  • Inktomi Ultraseek Search Engine vulnerabilities (see also BugTraq ID 2062) disclose additional, unauthorized information about the system which may be useful to attackers. Note that this server can run on a Linux system with a 2.3 kernel. No vendor response so far.

  • Watchguard SOHO 2.2 denial-of-service vulnerability, originally reported by Securax.

Updates

pam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module last week.

This week's updates:

Previous updates:

ezmlm-idx cgi vulnerability. Reported last week, ezmlm-idx contains a script, ezmlm-cgi, which, if installed setuid to a user other than root, can be exploited to execute arbitrary code under that user id.

This week, ezmlm-idx author Frederik Lindberg posted a security advisory for the problem, which includes a patch for ezmlm-cgi for those who wish to run it setuid to a user other than root. Note that it disables support for the execution of banner programs. Alternately, run ezmlm-cgi in its default mode, setuid root.

ed symlink vulnerability. Originally reported on November 30th, Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.

This week's updates:

Previous updates:

bash tmpfile vulnerability. Check the November 30th LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.

This week's updates:

Previous updates:

ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript the week of November 30th. Both could potentially lead to elevated privileges.

This week's updates:

Previous updates:

cons.saver/mc file overwrite vulnerability. Maurycy Prodeus reported a problem in cons.saver which can be used to write a NUL character to the file given as its parameter. This was originally reported in our November 30th edition. The problem has been fixed in mc version 4.5.42-11.

This week's updates:

Previous updates:

joe symlink vulnerability. Check the November 23rd LWN Security Summary for the original report.

This week's updates:

Previous updates:

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

Previous updates:

diskcheck 3.1.1 symlink vulnerability. Check the August 10th LWN Security Summary for the original report of this problem.

This week's updates:

  • Red Hat, updated to also fix a problem sending mail. Recommended for 6.x and 7.x.
Previous updates:

Resources

Real World Linux Security: Intrusion Prevention, Detection and Recovery. Bob Toxen kindly dropped us a note announcing the publication of his book, "Real World Linux Security: Intrusion Prevention, Detection and Recovery", by Prentice Hall PTR. "Most of the problems raised in Bruce Schneier's new book, "Secrets and Lies: Digital Security in a Networked World", are addressed in my book and solutions are offered and explained".

Eric Raymond has reviewed the book and written the foreword for it: "You have in your hands a book I've been waiting to read for years -- a practical, hands-on guide to hardening your Linux system which also manages to illuminate the larger issues in Unix security and computer security in general."

We're looking forward to the chance to review it ourselves. Best of luck, Bob.

Overwriting the .dtors section. Juan M. Bello Rivas posted a description of a new technique for exploiting buffer overflows based on overwriting the .dtors section of gcc-compiled programs. This technique has the advantage of getting past stackguard-style non-executable stacks, but has a strong disadvantage: an overwrite that severe is very likely to put an end to the attacked process before it gets far enough to run the destructors.

Events

Upcoming security events.
Date Event Location
December 11-15, 2000. 16th Annual Computer Security Applications Conference New Orleans, LA, USA.
December 20-21, 2000. The Third International Workshop on Information Security University of Wollongong, NSW, Australia.
December 27-29, 2000. Chaos Communication Congress Berlin, Germany.
February 7-8, 2001. Network and Distributed System Security Symposium San Diego, CA, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


December 14, 2000

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


Substitute editor's introduction. Watching the linux-kernel mailing lists is a task left to those with an interest in which bits fly across an ether, not whether or not those bits look green or blue (as we desktop nerds prefer). So when Jon asked me to fill in for him on the Kernel page this week I felt a tang of distaste. Wondering whether BIG_BUF_OVERFLOW_MASSIVE_CRASH_HELP is supposed to be an unsigned long or int in the scheduler is tantamount to a master chef asking me if a teaspoon or two of salt belongs in the Quiche. Me, a man who spends most of his fine dining at McDonald's and The New Emperor's Chinese All You Can Eat Buffet and spends weekends popping excessive amounts of salt tablets after rather exhausting rounds of Putt-Putt golf. I stand emphatically and pronounce "Make it an unsigned long" and walk away proud to know that I will never know if it made a difference or not. It had no color. It wasn't important.

Unfortunately, on this page, for those millions of loyal readers of Jon's weekly summaries and analysis - and for those who know it really did have color - it does matter. And so I'll taste the Quiche (and check which bits have been twiddled) once again. Bleck.

The current development kernel release is 2.4.0-test12. Linus posted 2.4.0-test12, the latest in the pre-2.4.0 series, on Monday. The first prepatch for 2.4.0-test13 is out; it is a small patch consisting entirely of makefile changes.

The current stable kernel release is 2.2.18. Alan Cox has posted the release notes for the 2.2.18 kernel release. The major thrust for the i386 line has been support for processors running in excess of 2GHz, support for the CyrixIII processor and also basic support for the Pentium IV. A slew of memory leaks were also cleaned up, including some in the popular bttv driver (the primary driver used for PC-based TV cards). That driver was also updated to allow subwindow clipping.

Looking forward to 2.2.19, Alan Cox has indicated that he will look at incorporating some virtual memory fixes. Evidently the (much improved) 2.4 VM has impressed him, but he plans to make 2.2 be even faster. Linus took the challenge: "You and me. Mano a mano." It should be fun...

Disk corruption problems found? Andre Hedrick, maintainer of the IDE subsystem, has evidently found the cause of occasional disk corruption reports. It appears there is a "feature" in the IDE DMA implementation that stops a DMA operation if there is a delay of one microsecond or more. The current crop of large drives may be more inclined toward this sort of delay, and may be behind some of the current complaints.

Fixing the problem may take some work; Andre has three possible alternatives. The third one, however, is "give up and go to bed," which may not appeal to all users...

Pentium 4 and Linux Distributions. An article posted on C|Net News.com (from an original posting on LinuxGram) noted that support for Intel Pentium 4 processors was not being included in most current Linux distributions, with Red Hat and TurboLinux being the exceptions. The problem wasn't with Intel, however - that company had provided the appropriate CPUID information to the major distributors some time back. Instead, the distributors had decided, for one reason or another, not to include support for that processor.

Caldera's [vice president of engineering Darren] Davis basically agreed with [Intel's P4 spokesman George] Alfs' characterization, noting that "Intel gave us all the (Pentium 4) information we needed."

Interestingly enough, the release notes for the 2.2.18 release from Alan Cox included this bit of information about the Pentium IV:

Unfortunately Intel chose to ignore all precedent in model numbering via cpuid and report a family of '15'. This sudden jump broke assumptions in the kernel tree without any warning. Intel have failed to provide good reasons for their change. We have chosen to continue to report the Pentium IV as a '686' class processor. The full family data is provided via cpuinfo.

This sort of makes you wonder just who had the information, who actually wanted the information and why, if it really was available, it really wasn't used.

Not long after noting the C|Net News.com article on the LWN.net Daily Page, we received the following note from a SuSE employee:

SuSE provides an updated installation floppy image at

ftp://ftp.suse.com/pub/suse/i386/update/7.0/kernel/pentium4/

Just dump this on a boot floppy using rawrite.exe or "dd" as stated in the manual and use this [floppy] for the inital installation. After installing the system, replace the file /boot/vmlinuz with the file "linux" on the floppy disk and rerun LILO.

In fact, we have sent this floppy image and RPM patches to Intel about three weeks ago.

It was unclear whether News.com had contacted SuSE (or any other distributions) to clarify the issue.

Rule Set Based Access Control (RSBAC). On Monday, Amon Ott posted the announcement of the release of version 1.1.0 of the Rule Set Based Access Control (RSBAC). RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. Essentially, RSBAC interposes a central decision maker between an application and the system calls it makes; rules may be applied to any system call which determine whether the call is actually allowed to execute or not.

In the current RSBAC version (1.1.0), eight modules are included:
MAC Bell-LaPadula Mandatory Access Control (limited to 64 compartments)
FC Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators.
SIM Security Information Modification. Only security administrators are allowed to modify data labeled as security information
PM Privacy Model. Simone Fischer-Huebner's Privacy Model in its first implementation.
MS Malware Scan. Scan all files for malware on execution (optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected.
FF File Flags. Provide and use flags for dirs and files. Only security officers may modify these flags.
RC Role Compatibility. Defines (up to) 64 roles and 64 types for each target type (file, dir, dev, ipc, scd, process). For each role compatibility to all types and to other roles can be set individually and with request granularity.
AUTH Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities are controlled by other programs/processes.
ACL Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types.
More information on this new facility are available at the RSBAC Web site.

kORBit - the Linux kernel CORBA ORB. Here is one of the more interesting kernel patches we have seen go by for a while: kORBit is a CORBA object request broker (ORB) which runs in the Linux kernel. It allows kernel extensions to be written as CORBA objects. Possible applications, from the announcement, include:

  • Through the use of a LD_PRELOAD'd syscall wrapper library, you can forward system calls through CORBA to an arbitrary local/remote machine.

  • We can now write device drivers in perl, and let them run on the iMAC across the hall from you.
Despite that last one, this development appears to be for real. They do warn, however, that "security is completely unimplemented." Don't hold your breath waiting for this one to get into the mainline kernel...

Other patches and updates released this week include:

  • Gary Lawrence Murphy has posted another in his monthly calls for assistance with his "KernelWiki" documentation project.

  • Keith Owens has released modutils 2.3.22. Among other things, it includes support for persistent module data. Note, however, that this version of modutils breaks with some 2.2 kernels, and should probably not be used by people running 2.2.

  • Peter Braam has announced version beta 0.93 of the InterMezzo high-availability filesystem.

  • ext3-0.0.5c, the latest development version of Stephen Tweedie's journaling filesystem, was released.

  • Eric Raymond has released version CML2-0.9.0. This release uses Python 2.0 instead of 1.5.2, which according to Eric saves him close to 600 lines of code. Also included is automatic deduction of correct side-effects whenever a configuration symbol is changed.

  • Chris Norris released a patch to the libraw1394 library that provides a single set of handlers per 1394 port for FCP, BusReset, Tag, and Iso receive events. It also includes a function which retrieves the port number a handle was set to.

  • The international crypto kernel patch 2.2.18.3 was released (versions .1 and .2 had some compatibility problems). This is simply a port of 2.2.17.10 to the new upstream kernel release. It contains none of the changes in 2.2.17.11pre1, but patches cleanly against the new kernel.

Section Editor: Michael J. Hammel


December 14, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Conectiva ports apt to RPM. Apt is the Debian package management tool. Although it was developed for Debian GNU/Linux as a front end to Debian's dpkg package installer, the design was deliberately made independent of the underlying package manager. After reviewing the alternatives, Conectiva chose to write an RPM backend for apt, rather than to support alternatives such as autorpm, rpmfind, drake or other RPM-based alternatives. As a result, both rpm-based and .deb-based systems now have the option of using the same front-end package management tool.

The article itself does a great job of explaining the reasons for their choice. There are some good comments as well; if you want more, check out the Slashdot coverage as well. In the meantime, we rejoice to see the free software working the way it should, providing free choice between multiple alternatives and the possibility for both diversification and unification.

New Distributions to the LWN Distribution Lists

Dan Barber dropped us a note and pointed out that CClinux was missing from our list of single-floppy distributions. "The best and easiest I've ever used". It has now been added; enjoy.

General-Purpose Distributions

Debian News. The Debian project will be running a booth at this year's LinuxFEST in Belgrad, Yugoslavia. LinuxFEST 2000 takes place from December 15th to December 18th at the main hall in Dom Omladine in Belgrad, Yugoslavia.

The latest issue of the Debian Weekly News covers the release of Debian GNU/Linux 2.2r2, which includes security fixes and other high-priority bug fixes. The main Debian archive is now in a package pool; the move of non-US went smoothly, but this move is expected to be more challenging. Joey Hess provided an FAQ about package pools, for those that are interested.

Red Hat News. The silkhat 2.2.18 rpms are a set of kernel RPMS based on Red Hat 7.0's kernel, with a few modifications. The large memory patch has been pulled and some other patches have been added, including Andre Hedrick's IDE drive update patch, the alsa sound card drivers 0.5.10, reiserfs 3.5.28, Lennert Buytenhek's bridging patch and a few others. This is probably mostly of interest to people who have been following kernel development closely, want to use one or more of these patches on a Red Hat 7.0 system, but would prefer not to patch the kernel themselves.

Slackware News. An on-line archive has been added for the slackware-announce and slackware-security mailing lists.

BSD News. NetBSD 1.5 has been released. This release includes several new ports (NetBSD's specialty), much of the groundwork for SMP support in the future, loadable module support, IPv6 support, filesystem performance improvements, ext2 filesystem support, a transition to the ELF executable format, and much more.

FreeBSD 4.2 is reviewed comparatively with Linux and FreeBSD 4.1.1 in this article from the Duke of URL. "While FreeBSD isn't exactly as easy to use as Windows, it's pretty darn close to Linux at least. One big advantage it has over Linux is how the directories are structured, because Linux tends to spread source and other files all throughout the system. Adjusting to FreeBSD just may be easier than Linux because things like this are simplified."

Hurd News. The December 13th issue of the Kernel Cousin Debian Hurd is out. Activity seems to be increasing and tips were posted this week on installing the Hurd from either SuSE Linux or FreeBSD.

Embedded Distributions

Lineo and Transvirtual Technologies announce alliance. Lineo and Transvirtual have announced an alliance based around Transvirtual's PocketLinux distribution. Lineo will begin distribution of PocketLinux early next year.

MontaVista Offers Easy VxWorks-To-Linux Transition. MontaVista Software, Inc., developer of the Hard Hat Linux operating system for embedded applications, announced the availability of a "virtual machine" environment for porting of VxWorks code from Wind River Systems to a Linux platform. For more information, LinuxDevices also put out a an interview with Jim Ready, CEO of MontaVista, to talk about this new product. "Emulating and/or translating all of the approximately 1500 API (application program interface) functions of VxWorks would have presented a severe challenge. However, MontaVista developers determined that it would be sufficient to limit their focus to roughly fifty of the most commonly used VxWorks APIs."

Mini/Special Purpose Distributions

Coyote Linux v1.23 released. A new stable version of Coyote Linux, v1.23, was announced yesterday. The new edition has been upgraded to Linux 2.2.18, plus a new PPPoE client and other bugfixes. Check this week's security section for information on a security issue with rp-pppoe; we do not know whether or not this is the PPPoE client that has been upgraded.

Coyote Linux is a single floppy distribution that turns a PC into a simple masquerading router/firewall in order to share an Internet connection among computers on a LAN.

e-smith 4.1-beta now available. The beta version of the latest e-smith distribution is now available for the intrepid and/or foolhardy (otherwise known as developers). The official announcement indicates that e-smith 4.1 is based on Red Hat 7.0. "e-smith 4.1 contains several new features, including SSL, SSL-enabled Webmail, OpenSSH, better anti-spam protection, and improved packet filtering on the external interface. It also includes new support for PPP over Ethernet for ADSL via the external interface, and includes support for many additional ethernet cards."

SmoothWall Linux 0.9.6. A new development release of SmoothWall Linux has been announced, version 0.9.6. "This release includes a revised front-end with new menu access, multiple ISP support, additional Windows DHCP domain support, code and functionality changes, and also SSH access and admin via the SmoothWeb interface added."

SmoothWall takes a 486 PC and turns it into a fully-operational firewall with support for ISDN, ADSL, Cable, and more.

Vector Linux 1.8. A new version of Vector Linux has been released, version 1.8. Vector Linux is a small, disk-based Linux distribution, requiring 16MB of memory and no more than 200MB of disk space. "This distribution of VectorLinux should be of interest to many MS Windows users who want to try Linux using a minimal amount of system resources. The results will be a dual-boot environment with the ICEwm windows manager providing a multi-desktop environment, and the revered multi-user, multi-processing, high uptime OS, Linux."

Thanks to Gene Schiavone for forwarding the announcement to us. He also passed on the news that Vector Linux has now been translated and mirrored in Poland, Russia and China.

Section Editor: Liz Coolbaugh


December 14, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


News and Editorials

Palmtop Linux Machines

The world of PDA based Linux has been growing rapidly in the last year. Linux is a natural for this environment with its reliable kernel, suitability for embedded systems, and well-tested networking capabilities.

A welcome addition to the playing field is the MyLinux PDA project, which is putting together an open PDA hardware platform that is designed to run Linux from the start.

Featuring PCMCIA and CompactFlash slots, an HR-TFT Active Matrix LCD panel capable of displaying 64K colors and a whopping 256 MBytes of super fast SDRAM, this unit aims to fulfill the needs of even the most demanding Linux Advocate. Scheduled for early release to Linux Developers worldwide in April with full production planned in August 2001, this project brings the full power of 32-bit RISC processing home in this incredibly portable form factor. With a list of big-name sponsors including Hitachi, Xilinx, Sharp, Micron and Epson, this completely Open Source project seeks your active involvement.

A limited number (200) of the units will be made available to developers.

Along those same lines, LinuxDevices.com is starting a new series by Jerry Epplin on Exploring Linux PDA software alternatives. The series explores the use of Linux on PDAs and handheld devices:

For several years, Linux advocates have predicted that Linux will become a significant factor in the embedded market. In addition to its virtues as a full-featured modern operating system, it is inexpensive to duplicate, an especially important factor for embedded systems. Others, coming from a more traditional embedded device development background, have been more skeptical, contrasting the compactness of older, more primitive software environments like VxWorks, QNX, or Lynx, to the relative bloat of Linux.

One of the biggest challenges that PDA based Linux systems designers face is zeroing in on a common graphical user interface that application designers can rally around. Despite all of its complexities, the X Window System has been a major unifying force in the Unix world. The Linux PDA arena needs a similar unifying platform. Hopefully, as time marches on, the best of the palmtop GUIs will rise to the top and get adopted by the masses. A situation where there are several competing systems, as with Gnome and KDE, would probably make for some healthy competition and keep the designers on their toes.

LinuxDevices.com recently published a large list of possible choices for embedded window systems. There are currently ten open source projects and six commercial projects listed. In the long run, it is likely that only a few of those will ever see wide use. Several of the projects are X Window System derivatives, those will certainly have a big advantage in being able to use existing applications with little or no modification. X Window System based systems would also have the advantage of remote displays. Imagine plugging your palmtop into your LAN, connecting to it from your desktop via ssh, and running full-sized applications from your desktop machine using a real keyboard. The idea is not that far-fetched.

The lightweight window systems would have advantages in the form of a smaller memory footprint, more speed, and possibly better battery life due to lower computational requirements. If only there were a standard system with a big pile of applications to go with it.

Fortunately, in an open-source environment, it may become possible to choose from both X and a smaller GUI on the same PDA. These new toys will certainly be fun to play with.

Browsers

A browser renaissance (ZDNet). Mozilla is not the only option in the open source browser market, according to this opinion piece from ZDNet. "Open-source software invites developers to dive in to address weaknesses. Browsers such as Galeon and SkipStone have jettisoned the mail-reading and page-making cruft in favor of smaller and faster browsers that still have most of Mozilla's browsing strengths. Rounding out this category of speedy browsers we have the Opera browser, now free, and the Links browser (not to be confused with its predecessor Lynx), one of ZDNet's most popular open source downloads."

Mozilla 0.6 released. Version 0.6 of the Mozilla browser has been released. See the Release Notes for more info. "Mozilla 0.6 is a milestone release based on the same branch as Netscape 6. It is aimed at developers who wish to create products that extend Netscape 6 or who wish to port it. "

Embedded Systems

Embedded Linux Newsletter - December 7th, 2000. The latest issue of the Embedded Linux Newsletter has been published. New features include updates to the Embedded Linux Quick Reference Guides, an interview with Greg Haerr and the usual assortment of device profiles.

Interoperability

Wine Weekly News for December 11, 2000. The December 11, 2000 edition of the Wine Weekly News is out. News includes a large DLL / X11 separation effort, Linux joystick input, and fixing game startup deadlocks.

Network Management

Fully automated installation for Linux clusters. Version 1.4.1 of a package called FAI (Fully Automated Installation) has been released. This package permits the unattended installation of a cluster of Debian GNU/Linux systems.

OpenNMS Update, Volume 1, Issue 38. The latest edition of the OpenNMS Update has been published. Topics in this issue include updates on project status, documentation problems, and a wish list.

Office Applications

Gimp 1.1.30 developer release. Version 1.1.30 of the Gimp is available for download. This is a developer's release.

On the Desktop

KDevelop 1.3 Released (KDE Dot News). The KDevelop Team announced the release of KDevelop 1.3, an Integrated Development Environment (IDE) based on KDE for the C and C++ Programming languages.

KDE Gets Digital Camera Support (KDE Dot News). The Digital Camera application gPhoto2 has been integrated with KDE by theKompany.com. The integration added kio_slave to gPhoto2, allowing any application that uses the kio facilities to access a digital camera through gPhoto2.

Linux Online interviews David Faure. KDE's David Faure talks about KDE2, Konquerer and more in this Linux Online interview.

Linux Online: You've just released KDE 2. If you've been using the KDE 1+ builds, what important improvements are built into KDE 2?

David Faure: KDE 2 has been under development for 18 months. It's a major release, very different from KDE 1.1, so there are too many improvements to list them all. The most important improvement for the user is probably the full-featured web browser, Konqueror, which has reached a level where it can honestly compete with the other major Web browsers out there. The first release of KOffice is a major step forward too, although it may not yet be as fully-featured as the well-known commercial office suites. The KDE 2 desktop is also much more configurable than KDE 1 used to be, and it's also less memory-hungry, thanks to a better design.

KDE.themes.org Needs Your Help! (KDE dot News). KDE dot News reports that the kde.themes.org site needs help to maintain the site. They are looking for people with intimate knowledge of the KDE theme system.

OSF/Motif bug database. ICS has placed the OSF/Motif bug database online at their MotifZone web site.

Balsa 1.0: Mail in the GNOME Environment (LinuxPlanet). LinuxPlanet reviews Balsa 1.0. "Balsa is stable, configurable, and integrates well with the overall GNOME environment. It's very easy to use and configure, and if there's any feature that I'd complain about missing, it's the as-yet-to-be-completed filtering tools, which would give the project parity with kmail, Netscape Messenger, and others."

Gaby 1.9.95 released. Version 1.9.95 of the personal database manager, Gaby has been released. "Gaby is a small personal databases manager for Linux using GTK+ and Gnome (if available) for its GUI. It was designed to provide straight-forward access to databases a 'normal' user would like while keeping the ability to easily create databases for other needs."

Web-site Development

Zope 2.3.0 Alpha 1. Zope 2.3.0 Alpha 1 is now available. New to this release are built-in Python scripts, a fixed initial-user account process, and a security assertion system. An online Zope Book has also been released, this version of the book is up to date with the current release. Finally, a new cache management system for Zope has also been announced, it requires either the CVS version of Zope or the upcoming 2.3 Alpha 2 release.

Take the Free Way (ZDNet). ZDNet has published a quick look at Zope, PHP and Tomcat - three open source solutions for web site development. "Zope, from Digital Creations, is another open-source application server project, with strengths in content management. In fact, some of the technology in Zope is used for online versions of major newspapers. Internally, it's built in an object-oriented language called Python, but you develop for Zope using its Document Template Markup Language (DTML) scripting tags."

Midgard Weekly Summary, December 6th, 2000. The December 6th issue of the Midgard Weekly Summary has been published. Features include a holiday season release for version 1.4 and the early stages of Midgard 2.0.

Section Editor: Forrest Cook


December 14, 2000


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


C++

A C++ open source library for quantitative finance. The QuantLib project is working to build an open-source library for financial calculations. " The QuantLib project is aimed to provide a comprehensive software framework for quantitative finance. The goal is to provide a standard free/open source library to quantitative analysts and developers for modeling, trading, and risk management in real-life.

QuantLib plans to offer tools that are useful for both practical implementation, with features such as market conventions, solvers, PDEs, etc., and advanced modelling, e.g., exotic options and interest rate models." Python language extensions will be included.

ERLANG

Stand Alone Erlang. Stand Alone Erlang is an add-on to the current Erlang R7B release that allows ERLANG applications to be condensed into as few as two files. This allows code written in ERLANG to be distributed to non-development machines.

Perl

Two-Way Telephone Interaction (Webreference.com). Jonathan Eisenzopf writes about using Perl to talk to a voice modem. The article covers dialing, sending voice messages, recognizing touch-tones, and dialing extensions. Interesting stuff with lots of potential uses.

Fun With Jabber. DJ Adams has written several articles on working with the NET::Jabber Perl module. He includes code for mail notifiers and an RSS Headline delivery program.

Perl 5 Porters for December 10, 2000. The December 10 issue of Perl 5 Porters has been published. Topics include implementing Unicode on EBCDIC machines, Unicode on hash keys, and Unicode and PerlIO.

Python

Dr. Dobb's Python-URL! - December 12th, 2000. Dr. Dobb's weekly Python-URL! has been posted. Featured topics this week included mutual dependencies between modules, a C version of the Weak Reference Module, and the introduction of PyHTML.

Ninth International Python Conference. The Ninth International Python Conference will happen March 5-8, 2001 in Long Beach, California. The keynote speakers will be Guido Van Rossum and Bruce Eckel, the conference includes tracks on Zope and Python applications among other things. Conference Registration is now open.

Python Programming Tutorial. Richard G. Baldwin has published an online Python Programming Tutorial. Check it out for a tour of the Python language.

Boost C++ Python Library. The py_cpp project has been renamed the Boost C++ Python Library. With the new name comes a new web site, www.boost.org. The library allows C++ code to be integrated into Python.

Python 2 Efficiency. Eric Raymond posted this letter to the Kernel mailing list concerning code reduction and Python 2. "Using Python 2.0 rather than 1.5.2 lets me cut close to 600 lines out of the CML2 system, a bit more than 10% of the 5334 lines of code in this version."

Tcl/tk

Dr. Dobb's Tcl-URL! - December 12th, 2000. Dr. Dobb's weekly Tcl-URL! has been posted. Featured topics this week include using Tcl to manage X.25 channels and FIFOs, an example of the BWidgets notebook in use, and the case for a new nroff-based documentation standard.

Tix 8.1.1 released. Version 8.1.1 of the Tix widget set has been released. This version fixes some Python integration bugs.

Moodss Version 12.1 released. Version 12.1 of the Moodss system monitoring tool has been released. This version adds threshold alerts via email, and includes various other features and bug fixes.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


IBM has changed its attitude quite a bit over the last couple of years. An article from the 'The Star Online' in Malaysia was quoted in the May 28, 1998 edition of LWN. The link is gone now, but at the time they said "IBM has no plans for Linux."

Now, of course, IBM is embracing Linux and all things open source. Irving Wladawsky Berger, IBM's vice president of technology is quoted in this News.com story as saying that the company already has invested about $1 billion in Linux, "and you can expect that to grow in 2001." Its worthwhile to keep in mind at this point that IBM is not a philanthropic organization. What they invest now they expect to get back many times over. Clearly in May 1998 the company did not see how to make money in the open source arena. Just as clearly, now they do.

People have worried that VA Linux might suffer from competition by companies like Dell and Gateway. IBM is going after the sorts of Linux server sales that VA lives on. This makes IBM much more of a threat to companies like VA Linux. From the 1960's into the early 1980's IBM dominated the computing arena in the same way that Microsoft does today. It didn't always play nicely with others in the past, and although it is playing nice now, that could change in the future. For now, at least, Linux and the open source movement are basking the largesse of an enormous company with resources far beyond the dreams of most developers.

So far IBM is sticking to a multi-distribution approach. IBM used SuSE on the IBM S/390 for the the Telia installation (covered last week.) An informed source told us that the company will use Red Hat Linux for the Shell International Exploration & Production B.V. facility's new supercomputer. Will IBM decide to write its own distribution? Probably not. The company undoubtedly realizes that Linux is not a "one-size-fits-all" sort of operating system, and distribution's alone are not money makers. As long as IBM can pick and chose among distributions and find one that works for the company and its customers, there is little incentive for them to write a distribution of their own.

IBM's Linux offerings can be found at the Linux at IBM page. Here's another new announcement detailing the company's latest "e-infrastructure software for Linux." The most interesting part may be the announcement of a version of the DB2 database management system for Linux clusters. Also announced was DB2 and WebSphere for the S/390.

Keio University Network To Use Red Hat Linux, IBM's Netfinity Servers. For now at least, Red Hat, Inc. and IBM are working together on several fronts. We already mentioned the Shell project. This announcement from Red Hat about the Keio University project is another example. Red Hat is supplying the operating system and the support and service. IBM is suppying IBM Netfinity 4500R servers, from Japan IBM Corporation. The servers will run Red Hat Linux 7, each having minimum capacity of 5 terabytes.

Other Red Hat News. Red Hat has announced an expansion of its e-commerce offerings, centered around Apache and the Stronghold web server.

The US Army, through Rymic Systems, will be using Red Hat's uClinux for a prototype Internet devices that will diagnose ground vehicle performance for the US Army.

Kasenna MediaBase Available for SGI Linux Servers. SGI announced that Kasenna MediaBase is now available for Linux OS-based SGI servers. Kasenna MediaBase provides streaming, content management and content transfer supporting formats such as MPEG-1, MPEG-2, RealVideo, RealAudio, QuickTime and MP3.

New Opera beta available for Linux. Opera Software has released a new beta version of their Web browser for the Linux operating system. It uses Qt for its interface, but statically linked versions are available so you won't need to download Qt itself if you don't have it or want to get it. The feature set for this release appears more complete than the last one, with far fewer listed annoying problems.

One annoying problem remains, however: the release is a timed beta. The package remains fully functional only for 30 days.

LPI certificates ship. [Certificate] It has taken far longer than anybody might have expected, but the Linux Professional Institute is finally sending out certificates to people who have passed both of the Level I exams. At this point, less than 100 certificates have gone out, but they are widely distributed: there are recipients in the USA, Germany, Austria, the UK, Belgium, Taiwan, Italy, and Ethiopia.

More Than 400,000 Linux Fans Choose Oracle. Oracle is reporting in a press release that over 400,000 users have downloaded Oracle products for Linux over the past three months.

Linux-based Browser Development Kit For Embedded, Non-PC Applications. ACCESS Co., Ltd. introduced the NetFront 2.6 Linux Software Development Kit (SDK) for the integration of ACCESS' NetFront browser into Linux-based Internet appliances and other non-PC applications.

Sun completes acquisition of Cobalt. According to a press announcement on the Cobalt web site, Sun's acquisition of the server maker has been completed. Cobalt shares were exchanged 1 to 1, adjusted for the upcoming 2 for 1 split of Sun shares. (Thanks to Steven C. Den Beste)

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • Progress Software Corporation (BEDFORD, Mass.) announced plans to release the source code of its Application Development Environment (ADE) under an open source licensing model.

Proprietary Products for Linux

  • Fox on Linux is a graphical, accounting software package.

  • Macadamian Technologies Inc. (OTTAWA, ONTARIO) announced the availability of Syndeo Collaboration Suite version 2.2.

  • MSC.Software Corp. (COSTA MESA, Calif.) announced that MSC.Patran, part of the MSC.visualNastran enterprise family, is now available on the Linux platform.

  • MSC.Software Corp. and SGI (COSTA MESA and MOUNTAIN VIEW, Calif.) announced that MSC.Nastran on Linux will be available with SGI Itanium based servers.

  • Trend Micro Inc. (NEW ORLEANS) announced its InterScan VirusWall gateway virus protection and content filtering solution will be available soon, for Red Hat, SuSE, and Turbo Linux.

  • Xi Graphics Inc. (DENVER) announced the release of version 6 of its line of Accelerated-X Display Servers for laptop, desktop and multi-head use. Runs on Linux or Solaris 8.

Products and Services Using Linux

  • Extended Systems (BOISE, Idaho) announced that its XTNDConnect Server data synchronization and management solution now supports industry-standard Internet e-mail, calendar and directory access protocols; IMAP4 (Internet Message Access Protocol), SMTP (Simple Mail Transfer Protocol), iCAL (Internet calendar), and LDAP (Lightweight Directory Access Protocol).

  • Lineo, Inc. (LINDON, Utah) announced the availability of Lineo Embedix UI, a simple HTML interface and micro Web browser that integrates with the Embedix SDK.

Products with Linux Versions

  • Computer Associates International, Inc. (ISLANDIA, N.Y.) announced the availability of the Service Level Management Option for Unicenter TNG and NetworkIT 2.0.

  • Enlighten Software Solutions, Inc. (SAN MATEO, Calif.) announced the general availability of EnlightenDSM 4.2, with versions for both Linux and FreeBSD.

  • Evoke Communications (ANAHEIM, Calif.) announced the launch of Evoke Collaboration 4.5, an interactive collaborative meeting tool.

  • Group 1 Software (LANHAM, Md.) announced the release of MailStream Plus 6.3, its Presort Accuracy, Validation and Evaluation (PAVE)-certified software solution.

  • Interstar Technologies Inc.(MONTREAL, Canada) announced the release of LightningFAX 7.0, an enterprise fax server solution.

  • MediaQ, Inc. (SANTA CLARA, Calif.) announced the MQ-1100, a device that combines a 64-bit 2D graphics engine, LCD display interface and USB device controller into a single device designed for handheld platforms that require long-battery life.

  • NEON Systems, Inc. (SUGAR LAND, Texas) announced the general availability of the J2EE compliant JDBC access for Shadow Direct, an iWave Solution data access and legacy application renewal software product, for use with IBM WebSphere.

  • Oracle Corp. (REDWOOD SHORES, Calif.) announced the general availability of Oracle9i Dynamic Services.

  • Paradigm3 Internet Software, Inc. (SAN JOSE, Calif.) announced an agreement wherein Paradigm3 is licensing and integrating IBM's WebSphere(1) Transcoding Publisher business-to-business integration software in Paradigm3's next-generation browser-based application for license management and e-commerce infrastructure.

  • PyBiz (SAN JOSE, Calif.) announced a change of policy that makes the use of XDisect, their high-speed XML indexing and search engine free during the development phase of customer projects.

  • Reef (NEW YORK) announced the launch of Internetware 2.1 at the E-Business Conference and Expo.

  • UniComp Inc. (MARIETTA, Ga.) announced the launch of its freeware version of UPSwin transaction processing software.

  • Verisity Ltd. (MOUNTAIN VIEW, Calif.) announced the latest release of SureLint, version 2.0, which features faster, more accurate race detection and finite state machine (FSM) analysis capabilities and a new category of built-in Reuse Methodology Manual (RMM) checks. The price is $15,000 U.S. for a floating LAN license.

  • Zero-Knowledge Systems Inc. (MONTREAL) unveiled its newest version of Freedom Internet Privacy Suite. Freedom 2.0 offers five standard privacy and security features as a free download in addition to enhanced paid premium services of untraceable private email and anonymous private browsing and chat.

Java Products

  • Inxight Software, Inc. (SANTA CLARA, Calif.) announced Table Lens Server, a Java version of its Table Lens technology, a new paradigm for graphical data analysis.

  • Sun Microsystems, Inc. (PALO ALTO, Calif.) announced Forte for Java, release 2.0, the latest version of its cross-platform development environment for building Internet services-based applications.

  • Tower Technology Corporation (NEW YORK) announced the availability of its TowerJ Java Virtual Machine (JVM) for Intel's family of Itanium processors for server-class computers.

Books and Training

  • O'Reilly (Sebastopol, CA) announced JavaServer Pages, by Hans Bergsten.

  • Turbolinux, Inc. (SAN FRANCISCO) announced a partnership with innominate training gmbh to offer Linux seminars on Turbolinux enterprise products in Austria, Switzerland and seven education centers around Germany starting in January, 2001. The three-seminar series, (Linux Fundamentals, Linux Network Administration and Linux System Administration) is designed to prepare participants for the LPI (Linux Professional Institute) certification.

Partnerships

  • Forlink Software Corp. (BEIJING) announced the formation of an alliance to deliver solutions and Internet applications deployed on Intel Itanium architecture and Linux systems.

  • Highlander Technologies (ROCKLEDGE, Florida) and Eloquent Systems (Lamar, AR) have entered into an agreement under which Highlander will distribute Eloquent's software for boat manufacturers, which runs on Red Hat Linux.

  • Intrusion.com (RICHARDSON, Texas) announced it has entered into Premier and Authorized Partner Reseller agreements with eight major Latin American security product resellers to support sales of its security product line, including its Linux-based PDS 2100 appliance.

  • Linux2order.Com (PROVO, UT) announced a partnership with the U.K.-based open source services provider SlashTCO, Ltd.

  • PalmPalm Technology (SANTA CLARA, Calif.), SK Telecom Central R&D Laboratory, and Seoul National University announced plans to release a beta version of the IMT-2000, a CDMA smart phone based on the Embedded Linux operating system.

  • Rappore Technologies (SAN JOSE, Calif.) announced the formation of a strategic relationship with Lineo to port Bluetooth technology to Lineo's Embedix embedded Linux operating system.

  • Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) announced that Cradle Technologies, Inc. is leveraging a broad set of Red Hat's embedded technologies and services. The Cradle contract includes consulting services and porting of Red Hat's GNUPro embedded development tools, eCos and embedded Linux operating systems, to Cradle's Universal Microsystem platform (UMS).

  • RedWire Limited (LinuxUser Conference, Chelsea Village, London, UK), an International IT Systems Integrator with focus on Linux / Open Source Solutions, announced that MPT Data Products Limited, has appointed RedWire as official Cyclades E-Commerce Distributor for the UK and Ireland.

  • Streambox, Inc. and e-Appliance Corp. (SAN JOSE, Calif.) announced a Business Partnership to provide an integrated high speed video on demand solution based on the StreamboxTV ACT-L3 CODEC, Streambox Carrier delivery system and e-Appliance's Linux-based SuperScaler appliance server technologies.

  • TurboLinux Japan (BOSTON and TOKYO) and Infoteria Corporation, the XML Software Company, announced an agreement to bundle Infoteria's XML development platform, iPEX 2.0, with Turbolinux Developer Edition.

Personnel

  • Ariel Corp. (CRANBURY, N.J.) announced the appointment of Robert F. Burlinson as a member of the Board of Directors.

  • Linux NetworX, Inc. (SALT LAKE CITY, UTAH) named Robert Dunoskovic vice president of manufacturing.

  • Sendmail, Inc. (EMERYVILLE, Calif.) announced the appointment of John Stormer to vice president of marketing.

Linux At Work

  • Fastlane Software Systems (SAN JOSE, Calif.) announced they have won a Federal Procurement award to deploy realtime network monitoring systems at the Federal Aviation Administration. Fastlane's proposal featured a turnkey approach which integrates their Xni software, various (unspecified) open source elements, the Red Hat Linux Operating system and Intel based hardware from Compaq Computer Corporation.

  • Inpharmatica (London, U.K.) is using a 1,100 processor Linux cluster which is now involved in discovering the drugs of tomorrow and in analysing the enormous amounts of data now generated by the Human Genome Project.

  • RigSupplies.com (EDMONTON, ALBERTA) is a new website built by CSM Systems Inc. for Western Canada's oil industry. The MIRAWRE-LX, to be launched early in 2001, runs on Linux.

  • Turbolinux, Inc. (SAN FRANCISCO) announced that Liderar Seguros, an insurance company in Argentina, has deployed a Turbolinux solution for secure business communications on the Internet linking its 40 branch offices nationwide.

Section Editor: Rebecca Sobol.


December 14, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Why software still sucks (Upside). Jaron Lanier, pioneer in the field of virtual reality and general supporter of the open source movement, laments the state of software today in this interview from Upside, and wonders how Unix - repackaged as Linux - could be the saving grace it is. "How I hated Unix back in the '70s -- that devilish accumulator of data trash, obscurer of function, enemy of the user," he writes. "If anyone had told me back then that getting back to embarrassingly primitive Unix would be the great hope and investment obsession of the year 2000, merely because its name was changed to Linux and its source code was opened up again, I never would have had the stomach or the heart to continue in computer science."

IBM

IBM to spend $1 billion on Linux in 2001 (News.com). News.com looks at IBM's plans to invest in Linux. "[IBM CEO Louis] Gerstner questioned whether three or four years from now any proprietary version of Unix, such as Sun's Solaris, will have a leading market position. He noted that Linux is growing at twice the rate of Microsoft's Windows NT and that the Unix variant looks increasingly likely to become more prevalent than NT. IBM has about 1,500 developers working on Linux, Gerstner said."

IBM Keeps Backing Linux (Motley Fool). The Motley Fool considers Linux investments in light of IBM's latest moves. "While today's news clearly indicates Big Blue's efforts to combat its slowing growth against competitors like Microsoft and EMC in software and storage, respectively -- and the biggest pain of all, Sun Microsystems -- perhaps the more interesting question is to examine what all of this means for the Linux companies, such as Red Hat and VA Linux."

Gerstner's $5 billion spending spree (ZDNet) . IBM is set to invest $1 billion in Linux in 2001 and another $4 billion in 'e-sourcing' over the next three years, according to this ZDNet report on IBM Chairman Lou Gerstner's keynote at the ebusiness Expo and Conference in New York. "Gerstner made no bones about the fact that IBM's decision to bet big on Linux also is an attempt to slow the growth of IBM competitors Microsoft Corp. (Nasdaq: MSFT), Sun Microsystems Inc. (Nasdaq: SUNW) and EMC Corp. (NYSE: EMC), three companies which have distanced themselves from Linux."

Shell Will Use Linux Supercomputer for Oil Quest (Reuters). IBM just keeps rolling with its Linux supercomputers - this time Shell is opting for an IBM supercomputer-scale cluster of 1024 Linux-based IBM X-Series servers, the largest such installation to date, to run seismic and other geophysical applications.

IBM Linux mainframe chosen by European telecom (News.com). News.com reports on Telia's purchase of an IBM mainframe to replace Sun systems. "Using 'partitioning' software, a mainframe can be split into several independent computers that share the same hardware. IBM and others have demonstrated running tens of thousands of Linux computers on a single mainframe. At Telia, a G6 mainframe with more than 1,500 virtual Linux servers will replace 70 existing Sun Unix servers..."

IBM pulls off Linux coup with Telia (ZDNet). Here's another ZDNet article on the Telia installation. "Steve Solazzo, IBM's vice president of Linux strategy, said in an interview that the implementation represents Europe's first major commercial enterprise infrastructure based on Linux. The Linux software will be provided by SuSE Inc. of Germany."

Red Hat

Red Hat rocks the cradle, with Linux/eCos combo (LinuxDevices.com. Red Hat has been selected by Cradle Technologies to create a suite of tools, based on their embedded distributions and packages including eCos, for Cradle's new UMS processor chips. "The Cradle UMS chips will combine multiple RISC and DSP engines on a single chip -- 'on the order of fifty' in a single device, according to [Cradle CEO Satish] Gupta. The result will be a highly parallel system microarchitecture. But that should prove no serious challenge to Linux developer Red Hat, which already has substantial Linux clustering experience. Red Hat, it seems, will be supporting the combination of its open source eCos real-time kernel coexisting with embedded Linux."

Army to try Red Hat embedded Linux (News.com). Red Hat has been selected by Rymic Systems for prototype Internet devices that will diagnose ground vehicle performance for the US Army. "Rymic Systems has chosen a small "embedded" version of Linux for use in prototype Internet devices that will diagnose vehicle performance and predict if failure might be imminent, the company said."

VA Linux

VA Linux's SourceForge forges cash (ZDNet). ZDNet looks at VA's new "rent a SourceForge" service. "Agilent Technologies, a large spinoff of Hewlett-Packard Co, is the first subscriber to the service, called SourceForge Onsite, said VA vice president of strategic planning John Hall. 'It's absolutely a strategy to grow our customer base into the Fortune 500,' Hall said. VA is interested in this demanding but lucrative customer segment and believes the need for collaborative programming tools will be VA's foot in the door."

Can VA Linux get out of hot water? (Upside). Upside reports on VA Linux Systems' new SourceForge OnSite offering. "Ironically, as Linux companies' fortunes have faltered in the market, the number of established software companies looking to incorporate various elements of the open source design model into their own proprietary projects has grown."

U.S. authorities focusing on VA Linux in IPO probe (Reuters). Here is a Reuters article stating that the U.S. government is looking into the VA Linux Systems IPO. It seems that there are some questions on just how the shares in that IPO were allocated, with some investors paying "unusually large commissions" to participate.

The Desktop

Linux moves slowly onto the desktop (News.com). C|Net's News.com does a nice overview of the Linux desktop world as it is currently evolving, and why some players (like id Software) are not as interested as they once were. "Linux on the desktop is a complicated matter. For one thing, there's nobody really in charge of the Linux desktop user interface. Linus Torvalds exercises some control over Linux's kernel--the core parts of the operating system--but leaves user interface issues to others."

Companies

Last of the independents (Upside). Upside has run this article on Bruce Perens' move to HP. "In a move that in many ways reflects the current chilly tech market, one of the Linux community's last unsigned marquee players has decided to take a break from free agency and join an established corporate team."

Oracle Expands Developer Services (ZDNet). ZDNet sees Oracle's expanded Oracle Technology Network as a response to other services like CollabNet and VA's SourceForge. "In some respects, Oracle's moves were those of a large commercial company's following the lead of such pioneers in online development as VA Linux Systems' SourceForge, O'Reilly & Associates Publishing and Hewlett-Packard's SourceXchange and CollabNet's www.collab.net. All three provide collaborative development tools and hosted services for open source code projects."

Open-source MP3 project continues after parent's demise (News .com). With parent company iCast folding the future of Ogg Vorbis, the open source replacement for the patent-restricted MP3 format, is in question. The answer, of course, is to keep on rolling. "With the demise of iCast, a casualty of CMGI's recent round of belt-tightening, the Vorbis programming team was cut loose. It was allowed to keep all rights to its work, a provision that was part of its original deal in joining iCast, the programmers say.

But the lack of a corporate sponsor has left the team, at least temporarily, without funding and without the prospect of a high-profile showcase for its work."

Business

Open-source backers: Are you afraid? (ZDNet). ZDNet's Mary Jo Foley suggests that folks should be worried about the increasing corporate involvement in open source. "I am not implying that big corporations have nothing positive to contribute to Linux and open source. Indeed, the nearly 300 IBMers who are dedicated to working on open-source projects are 300 more warm bodies working for the betterment of open source. But what kind of financial and strategic benefits do big companies receive from their increasingly public love affair with open source? Is this topic off limits?"

Report on Linux progress in the German automation industry (LinuxDevices.com). An updated from Robert Schwebel, producer of Linux-Automation.com, on how Linux is being used and developed in the German industrial automation industry. "National Semiconductor's Geode chip was the heart of a small embedded board [from IBS] which can be used in customer-specific applications as well on standardized PC/104-Plus boards. At the booth, a Linux-based demo application was shown."

Hitachi launches Transmeta-based Internet appliance (News.com). C|Net's News.com is covering the new Hitachi Flora-ie 55mi, a Transmeta Crusoe based, Linux powered combination of a notebook, a handheld and a cell phone. "The device can be used on a desktop with a keyboard or removed from its docking cradle for roaming. Besides the keyboard, a stylus can be used to input data, like on a Palm. The device also contains a mobile phone interface for calls."

The press release from Hitachi announcing the Flora-ie 55mi says the battery life is up to 7 hours and runs a "mobile Linux operating system", though it doesn't say if it's an in-house version or one of the well known embedded OS's.

MasterTrade Linux roll-out gives system room to grow (Stuff NZ). It's slowly becoming more commonplace - a major retailer or business rolls out a large Linux installation replacing an existing Microsoft or Sun infrastructure. This time the retailer is New Zealand based MasterTrade and the Linux system count is 300. "After trialling Windows 2000, MasterTrade found difficulties with 'middleware', which communicates between MasterTrade's central inventory database in Christchurch, and the PCs in its 50 branches. 'Linux removed all middleware, and all the difficulties that went with it' [noted MasterTrade data processing manger Neil Helson].'

The problem, of course, is that KDE is neither a Linux distributor nor based in America. "Staff will have access to suppliers' websites through X-Windows software from American Linux developer KDE, which lets staff use graphical applications." So while retailers now get it, it appears some news sites still don't. (Thanks to Ian McDonald)

Will Linux Save Microsoft? (CNBC). CNBC examines the future of Microsoft and how it could, if the 800 pound gorilla gets hungry enough, use Linux to stay alive. "Microsoft doesn't talk about its Linux strategy very much. But it is an open secret in Silicon Valley that the company could rather easily steal the thunder from faddishly popular Linux firms, such as Caldera Systems Inc. and Red Hat Inc., at just about anytime it chooses."

Resources

What Is P2P...And What Isn't? (O'Reilly). Defining P2P literally suggests that Alexander Graham Bell was a P2P engineer, according to an article on th O'Reilly Network. "P2P is a class of applications that takes advantage of resources -- storage, cycles, content, human presence -- available at the edges of the Internet. Because accessing these decentralized resources means operating in an environment of unstable connectivity and unpredictable IP addresses, P2P nodes must operate outside the DNS system and have significant or total autonomy from central servers."

LinuxMonth Issue # 4. The 4th issue of LinuxMonth has been published. Article topics in this issue include using sudo, an interview of John Ousterhout, open source licenses explained, and security tips for Red Hat distributions.

28 abstracts and papers on real-time Linux (LinuxDevices.com). LinuxDevices.com has posted the abstracts and, in most cases, links to the PDF versions of the talks from the second annual Real-time Linux Workshop, held in Orlando, Florida on November 27-28, 2000.

Linux on the loose (ZDNet). In this article, ZDNet talks about what can be expected in the soon-to-be released Linux 2.4 kernel. "Torvalds is planning to include the ReiserFS journaling file system in the 2.4.1 release, expected within two weeks of 2.4's release."

Reviews

First Looks at Nautilus 0.5 (Signal Ground). Signal Ground takes a brief look at Nautilus 0.5. "Installation of Eazel's Nautilus 0.5 from Debian packages went without a hitch. And the next thing I knew, I had a Nautilus menu item in my Gnome menus. After selecting it, the wizard screen shown above appeared. The wizard asks a few questions, including asking you to pick a skill level."

VMware 2.0.3 for Linux Review (LinuxLookup). The VMWare 2.0.3 installation and feature set are examined in this review by LinuxLookup. " Currently there is only a X86 version of VMware and only the ability to run X86 based guest operating systems. All Microsoft Windows operating systems are now supported (including 2000 Professional/Server and ME), FreeBSD 2.2.8 and 3.X, most Linux distributions although the 2.X and above kernels are recommended, and MS-DOS 6.X."

Section Editor: Rebecca Sobol


December 14, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

IT University launches LinuxLab.dk. The IT University of Copenhagen launched LinuxLab.dk, one of Denmark's biggest Open Source initiatives. IBM is the founding sponsor of the laboratory.

Help Wanted

Linear Logic Systems is looking for a Linux kernel hacker.

Events

December/January/February events.
Date Event Location
December 15 - December 17, 2000. LinuxFEST Belgrade, Yugoslavia.
January 17 - January 20, 2001. linux.conf.au University of New South Wales, Sydney, Australia.
January 23 - January 24, 2001. Linux Expo - Amsterdam Amsterdam, Netherlands.
January 30 - February 2, 2001. LinuxWorld Conference & Expo Jacob Javits Convention Center, New York, NY.
January 31 - February 2, 2001. Linux Expo Paris Paris, France.
February 3 - February 4, 2001. Open Source and Free Software Developers' European Meeting Brussels.
February 14 - February 16, 2001. O'Reilly Peer-to-Peer Conference Westin St. Francis Hotel, San Francisco, California.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

LUG Events: December 14 - December 28, 2000.
Date Event Location
December 14, 2000. Linux, Running Applications Delfzijl, Netherlands.
December 14, 2000. Phoenix Linux Users Group Sequoia Charter School, Mesa, AZ.
December 14, 2000. Boulder Linux Users Group NIST Radio Building, Boulder, CO.
December 16, 2000. North Texas Linux Users Group (NTLUG) Nokia Centre, Irving, Texas.
December 16, 2000. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
December 16, 2000. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
December 17, 2000. Omaha Linux User Group Omaha, Nebraska.
December 17, 2000. Beachside Linux User Group Conway, South Carolina.
December 18, 2000. Linux Users' Group of Davis Z-World, Davis, CA.
December 19, 2000. Hazelwood Linux User Group Prairie Commons Branch Library, Hazelwood, Missouri.
December 19, 2000. Kansas City Linux Users Group Installfest Kansas City Public Library, Kansas City, MO.
December 19, 2000. Bay Area Linux User Group Chinatown, San Francisco, California.
December 20, 2000. Arizona State University Linux Users Group Tempe, AZ.
December 20, 2000. Linux User Group of Groningen Groningen, Netherlands.
December 20, 2000. Central Iowa Linux Users Group West Des Moines, IA.
December 21, 2000. Rice University Linux Users Group Rice University, Houston, TX.
December 27, 2000. Linux User Group of Assen Assen, Netherlands.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


December 14, 2000

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


The NymIP Project has set itself the task of designing a set of IP-based protocols which will facilitate the use of controlled anonymity and pseudonymity on the net. The standards and their implementation are both intended to be open and freely available. If they get there, this project will have helped to protect privacy in electronic communications.

Not satisfied with using emacs to edit files, read mail, chat on IRC, partition disks, be psychoanalyzed, and edit images? Well, the emacs webring is back in action and ready to connect you with more cool stuff to satisfy your elisp needs.

Section Editor: Jon Corbet


December 14, 2000

   

 

This week in history


Two years ago (December 17, 1998 LWN): IDC reported that Linux's market share rose 212% in 1998, giving it 17% of the server operating system market.

Work continued toward the 2.2.0 stable kernel release. Linus, meanwhile, addressed the topic of raw I/O in Linux:

Quite frankly, nobody has EVER given me a reason that makes any kind of sense at all for supporting raw devices in any other way than we already do. Nobody sane uses a disk without a filesystem, and the insane people that do I feel we can and should ignore. Insanity has a way of dying off over time, when Darvin [sic] starts to look into it.

(2.4.0, of course, will include a Linus-approved raw I/O implementation).

The Debian Project adopted its constitution, which describes how the project operates. The project was smaller then; all of 86 votes were counted (once was sufficient) in the decision on the constitution. The first project leader election began, with Joseph Carter, Ben Collins, and Wichert Akkerman running as candidates.

Red Hat, meanwhile, launched its training and certification programs.

The GNOME project aims to emulate what is best about existing interfaces. "Microsoft did some things very well, and we're trying to learn from them," [Miguel] de Icaza says. At the same time, the project seeks to avoid some of Windows' annoying design peculiarities. GNOME users, de Icaza promises flatly, will not turn off their computers by clicking a button labeled "Start."
-- Technology Review on GNOME, two years ago.

The Linux Mall announced the availability of the first stuffed Tuxes. "A huggable pal to have around, or a great bed partner."

IBM released the first version of Wietse Venema's "Secure Mailer," otherwise known as Postfix.

One year ago (December 16, 1999 LWN) saw, of course, the initial public offering of VA Linux Systems. The company's stock shot up to close at almost eight times its (already increased) initial value, setting a record which remains unchallenged a year later. It was the high point of the Linux stock mania. One year later, VA's stock stands at about 5% of its first-day peak, and the IPO is being investigated by the U.S. government (which is more concerned with the underwriter's actions than VA's).

LWN predicted a flood of Linux-related IPOs to follow. Needless to say, things have not worked out that way.

VA had indeed gone out on NASDAQ -- and I had become worth approximately forty-one million dollars while I wasn't looking. Well, that didn't last long. In the next two hours, VA dropped from $274 a share to close at $239, leaving me with a stake of only thirty-six million dollars. Which is still a preposterously large amount of money.
-- Eric S. Raymond. That didn't last long either.

The Bazaar, a free software conference, was held in New York. Attendance was light, and the event has not been repeated. At the conference, Miguel de Icaza was awarded the Free Software Foundation Award for his work with GNOME.

Bastille Linux 1.0.0 was released. Debian 2.1r4 came out. MandrakeSoft proclaimed that Linux-Mandrake 6.1 was Y2K compliant. Stormix released Storm Linux 2000.

Linus released development kernel 2.3.33 with the comment: "We're obviously not going to have a 2.4 this millenium [sic], but let's get the pre-2.4 series going this year, with the real release Q1 of 2000." He was flooded by those who claim the millennium wouldn't end for another year, and responded:

The fact that our forefathers were Pascal-programmers, and started counting from one does not mean that we have to continue that mistake forever. We've since moved on to C, and the change from 1999->2000 is a lot more interesting in a base-10 system than the change from 2000->2001.

Of course, it looks like no 2.4.0 by the end of the millennium even by the reckoning of Pascal programmers...

Applix acquired CoSource.com, just a few days after the latter's official launch.

Linuxcare closed a large investment round.

But Linuxcare wants to get its business in better shape before it goes public. The company isn't profitable and won't be for the next year as Linuxcare pays for aggressive hiring and expansion, [CEO Fernand Sarrat] said in an interview. Shunning the method pioneered by Internet companies, Sarrat is focusing on building up the business before Linuxcare goes public, instead of using the proceeds of an IPO to fund that expansion.
-- News.com, December 14, 1999

Of course, Linuxcare filed for its IPO just one month later...

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
From: "Post, Erik" <epost@exch.hpl.hp.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Red Hat != Linux?
Date: Thu, 7 Dec 2000 11:42:39 -0800 

Dear LWN editors,

one small piece of the 'fun with the press' topic on the December 7th issue
caused me to write this letter. It isn't a really big issue, but still. My
comment pertains to the part in which you talk about the CNet article about
RedHat not supporting Sparc anymore, and the CNet author's comparison with
Windows NT's decline in the number of supported CPUs. You conclude that CNet
made the mistake of assuming Red Hat = Linux.

However, I fail to see the point where the author of the CNet article makes
the fault of assuming Linux = RedHat. The author talks about a specific
company (Red Hat), with a OS product (Red Hat Linux), and compares it with
another OS product (Windows NT) from a specific company (Microsoft).

Besides, (and I quote) "finding a distribution that supports the Sparc is
not hard", especially if you bothered to read beyond the first five
paragraphs of the article.

I'm afraid that LWN fell for the very same thing it is warning people about:
assuming Red Hat = Linux.

Best regards,
Erik Post

   
Date: Wed, 13 Dec 2000 00:10:32 -0900
From: Fielder George Dowding <fgd@mailhost.alaska.net>
To: lwn@lwn.net
Subject: Those who live in glass houses ...

To whom it may concern:

I read with some interest the December 7, 2000, "Fun with the press"
under the headline, "Leading items and editorials." The piece labeled
"This Upside article about Plan 9" sufficently interested me to pursue
the source.

My conclusion is you should not cast stones at a fellow writer for lack
of research.

I will grant that the opening paragraphs were excessive in the use of
literary techniques for holding the attention of the reader. The real
culprit, assuming the author reported accurately, is the CEO of Vita
Nuova, Mr. Michael Jeffrey.

Mr. Jeffrey's cpu requires a bug fix in its logic unit. All of what he
is quoted as having said is almost pure marketing flack. It is clear to
me he does not understand business or the Internet development model. He
and his company will be trampled by the Hurd.

Thank you for leading me on to this situation, but please, a little more
research.

Cheerio!
-- 
Fielder George Dowding, dba Iceworm Enterprises
fgd@alaska.net            iceworm@customcpu.com
909 Chugach Way Lot 35, Anchorage, Alaska 99503-5667 US
   
Date: Tue, 12 Dec 2000 17:02:26 +0000 (GMT)
From: <S.Xenitellis@rhbnc.ac.uk>
To: <letters@lwn.net>
Subject: About FrameMaker and Adobe


I was partly surprised when I read two weeks ago that Adobe is dropping
the Linux version of Framemaker+SGML.

A lot of people do not consider typesetting to be such an exciting area of
work and show too little interest. (I personally find typesetting quite
interesting).

The fact that it is not generally an interesting area is evident from the
lack of opensource applications that can be used to create SGML documents
and generate output formats. Currently, if someone wants to use
DocBook (an SGML "application" suitable for technical documentation) to
generate output PDF/PS output, s/he has only two solutions, each of them
giving not so good results. There are to use "JadeTeX" or "PassiveTeX",
both from Sebastian Rantz. "JadeTeX" was a hack and is not developed
anymore (table support in JadeTeX is not good) while "PassiveTeX" appears
to be the right way to do things and is  being developed. However, at the
moment, PassiveTeX does not appear to be able to generate all sorts of
documents. (this is not an accusation on Sebastian)

From what it appears here, there is currently no globally acceptable
editor to write SGML (DocBook) documents and the document generation does
not offer too much sophistication.

Adobe could have had the chance to invest into a simple GUI product that
can aid in
a) the writing/editing of SGML documents
b) generation of all sorts of PDF/PS output

Projects like KDE and GNOME make extensive use of DocBook and most other
OS documentation is converted into DocBook as well.

My recommendation to Adobe is that when they consider entering the
Linux market, they should think primarily in capturing the market and
getting the money latter from services by companies who make commercial
use of the product. Linux is stuck with no complete (easy to use,
supporting all features of standards, supporting many local languages)
typesetting tools.

Thanks,
Simos Xenitellis

   
From: Peter Samuelson <peter@cadcamlab.org>
Date: Fri, 8 Dec 2000 00:55:02 -0600 (CST)
To: jra@baylink.com
Subject: Re: Universal RPMs.


[Jay Ashworth]
> In general, anytime that part of an installation involves "put this
> file in the right place" or "change this [parameter in] this system
> control file (inittab)", there should probably be a program that does
> the work, the call to which can be standardized across systems, and
> the underlying actions can be specific to a distribution.

Hey, you're describing Debian:

  $ ls {,/usr}/{,s}bin/update-*
  ls: /bin/update-*: No such file or directory
  /sbin/update-modules
  /usr/bin/update-menus
  /usr/bin/update-ppd
  /usr/sbin/update-alternatives
  /usr/sbin/update-dlocatedb
  /usr/sbin/update-fonts-alias
  /usr/sbin/update-fonts-scale
  /usr/sbin/update-inetd
  /usr/sbin/update-ispell-dictionary
  /usr/sbin/update-mime
  /usr/sbin/update-passwd
  /usr/sbin/update-rc.d
  /usr/sbin/update-vfontcap
  /usr/sbin/update-xaw-wrappers

Now granted, a few of these are Debian-specific ("update-alternatives"
manages the alternatives system by which you can have both nvi and vim
installed, either of which (but not both) can have a /usr/bin/vi
symlink) but many of them -- update-inetd, update-rc.d, update-passwd,
update-mime -- could easily be applied to other distributions.

There is actually a Debian package 'file-rc' which replaces the SysV
runlevel symlink tree with a single 'runlevel.conf' file -- and thanks
to the update-rc.d abstraction layer, it works transparently, without
any changes to other packages.

Peter
   
To: letters@lwn.net
Subject: Re: Universal RPMs
From: Marc Lefranc <mlefranc@libertysurf.fr>
Date: 07 Dec 2000 23:01:29 +0100


Dear Editors,

I would first like to thank you for the best Linux news source in the
world.

In the issue of LWN dated Dec. 7, 2000, Jay R. Ashworth complains that
the Red Hat distribution does not provide a simple user interface for
starting and stopping SysVinit services. He notes that he created a
simple script, called svc, which provides a wrapper around the script
located in /etc/rc.d/init.d.

I would just like to point out that:

1) It has been some time since RH has been shipping such a user
   interface. Just look at.../sbin/service which does exactly what the
   above-mentioned svc does.

2) starting with RH 7, there is a symbolic link /etc/init.d ->
   /etc/rc.d/init.d, which makes the /etc/init.d valid on RH, Debian,
   most certainly Mandrake (not checked), and probably soon most other
   distributions. This implies that /etc/init.d/script start might be
   even simpler that calling the svc|service interface.

Marc Lefranc

   
Date: Thu, 7 Dec 2000 14:58:58 -0500 (EST)
From: Joseph J Klemmer <klemmerj@webtrek.com>
To: "Jay R. Ashworth" <jra@baylink.com>
Subject: Re: Universal RPMs.


> The files on a Red hat distribution (among others) in the
> /etc/rc.d/init.d directory constitute a sort of "service manager
> interface", in conjunction with SysVinit, they're one of the few
> ideas stolen from NT that I like.  But, while many Linux
> distributions provide the "chkconfig" command for setting services in
> this directory to be enabled or disabled in specific runlevels, that
> command doesn't provide a user interface for turning something on or
> off, or restarting it, *right now*.  I created my on, called svc:
>
> /etc/rc.d/init.d/$1 $2
>
> Real complicated, right?  People do that all the time, right?  So why
> hasn't RH already added that to the distro?

	FWIW, there's a little known utility called "service" on RH (don't
know if it's on any of the others) that does exactly what you're referring
to.  It seems to be an undocumented little thing but, as it's a shell
script, it shouldn't be to difficult to figure out.  Just try this as
root:

[root@billy /root]# service
Usage: service < option > | --status-all | [ service_name [ command ] ]

The script is in /sbin and makes it real handy to do things like -

service httpd restart
service sendmail stop

Just thought you'd like to know.  :-)

---
There are just 25 days till the beginning of the 21st century and the next
millennium!


   
Date: Thu, 07 Dec 2000 13:42:15 -0500
From: Pierre Baillargeon <pb@artquest.net>
To: letters@lwn.net
Subject: Elevator algorithms

Hi,

Just a comment about the conclusion Thomas Sippel - Dau
(t.sippel-dau@ic.ac.uk) reached about the elevator algorithm.

When you strip down the math notation from his letter, you get the
simple claim that applying two sorting algorithms in succession is
wasteful because only the last one will prevail.

This is patently false. A sorting algorithm does not need to affect all
elements. An example of such algorithm is the stable sort: equal
elements are not moved. This algorithm is useful to sort by two criteria
in succession: for example sorting mails first by sender then by date,
so that letters received on a single day will be sorted by senders.
Using a single sorts would not produce that result.

Elevator algorithm are part of such breed. Only the elements that meet
certain criteria will be moved around. So the effort is not wasted. The
kernel can optimize with the criteria it consider important, and the
disk controller will sort them with its own optimizing criteria.

The second flaw of the argument is the assumption that both the kernel
and the disk controller see the same set of requests. This is not
necessarily so. In fact, the elevator algorithm is there to provide the
most cohesive set of requests to the controller, so that its own
internal algorithm can do an effective job.
   
Date: Thu, 7 Dec 2000 13:03:15 -0500
From: "Jay R. Ashworth" <jra@baylink.com>
To: letters@lwn.net
Subject: Disk Elevators redux

In last week's letters column, Thomas Sippel made an excellent point
about OS-based disk elevator transfer-reordering algorithms: disk
controllers with onboard cache reorder transactions themselves, anyway.

I wanted to make a different point, and it's still valid, so I will.  :-)

It wouldn't matter if the drives were uncached, anyway: the Cylinder,
Head and Sector address information with which the drive talks to the
outside world has been fictional for many years, anyway.  Many, and I'm
tempted to say all, but can't back it up, drive use translation
mappings such that the sectors on one "cylinder" do not all reside on
the same physical cylinder.

This alone would seem to make OS-based elevators not only useless, but
in some cases, the pessimal solution to the problem at hand, no?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida     http://baylink.pitas.com                +1 727 804 5015
   
Date: Mon, 11 Dec 2000 19:07:26 -0800
From: Thornton Prime <thornton@jalan.com>
To: mfoley@zdnet.com, letters@lwn.net
Subject: Re: Open-source Backers


Dear Ms. Foley,

I know as an avid industry watcher you recognize the enthusiasim and
growth of open source projects. Open source is clearly already an
important force in the market, and will continue to be as long as
individuals find rewards in the model. At the same time, though, I
submit that the financial interests for a corporation that actively
contributes to open source projects is substantially greater than any
reward available to individuals.

>From your article posted at
http://www.zdnet.com/zdnn/stories/comment/0,5859,2662295,00.html I see
that you have wondered about how companies can gain from participation
in open source projects. I am writing to offer you what I believe to be
reasons why companies in some parts of the IT industry should consider
participation in open source projects.

I see six basic financial interests in corporate sponsorship of open
source projects. Most of these depend on a particular business model,
but all apply to a company as large as IBM which is pursuing multiple
business goals simultaneously:

1. Contributing to open source projects is absolutely essential for any
hardware company hoping to make sales in the rapidly growing open source
operating system market. To guarantee the best driver support for your
hardware, you need to write your own drivers. To guarantee equal
protection and treatment of your drivers in a community like Linux,
these drivers need to be open. For companies like IBM and Compaq,
investing in open source is investing in a substantial investment they
have made in CPU development. They are guaranteeing future markets for
their PPC and Alpha processors. Smaller hardware manufacturers stand
just as much to gain.

2. Contributing to an open source project enables a company that sells
associated services or projects to guarantee computability and help
shape future directions of a software that is key to their future. IBM
again provides a great example of a company that benefits in this way.
By participating in the Apache product, they guarantee compatibility
with WebSphere. they have also substantially moved forward the Apache
Group's next generation server, moving it from a forking Unix codebase
to a model that provides multiple multi-process architectures, including
threads, pre-forking and a hybrid.

3. Contributing to open source projects helps develop internal expertise
and enhances the credentials of a company who provides consulting
services for the software or a related product. IBM, by contributing
performance patches to Apache has demonstrated themselves as an
authority on Apache and web servers in general.

4. Developers come and go. Open source developers remain loyal to their
code and support it after they have left. IBM licensed the postfix mail
server under their open source license. The developer, Wietse Venema,
continues to actively improve and enhance his code, even though the
license remains IBM's. While it started as a research project it has
turned into a secure and stable alternative to sendmail now used by
Compaq and many other companies around the world. IBM continues to enjoy
a return on their research investment even though the principal author
is no longer in their employ.

5. Good systems get better faster when they are open. If there is no
real market for a software project, open sourcing it can create a market
and create opportunities. Once code is available to the public it
matures more quickly and at less cost than a comparable commercial
project as long as there remains good management of the project. 
Developers outside of an organization offer abilities and enhancements
that often are unthought of within a company of origin. Again, I use the
example of postfix. IBM had less than a snowball's chance in hell of
penetrating a mail server market dominated by Sendmail, Lotus, Novell,
and Microsoft when Mr. Venema started his project. Still, developing the
expertise internally was critical to other business processes. While the
code had no value commercially, releasing it publicly opened competition
to Sendmail and created a new market. The code improved dramatically,
gaining database and LDAP support, while increasing in security and
performance once other developers had an opportunity to contribute and
once system administrators deployed, tested, and suggested enhancements.
Another good example of this is Mozilla and Netscape. While many
proclaim Netscape as an example of a failed open source project, I think
few would contest the fact that Microsoft's growth in the browser market
was only halted once Netscape open sourced their browser and created
Mozilla. While Mozilla may not be the best example of an open source
product that creates opportunities, it is a clear example of a move that
saved a dwindling market share from dwindling further. In the end
Mozilla may turn around the browser market when and if AOL adopts
Mozilla as the core of their product. In fact, because Mozilla is
available on so many platforms it may help AOL enter markets they
probably never considered, including Linux, Be, and the embedded browser
markets.

6. Most open source developers code for two simple reasons: ego and fun.
In an increasingly tight job market, both of these motivations can be
key to employee acquisition and retention. Companies like IBM, who only
a few years ago were considered too buttoned-up for most developers, are
now able to make attractive employment offerings to a market that seems
less concerned with money and more concerned with fringe benefits.

Thornton Prime
   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds