[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Ogg Vorbis, the Xiph foundation, and a licensing change. Some readers have suggested that our coverage of Ogg Vorbis could be improved... given the announcements from the project this week, this seems like a good time to catch up. So here goes...

The Ogg project has given itself the goal of creating a high-performance, [Ogg Vorbis Logo] free multimedia system. All kinds of goodies are planned for the future; for now, the project offers:

  • The "Vorbis" compressed audio format. This format has been put into the public domain, and is thus freely usable by anybody. It is, of course, offered as a way around the patent problems with the popular MP3 format. Vorbis users need not pay patent royalties to anybody. The open nature of the format also encourages improvements; the project claims that Vorbis files already sound better than MP3 files of the same size, and that things are steadily improving.

  • A set of libraries for working with Vorbis files. Python bindings are available as well.

  • Various application-level goodies, including player plugins for xmms and FreeAMP, encoders and players, and more.

Those who are curious about the origin of the name can check out this page, which describes it in detail. "Ogg," as it turns out, comes from the classic Netrek multiplayer space war game (once the cause of much lost time on your editor's part); it signifies a suicide attack - though, in this context, it has been reinterpreted slightly. "Vorbis" comes from a science fiction novel. And the logo:

The 'Thor-and-the-Snake' logo is drawn somewhat from Norse mythology; the real symbolism is the sine-curve shape of the snake. Thor is hefting Mjollnir about to compress the periodic signal Jörmungandr... See, it all makes sense.

Ogg Vorbis has the potential to have an impact far beyond the free software community. The MP3 patent is a problem for just about anybody (or any company) working with audio. Solid-state audio players, game consoles, desktop software, and more are all affected. A clearly free alternative with better performance characteristics will be appealing in many applications.

To help Ogg Vorbis achieve world domination in its niche, its developers threw in a couple of important announcements along with the beta 4 library release. They are:

  • A new foundation, the "Xiph.org Foundation," has been created to promote the use of open multimedia standards. It will be a nonprofit organization, which will be hitting up companies for funds to carry out its work.

  • As of the beta 4 release, the Ogg Vorbis libraries are no longer licensed under the LGPL; instead, the BSD license will be used.
The purpose of the license change, of course, is to help establish the Ogg Vorbis standard by allowing vendors to use the library code in proprietary products. Establishing the standard is important enough that even Richard Stallman, who normally advocates more restrictive licensing for libraries, has endorsed the Ogg Vorbis license change:

Ordinarily, if someone decides not to use a copylefted program because the license doesn't please him, that's his loss not ours. But if he rejects the Ogg/Vorbis code because of the license, and uses MP3 instead, then the problem rebounds on us--because his continued use of MP3 may help MP3 to become and stay entrenched.

In other words, Ogg Vorbis, despite its attractive features, has an uphill battle ahead of it. Some flexibility in licensing is, in this case, warranted; it may be the deciding factor which establishes a free audio (and, eventually, video) encoding standard. We wish them luck.

Copyright law and business models. The February 24 issue of The Economist has a leading editorial on the Napster case. Therein, it is written:

But the Napster case is not just, or even mainly, about piracy. It is about business models. The industry wants to stick to its old one - selling expensive compact discs - and to protect it. But Napster's success shows that there is a lot of appetite for a new model. The old model is legal, but the new one is not, since the industry refuses to endorse it.

Artists' interests deserve legal protection, within limits; business models do not.

Unfortunately, the Economist's business model states that this article is "premium content," available only to subscribers.

Very little coverage of the current intellectual property disputes have pointed out this basic fact - piracy is not the issue. It is, instead, a dishonest smokescreen put up by those who feel that a lucrative business is threatened by new technologies. This despite the fact that, usually, those businesses do better than ever after new technologies become established.

Thus, the music industry decides to shut down Napster, rather than work with it to create a new business that would clearly have willing customers. Similarly, the DVDCCA tries to employ the Digital Millennium Copyright Act to put the DeCSS genie back in the bottle. DeCSS has nothing to do with piracy of movies, but it is lethal to things like the "region coding" scheme that prevents people in the U.S. from watching European DVDs (and vice versa).

There is, of course, nothing new here. For some perspective, we recommend a perusal of Chapter 2 of Digital Copyright, a book by Jessica Litman. It discusses how copyright holders have worked for many years to have copyright law serve their interests, and how users of copyrighted material have not been represented in the process.

If Congress were in the habit of looking hard at copyright proposals to see whether their substantive provisions were good policy, or would interact in good ways with other policies, one might have expected this exercise to come to an early end. People who aren't copyright lawyers, after all, would look at the digital copyright agenda and say, "there's something wrong with this picture". But, because the tradition in copyright legislation involves getting a bunch of copyright lawyers to sit at a bargaining table and talk with one another, a lot of important questions were never asked.

Reading the entire chapter takes some time, but is worth the effort.

An obvious question comes to mind here: given this pattern of using copyright law (and other legal tools) to attempt to preserve lucrative business models, what kind of response will free software generate? Free software does indeed threaten business models based on intellectual property, and it is starting to make some companies nervous.

We have seen some responses already. The CueCat affair was an attempt by Digital Convergence to head off a free software threat to its business; in that case, the company eventually declared victory without actually changing anything. DeCSS threatens the film industry's control over how its customers can use films they have bought, and the industry has responded with a copyright-based challenge.

The battle against free software will be fought with proprietary formats, reverse engineering bans, software patents, and so on. Expect it to get ugly. But the free software community has a number of strong weapons that the copyright industry has not had to face before. It is a large, global, and vocal group, which is easily able to organize itself electronically. Free software increasingly has the backing of large businesses which see it as an important part of their future. And the nature of free software makes it hard to stop - it is an interesting exercise to see how long it takes to find a copy of DeCSS, despite over a year of constant, well-funded effort on the DVDCCA's part. And, of course, the free software community's ability to create great code is unparalleled. A fight is coming, but we should be able to win.

(And we'll have fun doing it. For those who haven't seen it, the haiku version of DeCSS is very much worth a look).

Inside this week's Linux Weekly News:

  • Security: Vulnerability reporting, wireless tresspassing, vulnerabilities in Java, CUPS, sudo, Zope, elm, PHP-Nuke and joe.
  • Kernel: Per-process namespaces; ext2 directory indexes and backward compatibility; NFS and ReiserFS again.
  • Distributions: Aleph ARMLinux, Apt merges RPM and .deb, new betas from Red Hat and Linux-Mandrake, Intel XScale support.
  • On the Desktop: KDE 2.1 hits the streets, Apple patents, and Miguel de Icaza talks to the world.
  • Development: Kilo Cluster, ht://Dig 3.20b3, Python 1.6.1, CLiki.
  • Commerce: Red Hat Acquires Planning Technologies, Caldera Quarterly Results.
  • History: Two years since the first LinuxWorld conference; remember Ed Muth?; how low could VA go?
  • Letters: Allchin's remarks; the MPAA's threat to Dr Touretzky.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

March 1, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

Vulnerability Reporting: Bugs in the bug reporting process (CORE-SDI). Volume 3, Issue 3 of Insight a newsletter from The Internet Security Conference, contains a column by Ivan Arce, Founder and Chairman of the Board of CORE-SDI, which discusses the problems in the current ad-hoc process for reporting security vulnerabilities. The column uses a detailed list of the steps possibly involved in a given security report, then outlines many of the ways in which that process can break down. Near the end, he recommends a simplified set of guidelines:

The guidelines: A feeble attempt at improving the process

(1) Vulnerability reporting costs money: Keep it simple and everybody wins.

All the involved parties (discoverer, proxy, vendor, trusted third party, user) must invest a certain amount of effort to fix bugs. All parties have finite resources and therefore it costs them money. Streamlining the process and addressing the problems in a responsible and timely fashion reduces the efforts for all parties.

(2) Communication is key.

The best way to streamline the process and ensure cooperation is to maintain every party informed of what is going on. When that fails, unilateral actions take place that could put all at risk.

(3) Minimize harm.

Conduct all activities bearing in mind that the end goal is to improve the overall security and minimize the harm to all parties. Although this sounds obvious, the ultimate goal can be obscured during the process, evaluate your actions accordingly.

Extend the benefit of doubt, do not impute motives.

From here, though, he goes on to end with a recommendation to "formalize and implement a vulnerability reporting process". That opens many cans of worms, in terms of who is involved in "formalizing" such a process and, once formalized, what are the penalties for non-conformance? The "who" is mentioned at the beginning of the article, which was inspired by discussions at SafeNet2000, an invitation-only gathering sponsored by Microsoft that was held last December. Apparently as a result of that gathering, work to formalize the process is already underway. Neither the sponsor nor the invitation-only nature of that gathering recommend it to us.

The article does a good job of showing why the ideal process of reporting vulnerabilities will always be impacted by reality (insufficient resources, poor vendor response, multiple discoverers, active exploits, etc.), in short, why a formalized process will always tend to break down. Add to that the danger of allowing a closed (invitation-only) group to define, implement and potentially enforce a formal process and it seems like we might end up exchanging one set of problems for a less-appealing set.

Starting and ending with the simple guidelines suggested seems like a better idea.

WEP: No weapon against hackers (ZDNet). You might assume that this latest ZDNet article on WEP was also talking about the cryptographic issues with WEP, which have been mentioned in the last couple of weeks. You'd be wrong. Instead, it looks at the issue of keeping trespassers off of your wireless LAN. "Controlling access to wireless networks is an increasingly difficult challenge for network administrators. Unlimited access means that anyone with a wireless network card could gain access to the network. On the other hand, highly restricted access negates the benefits of going wireless and annoys the users."

More SSH articles. For those still with stamina to handle more editorial coverage of the SSH trademark issue, C|Net's Robert Lemos has written an article entitled, "Ssh! Don't use that trademark". "'Regardless of its origins, the word has become the generic description for this type of software,' said Michael Bednarek, an intellectual property attorney at Washington, D.C.-based law firm Shaw Pittman. 'As far as I can tell, there is no other name for it.'"

Security Reports

Security hole in Java may expose servers (News.com). Sun has issued a warning that a bug in Java Runtime Environments for multiple platforms, including Linux, may allow an attacker to run harmful programs on a server, though client systems running browsers should be unaffected.

Linux-Mandrake security advisory for CUPS. Linux-Mandrake has issued a security advisory for the CUPS printing packages. An internal audit found buffer overflow and temporary file creation problems. It is highly recommended that all Linux-Mandrake users upgrade to this new version of CUPS.

sudo buffer overflow. A buffer overflow in Sudo, apparently discovered by Chris Wilson, has been fixed in the just-released sudo 1.6.3p6.

Zope security update. Digital Creations has released a security update to Zope (all versions up to 2.3b1) fixing a security vulnerability in how ZClasses are handled. An upgrade is recommended.

elm alternate folder buffer overflow. A buffer overflow in elm 2.5 PL3 was demonstrated this week. It can be exploited by passing a long string in via the "-f" option. No patch or updated version has yet been reported. Check BugTraq ID 2403 for more details.

PHP-Nuke magic quotes vulnerability. A new vulnerability in PHP-Nuke was reported this week which can allow any user to execute commands with the privileges of the PHP-Nuke administrator. This occurs because magic_quotes_gpc is expected to be enabled; if it is disabled, then information continues to be read even after a NULL character is seen. An upgrade to PHP-Nuke 4.4.1 will fix the problem. Note, however, that any PHP script that expects Magic Quotes to be enabled could have this same problem. Here is a recommended tip to prevent such problems.

joe file handling vulnerability. The configuration file for the joe editor, .joerc, is read first from the current directory, if available, making it possible to trick users into executing commands if they edit/open a file in a directory with a malicious .joerc file installed. No workaround/vendor solution has been posted yet, though theoretically a patch should be fairly easy to implement, by removing the check for the configuration file in the local directory and restricting the file to the user's home directory or the appropriate system directory.

An informal report indicates that FreeBSD and NetBSD are vulnerable to this, but that OpenBSD is not. No Linux-specific reports have been posted.

Slackware IMAP exploit. A short note in the slackware-current changelog commented that all previous versions of imapd (which is installed by default for Slackware distributions) had a remote exploit problem. This was slightly puzzling to us, since we hadn't heard of a new imapd vulnerability and Slackware issued an update for imapd in November that fixed the most recent vulnerability that we knew of.

Wednesday, though, an update to the Slackware Changelog cleared up the confusion:

Tue Feb 27 15:31:05 PST 2001
n1/imapd.tgz: No, the package wasn't changed. But, there's an update regarding the supposed imapd overflow. It was reported to us that an exploit existed for the version of imapd previously used by Slackware, but after obtaining a copy of the exploit from this site: http://packetstorm.securify.com/0102-exploits/imapd_exploit.c ...we found it to be completely ineffective. Still, it never hurts to keep daemons that provide network services as up-to-date as possible, so if you're running imapd you should consider upgrading.

web scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

  • Mailnews.cgi is reported to contain a user-supplied input vulnerability, which can be exploited to remotely execute arbitrary shell commands. No patch or vendor response has been reported so far.

  • Adlibrary.pm, a perl-based package from Adcycle.com, is reported to contain a vulnerability that can be exploited remotely to execute arbitrary commands. This is due to insufficient screening of user input. No patch or vendor response has been reported so far.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • Marconi ASX-1000, a commercial ATM switch, is reported to contain a vulnerability that can be used to disable remote administration of the device (until it is power-cycled). No patch or vendor response has been reported so far.

  • Cisco IOS Software contains an SNMP Read-Write ILMI Community String vulnerability, which might make the device using the software vulnerable to a denial-of-service attack. Cisco is offering free updates to fix the problem.

  • A second Cisco IOS Software vulnerability report details multiple vulnerabilities related to the unexpected creation and exposure of SNMP community strings. They can be exploited to permit unauthorized viewing or modification of devices. Specific workarounds are provided, along with a table of related updates.

  • Chili!Soft responded to several recently discussed vulnerabilities in Chili!Soft ASP. In some cases, workarounds are offered; in others, it is promised that they will be addressed in the next release.

  • Shortly after the above Chili!Soft note was posted, Jim Sander responded with yet an additional vulnerability, in which the Chili!Soft ASP license file, installed by default as a world-readable and writable file, can be removed by any user, causing the Chili!soft services to stop functioning.

  • The APC web/snmp management card, available as an option for some APC products (power management), contains a potential denial-of-service attack via a telnet connection to the card. APC has responded by recommending that the APC product should be firewalled to protect it from connections from outside the local area network.

  • The Netscape Collabra Server has been reported to be vulnerable to a denial-of-service attack via malicious packets sent to the 119, 5238, 5239 and 20749 ports. Filtering those ports is recommended; no vendor response has been seen so far.


Analog buffer overflow. An exploitable buffer overflow in analog was reported in the February 22nd LWN Security Summary. Version 4.16 contains a fix for the problem, which affects all earlier versions.

This week's updates:

Multiple vulnerabilities in bind 8.2.2 and bind 4. Check the February 1st LWN Security Summary for the initial reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4 fixes are also available, but an upgrade to bind 8 or even bind 9 is generally considered a preferable approach.

This week's updates:

Previous updates:

Sendmail 8.11.2 security fixes. Check the January 4th LWN Security Summary for the announcement of the release of sendmail 8.11.2. It includes fixes for a number of security issues found after 8.11.1 was released, including the "sendmail -bt negative index bug" reported by Michal Zalewski in October, 2000. Note that the exploitability of this bug was questioned, but in any case, it has been fixed as of sendmail 8.11.2.

This week's updates:

dump-0.4b15 local root access. Check the November 2nd LWN Security Summary for the original report. This exploit only affects dump/restore if they are installed setuid root. As of dump-0.4b18, dump and restore no longer require setuid root. dump 0.4b20 was released in mid-November, 2000, with a fix for this problem.

This week's updates:

Previous updates:

Format string vulnerabilities in PHP. Check the October 19th LWN Security Summary for the original report. PHP 3.0.17 and 4.0.3 contain the fixes for these problems.

This week's updates:

Previous updates:

LPRng format string vulnerability. Check the September 28, 2000 LWN Security section for the first report of format string vulnerabilities in LPRng and lpr.

This week's updates:

Previous updates:


OpenSSH 2.5.1p2. A new, minor update to the portable version of OpenSSH 2.5.1p2 has been announced. The new version primarily contains bug-fixes, none of them specific to any security problem, but the upgrade is still recommended, possibly in particular to its bug-fixes for PAM failures seen on Linux (and Solaris) systems.


Upcoming security events.
Date Event Location
March 3-6, 2001. EICAR and Anti-Malware Conference Munich, Germany.
March 26-29, 2001. Distributed Object Computing Security Workshop Annapolis, Maryland, USA.
March 27-28, 2001. eSecurity Boston, MA, USA.
March 28-30, 2001. CanSecWest/core01 Network Security Training Conference Vancouver, British Columbia, Canada.
March 29, 2001. Security of e-Finance and e-Commerce Forum Series Manhattan, New York, USA.
March 30-April 1, 2001. @LANta.CON Doraville, GA, USA.
April 6-8, 2001. Rubi Con 2001 Detroit, MI, USA.
April 8-12, 2001. RSA Conference 2001 San Francisco, CA, USA.
April 20-22, 2001. First annual iC0N security conference Cleveland, Ohio, USA.
April 22-25, 2001. Techno-Security 2001 Myrtle Beach, SC, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

March 1, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.4.2. Linus has issued no 2.4.3 prepatches as yet. Alan Cox has not slowed down, however; his prepatch series is up to 2.4.2ac6. As usual, it contains a great many fixes, including another important ReiserFS "zero byte" fix.

A question went out on the differences between Linus's releases and the "ac" patches. There is no definitive list of patches that are unique to one or the other (Alan has no time to maintain one). The "ac" series does tend to pick up everything that goes into the official Linus release, but the reverse is certainly not true.

Linus characterized the difference between the two releases thusly:

The two series are fairly disparate, as they have different intentions. Alan accepts some stuff that I would be nervous about, and sometimes I say "to hell with it, we need to fix this" and make Alan nervous.

Alan, instead, described it this way:

I think the key word is actually probably 'predictability'. The Linus tree is conservative. (IMHO too conservative and probably in his not conservative enough 8))

It looks like we'll have two stable development series for a while.

Meanwhile, the 2.2.19 prepatch is up to 2.2.19pre16. In a separate posting, Alan stated that the real 2.2.19 release is about one week away.

A patch to make NFS work well with ReiserFS was posted by Neil Brown. As was discussed in last week's kernel page, the changes involved are significant. So, as Neil states:

Alan Cox has suggested that these changes may not be appropriate for 2.4, so we might have to wait for 2.5 to see them on kernel.org, but we don't have to wait till then to find the bugs.

That announcement brought out a (predictable, perhaps) set of complaints about yet another stable kernel series with NFS problems. With 2.2, much of the trouble only really got cleared up with 2.2.18, released late last year. And there are still some interoperability problems that will only be fixed when 2.2.19 comes out.

On the 2.4 front, some patience will be required. The Powers That Be may well eventually relent and include Neil's patch if the need appears to be strong enough. But it certainly will not happen until the 2.4 series appears to be rock solid, and experience says that could take a little while yet.

Per-process namespaces are now available for Linux, thanks to a patch posted by Alexander Viro ("He's back. And this time he's got a chainsaw."). The idea is based on the Plan9 concept by the same name. Essentially, every process in the system gets its own view of the filesystem. Filesystems can be mounted for one process while being entirely invisible to others. Namespaces can be thought of as a much more flexible form of the chroot() system call.

Alexander has also posted a tiny program which starts a shell running in its own namespace, which is useful for testing out the idea. And, of course, he is looking for testers who can find the problems with the patch. Those waiting for a stable version will do so for a while - this patch is intended for the 2.5 series, once it gets started.

Directory indexes for ext2 are another topic that was discussed last week in this space. The discussion continued, but branched off into a couple of interesting areas.

One is in the area of hashing functions. The directory index function depends heavily on a good hashing function to spread the entries evenly across the index. So several candidates have been evaluated by running them in a usermode Linux kernel; the results have been summarized by Daniel Phillips.

The executive summary is that Daniel's own hash function won. In the process, it handily beat the dentry hash function, used since the 2.1 days in the dentry cache. Linus was not entirely surprised by this result:

It looks like the hash function was done rather early on in the dcache lifetime (one of the first things), back when nobody cared about whether it was really good or not because there were many much more complicated questions like "how the h*ll will this all ever work" ;)

So, as a side result, expect to see some work done on the dentry hash function in the near future.

Even more soundly beaten was the "R5" hash used in ReiserFS. In this case, the problem is not that R5 is a poor hash function; it was, instead, written to satisfy a different set of objectives. R5 will put similar filenames next to each other, which makes the ReiserFS lookup algorithm faster. For the ext2 directory index, however, it is more important to spread things out evenly, so a different function is called for.

The "hash wars" are not done yet; though. Expect some new contenders to show up before too long.

Meanwhile, people started talking about backward compatibility. Ted Ts'o pointed out that, with a very small change to the way the index is stored on disk, full compatibility can be maintained with older ext2 implementations. The cost, in the form of lost space in the directory index, is quite small - less than 1%. Daniel Phillips has not adopted the compatible mode completely, however - he plans to support it as an option in the code so that people can choose the implementation they like better.

When the discussion moved on to tail-block fragmentation, however, Linus felt the need to jump in and argue against backward compatibility. Tail-block recursion is the process of splitting up blocks in the filesystem to allow them to hold the last parts of multiple files. Imagine you have an ext2 filesystem with a 4096-byte block size, and a 5000-byte file to store there. That file will occupy two blocks, with only 904 bytes being stored in the second. Thus, almost half of the space used is wasted. In filesystems that store a lot of small files (netnews partitions being the classic example), large amounts of space can be lost. ReiserFS will store small files efficiently, but ext2 has never had that capability.

When Mr. Phillips mentioned plans to provide tail-block fragmentation for ext2, Linus jumped in and asked that it not be done. He has no objection to the technique, it's just that he thinks a whole new filesystem should be created. Rather than just graft on tail-block fragmentation, a complete rethink should be done to create a better, extent-based filesystem with a vary large block size. And it should not be called "ext2."

In another posting he explained his reasoning in more detail; it is an interesting look at his philosophy for the evolution of the Linux code. Essentially, creating a new code base makes it easier to eventually get rid of the old one, leading to better long-term maintainability. A transition to a completely new filesystem can be done on the user's own time, and can happen relatively smoothly.

In comparison, if you have "new features in X, which also handles the old cases of X" situation, you not only bind yourself to backwards compatibility, but you also cause yourself to be unable to ever phase out the old code. Which means that eventually the whole system is a piece of crap, full of old garbage that nobody needs to use, but that is part of the new stuff that everybody _does_ use.

This is why, for example, Stephen Tweedie's journaling filesystem is called "ext3."

Will Mosix go into the kernel? Mosix is a fancy clustering system which implements a lot of nice features, such as process migration. Many folks would like to see Mosix, or other clustering implementations, go into the standard kernel sometime in the 2.5 development series. There is, of course, no way to know if that will happen at this point. However, Rik van Riel has created a mailing list where representatives of the various clustering projects can discuss the idea together.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet

March 1, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Aleph ARMLinux. A commercial distribution supporting the ARM hardware platform is now available. Aleph One Ltd, a UK firm, is now shipping Aleph ARMLinux, a general-purpose distribution based on Debian, with the current version being based on Debian 2.2. It currently supports Acorn/Castle RISC PCs and comes with a "Guide to ARMLinux" book with installation instructions and Linux basics taught from a RISCOS perspective. ARMLinux developer Wookey was kind enough to fill out a distributions survey for Aleph ARMLinux, to provide lots of gory details about the distribution.

Aleph ARMLinux will remain tied to Debian, with new releases planned to matched the Debian release cycle. When asked why they chose to produce Aleph ARMLinux, Wookey commented:

The only one existing for ARM was very old (aout/RedHat3 vintage) and done by a hacker for hackers. We felt that a professionally supported and documented up-to-date distro was something people wanted and was necessary to spread the user base. The Debian ARM effort (primarily by Netwinder people) made this possible.

Over 4000 Debian packages are supported in the distribution (courtesy largely, of course, to the work of the Debian-ARM team), but the default install is only around 200MB. It is almost entirely compatible with the File Hierarchy Standard and with the LSB. They reported around 70 sales of the distribution in the first 8 weeks of its availability.

Although the ARM-based Acorn PCs are less-well-known in the US, they are extremely popular in the UK. Aleph ARMLinux is likely to find a warm reception as a result.

An Interview with Joseph Cheek (SlashTCO). Here's an interview with Joseph Cheek, founder of Redmond Linux, a user-friendly Linux distribution.

[SlashTCO] So tell me a bit more about the ease of use aspect of Redmond Linux.

[JC] Well one of the things that we are really pushing is to make Redmond Linux very, very easy to use. Some of the other Linux distributions have tried but I think that we are going to really push the envelope.

.comment: Not Forking But Branching. LinuxPlanet looks at the large number of Linux distributions. "I don't know of anyone who has looked closely at the situation and doesn't believe that there will be a shakeout, a winnowing out of the weak sisters in the Linux world. We'll begin to see distributions cease to distribute. There are too many of them for all to survive and there's too little to distinguish one over another."

Distribution Reviews

A developer's perspective on PocketLinux (LinuxDevices.com). Part 5 of a series from Jerry Epplin on the status and history of Linux on PDAs looks at Transvirtual's PocketLinux, the Java-based solution for handheld devices. "PocketLinux for the iPAQ uses the handhelds.org kernel and builds a GUI platform on top of it. But PocketLinux, provided by Transvirtual Technologies, is in a sense more ambitious than the others, in that it is targeted toward development by both programmers and non-programmers."

Distribution News

Conectiva News. Conectiva has announced the release of an updated Apt package for managing software packages on Linux sytems. The new release now supports RPM 4. Apt is a tool for managing packages developed by the Debian team, originally supporting only the .deb package format. Alfredo Kojima added support for handling RPM packages. Conectiva is the first distribution to use both Apt and RPM (instead of Apt and Debian .deb packages).

Linux-Mandrake News. MandrakeSoft announced this week Linux-Mandrake 8.0 beta 1, also dubbed "Traktopel". They've got the Linux kernel 2.4.2, KDE 2.1 and the latest versions of GNOME, Nautilus and Evolution. As always with beta versions, remember that they are intended for the brave/foolhardy. No guarantees and no whining ... though bug reports will surely be welcome.

Red Hat News. Only three weeks after its release of "Fisher", the first beta version of Red Hat 7.1, Red Hat has now announced "Wolverine", the latest beta. Diff'ing the new announcements oddly enough seemed to indicate that the latest beta no longer contains their Itanium support. It does include Linux 2.4.1, with additional fixes. Tcl/Tk 8.3.2 has been backed out in favor of Tcl/Tk 8.3.1, while Pine has been upgraded to Pine 4.33. It contains a new warning about Cardbus network cards and network cards that use the tulip driver.

Wolverine has its own mailing list, separate from the Fisher list, so you'll need to sign up if you want to follow the discussion directly.

SuSE News. According to a notice posted to the SuSE Security Announce mailing list, SuSE will discontinue support for versions 6.0, 6.1, and 6.2 effective March 19th, 2001. Support for 6.3, 6.4 7.0 and 7.1 will continue for two years after each of their respective release dates.

Meanwhile, SuSE 7.1 is now available for purchase at the SuSE shop. "SuSE is the first Linux distribution to come with the 2.4 kernel. Although this kernel is still considered experimental and therefore cannot be supported, it is available for Linux users who are ready to try it.

As well as the 2.4 kernel, SuSE linux 7.1 comes with great features like the Reiser Filesystem, the Logical Volume manager, ALSA (the Advanced Linux Sound Architicture), KDE 2.0 and YaST2, the ultimate installation and configuration tool, which now has an automated FTP update feature!"

Slackware News. Recent changes in the Slackware development tree include a security fix for sudo, more XFree86 changes, ProFTPD updates (which may include security fixes), and many updates and additions to the /contrib directory. Most of these changes occured in both the Intel and Sparc trees. No Alpha changes were recorded this week.

Coyote Linux News. Coyote Linux author Joshua Jackson has asked people who want to mirror the Coyote Linux site to contact him directly first. Apparently a number of sites have begun to do so recently, resulting in a hammering on the site that is causing availability problems.

Debian News. For German-speakers, the announcement of a new Debian GNU/Linux book in German will be quite welcome. Entitled "Debian GNU/Linux Anwenderhandbuch", it is available both in print form and on-line. A description of the book (in German) is also available.

Jason Gunthorpe announced that random passwords had been assigned to Debian accounts where the passwords were still in DES format instead of MD5 and had not been changed in over a year. Many developers may not notice, if they are accustomed to using SSH. However, for emergencies, knowing your actual account password may turn out to be useful -- you may want to check and see if your name is on the list.

A new mailing list specifically for the discussion of prospective packages or packages that need work has been created (presumably to siphon off some of the traffic on debian-devel). It is called debian-wnpp.

Corel Linux News. Corel Linux surfaced again after months of inactivity and rumours with Issue 3 of The Qube, the February edition of a "Quarterly" newsletter from Corel. They talk a bit about their plans for the future and also announce the availability of a beta version of Corel Linux OS Second Edition, with support for French, German and International English. Just in time to convince potential investors that there still is a real product there ...

Turbolinux News. Turbolinux, Inc. announced the beta 3 release of Turbolinux for the Intel Itanium processor this week.

Embedded Distributions

Support for the Intel XScale processor was a popular theme this week for Embedded Linux distributions. LynuxWorks announced the availability of for the BlueCat Linux for the Intel XScale microarchitecture, followed quickly by a full article from C|Net News.com covering MontaVista's demonstration of their Hard Hat Linux on the Intel XScale. The Intel XScale is apparently the planned successor to the StrongARM chip and is geared specifically for use in handheld computers and wireless devices.

Minor distribution updates

  • Tomsrtbt 1.7.218 was released this week. Tom commented, "I have not done anything really interesting, or revolutionary; but it is definitely a recommended upgrade". The most interesting part may be the "kernel version lie" introduced to handle difficulties interoperating with Red Hat 7.0 and 7.1beta (Fisher).

  • NBROK Linux 0.4b is a new development snapshot of this Slackware-based distribution. The new snapshot supports Linux kernel 2.4.2, PPP/SLIP kernel modules, VESA framebuffer, man and cron.

Section Editor: Liz Coolbaugh

March 1, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

KDE 2.1 released.
[KDevelop Logo]
On Monday of this week the KDE Project team released KDE 2.1, the first sub-release for the 2.x series. While the press release states clearly that this release marks a leap forward in Linux desktop stability, usability and maturity, going so far as to strongly recommend all users upgrade to it, KDE Core Developer Kurt Granroth termed the release nothing more than a polish release.

"2.1 is basically a polish release of 2.0", noted Granroth in a phone interview from his office on Tuesday. "We fixed a lot of bugs, added a few usability features. We also are shipping for the first time KDevelop as a 2.x product." In essence, while 2.1 was the focus of the press release, its real focus was to expand the visibility of a few KDE applications, most notably KDevelop.

KDevelop is an integrated development environment (IDE) / rapid application development (RAD) tool. Up until the KDE 2.1 release this tool had only been available for KDE 1.x installations - it hadn't been ported up to the 2.x release. So this announcement served as a launching point to garner interest. And for an application as sophisticated as KDevelop, there are many reasons to be interested.

[Kurt Granroth, KDE Core Developer]
Says Granroth, "KDevelop actually rivals the best commercial IDE's out there." And he's not kidding. According to review in LinuxWorld KDevelop promises to become a vital tool for luring post-modern neographic types from the world of Windows development to Linux.

But KDevelop isn't the only new feature for 2.1. Many of the KDE environment's modular components have been upgraded, including the KIO and KHTML modules. KIO encompasses the io-slave architecture that allows for, among other things, expanded multimedia support. With this release, KDE is adding the noatun media player which makes use of the KIO component. KIO runs as a separate process for the KDE environment, allowing applications to continue working (or at least appear to do so) while things like network traffic and audio I/O are happening (re: being handled) elsewhere.

But when it comes to the features that make up the component architecture of KDE, users will really take note of KTHML, and that by means of the Konqueror browser. "Konqueror is directly analogous to Eazel's Nautilus," says Granroth, who is the official KDE spokesman for North and South America. Both Konqueror and Nautilus are better known as a "component based browsers" in geek speak, but that just means they're browsers that do more than browse the Web. Granroth explains, "The goal is to provide a graphical front end to many features of the desktop, such as file browsing and Internet access. In 2.1, KHTML provides much better Java and Javascript support, and Java security is now implemented in a sandbox. CSS and HTML compliance are now up to IE 5.5 or Netscape 6 levels".

And it's not just HTML rendering that makes Konqueror better. The component architecture of KDE allows Konqueror to work with the KIO modules, which means with 2.1 you can now rip CD's directly from Konqueror. "We've also got much better SMB support," says Granroth. "You don't even need Konqueror to browse the Web. If you have access to the KHTML parts component, you can embed inside of your application."

The other big update for KDE 2.1 at the user level is the re-addition of the theme selector for KDE. "In 1.x we had a sort of theme manager, but 2.0 has a completely revamped theme engine. While everything was themeable in 2.0, we had no centralized way of modifying the current theme for the desktop. In 2.1 we've added that capability back in."

So while the KDE may be touting its applications, the environment as a whole is garnering plenty of praise.

"This second major release of the KDE 2 series is a real improvement in terms of stability, performance and features," said David Faure, release manager for KDE 2.1 and KDE Representative at Mandrakesoft.

With 2.1 users will find better integration with key applications and easier theme management. And KDE's press release just may mark a new era of publicity for a project well worth the notice.

Apple patents Desktop themes. Apple's patent on desktop themes should be good fodder for discussion. It seems their newly acquired patent says they invented the art of changing the desktop theme on the fly. Never mind issues of prior art. "Apple will definitely be coming to enforce their patent eventually," says KDE spokesman Kurt Granroth. "Within a week of our producing the Aqua (re: Mac like) theme for KDE, Apple had contacted us with a note to cease and desist."

But there isn't a ghost of a chance of this patent holding up. Prior art exists in many forms, from themes.org to Enlightenment. In fact, it could be argued that X itself, in the form of the early Athena widgets, was capable of producing themes.

And this goes into further silliness: according to Granroth, Microsoft has a patent, apparently since 1995, on a taskbar with a start button. Prior art there could come from places like CDE, the forerunner of GNOME and KDE. We'll see where all this heads, but don't count on these two patents holding up in the long term.

Desktop Environments

Interview: KDE League Chairman Andreas Pour (IBM developerWorks). In an interview leading up to the recently released KDE 2.1, IBM developerWorks talks with KDE League Chairman Andreas Pour about the new KDE release, GNOME, and the extensive multimedia architecture available from KDE. "Another thing new in KDE 2 is the multimedia architecture, based on a set of programs called aRts, or analog real time synthesizer. It started out as audio only, but now it includes video. That lets you combine multiple sound streams together, and you can filter them in arbitrary ways through filtering modules. KDE 2.1 supports a variety of video plug-ins so you can keep adding new audio and video formats to it. So if there's a new plug-in that supports, say, the QuickTime codec, any audio or video players can access that codec through aRts."

Java Mania: An Interview With Richard Dale. KDE Dot News talked with the developer who wrote the KDE 2.1 updates to the kdebindings module, Richard Dale, that allow the binding between KDE and the Qt libraries to the Java programming language. "You can mix C++ and Java. The objects don't always have to be instantiated from within the Java environment. If you allocate an object instance on the C++ side, and then you refer to it from within Java, a Java version is created automatically. However, when the Java version is subsequently garbage collected, the C++ instance isn't freed by the Java runtime. It would still exist over in the C++ environment."

Testing of Gnome 1.4. The GNOME project is looking for testers for the upcoming 1.4 release. Testers would, among other things, run a set of assertions written by Sun QA engineers.

Talking with Miguel de Icaza of Ximian about GNOME (LinuxPower). LinuxPower carried an interview with GNOME leader and Ximian co-founder Miguel de Icaza. "The protocol to talk to Exchange is not widely available, so some amount of extensive tcpdump research action is going to be taking place soon. We realize that we will need to provide a solution that would allow people to inter-operate in an Exchange and Notes environments, and we will be taking steps in the direction of fixing this issue."

The struggle for the future of Linux (News.com). C|Net also carried an interview of Ximian co-founder and CTO Miguel de Icaza, this time to find his views on the future of Linux. "What's frustrating for Ximian (is that) we don't want to make another Linux distribution. I think that's just stupid. We need to work with other distributions. That's why we support God knows how many distributions. Ximian is very easy to install on any Linux distribution. We have paid a lot of attention to the details, but this assumes that you already have a Linux system in place."

GNUStep Weekly Update. Several readers pointed out that our new coverage of the Desktop in the last week's Weekly edition left out the GNUStep environment, a lesser known sibling of both GNOME and KDE. This week we've added GNUStep to our coverage in general, starting with their first weekly GNUStep update submission to LWN.net.

Office Applications

AbiWord Version 0.7.13 Released. Abi the Ant and the entire AbiWord team announced the release of Version 0.7.13 of AbiWord on all supported platforms.

Gnumeric release 0.63. Gnumeric 0.63, aka 'its just a flesh wound', was released this past week. This version is rumored to be much more stable.

ToutDoux-1.2.5 : Project manager for GNOME. The latest version (1.2.5) of the GNOME project manager, ToutDoux, hit the streets.

Desktop Applications

Opera: Better, Faster, Stronger Browser? (TechWeb). TechWeb reports on Opera's attempt to mix with the big boys in the browser war. "Opera listened when users said they wanted the browser for free. The current version boasts such user-pleasing features as integrated news, mail, search, instant messaging, and a customizable interface. It supports multiple windows and can zoom in on a page up to 1,000 percent, making it a tool for visually impaired users."

10 Questions with Julian Missig of the Gabber project (LinuxOrbit). Julian Missig is the 16 year old High School junior who leads the Gabber project, a Jabber clone for GNOME. LinuxOrbit talks to him about his entry into the open source world of instant messaging. "I must admit that currently I think anyone who goes into Jabber/Gabber simply wanting a way to use ICQ, AIM, MSN, Yahoo! and others all in one client will probably be disappointed. The support is minimal and even that isn't perfect. The primary goal of Jabber is not to have a system which allows people to use multiple IM systems at once, but it is a secondary goal we have picked up along the way. The primary goal of Jabber is to "provide an extensible architecture for creating the next generation of services and applications on the Internet."

GStreamer the future of Linux Multimedia? (LinuxPower). Erik Walthinsen is interviewed by LinuxPower about the state of the GStreamer project, a project aimed at pipelining media components for editing and playback.

Most media players are designed to, well, play media. Any effort they expend into modularity is only to keep the design from getting ridiculously complex as more media types are added. Actually, a lot of media players don't even support multiple media types, so that isn't even an issue for them.

What GStreamer does is provide that base infrastructure, from which a media player (or anything else) can be built. Micro$oft's DirectShow is basically the same idea, and in fact I was reading their docs just yesterday to get a different perspective on some of the current issues.

Pilot Link 0.9.5pre5. While I don't make it habit of reporting development versions on this page, I think it important to mention the first sign of the 0.9.5 release of Pilot-Link, the software used by many packages for communicating with Palm Pilots. Additionally, the first published news on the plans for 0.9.6 (on the way to 1.0) have also been released.


Rocks and Diamonds 2.0.0 released. A new version of Holger Schemel's Rocks and Diamonds has been released. If you need to take a break from writing documents, scanning email or just plain coding the latest open-source project, this could be just the ticket you're looking for.

Zocks interviews Loki Games developer Bernd Kreimeier. German online magazine Zocks is carrying a German-language interview of Loki's senior programmer, Bernd Kreimeier. Note: The AltaVista Babelfish translator doesn't seem to like this story.

Section Editor: Michael J. Hammel

March 1, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

The latest SourceForge update has been published. Among other things, it states that none of the SourceForge staff were affected by the layoffs at VA Linux.

SourceForge provides an incredibly useful service to the open-source developer community, and VA Linux should be greatly thanked for that. The current statistics show that around 16,000 projects are hosted there. One has to wonder, however, if the community would not be better served by a more decentralized model for the hosting of open-source projects.

Having a large percentage of projects under development on a single site tends to concentrate all of the risks in one place, whether they are related to corporate troubles, network crackers, or legal attacks. The news from VA concerning SourceForge is fairly reassuring, but it makes one think about what would have happened if there had been staff cuts in that area.

It might be time to consider the old adage: Don't put all of your eggs in one basket.


Linux-Cluster mailing list. Rik van Riel has created a metalist for Linux cluster projects in an effort to share infrastructure between the multiple clustering projects currently underway.


Mini SQL 3.0 pre 1 released. Hughes Technologies announced the availability of Mini SQL 3.0 pre 1, also known as mSQL. See the release notes for details on the changes in this release, which include a completely redone query engine.

aboutSQL: GROUP BY (ONLAMP.com). John Paul Ashenfelter continues his series on SQL programming with an article that introduces the SQL GROUP BY directive.

Embedded Systems

A developer's perspective on PocketLinux (LinuxDevices.com). Part 5 of a series from Jerry Epplin on the status and history of Linux on PDAs looks at Transvirtual's PocketLinux, the Java based solution for handheld devices. "PocketLinux for the iPAQ uses the handhelds.org kernel and builds a GUI platform on top of it. But PocketLinux, provided by Transvirtual Technologies, is in a sense more ambitious than the others, in that it is targeted toward development by both programmers and non-programmers."

Network Management

OpenNMS Update, February 27th, 2001. The latest issue of the OpenNMS Update has been published. Highlights include updates to the status of various projects and an early adopter program status.

PortMon 0.6 released. Version 0.6 of PortMon has been released. "PortMon is a port monitor program that keeps track of open ports on servers to be sure they are still up and talking."


Danforth Center's Kilo Cluster Helps Researchers Study the Building Blocks of Life (Enterprise Linux). Enterprise Linux magazine has published an article about a Linux based Beowulf cluster that is being used for genetic research. "Skolnick rejected RISC-based solutions as being either too big, too slow or too expensive, and decided on a Beowulf cluster using Intel Pentium III processors at 733 MHz, and running the Linux operating system. And, he found he could afford a system with 1,040 processors (520 nodes), giving him peak performance of 335 Gflops."

Web-site Development

ht://Dig 3.20 b3 released. After nearly a year of inactivity, a new version of the popular web site search engine, ht://Dig 3.20 b3 has been released. The release notes contain a long list of bugs that have been fixed.

Announcing OpenFlow 1.0. Paolo Bizzarri has announced the availability of OpenFlow 1.0, an open-source workflow management system. "OpenFlow is a workflow management system, written in Zope + Python. It has been heavily based on the Chautauqua workflow."

Section Editor: Forrest Cook

March 1, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


New site: Erlang-fr.org. Mickael Remond has put together Erlang-fr.org, a web site devoted to all things Erlang. The site is in French.


Writing multithreaded Java applications (IBM developerWorks). Alex Roetter discusses Java multithreaded applications in an IBM developerWorks article. "A program or process can contain multiple threads that execute instructions according to program code. Like multiple processes that can run on one computer, multiple threads appear to be doing their work in parallel. Implemented on a multi-processor machine, they actually can work in parallel. Unlike processes, threads share the same address space; that is, they can read and write the same variables and data structures."

O'Reilly Network Launches Independent Java Web Site. O'Reilly has announced the creation of a new web site dedicated to Java, ONJava.com, that it claims will be an advocate for open source software development in the Java community. The site will also cover open source Sun initiatives like the Jakarta and JXTA projects under the Apache open source license.


CLiki: a Common Lisp Wiki. The CLiki site provides a Wiki style collaborative authoring environment for users of Common Lisp on Unix systems. Check it out for the latest in the world of Lisp.


Using Perl and Tellme (WebRef). Check out this WebRef tutorial for some interesting ideas and examples of using Perl to write an interactive VoiceXML applications for Tellme. Tellme.com provides a commercial service that connects a toll-free phone number to a computer with speech synthesis and voice/DTMF recognition capabilities.

Perl 5 Porters for February 28, 2001. The February 28, 2001 issue of Perl5 Porters is out. Topics include "smoke testing" all possible configurations, overriding, Unicode, and more.


An Introduction to PHP (O'Reilly). John Coggeshall introduces PHP in an O'Reilly Network article. "At a fundamental level, PHP has all of the features of a complete programming language (control structures, repetitive tasks, and variables) but perhaps one of its most powerful features is database access. With PHP it is possible to access over 19 different types of databases and manipulate data within those databases based on input from the user via a web page."

PHP Weekly Summary for February 26, 2001. The February 26, 2001 edition of the PHP Weekly Summary is available. The PHP 4.0.5 release cycle is discussed as are library upgrades and Apache 2.0 support.


Python 1.6.1 available. Version 1.6.1 of Python is available for download. This version features some minor bug fixes over Version 1.6 and falls under a new license, the "CNRI Open Source GPL-Compatible License". Also, see the announcement for Python 1.6.1 from Guido van Rossum.

Dr. Dobb's Python-URL!, February 26, 2001. Dr. Dobb's latest issue of the Python-URL! summary is now available. Topics this week include discussions on Python 2.0 and functional programming, mp3 management, updates to gnome-python, and an open-source port of Python to the Palm Pilot.

Guido talks about nested scopes (python.org). Python.org has posted an ongoing discussion about Nested Scopes, a somewhat controversial addition planned for Python that may break legacy code. "We have clearly underestimated how much code the nested scopes would break, but more importantly we have underestimated how much value our community places on stability. At the same time we really like nested scopes, and we would like to see the feature introduced at some point."

XML-RPC for Python. Secret Labs has released xmlrpclib 0.9.9, a Python implementation of the XML-RPC protocol.

Dive Into Python Chapter 3. Chapter 3 of the online Python book Dive Into Python has been announced. This chapter covers classes, exceptions, file handling, and more.


SNRC-ST 3.2. Version 3.2 of SNRC-ST, the Signature Revealing Naming Convention Smalltalk is available. "Generic Types are a solution to the question: 'How do I reuse a collection interface with different element types?'. More generally it is applicable anywhere where one type serves as a parameter to another."


ActiveState adopts Tcl. ActiveState has announced that it will be providing a home for Tcl development, stepping into the void created when Ajuba Solutions dropped the language. ActiveState will be hosting the Tcl community site, providing "supported" versions of Tcl, and offering consulting services.

Dr. Dobb's Tcl-URL!, February 26, 2001. The latest issue of the Tcl-URL! summary is now available. Topics this week include tree and drag-n-drop support in Tcl, an Impress announcement, and the introduction of tclpython.

Moodss 14.0 released. Version 14.0 of moodss, the Modular Object Oriented Dynamic SpreadSheet has been announced. The program can display data in various forms including tables, graphs, bar graphs, and 3D pie charts and has interfaces to Perl, Python, C, and Tcl.

Tclpython 1.1 released. Version 1.1 of tclpython has been released. Tclpython allows the execution of Python code from a Tcl interpreter.

ImPress 1.1-b8 released. Version 1.1-b8 of the ImPress Tcl/Tk desktop publishing and layout package has been released.


LDP Weekly News. David Merrill at the Linux Documentation Project has posted the latest issue of the LDP Weekly News. Highlights include the addition of the Linux Palm Quickstart and a Unix Hardware Buyers Howto, along with updates to the Linux Installation, Linux Kernel, PHP and Linmodem Howto's.


LPI Newsletter, February 2001. The LPI Newsletter for February 2001 has made its way to LWN.net's doorstep. This month's news includes a job analysis survey, conference reports from LinuxWorld NY and the Paris Linux Expo, and LPI efforts in Russia.

Software Development Tools

Extreme Rapid Development (Software Development Online). If Rapid Development is just too slow, check out Extreme Rapid Development in an article by Peter Norvig. Several commercial and freely downloadable tools for Python, Lisp, and Dylan are examined.

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Red Hat Acquires Planning Technologies. Red Hat has made another acquisition, this time professional consulting services firm Planning Technologies, Inc. (PTI). PTI specializes in complex global network consulting. Their current clients are mostly service providers and large enterprise clients. The company began its professional services business in 1997 and has since grown to over 200 employees, including more than 180 professional engineers and consultants. The acquisition of PTI was made through a stock for stock exchange valued at $47 million and accounted for as a pooling of interests.

Red Hat's business strategy is to offer a complete open source solution for software, from devices to mainframes, and a full range of global services with Red Hat Network as the backbone for deployment and management. PTI's expertise will be used to help Red Hat Network grow and evolve. In turn, PTI gains open source expertise through Red Hat which it can pass on to its existing and future clients. All in all, the arrangement does seem to be mutually beneficial.

Caldera Quarterly Results. Caldera has issued their quarterly financial report for the period ended January 31st, 2001. Highlights include a 90% increase in revenue over the same period last year and a one time charge relating to the SCO acquisition. Note, however, that revenue decreased 10% compared to the prior quarter ending October 31st, 2000.

O'Reilly releases peer-to-peer book. O'Reilly has announced the release of Peer-to-Peer: Harnessing the Power of Disruptive Technologies, a collection of essays on the whole peer-to-peer thing.

Softimage Certifies AMD Athlon Workstations. Softimage Co., a subsidiary of Avid Technology, Inc., has announced that it has certified AMD Athlon workstations from AMD for use with its SOFTIMAGE|3D and XSI animation software. According to the press release, "Softimage has successfully developed an AMD Athlon certified, production ready Linux platform, the emerging platform of choice for many in the digital production industry."

O'Reilly Network Launches Independent Java Web Site. O'Reilly has launched a new Java Web site that it claims it "will be an advocate for open source software development in the Java community. The site will also cover open source Sun initiatives like the Jakarta and JXTA projects under the Apache open source license."

MaximumLinux resurrected - .org style. It looks as though the MaximumLinux site won't quite die, at least not in the .org world. According to the press release, the site has been resurrected by users and readers, though the site itself doesn't make that point clear just yet.

Linux is Poised for a Breakout Year At the Checkout in 2001. According to this press release, IHL Consulting is predicting a 300%-400% increase in Linux shipments in 2001. "According to the study, the segments most likely to adopt a Linux approach to POS are large department stores and specialty hard goods retailers. These retailers tend to have a large number of POS terminals and an IT staff large enough to handle the development of their own POS system."

Linux Stock Index for February 22 to February 28, 2001.

LSI at closing on February 22, 2001 ... 34.32
LSI at closing on February 28, 2001 ... 32.01

The high for the week was 34.32
The low for the week was 32.01

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • AbriaSoft (FREMONT, CA) announced the release of its Apache powered Lancelot server,a secure commercial grade SSL web server for Windows and Linux platforms.

  • ANNEXIA.ORG (London, UK) announced immediate availability of Net::FTPServer version 1.0, a secure, extensible and featureful FTP server released under the terms of the GNU General Public License (GPL).

  • Crystal Space is an open source game development platform. It is still in beta v0.18r001, but should be reasonably stable.

  • Endeavors Technology (IRVINE, Calif. & READING, England) has developed a highly optimized, open source port of Python to the Palm OS platform.

  • OpenInteract is an extensible application server using Apache and mod_perl. Now in v1.05, OpenInteract is built for developers but is also manageable almost entirely via the web browser.

Proprietary Products for Linux

  • Magic Software Enterprises (IRVINE, CA) launched its new Web development tool, Magic eDeveloper. Magic eDeveloper is part of the Magic eBusiness Platform.

  • Quintalinux Limited (KOWLOON BAY, Hong Kong) announced the release of a new English-language version 2.4 of iOffice2000, a Web-based groupware application suite.

  • Solsoft, Inc. (MOUNTAIN VIEW, Calif.) announced a number of enhancements to its free security management solution Solsoft NP-Lite 4.1.

Products and Services Using Linux

  • MontaVista Software, Inc. (SUNNYVALE, Calif.) announced that it had recently demonstrated Hard Hat Linux on the Intel XScale microarchitecture.

  • MSC.Software (COSTA MESA, Calif.) announced it has launched MSC.SuperForge on its online SimulationCenter.

  • Object Design (BURLINGTON, Mass.) announced that its ObjectStore 6.0 for Linux i386 object database management software is now shipping.


  • IBM (NEW YORK) announced a new rack-mounted computer workstation and flat-panel monitor. The IBM IntelliStation R Pro uses Intel processors and, of course, it can run Linux.

  • Penguin Computing (SAN FRANCISCO) announced the availability of the Relion 220 2U rackmount server.

Products with Linux Versions

  • Brightware (SAN RAFAEL, Calif.) announced that its Brightware 2001 suite of eCustomer Assistance software now supports Sun Solaris and Red Hat Linux.

  • Cirrus Logic Inc. (AUSTIN, Texas) announced new Linux drivers to support all Cirrus Logic, Inc. computer audio solutions.

  • Fourthought, Inc. (BOULDER, CO) announced the release of Version 0.10.2 of its commercial XML (eXtensible Markup Language) Data Server, 4Suite Server.

  • Freshwater Software (BOULDER, Colo.) announced the release of SiteScope, version 5.5, an eBusiness monitoring solution.

  • Lyris Inc. (BERKELEY, CA) announced the release of Lyris MailEngine 1.0, a high-performance mailer that can replace several common mail delivery applications, including sendmail and qmail.

  • Sanchez Computer Associates (MALVERN, Pa.) announced the launch of a new Web site for its database technology. The site is located at http://www.sanchez-gtm.com

  • Seebex Inc. announced NeoSession, a new technology to build Presence and Instant Messaging applications.

Books and Training

  • Magellan University (TUCSON, Ariz.) announced new online courses, including a Linux course.

  • O'Reilly (Sebastopol, CA) announced SSH, The Secure Shell: The Definitive Guide, by Daniel J. Barrett and Richard Silverman.


  • IBM (ATLANTA, GA) announced a series of new Linux initiatives within the IBM PartnerWorld program in response to the growing demand for Linux-based solutions.

  • Informix Software and SAP (MENLO PARK, Calif. & WALLDORF, Germany) announced an extension of their global reseller agreement. SAP will resell Informix Dynamic Server (IDS) licenses with the mySAP.com e-business platform. Also Informix Software will make IDS available on the Linux IA64 platform.

  • OpenReach, Inc. and Penguin Computing Inc. (SAN JOSE, Calif.) announced a strategic OEM agreement to co-develop an appliance solution that will enable businesses to outsource the deployment and management of secure virtual private networks.

  • Red Hat, Inc. and Ubicom, Inc.(Mountain View, Calif. and Research Triangle Park, NC) announced that they will work together to develop a port of the Red Hat GNUPro embedded development tools to the Ubicom IP2000 family of Internet Processors.

  • Spatial and Tech Soft America (BOULDER, Colo.) announced that they have agreed to enter into an OEM visualization technology partnership and joint reseller agreement. Integrating TSA's HOOPS 3D Application Framework and Spatial's ACIS 3D Geometric Modeler, Spatial will OEM the ACIS/HOOPS integration. This product runs on several different OS, including Linux.

  • Teamware Group and The FIEN Group signed a partner agreement according to which The FIEN group will sell Teamware Office 5.3 for Linux groupware to customers across the USA.

Financial Results

  • EBIZ Enterprises Inc. (SCOTTSDALE, Ariz.) announced a 40 percent increase in revenues of $894,702, from $2,264,949 to $3,159,651, during the second fiscal quarter this year vs. the same period last year.


  • RidgeRun, Inc. (Boise, Idaho) announced the opening of RidgeRun K.K.'s sales and support office in Osaka, Japan, and the appointment of Mr. Max (Masami) Yamashita as President and Managing Director. Mr. Yamashita and team will work with OEM's in Japan to customize the company's DSPLinux product including a full suite of embedded Linux development tools for a manufacturers specific wireless appliance.

  • VA Linux Systems (FREMONT, Calif.) announced that Greg Orzech has been promoted to senior vice president of worldwide sales. Mr. Orzech previously served as VA Linux Systems' vice president of North American sales.


  • SYS-CON Media (MONTVALE, N.J.) announced the third annual JDJ Readers' Choice Awards poll to select the best Java, XML, Wireless and Linux products in 23 different award categories.

Section Editor: Rebecca Sobol.

March 1, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Deja 'Revolt' Against Google (Wired). An open source revolt of sorts has formed to try and bring the now defunct Deja Usenet archives, which were recently bought by online search engine Google, back into the public domain. "Some suggest the best place for the archives would be the Library of Congress. But one former Deja user wants to create an open-source, community-based Usenet archive and has asked Google to contribute the programming code of the old Deja service to the open-source community and give the project full access to the Usenet archive."


IBM's Gerstner: Slowdown, What Slowdown? (TechWeb). IBM chief Lou Gerstner gave the keynote at IBM's PartnerWorld 2001. He doesn't think the economy is slowing as badly as most analysts, but what was most interesting in his talk was the number of Linux hackers IBM now employs. "There's one operating system IBM likes a lot, though, and that's Linux. The vendor is tailoring the system to run on all its servers, and Gerstner said IBM has 1,500 Linux developers on staff. 'We think Linux matters,' he said."

Simple but effective, Linux OS keeps growing (Asahi News). Red Hat Japan leader Kunihiro Someya and his band of "big four" engineers are profiled in this article on the growth of Linux in Japan. "Hiromi Watanabe, an IDC Japan analyst, says: ``Linux use began to expand substantially last summer. We're past the opening phase stage where computer purchases were restricted to a few enthusiasts. We're now entering the phase where masses of people are using them for everyday purposes.''" (Thanks to JC Helary)

Music labels to ISPs: Shut down Napster clones (News.com). News.com covers OpenNap, which has started filtering its content in reaction to the Recording Industry Association of America's suit against Napster and clones. "OpenNap is an open-source version of the Napster technology, allowing individuals to set themselves up as smaller versions of the Napster music-swapping service. Anybody with a reasonably powerful computer and fast Net connection can run the software, creating a directory through which linked computers can search each other's hard drives for music files."


Can Linux cross the channel? (ZDNet). Evan Leibovitch thinks that, despite layoffs and falling stock prices, the Linux march is still rolling on. "While major players in the open source world lay off people, or merge, or watch their share prices hemorrhage, research maintains that Linux growth isn't slowing."

Ssh! Don't use that trademark (News.com). C|Net's News.com covers the trademark disputes over the term "ssh" that have arisen recently. "[Tatu Ylonen's] letter has open-source developers and executives girding for a what could become a battle that helps define one of the prickly issues surrounding open-source computing: How does a company retain control over its products and still participate in the open-source programming world? The same programmers whom SSH Communications is trying to woo are the ones who, in its mind, are trying to co-opt its name."

Open source's quiet revenge (ZDNet). ZDNet's Evan Leibovitch looks at the ssh trademark issue. "While the search for truly workable open source business models remains a challenge, the SSH experience offers a textbook case of a business practice that, from what I can see, is doomed to fail."


Meet Jxta, Sun's hope for ruling the P2P universe (ZDNet). Sun's open source Jxta (pronounced "Juxta") may allow peer to peer computing to provide more power to the small developer, says this ZDNet article. "That's why p2p marks such a radical departure from the way things have gotten done in the industry these last couple of decades. If P2P initiatives such as SETI@home, are successful, the constellation of power is going to shift toward the direction of the small developers."

An alternative approach (ZDNet). ZDNet thinks NexIDion Designer, an open-source PHP editor/debugger, lacks flexibility, but may still be a contender to Zend IDE. "Restricted to K Desktop Environment 1.x environments, its portability is significantly limited compared with Zend's Java-based IDE. On the server side, NEXIDion's debug server requires the slower CGI version of PHP."

Users in a BIND (ZDNet). Here's a ZDNet article on the BIND vulnerabilities. "Because BIND is open source code, its functions are an open book to hackers looking for holes to exploit." No comment.

Microsoft vs. Linux

Red Hat's mad as hell and isn't going to take it anymore (Inter@ctive Week). Red Hat CEO Matthew J. Szulik's response to recent Microsoft comments about Linux prompted some analysis by Interactive Week. "Szulik simply points to the market facts of life. He notes that International Data Corporation's (IDC) most recent server operating system study shows that Linux has now captured almost 30 percent of the market. And he can't resist saying though that "'blue screen of death' does not refer to Linux systems, but rather to the immature Windows products."

Wired also followed up Szulik's article with their own analysis. "But the once-indomitable Microsoft also has become suddenly vulnerable, thanks to a confluence of events that include a federal judge's breakup order, a softening PC market, a steep decline in its market capitalization -- and the gradual spread of software released under an open-source or GNU General Public License (GNU GPL)."

Is Free Software UnAmerican?. Here are three more responses to Microsoft VP Jim Allchin's comments about Free Software.

This ZDNet article finds humor in the situation.

This one from the Mecurycenter delves into what Mr. Allchin really meant by his comments. (Thanks to John Jensen)

And LinuxToday.au asks Is Linux Un-Australian?

Why Linux Is Giving Microsoft a Migraine (BusinessWeek). BusinessWeek looks at why Microsoft is worried about Linux. "According to a recent study by computer consultancy Enterprise Management Associates, only 26% of large corporate info-tech departments have made the switch to Windows 2000. An additional 55% planned to do so in the next six months. But if it's taking existing NT users that long to adopt the new operating system, then something must be stalling them. That would be Linux."

Gates vs. The Poets (Boston Globe). An interesting opinion piece originally from the Boston Globe looks at how the movie Anti-Trust seems to have disappeared, and how its portrayal of a Gates-like megalomaniac doing battle with open-source like ideologists is not too far from reality.


Nusphere MySQL ignites LAMP (ZDNet). ZDNet reviews NuSphere MySQL. "Nusphere MySQL ships with the only currently available hardcopy of the MySQL Reference. This thorough and nearly complete work benefits from Nusphere's copy edits, and from two outstanding indexes contributed by Nusphere. One index separates SQL commands, while the other lists concepts. We always judge technical books heavily by the quality of their index, so we find Nusphere's contributions here especially valuable. "

Instant Messaging on GNU/Linux Part 3: Yahoo! and MSN (LinuxOrbit). Part 3 of this series from LinuxOrbit looks at instant messaging through Yahoo! and MSN and compares Windows clients to their Linux counterparts. "The Linux Yahoo! Messenger client is probably the best commercial port of any IM client provided by the four major IM services. Of course, ICQ and MSN (which we'll discuss shortly) don't provide Linux ports of their "official" clients, so Yahoo only has AIM to compete with. But in terms of the differences between the Windows client and the Linux client, Yahoo! has very few gaps in services provided for both platforms."


Why 90 percent of XML standards will fail (ZDNet). In what is probably not a popular opinion of the moment, John R. Rymer, president and founder of Upstream Consulting writes for ZDNet that he thinks XML is too much on promise. "These promises are the marketing, not the reality, of XML standards. Early experience with RosettaNet and Microsoft's SOAP indicates that XML standards provide some leverage for some problems in small-scale systems. The backlash is inevitable, and can be fatal even to well-considered standards efforts."

Section Editor: Rebecca Sobol

March 1, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



DB Access in Linux Apps (IBM developerWorks). Another developerWorks article this week looks at integrating MySQL access into programs using both C and Tcl. "A database which supports transaction processing allows the encapsulation in a transaction of a set of database code, where a failure during the transaction allows the database to roll back to the state it was in before the transaction even started."

Setting up a Local Area Network (IBM developerWorks). This introductory networking article from IBM developerWorks looks at using two Red Hat systems to start the process of building a local area network. "A LAN is a communications network that interconnects a variety of devices and provides a means for exchanging information among those devices. The size and scope of a LAN is usually small, covering a single building or group of buildings. In a LAN, modems and phone lines are not required, and the computers should be close enough to run a network cable between them."

Tip Of The Week: Ports and Processes (LinuxLookup). LinuxLookup has posted a useful tip for determining what processes are using which communications ports on a Linux box. This is helpful if it looks like someone might be running a program they shouldn't be on your box.

Embedded Linux Newsletter for Feb. 22, 2001. LinuxDevices has posted their latest Embedded Linux Newsletter, covering LynxOS, Waba - an open source Java platform, and hardware resource sharing with Adeos.

Fly Swapping (LinuxNewbie.org). This article describes how to add swap space on the fly.


CLIQ 2001 Speaker and BoF lineup takes shape. CLIQ 2001 has announced its preliminary lineup for this year's conference. With topics ranging from KDE, GNOME and the Linux Desktop to Debian, Python, Zope and Perl, to Embedded Linux, the Open Source Development Lab and Business and Legislative impacts and real world examples, CLIQ 2001 promises to be even bigger and better in its second year.

Note: LWN.net is proud to be a sponsor of CLIQ 2001.

Erlang Workshop. There is a call for papers for this year's Erlang Workshop. September 2, 2001 in Firenze, Italy.

O'Reilly P2P conference: past and future. O'Reilly has this press release covering a brief wrapup of the San Francisco conference held two weeks ago, information on how to purchase the 2001 Peer-To-Peer Industry Overview and links to more P2P resources. There is also a call for papers for the East Coast Peer-to-Peer Conference, in Washington, D.C. September 17 - 20, 2001. The P2P East Call-for-Papers is open until March 19, 2001.

March/April events.
Date Event Location
February 28 - March 2, 2001. International Conference for Java Development Spring 2001. New York Marriott Marquis, New York City.
February 28 - March 2, 2001. 3rd German Perl Workshop Sankt Augustin, Germany.
March 3, 2001. LinuxForum 2001 Copenhagen, Denmark.
March 5 - March 7, 2001. BangLinux 2001 Indian Institute of Science, Bangalore, India.
March 5 - March 8, 2001. The 9th International Python Conference Long Beach, California.
March 5 - March 9, 2001. Networld+Interop 2001 Sydney Convention and Exhibition Centre, Sydney, Australia.
March 7 - March 9, 2001. Linux Open Source Conference and Business Expo. Sydney Convention and Exhibition Centre, Sydney, Australia.
March 15, 2001. Linux convention (in Icelandic). Iceland.
March 19 - March 22, 2001. SGI Global Developer Conference Burlingame, California.
March 20 - March 22, 2001. FOSE 2001 Washington DC Convention Center.
March 21 - March 24, 2001. Singapore Linux Conference / LinuxWorld 2001 Singapore.
March 22 - March 23, 2001. Linux Accessibility Conference Los Angeles, California.
March 28 - March 29, 2001. LinuxBazaar 2001 Czech Republic.
March 29 - March 30, 2001. Colorado Linux Info Quest Denver Marriott Tech Center, Denver, Colorado.
April 2 - April 5, 2001. COMDEX Chicago McCormick Place, Chicago, Illinois.
April 4 - April 5, 2001. Linux Expo Madrid Palacio de Congresos, Madrid, Spain.
April 4 - April 6, 2001. ApacheCon 2001 Santa Clara, California.
April 6 - April 8, 2001. GNOME Users And Developers European Conference (GUADEC) 2001 Copenhagen, Denmark.
April 8 - April 11, 2001. XML DevCon Spring 2001 New York Marriott Marquis, New York City.
April 9 - April 13, 2001. Embedded Systems Conference San Francisco, California.
April 20, 2001. 2nd Annual Symposium on Pliant Implementation and Concepts (ASPIC 2001) Paris, France.
April 23 - April 27, 2001. Linux Expo Road Show Eastern Europe.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Zero-Knowledge Systems Introduces Privacy Eye. Privacy Eye is a digital source of privacy news and commentary edited by author, journalist and privacy expert Tom Maddox. Here is a press release from Zero-Knowledge.

User Group News

Colorado Linux Users & Enthusiasts Installfest. CLUE is holding a Linux Install Festival at Batky-Howell in the DTC, Englewood, Colorado, on Saturday, March 3rd, 2001, from 11:00 a.m. ~ 5:00 p.m.

Intro to Linux class presented by LUGOD. The Davis Community Network (DCN) will hold an "Introduction to Linux" class, presented by the Linux Users' Group of Davis (LUGOD). The class will be held at the City of Davis Computer Labs on March 5th, 2001 from 5:30pm - 7:00pm.

LUGOD holds demonstration. LUGOD, The Linux Users' Group of Davis, will be holding a Linux demonstration on March 10th, 2001 from 2:00pm - 5:00pm at Borders Books and Music in Davis, CA.

LUG Events: March 1 - March 15, 2001.
Date Event Location
March 1, 2001. Linux User Support Team, Taegu (LUST-T) Taegu, Korea.
March 1, 2001. Edinburgh Linux Users Group (EDLUG) Holyrood Tavern, Edinburgh, Scotland.
March 5, 2001. Intro to Linux class presented by LUGOD Davis Community Network, Davis, CA.
March 5, 2001. Baton Rouge Linux User Group (BRLUG) The Bluebonnet Library, Baton Rouge, LA.
March 6, 2001. NorthWest Chicagoland Linux User Group (NWCLUG) Harper College, Palatine, Illinois.
March 6, 2001. Omaha Linux Users Group (OLUG) Omaha, Nebraska
March 6, 2001. Linux Users' Group of Davis (LUGOD) Z-World, Davis, CA.
March 7, 2001. Kansas City Linux Users Group Installfest (KCLUG) Kansas City Public Library, Kansas City, MO.
March 7, 2001. Southeastern Indiana Linux Users Group (SEILUG) Madison/Jefferson County Public Library, Madison, IN.
March 7, 2001. Silicon Valley Linux Users Group (SVLUG) Cisco Building 9, San Jose, CA.
March 8, 2001. Phoenix Linux Users Group (PLUG) Sequoia Charter School, Mesa, AZ.
March 8, 2001. Boulder Linux Users Group (BLUG) NIST Radio Building, Boulder, CO.
March 10, 2001. LUGOD Demo Day Border's Books, Davis, CA.
March 10, 2001. Route 66 Linux Users Group La Verne, California.
March 10, 2001. Consortium of All Bay Area Linux (CABAL) Menlo Park, California.
March 11, 2001. NorthWest Chicagoland Linux User Group Installfest Room M244, Harper College, Palatine, Illinois.
March 13, 2001. Long Island Linux Users Group (LILUG) SUNY Farmingdale, NY.
March 13, 2001. Victoria Linux Users Group(VLUG) University of Victoria, Victoria, British Columbia, Canada.
March 14, 2001. Toledo Area Linux Users Group (TALUG) University of Toledo, Toledo, OH.
March 14, 2001. Columbia Area Linux Users Group (CALUG) Capita Technologies Training Center, Columbia, MD.
March 15, 2001. South Mississippi Linux Users Group (SMLUG) Barnes & Noble, Gulfport, Mississippi.
March 15, 2001. St. Louis Unix Users Group (SLUUG) - Linux SIG St. Louis County Library, Indian Trails Branch, St. Louis, Missouri.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

March 1, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Three years ago (March 5, 1998 LWN): This was a slow week for Linux news - perhaps everybody was taking a break getting ready for the the Mozilla source release.

The San Francisco Chronicle covered an upcoming SVLUG meeting where Linus was due to speak:

Go, tell these software socialists to take their radical notions of cooperative development and free code back to Europe. Americans demand the right to pay for programs that dominate markets and make entrepreneurs filthy rich. We won't stand still while some Finnish fellow subverts the most profitable industry in history!

The company (then) called VA Research announced that its first (and, seemingly, last) "Excellence in Open Source Software Award" would be given to Linus Torvalds at the above-mentioned SVLUG meeting. The announcement was posted by Sam Ockman, who was soon to head off and found Penguin Computing.

Two years ago (March 4, 1999 LWN): the LWN weekly edition was written on the exhibit floor at the first LinuxWorld. We mean that literally - your editor sat on the floor working from a laptop plugged into a network port kindly provided by the Linuxcare folks.

The first LinuxWorld Conference and Expo was a watershed event. It was the first real "trade show," and it gave notice that all these companies were serious. It was loud, glitzy, commercial, and, at times, obnoxious. It became clear that Linux had entered the commercial world.

One of the more interesting events there was a panel session with Eric Raymond, Richard Stallman, Linus Torvalds, Guido van Rossum, and Larry Wall. Therein was heard the classic exchange which defines how different people see free (or "open source") software:

Eric: I want to live in a world where software doesn't suck.

Richard: Any software that isn't free sucks.

Linus: I'm interested in free beer.

Two years later, few people have found much to add to that debate.

Remember Microsoft's Ed Muth?

"I find it hard to believe that some of the best computer scientists in the world will want to do their work for free," he said. "Without a long-term technical road map, without multimillion-dollar test labs, someone wants me to believe these visionary programmers and developers will want to do the best work of their lives and then give it away. I do not believe in that vision of the future."

We don't hear much from old Ed any more...

Debian 2.1 had been scheduled to be released during LinuxWorld. Unfortunately, a couple of problems turned up with the distribution. Rather than release a distribution with known bugs, Debian chose to pass up the opportunity for a LinuxWorld release and fix the problems.

VA Research (now VA Linux Systems) bought the linux.com domain name for a great deal of money.

One year ago (March 2, 2000 LWN): Amazon.com, not content with its "one-click" patent, announced a patent on its affiliate program as well.

Both Caldera Systems and Linuxcare filed amended IPO filings, appearing to be on track as the next set of hot Linux IPOs. Caldera claimed it wsa going for $7-9 per share (it actually got $14) Linuxcare was shooting for $13-15, but, of course, never went public at all.

LWN pointed out that Linux stocks weren't always a good buy - little did we know how right we were... Here's a couple of other comments, inspired by VA Linux System's second quarter results:

The turn of events can be seen as both a possible harbinger of circumspection about the future of the Linux operating system among investors, as well a cautionary example of market excess.
-- News.com, on how VA's stock price had dropped to a mere $106/share.

At about 225 times sales and 30 times book value, this baby's still got plenty of room to fall. If you bought the company at the IPO on speculation that Linux would stay hot, it's high time to reconsider.
-- The Motley Fool got it right.

Turbolinux replaced Cliff Miller as President - the first step toward removing him from the company entirely.


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

March 1, 2001

Date: Thu, 22 Feb 2001 21:41:44 -0500
From: JK <katz@jasperweb.com>
To: letters@lwn.net
Subject: GPL style music lisence

In your Feb 22, 2001 edition you said "there may become a need for a 
more formal GPL style music license that allows material to be freely 
traded as long as it is never sold."

But one of the brilliant things about the GPL is that it does indeed 
allow for the selling of Free software. This levels the playing field in 
a natural way: it lets all different sorts of motives become involved in 
the creation, distribution, and modification of software. How much money 
would Red Hat have invested in GNU/Linux if they'd been forbidden from 
selling it?

More akin to the GPL would be a music license that would allow users to 
listen to the Free music, give it away, play live versions of it in 
concert, use the lyrics in a different melody, add a new middle part, 
reverse the meaning of the chorus, add a drum track, remove the guitar 
solo and add a new one, compile it with other Free songs and sell them 
on CD, sell downloads over the net, etc. (the possibilites are endless!) 
... All, of course, under the condition that the "derived works" are 
also Free. In a way, isn't this what old, cultural, folk songs were? 
What Rap often aspires to be? What Napster is doing (without the 
license)? And what art should be about?

RMS et al put a lot of thought into the specifics of software 
development when devising the GPL, and a simmilar effort may be required 
to customize a Free music licence. E.g., taping of concerts with Free 
works would, under the terms of the lisence, be allowd; Free music CD's 
would be, under the lisence, copy-able, including cover art and inserts; 
if multitrack music files are provided, then modified versions must be 
made available in multi-track form...etc.

Artists could make money in both traditional and innovative ways: 
concerts, songwriter/player-for-hire (by musicians who make money from 
concerts or by venues), original music-for-hire for other media 
(soundtracks to custom-compliment other work), music lessons... but also 
though selling "official" value-added CD versions (think signed copies), 
attracting larger crowds by covering/modifying other songs... Free music 
would not necessarily make it harder to make money as a musician.

Most interestingly, I believe, would be Free music's impact on 
"non-artists." We would be able to share more; we'd be able to devise 
new ways to make money (and our businesses could end up supporting 
musicians directly, though patronage or outright hiring, or by creating 
new marketplaces). We could also enjoy MORE of our favorite music: live 
concerts would be available on tape, new versions of songs we like by 
other performers would exist, interestingly modified ("improved") 
versions would become plentiful...

Best of all, I think it may encourage all of us to experiment on our 
own. It would be easy to modify music files that were packaged in a 
friendly way, with multiple (commented) tracks, and 
Midi/sampling/recording software.

If it hadn't been for the Internet, with its "View Source," I, who was a 
"non-technical" person, would never have learned about computers. (Now 
I'm the Technology Director of a web design company.) Many people call 
me a "non-musician" today...

Jamie Katz

Date: Thu, 22 Feb 2001 08:07:11 -0500
From: Robert L Krawitz <rlk@alum.mit.edu>
To: letters@lwn.net
Subject: Allchin's comments

Microsoft "clarified" Allchin's comments to be referring specifically
to the GPL, rather than to open source in general (e. g. BSD license).
In that context, I'm quite willing to believe that Microsoft is trying
to create a cloud around the GPL; there's already enough
misunderstanding of what the GPL does and does not allow so it's not
hard for someone else to create even more uncertainty.  It's
completely disingenuous, of course; nobody's forcing anyone to use
GPL'ed code, and Microsoft's real point is that open source is OK as
long as Microsoft can take it and use it in proprietary products with
no strings attached.

There might be another goal here, namely to create a split in the free
source community.  There are already significant disagreements over
the GPL over issues quite similar to what Microsoft raised in the

Robert Krawitz <rlk@alum.mit.edu>      http://www.tiac.net/users/rlk/

Tall Clubs International  --  http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf@uunet.uu.net
Project lead for Gimp Print/stp --  http://gimp-print.sourceforge.net

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton
Date: Thu, 22 Feb 2001 12:00:53 -0500
From: Bill Sneed <bsneed@mint.net>
To: letters@lwn.net
Subject: Jim Allchin, etc.

To the editor: 

I think you're absolutely correct on this.  For the last decade,
Microsoft has had it's way with Federal & State I.T. managers -- but
this is changing.

The first thing I did after reading Allchin's remarks was to visit
most of the Web sites for the D.O.E.'s national laboratories.
The level of Linux infiltration is quite astounding. NASA's use of
Linux, and Open Source in general, is well documented.

Such non-high tech undertakings as a centralize "command post" for
forest fire fighting in the Western U.S. is Linux-based.

The U.S. Fish & Wildlife Service's office in Raleigh, N.C. proudly
proclaims its wide use of Linux -- even on a laptop!

Some of the D.O.D's largest private-sector contractors are now 
using Linux, e.g., Lockheed-Martin  

Check out the Federal Computing News and search on Linux.  While
there's not a tidal wave of stories regarding Linux the numbers are
increasing and the stories are increasingly favorable. 

We've got the N.S.A. building a (supposedly) secure version of Linux
and underwriting all kinds of interesting research at the Univ. 
of Utah based on Linux.  

Similar levels of Linux use are a little harder to document at
State and local government levels but I have no reason to believe
you won't find the same Linux-creep there as well.

Is Microsoft worried?  You bet they are because the end of the
gravy train is in sight -- and it's about time.

...Bill Sneed, Prospect, Maine...
Date: Thu, 22 Feb 2001 15:39:14 -0800
From: "Jonathan Day" <jd9812@my-deja.com>
To: letters@lwn.net
Subject: Jim Allchin, Microsoft, and Ancient Rome

Dear sir,

    By now you're probably sick of hearing Jim Allchin's name, let alone of
what people think of him. However, I'll throw in my 2 cents worth.

    It has been standard military tactics, by all conquerors, to divide
their enemies. The more their enemies fight amongst themselves, the less
the conquerer has to do.

    In light of Microsoft's history, as revealed in the DOJ court case, and
in light of the recent Microsoft press release, claiming that Mr Allchin
was only referring to GPL/LGPL software, it does not take a rocket
scientist to deduce what is happening.

    We are being invited to destroy ourselves. Either we can accept, or we
can refuse. And I mean 'we'. Open Source / Free Software is only truly
stable (and truly enforcable) at larger scales. Splinter too much, and
Microsoft'll have breakfast, lunch and dinner all nicely lined up, and
there won't be a damn thing anyone can do to stop them.


Jonathan Day

--== Sent via Deja.com ==--

Date: Fri, 23 Feb 2001 07:15:20 -0800 (PST)
From: John Jensen <jjens@primenet.com>
To: letters@lwn.net
Subject: common ground

I have to admit that I enjoyed the rough-and-tumble of the last week as
much as anyone.  The comments by Microsoft's Mr. Jim Allchin set of storms
of righteous indignation ... one person's indignation feeding the next. 
Everybody had fun dumping on their favorite bogey-men, and expressing the
differences they felt with "the other side."

The interesting thing for me is how lightly anyone has touched upon the
common ground.  In the clarification of his comments, Mr. Allchin and
Microsoft, apparently endorsed the BSD License for use in government-
funded software development(1).  At what many might consider the other
"extreme", Richard Stallman endorses the same license as "free" and
"useful to the free software community"(2). 

It strikes me that the big missing story of the week was the common ground
reached between (broadly speaking) open source and proprietary software
developers.   Did "everybody" just agree that open source can be an
appropriate choice?

1 - http://weblog.mercurycenter.com/ejournal/2001/02/19
2 - http://www.gnu.org/philosophy/bsd.html

John Jensen
33° 39' 44N   117° 45' 06W

Date: Tue, 27 Feb 2001 14:36:08 +0800
From: Leon Brooks <leon@brooks.fdns.net>
To: Hemanshu Nigam <MPAA23@pacbell.net>,
Subject: Unauthorized Distribution of Copyrighted Motion Pictures

Good morning, Hemanshu Nigam!

Re: Your email posted at

Having perused this email, I am wondering about several aspects of it, 
and how they may impact my websites.

First, I want to consider your statements to and about Dr Touretzky.

 > Date of Infringement: 1/31/2001 3:09:19 PM EST

As the email relates to ``Unauthorised Distribution of Copyrighted 
Motion Pictures'' and there does not appear to be any copyrighted motion 
picture nor a significant section of one, nor even a still frame from 
one on Dr Touretzky's website [in particular see ref 1], is not the 
subject misleading, possibly even libellous, since you seem to be 
implying by this that Dr Touretzky has distributed or is distributing 
copyrighted motion pictures without authority?

 > Dear dst@cs.cmu.edu

Actually, the man's name is Doctor David S. Touretzky. Is it legal to 
address someone by a string of symbols rather than their name? David 
could allow practically anyone to use that email address, has no legal 
obligation to use it or protect it himself, and could choose to use 
another, at any instant. Likewise the ISP. Not only can you not be 
certain that David has received any communication from you, but there is 
not the slightest guarantee of confidentiality in any unencrypted email 
you send.

 > We have received information that you are unlawfully
 > offering product at the above referenced web site.  We
 > have notified your ISP of the unlawful nature of this
 > web site and have asked for its immediate removal.

Now this *has* to be unconstitutional! You have ``received 
information,'' you have not *proven* or *established* anything, and here 
you are offering what is likely to be a libellous statement about Dr 
Touretzky to his ISP. Whatever happened to the presumption of innocence?

Even if the nature of certain files on Dr Touretzky's website had been 
established as illegal, the most you would have been permitted to demand 
by law is the removal of the specific files deemed to be illegal.

Now I would like to consider your email to the hostmaster of Dr 
Touretzky's ISP (in this case, a node within Carnegie Mellon University).

 > We have received information that the above referenced
 > Internet site is providing a circumvention device commonly
 > known as DeCSS.

DeCSS code cannot be a circumvention device, for it is only software. In 
order for Dr Touretzky to be providing a circumvention device, he must 
be providing a device capable of performing circumvention - which in the 
case of a programmable device includes a program which actually does the 

Unless Dr Touretzky's webserver has an interpreter installed which will 
run one of the languages in which code is published on his website, or a 
compiled (binary) version of one of the sources displayed, his webserver 
cannot be a circumvention device in itself. I see no evidence on the web 
page that his (Unix) webserver has any of those installed. Nor can I see 
any evidence on his site of circumvented protection, no proof at all 
that what he is publishing actually circumvents CSS or any other 
protection or encryption scheme.

 > DeCSS is a software utility that decrypts or unscrambles the
 > contents of DVDs (consisting of copyrighted motion pictures)
 > or otherwise circumvents the protection afforded by the
 > Contents Scramble System (CSS) and permits the copying of the
 > DVD contents and/or any portion thereof. As such, DeCSS is an
 > unlawful circumvention device within the meaning of the
 > Digital Millennium Copyright Act, Title 17 United States
 > Code Section 1201(a)(2)(3).

Ah! So if make a movie, copyright it and encrypt it using something 
simple like ROT13 or a single-character repeated XOR, every piece of 
ROT13-capable or XORing software in the USA immediately becomes subject 
to control under the DMCA? How about if I encrypt the movie using PGP or 
GPG, publicly-available and widely used encryption programs? How about 
if I or someone else sends the movie across an encrypted network, such 
as PPTP or Free/SWAN? This sounds like a great little money-spinner.

 > We therefore demand that you [the ISP] take appropriate steps
 > to cause the immediate removal of DeCSS from the above
 > identified Internet site,

The ISP now has a legal dilemma. Even if the charges as laid out are 
proven, what of the material on Dr Touretzky's website is DeCSS? If the 
ISP removes material which is not DeCSS, they may cause an actionable 
loss to Dr Touretzky or to other parties relying upon the service 
provided by the website. Not to mention losing a significant amount of 
goodwill, and accountable asset, amongt their clientele. If the ISP 
fails to remove material which later is proven to be DeCSS, they may be 
vulnerable to action by you.

This is all assuming that the ISP has the right to tamper with any 
service offered to Dr Touretzky, or data belonging to Dr Touretzky.

 > along with such other actions as may be necessary or appropriate
 > to suspend this illegal activity.

Yet you still haven't established precisely which activities of Dr 
Turetzky's, if any, are actually illegal.

 > We also request that you:

 > 1. maintain and take whatever steps are necessary to prevent
 > the destruction of all records, including electronic records,
 > in your possession or control related to this Internet site,
 > account holder or subscriber, and

So if the ISP's hard disk currently contains copies of DeCSS and/or 
movies possibly decrypted, possibly using DeCSS, being material 
``related to'' the website, are you here demanding that they make copies 
of this material, that is, to ``import[...] provid[e], or otherwise 
traffick[ in]'' this material?

OK, now let's discuss the applicability to my websites.

I have a copy of and intend to publish much of the educational and 
entertaining material available as at now from 
http://www.cs.cmu.edu/~dst/ - but I would like to so without putting any 
of the potential hosting agencies at risk.

One of the sites will be hosted in Australia, where reverse engineering 
is protected by law, so a communication such as the one from you which I 
have quoted above is likely to fall under the legal category 
``threatening letters demanding money [compensation] with menaces 
[threats of legal action]'' - so it may actually work out to be highly 
lucrative for an Australian ISP to host the site.

However, one of the sites in question will be hosted in the USA, so I 
need to know which of the items on David Touretsky's page is actually 
DeCSS (if any: the source code to produce DeCSS may not qualify as 
DeCSS, in the same way that plans or machine-tool tapes for an object 
are not that object). It also seems likely that even if plans for DeCSS 
were ruled to _be_ DeCSS (law often seems loathe to follow common 
sense), some of those plans may be exempted as works of art, lampoons of 
the original CSS decoder, or fair academic use of maerial.

I understand that Dr Touretsky has also contacted you with similar 
questions, but that your answer may be somewhat constrained by impending 
threats of legal proceedings. However, the purpose of this communication 
is to *avoid* legal proceedings.

If you would be so kind as to lay out the legal reasons for including or 
excluding specific items from Dr Touretsky's collection, I could also 
publish that list on my sites as a separate issue from Dr Touretsky's 
case, which would help to protect your intellectual property by 
encouraging others only to publish such related art as is legal. If I 
receive no list within a reasonable time, say two weeks, I can safely 
assume that none of the items in the collection are legally offensive to 
you or to the DMCA, and publish them all (subject, of course to the 
permission of any involved copyright holders).


Leon RJ Brooks
Computer Consultant
Western Australia

[1] Touretzky, D. S. (2000) Gallery of CSS Descramblers. Available: 
http://www.cs.cmu.edu/~dst/DeCSS/Gallery, 27 February 2001.

"If thine enemy wrong thee, buy each of his children Windows."
     -- Redmond proverb

Date: Thu, 22 Feb 2001 15:25:53 -0500 (EST)
From: "Steven W. Orr" <steveo@world.std.com>
To: <letters@lwn.net>
Subject: Regarding the demise of Maximum Linux.

I am not going to mourn the death of Maximum Linux. I received a copy and
thought that it would be nice to add yet another magazine to my intake. My
standard is that if I can get just one good idea from somthing, then it's
worth the read, and the cost of any magazine subscription is never much of
an issue. I found that they were targeting a *very* specific audience:

1. They had to be very young and hip.
2. They had to be brand new to Linux.

Somehow they took these requirements and felt that speaking in a young and
hip manner allowed them the artistic license to be inaccurate. There were,
on average, one or two falsehoods, made-up stuff, incomplete thoughts,
etc.  on every page of the magazine. This flavor was not limited to any
one writer. It seemed to be a requirement for all contributers.

I wrote to the editor with a complete list of these inaccuracies and was
told that this style was needed to hook the target market they were
looking for.

There's so much good material out there. It's too bad they couldn't have
learned from the ones that are doing well.

-Time flies like the wind. Fruit flies like a banana. Stranger things have -
-happened but none stranger than this. Does your driver's license say Organ
-Donor?Black holes are where God divided by zero. Listen to me! We are all-
-individuals! What if this weren't a hypothetical question? steveo@world.com

Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds