[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Opening up OpenMail? As was originally reported in ComputerWorld, Hewlett-Packard has announced that it will cease development on its OpenMail [OpenMail] product. Version 7.0, which became available on February 28, will be the last major release of this system.

This announcement may seem like just the death of yet another proprietary software product. But it matters. OpenMail is the only "enterprise ready," Exchange-compatible mail server product which is available on Linux. Its demise leaves an important corporate function with no Linux-based solution; all that's left is windows-based, proprietary systems - and not very many of those. For the moment, this looks like a setback for the World Domination program.

There is an important lesson here, however, for the users of proprietary software. Companies that have deployed OpenMail have invested heavily in it. But, with proprietary systems, you never really know if it will be there tomorrow. OpenMail is going away, and there is nothing its users can do about it. It can not be maintained - even by those willing to pay for that maintenance. If a proprietary system's owner so wills, the software simply vanishes.

It is worth pointing out that HP is paying more than the usual amount of attention to its users' interests in this case. The announcement went out with OpenMail 7.0, rather than after customers had paid for upgrades. And HP will be providing bug fixes and other support for the next five years, so there is plenty of time to find a replacement. HP is to be commended for being clear about its plans, rather than just quietly ramping down development.

One of the first thoughts that comes to mind, of course, is that HP should release OpenMail under an open source license. HP, after all, has taken some criticism at times for seemingly being more interested in talking about free software than actually supporting it. Here is, it seems, HP's chance to bolser its open source image while simultaneously doing the free software world a real favor.

Life, of course, is not so simple. Bruce Perens has sent around a note on the future of OpenMail and the possibility of releasing it as open source. Most of the usual problems apply. For example, HP does not own all of the code that is in OpenMail, so the company will have to go through, track down all of the various licenses it owns, and figure out how they impact an open source release. Over twelve years, a large system can accumulate quite a few of these licenses. Once they have been found, it will be necessary to "sanitize" the code, removing everything that can not be released. That is a big job, and the resulting system is likely to function poorly, if at all.

Then, of course, it's not just a simple matter of tossing the code onto an FTP site and hoping for the best. There needs to be CVS archives, project management, documentation, web pages, etc. And getting people interested in the code could be a challenge. After twelve years, one can assume that this system has grown complex and full of cruft. It may not be for the faint of heart.

The end result is that releasing OpenMail as free software would not be a cost-free action for HP - it could, in fact, be quite expensive.

Perhaps the best case scenario, in the end, might be for some other company to take on the open-sourcing of OpenMail. Even in these (relatively) hard times, it seems like it should be possible to build a business on this product, much in the same way that NuSphere and Great Bridge are hitching their wagons to open source database systems. A small business could perhaps be built around nicely-packaged OpenMail box sets, but OpenMail seems like a system that would support a large market in design and support services. Companies that depend on OpenMail would probably be willing to pay for further development and support services; they could redirect the funds currently going into license fees.

What's needed is a company that can build this business. Sendmail, Inc. seems like it would be a natural for this line of work; OpenMail already uses sendmail, and would be a strong weapon in Sendmail's quest to make money from enterprise services. Red Hat, too, could perhaps benefit from the package. And VA Linux, of course, has made a major goal of replacing its dotcom customers, who have not been the most reliable lately, with blue-chip enterprise companies. If HP can not find the resources to free OpenMail, certainly one of these other companies should be able to step in and help out? Let's make HP come up with a different excuse for holding onto the source.

(See also: The OpenMail Showdown: Is Bruce Perens Just a Pretty Face? by Don Marti for a more cynical look at the situation).

HP gets into Linux-based stereo gear? Since OpenMail is no longer an appropriate fit with HP's strategy....what is? For one clue, see this press release describing a new partnership with RealNetworks. The details are sparse, to say the least, but the picture that emerges is that the two are working on a Linux-based box which would plug into a living-room stereo system and make music available from the Internet. The real set of products and services are due to come out later this year.

One could be forgiven for wondering if the companies aren't targeting the Napster customer base. A paid service providing a "universal juke box" functionality could well be popular, especially if it is easy to use (without a user-visible computer) and lacks legal challenges. In that context, a quote from this TechWeb article is interesting:

[HP VP John] Spofford said a Web-connected home-entertainment device is a logical step for HP, whose CD-Writer rewritable drive, which has sold 10 million units, lets consumers make media from the Internet and PCs accessible on other devices.

A network-based music device which avoids the wrath of the music industry is unlikely to provide a straightforward connection to one of those CD writers. We are waiting to see how they resolve that problem.

The other question, of course, is that of just how open this box will be. A Linux-based system designed for audio applications would be a fun toy to play with. We can only hope that HP will provide an open interface to this box so that others can write their own applications for it. Somebody will figure out a way in regardless; why not make it easy and let a wider set of applications drive sales for the device? Bruce Perens said two years ago:

Open Source has de-emphasized the importance of the freedoms involved in Free Software. It's time for us to fix that. We must make it clear to the world that those freedoms are still important, and that software such as Linux would not be around without them.

Perhaps Bruce, in his high-profile HP role, could help to make this new product line support freedom?

Inside this week's Linux Weekly News:

  • Security: Strong ES vs Weak ES TCP/IP implementations, new security reports for Apache, /bin/mail, PHP-Nuke, PHP, and more.
  • Kernel: SnapFS enters alpha; DOS-formatted scripts.
  • Distributions: What is a Linux Distribution? Icepack Linux, NIC Linux and Brutalware are added to the list.
  • On the Desktop: Page layout updates, Mozilla slips but Opera slides, and Mandrake talks GNOME.
  • Development: New GTK+ and GLib, Mailman 2.0.2, CMF for Zope, Python Software Foundation.
  • Commerce: Zero-Knowledge Systems names Advisory Board, Lineo to acquire Convergence Integrated Media.
  • History: "Who do you sue?" VA Linux acquiring SGI - seemed possible at the time.
  • Letters: The music industry; Allchin's comments again; and more.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


March 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Strong ES vs Weak ES in TCP/IP implementations. This week, the most prolific discussion on BugTraq focused on the implementation of RFC 1122, which covers the TCP/IP communications protocol layers: link layer, IP layer, and transport layer. In the portion that discusses how to handle multi-homed hosts and the implementation of the loopback device, the RFC is somewhat ambiguous, providing two possible implementations without recommending between them. This week, a note was posted that pointed out the security implications of one of those two implementations.

Elias Levy posted an excerpt of the portion of the RFC that applies to this issue. The two implementations it describes are entitled "Strong ES Model" and "Weak ES Model". Under the Strong ES Model, packets arriving from one network interface will not be forwarded to other network interfaces unless forwarding is enabled. Under the Weak ES Model, the reverse is true, packets will be forwarded even with forwarding disabled. The Weak ES Model is the one that has some people concerned.

Why would this be a problem? Take a common setup, a host with two ethernet cards, one connected to an external network and the other connected to an internal network. If IP forwarding is disabled, an administrator might assume that a network service that listens only on the internal interface is not accessible to probing from hackers coming in on the external interface. Under the Weak ES Model, this is incorrect; unless a firewall is in place to prevent it, packets coming in on the external interface can be forwarded to the internal interface and therefore access (and possibly exploit) that network service.

So what model does Linux use? Following the BugTraq thread, we did not get a consistent answer. The original post claims that Red Hat 6.2 is not affected, other posts claim that Linux 2.2 follows the Weak ES model while 2.4 does not, still others claim that they've tested Linux 2.2.16 and it is not vulnerable, while tests of Linux 2.4 show that it is vulnerable. At this point, we can only sum it up by saying, "We don't know" (but we'll ask our resident kernel expert to look into it ...).

So two camps emerge from the discussion. One camp feels strongly that, because the Strong ES Model is slanted towards providing more security, it should be the default model (if not the only model). It is true that we are all advocating moving Linux in the direction of security-by-default; would the Strong ES model be a best-fit as a result?

The other camp quickly pointed out the functionality currently in use that depends on the Weak ES Model, including load balancers such as the Linux Virtual Server project, upon which Red Hat Piranha is based. In addition, there was a strong feeling that any security issues associated with the Weak ES Model can be fixed via a properly-configured local firewall.

In the end, the ability to choose between the Strong ES Model and the Weak ES Model seems to be highly desirable. Which model is chosen as the default can be easily left to the Linux distribution, possibly eventually defaulting to the Strong ES Model, as long as changing the configuration is a simple matter. Whether or not that gets done, of course, is a decision that will be made by the kernel developers.

Meanwhile, a clear problem that has been identified is the failure of our current HOWTOs to document the current model being used and the security implications of that model. Right now, systems administrators do not have the correct information they need to make the right configuration choices.

Uncovering the secrets of SE Linux: Part 1 (IBM developerWorks). Author Larry Loeb looks at the SE Linux code, the open sourced security-enhanced version of the Linux 2.2 kernel released by the National Security Agency. "If you haven't been following the cryptography area lately, let me assure you that this action by the NSA was the crypto equivalent of the Pope coming down off the balcony in Rome, working the crowd with a few loaves of bread and some fishes, and then inviting everyone to come over to his place to watch the soccer game and have a few beers."

A review of Intrusion Detection Systems. Back in January, we briefly discussed free software Intrusion Detection systems. This month, Dragos Ruiu has posted an in-depth evaluation of Snort, along with several commercial IDS systems; it's a worthwhile read for anyone interested in deploying an intrusion detection system. "IDS is a relatively new technology, but it is increasing in popularity, driven by the number of people starting to entrust valuable or mission-critical data to computer systems that they feel a need to install good risk management for. Along with this popularity comes a large number of commercial entrants, and new products, all with varying marketing claims - making purchase and evaluation difficult, particularly as the operation of these early-generation systems is still an enormously technical task, requiring a fairly deep and broad knowledge of networking protocols and technology."

The review shows the investment of a great deal of time and research; we look forward to the promised updated versions over time.

Turbolinux issues updated public key. Turbolinux has a new public key. Turbolinux users will want to download the new key in order to properly check the signatures on new Turbolinux security updates.

Security Reports

Apache directory listing error. In some circumstances, Apache 1.3.18 and earlier can be made to display a directory listing instead of an error message, by artificially creating a very long path with many slashes. A fix for the problem can be found in the recently-released Apache 1.3.19. Check this SecurityPortal posting for more details.

/bin/mail buffer overflow. A buffer overflow in /bin/mail was reported by SosPiro to the vuln-dev mailing list on February 28th, 2001. Note that the buffer overflow is not exploitable unless the binary is setuid or setgid, a configuration issue that differs between distributions. A quick check of the permissions on your local system is recommended, especially since the permissions may not be the same as the distribution's installation defaults.

PHP-Nuke 4.4.1a saveuser vulnerability. Security reports for PHP-Nuke continue to come in fast and furiously. This week, PHP-Nuke 4.4.1a was reported vulnerable via its saveuser function, which does not check input rigorously enough and, as a result, can be used to change another user's email address or gain their password. However, saveuser was singled out solely as a demonstration; apparently other PHP-Nuke functions can be exploited in the same manner. No patch or response from the PHP-Nuke team has been seen yet.

PHP 4.0.4 IMAP fix repercussions. A security fix for IMAP in PHP 4.0.4 can unfortunately break under some circumstances, causing the IMAP module to fail. PHP 4.0.4pl1 appears to contain a fix for the problem. Alternately, a patch for the problem is available that closes the original buffer overflow but reverts IMAP behavior otherwise back to match 4.0.3.

Mailman potential privacy hole. A potential privacy hole in Mailman has been fixed in the latest release, Mailman 2.0.2. The hole could allow list administrators to gain user passwords. Directly, the user passwords would be of little use to an administrator, but since many people use the same password in multiple places, the privacy violation is a concern. This is a recommended upgrade, if not for the privacy concern, then due to other "important" bug fixes in the release.

ePerl buffer overflows. Fumitoshi Ukai and Denis Barbier found and reported buffer overflows in ePerl which can be exploited if ePerl is installed setuid root. ePerl is used to expand Perl statements inside text files. If it is installed setuid root, then it can switch to the UID/GID of the script owner. As a result, even if not installed setuid root by default, some sites may choose to change the permissions to get this functionality.

man2html denial-of-service vulnerability. man2html, a program for converting files from the man page format to HTML, to allow them to be read via a web browser, has been reported to contain a denial-of-service vulnerability. Details on the problem are currently lacking, since we've seen the problem only via the Debian advisory below, at least so far.

mc binary execution vulnerability. Again, we have few details on this vulnerability, since it has not been reported on BugTraq but was instead first seen (by us) via the Debian advisory below, which describes the problem in general without giving technical specifics. It seems that Midnight Commander can be used by one local user to trick another user into executing a random program under uid of the person running Midnight Commander. Andrew V. Samoilov provided a fix for the problem.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • Infopop Ultimate Bulletin Board 5.0.x beta has been reported to contain a vulnerability that can be exploited to retrieve user cookies. An upgrade to Infopop Ultimate Bulletin Board 6.0 Beta should fix the problem.

  • Simple Server, a Java-based HTTP server, has been reported vulnerable to a directory- tranversal problem. No patch or vendor response has been seen so far.

  • post-query, a CGI-based script generally provided as sample CGI code, contains a remotely-exploitable buffer overflow. It is recommended that the script be removed from your system if it is present.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • SurgeFTP, an FTP server from NetWin that runs on Unix/Linux/Windows, is vulnerable to a local denial-of-service attack. The vendor has issued Build v1.1h of SurgeFTP which fixes the issue. Check BugTraq ID 2442 for more details.

  • Cisco IOS has been reported to contain a vulnerability that can allow the successful prediction of TCP Initial Sequence Numbers. This only impacts traffic originating or terminating on the Cisco itself. Free software upgrades are offered to fix the problem.

Updates

Zope security update. Digital Creations released a security update to Zope (all versions up to 2.3b1) fixing a security vulnerability in how ZClasses are handled the week of March 1st. An upgrade is recommended.

This week's updates:

Previous updates:

joe file handling vulnerability. Check the March 1st LWN Security Summary for the initial report.

This week's updates:

CUPS buffer overflow and temporary file creation problems. Check the March 1st LWN Security Summary for the initial report.

This week's updates:

Previous updates:

sudo buffer overflow. Check the March 1st LWN Security Summary for the original report.

This week's updates:

Previous updates:

Analog buffer overflow. An exploitable buffer overflow in analog was reported in the February 22nd LWN Security Summary. Version 4.16 contains a fix for the problem, which affects all earlier versions.

This week's updates:

Previous updates:

LICQ/GnomeICU denial-of-service vulnerability. Check the February 15th LWN Security Summary for the original report, which also noted a similar problem in kicq.

This week, Bill Soudan noted that the CVS code for kicq has been corrected, with thanks to Bernhard Rosenbraenzer at Red Hat.

Multiple vulnerabilities in ProFTPD. Check the February 8th, 2001 LWN Security Summary for details. ProFTPD 1.2.0rc3 contains fixes for all the above problems.

This week's updates:

  • Debian, updated advisory, Motorola 680x0 packages added
  • Debian, updated advisory, this one also fixes two Debian-specific configuration errors
Previous updates:

mgetty tmp file race problem. mgetty was one of twelve packages reported in January to contain tmp file race problems. Check the January 11th LWN Security Summary for the initial report.

This week's updates:

  • Debian, updated advisory, Motorola 680x0 and PowerPC added.
Previous updates:

Events

RAID 2001 - Call for Papers. The Fourth International Symposium on the Recent Advances in Intrusion Detection, better known as RAID 2001, will take place on October 10th through the 12th, 2001, in Davis, CA, USA. The deadline for their Call-for-Papers is coming up soon, March 30th, 2001.

Upcoming security events.
Date Event Location
March 26-29, 2001. Distributed Object Computing Security Workshop Annapolis, Maryland, USA.
March 27-28, 2001. eSecurity Boston, MA, USA.
March 28-30, 2001. CanSecWest/core01 Network Security Training Conference Vancouver, British Columbia, Canada.
March 29, 2001. Security of e-Finance and e-Commerce Forum Series Manhattan, New York, USA.
March 30-April 1, 2001. @LANta.CON Doraville, GA, USA.
April 6-8, 2001. Rubi Con 2001 Detroit, MI, USA.
April 8-12, 2001. RSA Conference 2001 San Francisco, CA, USA.
April 20-22, 2001. First annual iC0N security conference Cleveland, Ohio, USA.
April 22-25, 2001. Techno-Security 2001 Myrtle Beach, SC, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


March 8, 2001

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current kernel release is still 2.4.2. Linus has resumed work toward 2.4.3; his current prepatch release is 2.4.3pre3. Alan Cox, meanwhile, has kept up his pace and reached 2.4.2ac14. A reader asked us to figure out how much of the "ac" patches have made it into Linus's kernel. Unfortunately, there is no easy answer to that question. Linus's changelogs just say "Alan Cox: continued merging". The only person who actually knows the answer, in all likelihood, is Alan, and he does not have the time to make a list.

No new 2.2.19 prepatches have been released in the past week.

SnapFS alpha release. Peter Braam and his colleagues at Mountain View Data have announced the alpha release of SnapFS, a new filesystem add-on. As an alpha release, it's not something that you are likely to want to put on that big departmental server. It has some interesting features, though, that make it definitely worth a look.

Essentially, SnapFS enables a filesystem to preserve its history. One could compare it to the old VMS file versioning scheme, but SnapFS is far more flexible than that. It can preserve the state of an entire filesystem at any given time; it can also be set up to preserve every revision that is ever made of every file on the system. That latter mode, presumably, is recommended only for users with very large disks.

To many, SnapFS may just seem like a way of filling up excess disk space. But, in fact, there are some truly useful applications for such a filesystem:

  • Backups. SnapFS can be used to stabilize a version of the filesystem, which can then be written to tape. There is no need to (1) kick the users off the system to get a clean backup, or (2) run backups on a live system and just hope everything comes out OK.

  • System administration work. Imagine freezing the filesystem state before that next big operating system upgrade. If it doesn't work out, one command brings back the previous state of affairs.

  • Fat-fingered users. Most system administrators learn early on that the most frequent use of backups is not recovery from disk disasters; [SnapFS diagram] it's restoring files that some user (usually the same user) destroyed. With snapshots, that process is much easier.
SnapFS works by placing itself between the Linux virtual filesystem (VFS) and any of a number of underlying filesystems - though only XFS and ext3 are implemented in the alpha version. The diagram on the right (stolen from a white paper on the Mountain View Data SnapFS page) shows how the pieces fit together. The supporting filesystem must be of the journaling variety, since SnapFS relies on the atomic updates that journaling filesystems provide. The filesystem must also support extended attributes, essentially the hanging of additional metadata onto files. Thus, most users will need to apply both the ext3 and extended attribute patches (of which there is a new release - see below) to be able to run SnapFS.

Whenever a file is to be modified, and its contents must be preserved in a snapshot, SnapFS creates a new inode in the filesystem to hold the snapshot version. An extended attribute which points to the snapshot inode is then attached to the visible version of the file. The actual blocks of the file are shared between the current file and the snapshot until they are changed; at that point the SnapFS "copy on write" mechanism makes copies of the affected blocks. Snapshots are thus relatively efficient in their use of storage, especially in situations where only parts of files are changed. For example, a snapshot of that huge web server log file, which is only appended to, does not duplicate the log entries that are shared between the current and archived versions.

This mechanism also makes the creation of snapshots very fast. Since no data is copied at that time, making a snapshot is really just a matter of filling in a table entry.

A set of tools is provided with SnapFS to handle the management of SnapFS filesystems, performing rollbacks to older versions, etc. Mountain View Data's revenue model is starting to come into focus, though - a number of additional management tools will be proprietary. For example, there will be utilities to stabilize and quiesce Oracle and MySQL databases for snapshots. The basic SnapFS code, however, is licensed under the GPL.

What should the kernel do with DOS-formatted scripts? A user recently turned up a little problem. Imagine that you have a perl script that starts with the usual incantation:

	#!/usr/bin/perl
You would expect the kernel to be able to run the perl interpreter when the script is invoked. But now imagine that the script is in DOS format - each line ends with a carriage-return and a line feed (\r\n) rather than just a line feed (\n), which has been the Unix standard forever. The kernel, in this case, will see the carriage return as part of the interpreter name; as a result, the user gets a "no such file or directory" complaint from the shell.

This user, Ivo Timmermans, included a patch that would make the kernel strip out the carriage return in scripts like this. The initial response from Alan Cox was not particularly receptive: "Fix the script. The kernel expects a specific format." That approach makes sense to some - why should the kernel go out of its way to support scripts that are not in the specified format?

It was subsequently pointed out, however, that the kernel will happily strip away other sorts of trailing white space, such as space characters and tabs. Should not carriage returns, which are generally recognized to be white space as well, be stripped too? Good question, with no answer from those who would eventually have to accept the patch. For now, "fix the script" is the order of the day.

Other patches and updates released this week include:

  • Andreas Gruenbacher has released version 0.7.8 of the access control list and extended attribute patch.

  • The "final" version of the aacraid driver, which "supports the on-board RAID controllers on the Dell PowerEdge 2400, 2450, and 4400 servers, the add-in 4-channel PERC2 card, and the HP NetRAID-4M card," has been released by Matt Domsch.

  • Brad Douglas has announced that the linux-fbdev mailing list will be making the pilgrimage over to SourceForge.

  • Christian Worm Mortensen released a new version of the "WRR" scheduler, which provides control over the use of an Internet connection shared by several systems. The message doesn't contain the URL for the code, however; if you're interested, the WRR page is over here.

  • Zach Brown has released a massively updated maestro sound card driver. It looks like it has a number of good fixes, but it's only for the 2.2.18 kernel, currently.

  • Steve Best has released JFS beta 2 release 0.2.0, the latest version of IBM's journaling filesystem.

Section Editor: Jonathan Corbet


March 8, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

What is a Linux Distribution?. Three years into writing this weekly column, it seems appropriate to stop and define some of the terminology that we so freely use. To start with, we'll take a moment to define what we mean when we use the term "Linux Distribution".

A Linux distribution is, in essence, a software package. [Structure of a Distribution] As demonstrated by this graphic, that package generally includes three layers of software: the Linux kernel, the C library and then an arbitrary set of applications to provide the specific functionality required.

Anything that fits this model is, essentially, a Linux distribution. That can mean anything from a package small enough to fit in a 4MB Flash card to a package large enough to require multiple gigabytes of hard disk space. Because the Linux kernel itself is highly flexible and supports an amazing number of hardware platforms, it scales very well in size from very small to very large.

From the diagram, you can also see that any two Linux distributions can actually look very different to the end-user. The choice of packages that are included with the distribution will determine the look-and-feel. Two different distributions might have in common only the kernel and the C library, while supporting an entirely disparate set of applications.

Correspondingly, to confuse the issue, there are operating systems out there that look a lot like Linux. For example, the Debian GNU/Hurd operating system is based on the Debian system, but with the Linux kernel replaced with a Debian GNU/Hurd kernel. Once completed, the Hurd will essentially be an operating system that looks like Linux, acts like Linux, feels like Linux to the end-user, but is not Linux, because it does not contain the Linux kernel.

The *BSD operating systems are another example of this. As shown in the diagram, BSD tools are often included in Linux distributions, since they are also Free Software. In turn, many applications popular on Linux systems are also included by default in FreeBSD, NetBSD and OpenBSD. So to the end-user, the difference between Linux and BSD may appear very small, depending on what applications they use and how far into the operating system kernel they delve for their basic work.

However, we would not call NetBSD a "Linux distribution". Why not? Well, to start, the NetBSD folks might very well get offended, since they've been around a lot longer than Linux.

This may seem to be a moot point, but back in December, Sun's Scott McNealy actually referred to Solaris as "our implementation of Linux". Now Solaris doesn't run the Linux kernel, but it can run binaries compiled on Linux systems and it can support most of the Free Software applications that you'll find on Linux systems. So, since Sun apparently doesn't find the notion offensive, should we consider Solaris a Linux distribution?

Well, the final arbiter on that will be Linus, since he is the holder of the Linux trademark. For our purposes, though, Solaris will not be included, simply because it is not Free Software. No proprietary operating system will ever, in this column, be deemed a Linux distribution. However, we would uphold Sun's rights to claim that Sun is "Linux-compatible", given the amount of effort they've put in to supporting the Linux API.

We'll talk a bit more next week about the criteria used to add or remove distributions from our set of distribution links.

New Distributions

Icepack Linux. Henry Westbrook dropped us a note mentioning another distribution not currently on our list. Icepack Linux is a new general-purpose distribution out of Germany that started shipping January 29th (Henry was one of the beta-testers). Icepack is focused on the home Linux user, costs about $35 (including shipping) and comes with unlimited email support. Note that businesses are not eligible for the unlimited support.

Icepack is definitely not a light-weight distribution. It use the Gnome desktop by default (KDE support is promised in version 2.0) and a minimum of a gigabyte of space is recommended for the installation (2GB if you plan on using StarOffice, etc.).

Unique features to icepack include their own graphical boot manager (icepack boot manager), a new package format, 'ice', and a configuration manager for configuring new hardware. The distribution is not based on any other distribution but is, instead, entirely developed from scratch. Supported languages so far appear to be German (Icepack is based in Germany) and English, though they do provide a version of their website in French as well.

For a brand-new distribution, the website for Icepack is in excellent shape and contains a lot of good information. Henry, as a beta-tester, gives the distribution very high accolades. We will look forward to hearing how well it works for Linux home-users in the future.

NIC Linux. We first mentioned Oracle's NIC (New Internet Computer) back in July of 2000. It is an appliance (or X-terminal) that allows access to the Internet for as low as $199 (without monitor), contains no hard drive, uses a 4MB Flash disk and runs Linux off of the CDROM drive. Included with the NIC is Netscape, VNC, some games and a few basic applications.

Back in November, a link to the on-line version of the NIC packages was included on our development page. Recently, however, one of our readers (thanks, Jerry!) pointed out that NIC Linux could also be considered for addition to our distributions list. We have to agree, particularly since a community is developing of NIC users wanting to add features into their NIC 4MB Flash drive or burn new NIC CDs with additional applications included. Since the base NIC CD occupies less than 200MB of the 680MB CD disk capacity, there is lots of room for additional software.

Anyone interested in playing around with NIC Linux may also want to check out the ThinkNIC group on Yahoo, which appears to be an active source of support for the new ThinkNIC community.

GNU Brutalware. A new addition to our line-up of floppy-based distributions, Brutalware comes out of Slovakia. It loads onto three floppies and provides basic networking (requires bootp), lynx, ssh and a few other packages. It is designed primarily to be used on public systems running Microsoft. As such, it loads by default via the MS-DOS Loadlin package. That will allow Linux to load even if the system is configured not to boot off the floppy drive. Of course, once you're done, the floppy can be removed and the system rebooted to restore the original operating system. (Thanks to Richard Jelinek).

Distribution News

Debian News. The Debian Weekly News is back this week after a one-week hiatus, but is much briefer than usual. As a result, we can guess that DWN Editor Joey Hess is even more inundated with activity than usual.

The Debian Project Leader elections started yesterday, March 7th. Here are the platforms we found for the nominees Ben Collins, Branden Robinsen and Bdale Garbee. We did not find a platform for Anand Kumria, though he also nominated himself for election. For discussion of the election, check the debian-vote mailing list archives.

Slackware News. The big development news for Slackware this week was the upgrade to KDE 2.1, which has been performed on all three platforms (Intel, Alpha, Sparc). In addition, upgrades to openssh-2.5.1p2 and proftpd-1.2.1 were performed.

The Alpha platform saw more activity than this, though, with the addition of AfterStep-1.8.8, bbkeys-0.3.5, and the Simple DirectMedia Layer, plus upgrades to blackbox-0.61.1, icewm-1.0.6, parted-1.4.9 and pinfo-0.6.0. A new Linux 2.2.18 kernel has been generated as well, along with matching boot disks. Last, a large amount of cleanup work has been performed.

On the Sparc platform, an upgrade to RPM 4.0 was done. In addition, new SILO boot disk images are now available and much in need of testing. Check the Changelog for relevant notes before you test these out.

The topic of Ximian-Gnome came up on the Slackware developer forum. The main upshot is that Ximian doesn't support Slackware and Slackware won't install Ximian as a default -- you'll have to wait until the features are part of the stable Gnome. [From userlocal.com].

Linux-Mandrake News. Tractopel explained: the new beta for Linux-Mandrake 8.0 is named "Tractopel". We figured an explanation would show up eventually and, sure enough, here it is.

An FAQ for the first beta of Linux-Mandrake 8.0 is now available.

If you're a MandrakeForum fan, you might also be interested in checking out this tip on how to use KWebDesktop to display MandrakeForum headlines on your background.

Meanwhile, for people running Linux-Mandrake 7.2, KDE 2.1 rpms are now available.

Red Hat News. From the wolverine mailing list (Red Hat 7.1 beta 2), it appears that the next version of Red Hat will be shipping with Mozilla 0.7, which has been judged a better option than Netscape 6. Netscape 4.76 will also be shipped. Meanwhile, ReiserFS will not be included; it is still considered to be too unstable. Red Hat has not made the same manpower commitment to ReiserFS that SuSE has, for example, which makes it hard for them (Red Hat) to ship a stable version of that filesystem.

Minor distribution updates.

Distribution Reviews

ActiveWin.com reviews Linux-Mandrake 7.2. ActiveWin.com is best known in the Microsoft community. Reviewing Linux software is simply just "not what they do". However, they decided to make their first exception with their review of Linux-Mandrake 7.2. Overall, they appeared to like it quite a bit, "Linux Mandrake is a great step for the Linux world. It makes the operating easy to install, use, and live with and it is extremely reliable. The MandrakeSoft team has made a great job with this new user-friendly revision but some bugs still exist." [From MandrakeForum].

Trustix Secure Linux 1.2 (Duke of URL). Security is the focus of the Trustix Linux distribution, according to a review by the Duke of URL, and it delivers what it promises. "Trustix Secure Linux is a distribution that has one focus and one focus only - to provide a server distribution that is secure. There are no frills with this distribution. When you install Trustix, you very quickly realize that you are on the business end of the server. There is no GUI, nor are there any real configuration tools. What you get is very close to a traditional UNIX server."

Linux Terminal Server Project (LinuxLookup). LinuxLookup has a short article on one man's trip into the Linux Terminal Server Project. "For those who may not see any particular application for this project, consider a diskless client running an X windows front end WITH NO FAN! I thought that in itself was worth the effort to explore the LTSP. Imagine running a small internet appliance on your desk that only comes to life when you tap the keyboard or move the mouse and doesn't have the constant noise of a fan. Nice, to say the least".

Section Editor: Liz Coolbaugh


March 8, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux


   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's On the Desktop page.


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop


Commercial page layout update. I checked in with Mediascape's CEO Howard Luby this week to ask about their page layout package, Artstream.

We're still plugging along here. We have been posting updates, but unfortunately it's mainly been to fix problems that have been caused by XFree86 4.0 bugs, and new differences in the Mandrake and RedHat distributions. We hope to stabilize on RedHat 6.2, Mandrake 7.2 and XFree86 4.02 or nVidia X/OpenGL drivers in the next couple of weeks. After that we get to work on features again.

We've been getting some good feedback from our early adopters. They've expressed interest in features from trapping, separation and imposition, to Flash output. Soon we'll at least be on par with our Irix version, then we'll start piling on the features [to the Linux version].

And while we're on the subject of page layout, have you looked at Chilliware's iceSculptor package? I saw it at LinuxWorld but couldn't really tell if it was a real page layout package or not. My take, after looking at the downloadable demonstration version, is that iceSculptor is sort of a layout/word processor hybrid. At the moment it lacks text along a curve and has a few glaring user interface problems.

Chilliware had one of the fanciest booths in New York this past February at the LinuxWorld Expo, and their plans include a suite of desktop applications aimed at the individual user - a real applications company in the Linux marketplace. The question is whether they can deliver on their promises.

LinuxWorld reported on iceSculptor this week, stating they thought it shows promise and immaturity. Author Joshua Drake went on from there to say

I also noticed some inconsistencies with the product on launch. It honored the color scheme that I set up with KDE, but did not honor the text style settings. The text on the menu bar was about two sizes larger than the text I have on all other windows. At startup, the software presents you with a single-framed window that appears to be drawn incorrectly. Creating a new document is simple: just click on the now-industry-standard icon that looks like a blank piece of paper, and you are prompted to specify the type of document you would like to work with.

The author had quite a few problems getting the package to run under his KDE-based system, including problems with running on AMD processors. I, however, was able to bring up the demo package, which I pulled from Chilliware's website in RPM format, on the first try. Then again, I live under FVWM with the KDE and GNOME libs installed but without the GNOME or KDE environments running. It appears he had a bad package distribution, since the package he pulled from their website also appeared to work.

While LinuxWorld mentioned briefly that CorelDraw has been around longer than iceSculptor, I have to say that really isn't much of an advantage. Wine-based applications just don't cut it. Native is where it's at, and Chilliware's products are Qt-based, Linux native applications.

Besides Corel's recent fizzle, the only other possible page layout tool for Linux was coming from Deneba. Like CorelDraw, their Mac and Windows-based Canvas package had been ported to Linux via Wine. But late last year, a note from their support group informed me that the Linux version was on indefinite hold.

In the meantime, users continue to wait for a real page layout solution for the desktop.

Late Mozilla = Opera acceptance. It appears that the 1.0 release of Mozilla has moved out to the 4th quarter of 2001, assuming a worst case scenario (which isn't as unlikely as it seems in the software business). While free software has many advantages, many projects seem to have forgotten the "release often" rule. Long cycles for projects like Mozilla (4 years to the 1.0 release) and GIMP (2 years between 1.0 and the next major release of 1.2) leave ordinary users wondering just where the added value of open source really lives.

The truth is that large scale open source projects are constrained by the same rules proprietary software has lived by for years: difficult standards compliance verification, backtracking to the design phase when implementations show limitations in original designs and poorly defined production goals. From a developers perspective, none of these problems are impossible to solve, they're just not made any easier with open sourced code.

But whatever the developmental issues, end users are primarily interested in products that are available now and meet their current needs. While they might be willing to wait for future promised features, they won't be using beta or prerelease products during the intervening period. This moves user acceptance cycles - where users begin to build loyalty to a product - out even further and give competitors, either open source or commercial, a chance to earn users loyalty.

So while Mozilla lags behind in order to get things just right, alternatives like the cross-platform, commercial Opera browser and the open source Galeon and Konqueror browsers make big gains. In my own testing, I've found Opera to be quite stable and easy to use. Minor nits with how it imports my existing Netscape bookmarks (it sorts them when I don't want them sorted) are easy to overlook when nearly all the sites I normally visit are presented accurately. Konqueror and Galeon are on my radar screens due in no small part to very positive comments from local users groups. I just have to find a free hour to put together a test system where I can install both GNOME and KDE in their full glory.

In the meantime, I'll continue to watch all of these browsers in the hopes that one of them will be both easy to use and aesthetically soothing. In other words, a browser that bans any site that opens windows on my desktop without my request from any future contact with me. I don't ask for much.

Desktop Environments

Talking with Gael Duval of Linux Mandrake about GNOME (LinuxPower). LinuxPower interviews Gael Duval of Linux Mandrake about their involvement in the GNOME Foundation. "The problem is that GNOME and KDE are very different by nature: they don't use the same graphical libs, they don't offer the same programming API, and they are not really designed to communicate with each other even if some progress have been made in this last area. As a result, applications written with GNOME libraries or KDE libraries won't run on all Linux distributions because some of them install only KDE, the others only GNOME etc. In Mandrake, a common installation provides both KDE and GNOME libs and users appreciate that because they can run all the Linux apps they find on the net, regardless of the graphical environment they prefer!"

Evolution's latest mutations (LinuxWorld). Joe Barr looks at the latest in the evolutionary lines of Evolution in this LinuxWorld expose. "I wrote an inquiry to the development team and Evolution's project lead, Ettore Perazzoli, responded that the summary page lets you add plug-in applets to summarize how much mail you have waiting, remind you of appointments from your calendar app, or perhaps show you the latest Slashdot headlines. It's going to be much more useful than I had imagined."

GNOME 1.4 Beta 2. GNOME 1.4 Beta 2 was released late last night (or was it early this morning?) to testers interested in helping shake down the upcoming 1.4 release. Additionally, the GNOME Fifth Toe 1.4 Beta 2 is released, which is a collection of packages that are not part of the GNOME core.

Red Carpet 0.9.1 Released. Ximian pushed a new release of Red Carpet to the servers this past week. While the release is welcome, users on the bleeding edge will need to note that this release won't work with the latest RPM, version 4.0.2, installed.

GNOME to Conquer Denmark. Details of the speaker lineup for the GUADEC conference in Denmark, April 6-8, have been posted on the GNOME News site.

Release plan for KDE 2.1.1 (KDE Dot News). Plans for the next stable release of KDE, release 2.1.1, have been posted on KDE Dot News.

Printing Mania: New KDE Printing Architecture Unveiled (KDE Dot News). Like most Unix systems, printing under KDE has never been a strong point. KDE Dot News looks at developer Michael Goffioul's attempts to change that situation. "Special emphasis is put on CUPS (Common Unix Printing System). The API is identical to the Qt API to enable developers to make use of it easily, but is significantly more flexible and configurable. For example, developers can easily add additional configuration pages to the print dialog to configure application-specific printing options, and can add filters to the printing structure to process the output."

GNUstep Weekly Update, February 25th. The GNUstep weekly update for the week ending February 25th arrived this morning. Issues covered include French and Italian localisation, updates to the GUI frontend library (gnustep-gui) and some documentation updates to the Java Interface for GNUstep (aka JIGS). "GNUstep is a set of general-purpose Objective-C libraries based on the OpenStep standard developed by NeXT (now Apple) Inc", to quote Freshmeat.

System G desktop manager for Linux. Another entry in the desktop file managmenet category, System G, has reached version 2.0 according to news from the maker of the software, New Planet Software, Inc.

Office Applications

Why You Should Support AbiWord (LinuxToday.com.au). This LinuxToday.au author likes Abiword. "What an outstanding contribution to the open source world! While word processors such as StarWriter (part of OpenOffice), KWord are available for Unix Variants, and Microsoft Word and a variety of others are available for Windows and the Mac OS, you could run AbiWord on any different modern OS that you could care to, and find the basic feature set available on each!"

Desktop Applications

Appgen implements new business model. Appgen Business Software, Inc. announced the formation of Appgen Personal Software, LLC which, along with Appgen Business Software, Inc., will jointly market business and personal financial management products as "The Appgen Software Companies". The Appgen Software Companies will sell prepackaged products directly to consumers of business and personal financial software.

HealthEdge Brings Home Healthcare to the Linux World. FireLogic, Inc. announced today the release of the first of its HealthEngage Technology Platform products, HealthEngage-Asthma. HealthEngage-Asthma is a software application that allows users to track their health data.

Loki at March conferences. Loki developers Sam Lantinga and Bernd Kreimeier will be giving a talk at the upcoming Game Developers Conference March 20-24 in San Jose. Also Loki President Scott Draeker will speak at the Colorado Linux Info Quest on March 30th.

Section Editor: Michael J. Hammel


March 8, 2001


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


Audio

MP3 alternative takes the open source trail (ZDNet). Ogg Vorbis continues to make news as an alternative to the license restricted MP3 format, and ZDNet is watching the development team. "They've made some considerable inroads in the eight months since their first beta release. The format is already supported in the latest version of the Sonique digital music software and in plug-in format for AOL Time Warner's Winamp player."

Documentation

LDP Weekly News, March 6th. David Merrill has posted the latest issue of the LDP Weekly News. Updates this week were made to the SLIP/PPP, Modem, and LDAP Howto's, among others.

Education

Linux in Education Report #39. Doug Loss has issued the latest Linux in Education Report which covers, among other things, a discussion on user interfaces for kids.

Electronics

gEDA-gaf 20010304 snapshot. A new development snapshot of gEDA-gaf has been announced This package contains the gschem schematic drawing program and other software. Also on the gEDA site, a new version of the Icarus Verilog compiler has been released.

Embedded Systems

Embedded Linux Newsletter for March 1, 2001 (LinuxDevices.com). LinuxDevices.com has posted the weekly Embedded Linux Newsletter, covering the past week's events in the embedded Linux world.

Interoperability

Wine Weekly News for February 28 and March 5, 2001. The February 28 edition of the Wine Weekly News arrived shortly after LWN published last week. Topics include dealing with TCP/IP from Wine, making a Wine test harness, and library renaming.

Just in time for this week's LWN, here is the March 5 edition of the Wine Weekly News. This week's topics include a Wine speed up, press coverage of Wine, and C coding style.

Libraries

GTK+, GLib 1.2.9 released. Owen Taylor has announced the release of the latest versions of the GTK family, GTK+ 1.2.9 and GLib 1.2.9. This release includes an experimental theme-engine-only API for themes to change geometry parameters. This makes possible a number of things which were possible only by unsafe-hacks in prior versions of GTK+. The new code is available for download.

Mail Software

Mailman 2.0.2 released. Version 2.0.2 of Mailman, the GNU Mailing List Manager has been announced. This release fixes a privacy hole and other bugs.

Web-site Development

Webware 0.5 for Python. A new release of Webware for Python is available. "Webware for Python is a suite of software components for developing object-oriented, web-based applications." Release notes are also available for two related components, PSP and MiscUtils.

CMF 1.0beta for Zope Released. Version 1.0beta of CMF has been released. "The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. As packaged, the CMF generates a site much like the Zope.org site. The CMF is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides."

Section Editor: Forrest Cook


March 8, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Erlang

Erlang R7B-2 available. A new bug-fix release of Erlang, version R7B-2, is available for downloading.

Java

Open Source Java: Ant (O'Reilly). David Thomson writes about Ant, an open-source XML based alternative to Make in an O'Reilly onJava.com article.

Jikes 1.13 released. Noted in a very brief announcement posted to the news page of the Jikes project: version 1.13 of the Jikes compiler has been released. The Jikes release notes can be found online as well. (Thanks to Mo Dejong)

Revisiting Java technology on the client (IBM devloperWorks). Joseph Sinclair talks about client-side Java in an IBM developerWorks article. "When the Java platform was first announced, it was heralded as the way to take the Web -- a mostly static collection of simple pages -- to a stunning level of interactivity. The primary goal of the Java initiative was to provide developers the ability to create small applications that could run on any client machine and provide highly interactive experiences using a combination of client processing and server-provided data.
Somewhere along the line, much of the Java promise on the client was lost.
"

Markup Languages

Abstracting the interface, Part II (IBM developerWorks). Martin Gerlach continues his look at XML data and XSL style sheets in an IBM developerWorks article. You might want to read the first article in the series for the full story.

XML tutorial (Troubleshooters.com). This tutorial on XML features an open source perspective on learning XML. The article focuses on Linux and the Apache Software Foundation's Xerces-Java, covering DOM, SAX, and DTD's.

Perl

Perl 5 Porters for March 5, 2001. The March 5, 2001 edition of the Perl 5 Porters digest is out. Topics include locale support, finding memory leaks, Unicode, and more.

Perltidy: unobfuscate your Perl code. A new version of Steve Hancock's perl code cleaner, Perltidy is available. Perltidy seems to do a decent job of cleaning up ugly code as shown in this example.

PHP

Announcing PHP-GTK. A new use has been found for PHP, talking to GTK. See the announcement of PHP-GTK for the details. "Too often PHP is thought of as only an HTML-embedded Web scripting language. But it is also a very full-featured general purpose language that can be used for much more. One of the goals behind this project was to prove that PHP can be used to write client-side GUI applications."

PHP Weekly News for March 5, 2001. The March 5, 2001 edition of the PHP Weekly News is out. This edition covers the PHP GTK+ extension, PHP and Solid DB 3.5, function renaming, Japanese Multibyte support, and more.

Python

Dr. Dobb's Python-URL!, March 5th. The weekly Dr. Dobb's "Python-URL!" is available. It noted Guido van Rossum's release of Python 1.6.1 to fix the GPL incompatibilities in the license and the Python 2.1b1 release among other things. On the topic of Python 2.1b1, see Guido's announcement.

Python Development Summary, 2001/02/15 - 2001/03/01. The traffic summary for the python-dev mailing has been posted for the period of February 15 through March 1, 2001.

Python Software Foundation launched. Guido van Rossum has announced the launch of the Python Software Foundation, whose job will be "to provide educational, legal and financial resources to the Python community." Among other things, the PSF will hold Python's intellectual property - the copyright to the code. The board of directors is David Ascher, Paul Everitt, Fredrik Lundh, Tim Peters, Greg Stein, Guido van Rossum, and Thomas Wouters.

wxPython for newbies (IBM developerWorks). An IBM developWorks article covers GUI development with the wxPython library. "The wxPython library's windows are real live native windows and can do anything native windows can do, allowing your wxPython program to be a much better-behaved citizen. And the whole shebang can be wrapped into an easy installation package. Maybe I'm just a curmudgeon, but I find all this to be much easier than the same thing under Java."

Recipes wanted for New Python Cookbook. ActiveState and O'Reilly are putting together a Python cookbook, which will be available for download. They are currently looking for "recipies", useful bits of Python code and documentation to be included in the cookbook. More information is available on the Python Cookbook web page.

O'Reilly has also announced the release of the second edition of Programming Python, which has been updated to cover Python 2.0.

PythonWare PY20 for Linux. The PythonWare PY20 Python package is available for Linux in RPM format. "The Pythonware PY20 distribution is a collection of some of the most useful modules packed in a small self installing package. Don't be fooled by its size. This is a complete Python environment."

Tcl/Tk

Moodss-14.0 announced. Version 14-0 of Moodss, the Modular Object Oriented Dynamic Spread Sheet has been announced by Jean-Luc Fontaine. Moodss requires tclpython and a new release of that has also been announced.

ASED Tcl/Tk IDE version 2.0.8 released. A bug fix release of ASED, a Tcl/TK IDE has been announced by Andreas Sievers. ASED is released under the Gnu Public License (GPL).

Alphatk text editor 8.0fc1. A new release of Alphatk has been announced. "Alphatk is a text editor. It's most useful for programmers, those writing a lot of TeX or LaTeX documents, and for editing of HTML source files. It has very rich features to aid in writing and editing files of those document types."

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Zero-Knowledge Systems Names Technology, Privacy and Legal Leaders to Its Advisory Board. Zero-Knowledge is the provider of privacy enabling technologies and services for both consumers and enterprise. They will be known to many as the developer of the multi-platform, open source Freedom 2.0 Internet Privacy Suite. Released under the GNU GPL, the suite includes a personal firewall, form filler, cookie manager, ad manager and a keyword alert.

Zero-Knowledge has signed on an impressive list of people to head its advisory board. The eight new board members include Bruce Schneier, Founder and Chief Technical Officer of Counterpane Internet Security and author of Applied Cryptography and Secrets & Lies: Digital Security in a Networked World; Whitfield Diffie, co-creator of public key cryptography and co-author of Privacy on the Line: the Politics of Wiretapping and Encryption; and Stanford Law School professor Lawrence Lessig. The other five members are just as impressive. The company expects the Board to provide senior management with strategic guidance, help the company create new privacy products and services for customers, and act as company resources and liaisons in their respective communities.

Lineo to acquire Convergence Integrated Media. Lineo, Inc. announced it has obtained a signed letter of intent to acquire Convergence Integrated Media. Convergence is a developer of operating systems and software for digital communications products, such as personal video recorders (PVR) and digital video disk (DVD) devices. With this acquisition Lineo hopes to become the first and only provider of Linux-based development tools for digital television products. Terms of the deal were not disclosed.

ARM Launches University Contest for New System Designs. ARM, a provider of 16/32-bit embedded RISC microprocessor solutions, launched the ARM Design Contest for Education. Participation is open to individual students or groups of students from universities and high schools. The subject of the design is open but the system must include or simulate at least one ARM processor. Design examples could include hardware & software: uHAL embedded RT Linux applications, cryptography, and low-power applications.

Plexis Group Director Addresses GIS Conference. Plexis Group, LLC director Scott Stephens' presentation illustrated diverse uses of GIS through the Linux operating system. Landmark Information Group, Ltd., employs a 1 Ghz Linux PC to run Linux GenaMap, a product of Gena Warehouse Ltd. Using this operating system and software, Landmark Information Group provides free access to first edition historical ordnance survey maps of Great Britain, between 1846 and 1899.

Borland Kylix Now Available. Borland announced the immediate availability of Borland Kylix. Kylix is a native rapid application development (RAD) environment for the Linux operating system.

SAS Introduces Linux Cross-Hosted Compiler For S/390 Environments. SAS Institute announced the planned availability of Version 7.0 of the SAS/C and the SAS/C++ Cross-platform Development System for Linux, targeted at OS/390 and VM/ESA.

Open Motif supports 2.4 kernel. ICS has released an updated version of Open Motif Everywhere. This new release officially incorporates Open Group Patch 3 and Patch 4 into the Open Motif release. These patches include numerous bug fixes and updates to the Motif libraries, clients and the demo source code. RPMs (version 4) are also provided for both Red Hat Linux 7, SuSE Linux 7.1 and other distributions using glibc 2.2.

LPI News for February 2001. In this issue:

  • Prosoft and LPI Join Forces
  • LPI Job Analysis Survey
  • LWE Report
  • Paris Linux Expo Report
  • LPI Certified Hiring Practices
  • Russian LPI Efforts
  • Bulk LPI Testing Vouchers
  • Sponsors in the spotlight

Linux Stock Index for March 01 to March 07, 2001.

LSI at closing on March 01, 2001 ... 32.54
LSI at closing on March 07, 2001 ... 34.41

The high for the week was 34.41
The low for the week was 32.54

Press Releases:

Open source products

Unless specified, license is unverified.

Proprietary Products for Linux

Servers and Desktops

Products and Services Using Linux

Products With Linux Versions

Java Products

Books

Partnerships

Investments and Acquisitions

Personnel and New Offices

Financial Results

Linux At Work

Other

Section Editor: Rebecca Sobol.


March 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Using GPL software in embedded applications (LinuxDevices). LinuxDevices.com looks at the issues related to using GPL'd software in embedded applications and the reported fear Wind River has expressed that the GPL is impeding embedded application development. "If Wind River is really worried about the legal status of the GPL, why have they devoted substantial resources to modifying and marketing GDB as a product? We can only assume that others besides Schacker believe that the GPL protects Wind River's right to market this derived product -- that it had at least some legal plausibility."

Crafting the free-software future (Salon). Salon has run a lengthy look at SourceForge. "Not everyone welcomes the kind of collaboration underway at SourceForge. Members of the Free Software Foundation, an older, radical wing of altruistic coders, argue that SourceForge effectively is stealing its thunder. Many software projects at the site are being built by coders sharing the foundation's philosophy -- namely, that all code should be freely published for the purposes of personal liberty and collective action. But SourceForge doesn't properly promote this philosophy, says foundation leader Richard Stallman."

P2P

Peer-to-peer technology reaches millions of users (CNN). CNN examines the battle brewing between Gnutella and Freenet to replace legally encumbered Napster. "Gnutella is a decentralized system. There's no single server that tells you all the information of who's got what. So there's no single point in the continuum that you can force to shut down,' said Aram Sinnreich, senior analyst for Jupiter Media Metrix. 'If you take half of the computers that use Gnutella off the system, the other half will still work just fine."

Rival services prepare for Napster onslaught (C|Net). Gnutella is preparing for its day in the sun, though it probably won't be able to take over for Napster should they be shut down on Friday, according to a C|Net News.com report. "It's important to note that Gnutella doesn't scale like Napster,' said Kelly Truelove, chief executive of Clip2, which conducts research and consulting on peer-to-peer technologies. 'Even if Gnutella remains usable under increased load, it's not clear whether it will be usable enough."

Sun aims at peer-to-peer search with acquisition (News.com). C|Net examines Sun's entry into peer-to-peer with the start of it's Jxta project. "As a possible foundation for a wide array of Net-based services from Sun as well as other companies, the Jxta initiative was seen as potential competition for Microsoft's proprietary .Net Web services plans. Sun chief scientist Bill Joy said last month that Sun plans its own set of peer-to-peer services and wants the open-source software in place to make them possible."

Companies

Linux company Lineo resumes acquisition spree (News.com). Embedded Linux vendor Lineo looks to push further into the set-top box market through acquisitions according to a C|Net News.com report. "The planned acquisition of Convergence would mark Lineo's seventh acquisition but not its last, Ball said. Through past acquisitions, the company has increased its employee count more than tenfold, Ball added."

IBM Is Putting on the (Linux) Tux (Wired). Wired News covers IBM advertising featuring Tux the Linux penguin. "Linux kernel creator Linus Torvalds has put his stamp of approval on the ad campaign, which uses strong 1960s-style psychedelic graphics -- a heart and a peace symbol along with Tux -- to appeal to ex-hippie baby boomers, whom IBM hopes will find the idea of a free, community-developed operating system appealing. "

IBM To Partners: Here's $3,000 For Linux (TechWeb). IBM has offered to pay partners up to $3000US for any of their employees who pass the LPI or Red Hat certification programs. (Thanks to Walt Smith for a workable URL.)

Big Blue spreads Linux love with new ads (News.com). Flightless water fowl will dominate the skylines of Times Square and Silicon Valley in the near future, as C|Net carries Bloomberg's report on IBM's advertising blitz for everyone's favorite mascot. "A six-story billboard is scheduled to appear in New York's Times Square late next week, and others will rise in California's Silicon Valley. They will proclaim in symbolic form: "Peace, Love & Linux." The free Linux computer operating system has long used the penguin as its mascot, and smiling portraits of the black-and- white flightless bird will dominate the pitch."

Business

Brazil test-drives a Volkscomputer (News.com). In Brazil, the Linux-based Volkscomputer could help more people surf the Internet. "Late last year the government commissioned Vale Campos' team to design the low-budget Internet-surfing machine as a response to worries about worsening the country's social and economic inequalities by starving the poor of information technology."

China faces obstacles in Linux leap forward (News.com). This article in C|Net's News.com says Linux is not doing well in China. "So far, computers with the Windows software installed are selling briskly, even though they are 80 percent more expensive, Yu said. Customers with Linux-installed models, meantime, are asking to swap for Windows."

How to succeed at selling free software (ZDNet). ZDNet looks at how businesses can use the GPL using Zelerate as an example. "Take Zelerate, formerly OpenSales, which sells commerce and fulfillment packages starting at $25,000. Every part of its offering can be downloaded for free. Yet, according to Founder Rob Ferber, 'Customers want to pay for software'."

Can Linux make a buck? Here's how (ZDNet). Evan Leibovitch thinks he's knows the secret to the almighty Linux dollar. "The Linux world has not come to grips with the task of assembling a market-savvy and aggressive field of Linux-friendly VARs and system integrators. Speaking as someone who's been involved with Unix and Linux VARs for more than a decade, I believe that there are plenty of opportunities for VARs and major service vendors to fill this gap."

Linux catching up to Windows in server market (News.com). C|Net News.com reports on the continued growth of the Linux server market. "Linux grabbed 27 percent market share in 2000, up from 25 percent the previous year. In 1999, Linux also was the fastest-growing server operating system."

Intel draws out Itanium arrival (News.com). C|Net reports on the delayed rollout of the latest chip from Intel. "Intel's Fister said computer manufacturers will unveil Itanium-based systems over a period of months. For example, IBM may introduce a Linux machine early, while Hewlett-Packard might unveil a system with its own HP-UX operating system a little later in the year, he said."

Some new shrink-wrap license terms seem tailor-made for UCITA (InfoWorld). This InfoWorld article says the Uniform Computer Information Transactions Act (UCITA) could be a license to kill. "UCITA supporters have scoffed at the notion that publishers would use shrink-wrap licenses to prohibit public criticism of their products. Nonetheless, our friends at Network Associates seem prepared to do just that with their click-wrap license for VirusScan 5.15. ''The customer shall not disclose the results of any benchmark test to any third party without Network Associates' prior written approval,'' reads one part of its EULA, immediately followed by: ''The customer will not publish reviews of the product without prior consent from Network Associates.'' Network Associates declined to comment on why it includes these terms in the VirusScan license." (Thanks to Jay R. Ashworth)

Security

CIA-backed venture eyes anonymity software (CNN). The CIA is interested in how the (to be open-sourced) Triangle Boy anonymizer software can be used to safely browse the web. "SafeWeb's Web site currently provides free immediate access to an "anonymizer" that lets anyone surf anonymously and securely by typing in a Web address. It replaces the URL bar with a JavaScript and establishes an encrypted connection from the user's desktop using 128-bit Secure Sockets Layer with cookies automatically disabled, [Chief strategic officer of In-Q-Tel Christopher] Tucker said."

The Great Security Debate: Linux vs. Windows (osOpinion). Another in the Linux vs Windows parade, this article looks at how Linux offers tighter security options than Windows. "Microsoft operating systems such as Windows 98 and 2000 have logged enough vulnerabilities to lead a SecurityFocus.com tally in which Windows-based systems averaged nearly 70 percent more vulnerabilities in 2000 than their Linux counterparts."

Products

Consider Apache (LinuxToday.com.au). The Australian LinuxToday looks at the Apache web server. "Since then, Apache has developed into the worlds' favourite web server. It's free, it's fast, and it runs on a very wide variety of hardware and operating systems. The combination of GNU/Linux or a *BSD variant, some cheap Intel-based hardware, and Apache has proven to be a simple and very inexpensive way to set up a web server."

Device profile: Ericsson's Bluetooth "blip" (LinuxDevices). The BLIP is a new technology aka Bluetooth Local Infotainment Point. LinuxDevices takes a close look at Ericsson's Linux-based BLIP. "The device is a tiny networked computer system with a built-in Bluetooth two-way radio. That allows it to provide information transfer to and from Bluetooth-enabled wireless devices (phones, PDAs, etc.) that come within its communications range. The blip thus establishes a localized wireless LAN, which users can freely access via their Bluetooth-enabled mobile devices."

Toshiba enters server appliance market (News.com). Toshiba's Linux-based Magnia SG10 costs $1,289 to $1,799 and, according to this C|Net News.com story, is based on a 350MHz AMD K6-2 processor with 64MB of memory. "In addition, Toshiba plans to sign up business partners who want real estate on the systems. For example, software on the system includes a link to companies that sell office supplies."

Sharp enters Linux PDA market. C|Net reports that Sharp is poised to enter the Linux PDA market sometime in October. "Osaka-based Sharp will be the first major maker of PDAs (personal digital assistants) to introduce a Linux OS-based PDA, said Hiroshi Uno, general manager of the company's mobile systems division, in an interview. The new models will be available in the United States and Europe from October, he said."

Reviews

USB Modems Under Linux: D-Link's DSB-560 (SignalGround). SignalGround has this story on USB modems and Linux. "As it turns out, the Linux USB modem driver, also known as the ACM driver, works only when modem hardware designers follow some particular specs (called, surprisingly enough, "ACM"). If the hardware designers made sure the USB modem conformed to what is known as the 'Abstract Control Model', the modem would most likely work with the Linux ACM driver."

Miscellaneous

Herbert Simon (Economist). The Economist has run an obituary for Herbert Simon. "In 1978, Herbert Simon was awarded the Nobel prize for economics. What for many people would be regarded as the culmination of a life's work, Mr Simon took almost casually, a diversion. The Swedish judges at the presentation ceremony were a touch hurt to hear that artificial intelligence had been his central interest, rather than economics, although of course he was interested in that discipline too."

The GNU GPL and the American Way (ZDNet). Richard Stallman speaks his mind in this article from ZDNet. " No license can stop Microsoft from practicing "embrace and extend" if they are determined to do so at all costs. If they write their own program from scratch, and use none of our code, the license on our code does not affect them. But a total rewrite is costly and hard, and even Microsoft can't do it all the time. Hence their campaign to persuade us to abandon the license that protects our community, the license that won't let them say, "What's yours is mine, and what's mine is mine." They want us to let them take whatever they want, without ever giving anything back. They want us to abandon our defenses"

Putting a New Soul in Your PC (NY Times). The New York Times reports on a newbies experience with Linux and his comparison of the GNOME interface to the Windows and Mac worlds. "To install a niftier version of Gnome from the Ximian Web site, for example, I had to log on as the root user (administrator) in a terminal window and type "lynx -source http://go-gnome.com | sh" to start the installation, something that may require only mouse clicks with the Windows or Mac operating systems." Either of those methods, however, would make a security-aware person cringe.

Section Editor: Rebecca Sobol


March 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

LinuxFocus, March 2001. The March 2001 issue of LinuxFocus has been published. Articles this month cover topics such as real time data monitoring, real time mp3, the GNUStep project, and using textures in POVRay, the 3D rendering engine.

Bulma, Spanish language news site. A new Spanish language web site, Bulma, under development for 2 years at the University of Balearic Islands University, has gone live. The site covers Linux news, HOWTOs, and FAQs.

Linux Gazette #64. The latest issue of the Linux Gazette has been published by the Linux Journal. This month the free, user-contributed online magazine is carrying articles on using the secure shell (ssh) suite of tools, thoughts on the Linux Router project, and part 2 of the Learning Perl series.

Tip of the Week: Learning How to Count. LinuxLookup's tip of the week looks at the wc command.

Linux Buyer's Guide #9. The Duke of URL Linux Buyer's Guide #9 is now available. "With another month, we've seen Linux advance even further with Linux 2.4.2 (which fixes some KT133A problems, among other things), as well as the release of many new pieces of hardware such as the NVIDIA GeForce3, ATI Radeon SE and LE, the VIA Apollo Pro 266, not to mention the flood of DDR SDRAM to the market. All of these developments are also very relevant to Linux, as it is quickly becoming a trend to support Linux out of the gates now."

Events

Computers in Libraries 2001. Computers in Libraries 2001 is a conference for librarians and information managers. Linux is on the program with talks like The Retooled Box: A Linux-Samba Path from Retired Workstation to Production Server. March 14 - 16, 2001 in the Washington Hilton & Towers, Washington, DC.

O'Reilly Enterprise Java Conference. The O'Reilly Enterprise Java Conference takes place from March 26 - 29, 2001 at the Westin Hotel in Santa Clara, California.

CLIQ 2001 signs HP, David Sifry of Linuxcare. CLIQ 2001 has signed Linuxcare CTO David L. Sifry to provide the keynote at the March 30th event. Also signed is HP, to a top level sponsorship. And the speakers lineup is now complete, covering everything from GNOME and KDE to embedded Linux and from getting a return on investment from open source to Debian and using your Palm Pilot with Linux.

Also CLIQ 2001 has set registration deadlines for mail-in registrations for both attendees and exhibitors.

Note: LWN.net is proud to be a top level sponsor of CLIQ 2001.

ApacheCon 2001 Session Highlights. The Apache Software Foundation announced over 70 speaker sessions for this spring's ApacheCon 2001, the annual conference and exhibition for Apache-related and open-source software. ApacheCon 2001 will be held in Santa Clara, California, April 4 - 6, 2001.

More XML DevCon. The XML DevCon series continues with XML DevCon NYC coming April 8 - 11, 2001 in New York City.

Linux Africa 2001. AITEC is hosting the first Linux Africa exhibition and conference in Johannesburg, South Africa, to provide an education and marketing platform to spread Linux knowledge and applications throughout the region. Linux Africa will be at the Kyalami Exhibition & Conference Centre in Johannesburg, South Africa, 24-26 April 2001.

The Internet Security Conference. TISC announced the addition of Interop, a Key3Media Group, Inc. brand, as a media sponsor for its upcoming conference to be held June 4-8, 2001 at the Century Plaza Hotel in Los Angeles.

March/April events.
Date Event Location
March 5 - March 8, 2001. The 9th International Python Conference Long Beach, California.
March 5 - March 9, 2001. Networld+Interop 2001 Sydney Convention and Exhibition Centre, Sydney, Australia.
March 7 - March 9, 2001. Linux Open Source Conference and Business Expo. Sydney Convention and Exhibition Centre, Sydney, Australia.
March 15, 2001. Linux convention (in Icelandic). Iceland.
March 19 - March 22, 2001. SGI Global Developer Conference Burlingame, California.
March 20 - March 22, 2001. FOSE 2001 Washington DC Convention Center.
March 21 - March 24, 2001. Singapore Linux Conference / LinuxWorld 2001 Singapore.
March 22 - March 23, 2001. Linux Accessibility Conference Los Angeles, California.
March 22 - March 28, 2001. CeBIT 2001 Hannover, Germany
March 28 - March 29, 2001. LinuxBazaar 2001 Czech Republic.
March 29 - March 30, 2001. Colorado Linux Info Quest Denver Marriott Tech Center, Denver, Colorado.
April 2 - April 5, 2001. COMDEX Chicago McCormick Place, Chicago, Illinois.
April 4 - April 5, 2001. Linux Expo Madrid Palacio de Congresos, Madrid, Spain.
April 6 - April 8, 2001. GNOME Users And Developers European Conference (GUADEC) 2001 Copenhagen, Denmark.
April 8 - April 11, 2001. XML DevCon Spring 2001 New York Marriott Marquis, New York City.
April 9 - April 13, 2001. Embedded Systems Conference San Francisco, California.
April 20, 2001. 2nd Annual Symposium on Pliant Implementation and Concepts (ASPIC 2001) Paris, France.
April 23 - April 27, 2001. Linux Expo Road Show Eastern Europe.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

IT User Group Open Day. Australian IT user groups will meet on March 10, 2001 in South Melbourne. Join Linux users, Python users, Unix users and others for this free event.

Sydney Linux Users Group - Install Fest Announcement. If you are in Australia, but closer to Sydney check out the SLUG Install Fest and BBQ at the beach on March 10, 2001.

Silicon Corridor LINUX Users Group. The SCLUG will be holding their next meeting at the Back of Beyond Pub, Reading, Berkshire, UK on 14 March 2001.

LUGOD Installfest. The Linux Users' Group of Davis and the UC Davis Computer Club will be holding a Linux Installfest on Sunday, March 18th, from 10:00am - 6:00pm. The event will take place in room 1131 of the Engineering Unit II building at UC Davis.

LUG Events: March 8 - March 22, 2001.
Date Event Location
March 8, 2001. Phoenix Linux Users Group (PLUG) Sequoia Charter School, Mesa, AZ.
March 8, 2001. Boulder Linux Users Group (BLUG) NIST Radio Building, Boulder, CO.
March 10, 2001. LUGOD Demo Day Border's Books, Davis, CA.
March 10, 2001. Route 66 Linux Users Group La Verne, California.
March 10, 2001. Consortium of All Bay Area Linux (CABAL) Menlo Park, California.
March 11, 2001. NorthWest Chicagoland Linux User Group Installfest Room M244, Harper College, Palatine, Illinois.
March 13, 2001. Long Island Linux Users Group (LILUG) SUNY Farmingdale, NY.
March 13, 2001. Victoria Linux Users Group(VLUG) University of Victoria, Victoria, British Columbia, Canada.
March 14, 2001. Silicon Corridor LINUX Users Group (SCLUG) Back of Beyond pub in Kings Road, Reading.
March 14, 2001. Toledo Area Linux Users Group (TALUG) University of Toledo, Toledo, OH.
March 14, 2001. Columbia Area Linux Users Group (CALUG) Capita Technologies Training Center, Columbia, MD.
March 15, 2001. South Mississippi Linux Users Group (SMLUG) Barnes & Noble, Gulfport, Mississippi.
March 15, 2001. St. Louis Unix Users Group (SLUUG) - Linux SIG St. Louis County Library, Indian Trails Branch, St. Louis, Missouri.
March 16, 2001. Rock River Linux Users Group (RRLUG) Rockford College, Rockford, Illinois.
March 17, 2001. North Texas Linux Users Group (NTLUG) Nokia Centre, Irving, Texas.
March 17, 2001. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
March 17, 2001. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
March 18, 2001. Beachside Linux User Group Conway, South Carolina.
March 18, 2001. Linux Users' Group of Davis (LUGOD) Installfest Davis, CA.
March 19, 2001. Linux Users' Group of Davis (LUGOD) Z-World, Davis, CA.
March 20, 2001. Kansas City Linux Users Group DemoDay (KCLUG) Kansas City Public Library, Kansas City, MO.
March 20, 2001. Bay Area Linux User Group (BALUG) Four Seas Restaurant, Chinatown, San Francisco.
March 21, 2001. Arizona State University Linux Users Group (ASULUG) Tempe, AZ.
March 21, 2001. Linux User Group of Groningen Groningen, Netherlands.
March 21, 2001. Central Iowa Linux Users Group (CIALUG) West Des Moines, IA.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


March 8, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Three years ago (March 12, 1998 LWN): Netscape finally came out with the license under which the Mozilla browser would be released. Not everybody liked the MPL, but it was generally seen as an attempt to balance Netscape's interests (being able to release proprietary browsers with Mozilla code) and the need for a free license. Certainly (then) Debian Project leader Bruce Perens was pleased:

This is a historic day for us, since it means that Netscape will eventually be in the "main" part of Debian and all Linux systems, not the "non-free" section any longer!

Ralph Nader started pressing Dell to sell Linux-installed systems. Sun, meanwhile, offered a 70% discount for those willing to upgrade to Solaris 2.6 from Linux.

Development kernel 2.1.90pre was released:

I just put a pre-90 on ftp.kernel.org, and I'm happy to report that Davem seems to have found and fixed the TCP performance problem, which means that the code-freeze for 2.2 is going to go into effect shortly..
-- Linus

Little did we know that 2.2 was still almost a year away...

Two years ago (March 11, 1999 LWN): Echos from LinuxWorld still dominated the landscape, in many forms. The "free software vs. open source" battle raged on:

However, in Stallman's eyes, the programming community is more interested in talking about practical issues, like performance -- an anathema to Stallman. And this conflict is partly why Stallman is marginalized. Most people don't want to talk about freedom. There's been a splintering of the movement: away from free software created by ideologues to open-source software created by business-friendly pragmatists like Torvalds.
-- Wired News.

In the rest of the world, though, some felt that they needed to counteract some of the attention brought to Linux via bad press:

You implicitly trust a vendor to deliver a product or service as promised. And if the product or service is of poor quality or fails, you have recourse: a lawsuit. Right now Linux is more Woodstock than Main Street. There aren't enough vendors dedicated to the operating system, and it's kind of hard to sue the surfer in Venice Beach, Calif., who gives you poor Linux advice.
-- CIO

But will Linux find its way into the enterprise and (gasp) the corporate desktop? Don't bet on it. Commercial firms are risk-averse by nature. They are more than willing to pay an OS license for the right to sue somebody if things go wrong.
-- Internet Week.

The "who do you sue" argument seems to have faded over the last two years. Perhaps people have figured out that the number of successful lawsuits against proprietary software vendors is pretty low...

Debian 2.1 ("slink") was released on March 9.

Red Hat announced equity investments from Compaq, IBM, Novell, and Oracle. It was still a big deal back in those days.

One year ago (March 9, 2000 LWN): Free books online were the theme of the week, with the availability of Grokking the GIMP, an updated version of Using Samba, and the first bits of Andrew Leonard's Free Software Project.

Linux-Mandrake 7.0 PowerPack was released.

The OpenNMS project launched 'BlueBird', a free enterprise network management system. Believe it or not, the first stable release of DOSemu was announced, after that system had been used by many for years. Also released was "McKinley," the first preview of the Helix (now Ximian) GNOME desktop.

Bluepoint Linux surprised the world by becoming a publicly-traded company overnight via a "reverse takeover" deal with a shell corporation. LinuxMall.com completed its merger with Frank Kasper & Associates. Meanwhile investors were beginning to complain about Corel's proposed merger with Inprise; Inprise director Robert Coates resigned in protest.

Forbes wondered what might become of SGI:

The thinking at this point is that the most likely buyer would be a company like VA Linux, the maker of Linux-based workstations. Acquiring SGI would give that young company established engineering skills, plus entry into businesses that already use SGI systems.

Times have changed somewhat...SGI is now worth four times VA.


March 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

March 8, 2001

   
Date: Thu, 1 Mar 2001 10:40:54 -0500
From: "Donald J. Barry" <don@astro.cornell.edu>
To: letters@lwn.net
Subject: Stallman's position on OGG/VORBIS


Dear LWN:

I take gentle issue with your ascription to Richard Stallman of an
a desire for "a more restrictive licensing for libraries."  In doing
so, you are under the mistaken belief that the GPL is in fact somehow 
less free than the BSD license.

This entirely depends upon your point of view.  To a user, software 
freedom encompasses such issues as, "will this software continue to be
developed in the public sphere?", "will I find that my hardware is now
only supported by a proprietary fork?", "will someone else take software
I have contributed to and commercialize the results?".  In this core
sense, the GPL is the most free of all the licenses.  

I can understand Stallman's decision to tactically endorse a flexible 
strategy in the case of OGG/Vorbis.  But here's to FREE software for
just about everything else.

Don Barry,
Cornell University
   
Date: Sat, 03 Mar 2001 20:04:52 -0500
From: Thomas Hood <jdthoodREMOVETHIS@yahoo.co.uk>
To: letters@lwn.net
Subject: Stallman on Freedom and the American Way

RMS's latest article comes on the heels of a Microsoft
executive's insinuation that the free software movement
is un-American.  Stallman's reaction is to accept the
presupposition that the American Way is the one true path,
and to argue that the GPL is faithful to this path because
it accords with the principles of the American revolution.

Stallman uses Allchin's comments as an opportunity to make
the point (again) that there is a difference between the
way the GPL promotes freedom and the way that a BSD-style
"open source" license grants it.  Whereas a BSD license
grants the licensee freedom to do whatever he or she likes
with the licensed code, including the freedom to adapt the
code and not publish the changes, the GPL restricts the
licensee's freedom in this respect in order to guarantee
another freedom---the freedom of other people to see any
code derived from the licensed code.  It is the fact that
the GPL promotes freedom in this way that RMS thinks makes
the GPL truly American.  But this is disingenuous.
Stallman is not being entirely frank about the ultimate
goals of the free software movement.

I think we should be frank.  There is no point in fighting
a war of propaganda.  There is no denying the accusation
that one of the main aims of the free software movement is
a socialistic one.  I don't really care that in the U.S.A.,
calling something "socialist" means that it is soon
called "communist" and then "Stalinist" and then (worst
of all!) "un-American".  Sticks and stones.  One of the
advantages of the free software movement being so international
as it is, is that it ought to be easier for us to think outside
the box of American political discourse.

The GPL is socialistic in that it is designed to promote a
social goal, which is the establishment of a archive of free
software and a community of developers dedicated to enlarging
and enhancing it.  Ultimately it may occur that this body of
software becomes so extensive and attractive that it becomes
indispensible---that it becomes a public-domain homologue
for what Microsoft software is now.  The goal is to 
revolutionize the means of production of software and to
establish a new mode of software distribution: To each 
according to his need; from each according to his ability.
If the movement is successful---if GPLed software becomes
"the standard"---then it will be more difficult for software
companies to make money selling proprietary software.  So 
the free software movement is not only socialistic in its
goals, but dangerous to a certain form of capitalism too.
In the case of Microsoft Corporation, the movement is openly
hostile.

To those who complain that these goals aren't the American Way,
let us simply say:  Well, if that's true, then so much the
worse for the American Way.

Thomas Hood
jdthood_AT_yahoo.co.uk
   
Date: Fri, 02 Mar 2001 20:48:59 -0500
From: Luke Seubert <lseubert@radix.net>
To: letters@lwn.net
Subject: Will Mozilla 1.1.1 be released in 2001?  Will it even matter?

Once again, the Mozilla project has fallen behind schedule, and the
release date for Mozilla 1.0 has been pushed back.  Details on the new
roadmap may be found at: http://www.mozilla.org/roadmap.html

The new roadmap reveals, among other things, the worst case assumptions
of Mozilla developers, showing that Mozilla might only reach version
0.9.6 in late 4Q 2001 if there are a lot of problems.  While we all hope
this will not be the case, the dreadfully slow pace of Mozilla
development over these past three years does little to discourage
pessimism in this regard.

The situation is even worse for those folks who prefer high quality,
feature complete, bug free software.  Common sense and experience tell
us to distrust 1.0 or 2.0 releases.  Whether proprietary, open source,
or free software; x.0 version programs usually have too many flaws.  The
recent release of KDE 2.1 is a good example of this in that it fulfills
the promises of KDE 2.0, now that it has a more complete feature set,
and far fewer bugs.

Mozilla likewise will probably not be truly ready for prime time until
Mozilla 1.1.1, which under best case assumptions won't happen until late
3Q 2001.  Frankly, given the endless delays in the Mozilla project, it
is not reasonable to expect a truly superb and complete browser until 4Q
2001 at the earliest, and more likely sometime in the first half of 2002
instead.  This could mean a total of four years for Mozilla to achieve
the promise made back in 1998 of a high quality, standards compliant,
free software, cross platform, integrated browser.

But will Mozilla even matter when it achieves true maturity, especially
in the Linux and *BSD worlds, which is the one place where Mozilla has
its best chance of success?  Consider that Konqueror, Galeon, and the
closed source Opera browser are all maturing quite rapidly. Combine
these browsers with your favorite GUI email client, newsreader, chat
program, and HTML composer, and you can have all the features and power
promised by Mozilla - but now, not "someday".

In war, an old axiom states that an imperfect battle plan implemented
quickly and with vigor will always beat the perfect strategy that is a
day late in coming.  Mozilla seeks to be the perfect
browser/composer/email&news&chat client that is all things to all people
on all platforms, and it may well achieve that goal.  But by the time
the goal is achieved, the battle may well be long over.

Luke Seubert

   
Date: Thu, 01 Mar 2001 03:32:29 -0600
From: Saber <fool@elven.org>
To: letters@lwn.net
Subject: quit crowing about DeCSS availability!

The last two LWN frontpages have smirkingly (is that a word :o) boasted of
how easy it is to get a copy of DeCSS even though the Bad Guys have been
spending a lot of effort to attack individuals spreading DeCSS. So what?

Heck, we can crash a bunch of punks into the courtrooms wearing DeCSS
t-shirts, but does that mean we're winning? Given: you cannot stop geeks
from bootlegging bits.  Problem: that's nothing compared to true
freedom. Will fancy software violating DMCA provisions reach consumers? No.


Saber Taylor
http://elven.org/saber/
   
Date: Sun, 4 Mar 2001 18:29:31 -0500 (EST)
From: Tom Permutt <tompermutt@home.com>
To: letters@lwn.net
Subject: Napster, "the music industry," and free music

I always enjoy your writing, and usually agree with your point of view.  I
am disturbed, however, by your recent comments on Napster and "the music
industry."

When you write about software, you carefully distinguish the proprietary
software industry from the free software community.  Furthermore, you have
taken pains to distinguish advocates of free software from advocates of
acquiring proprietary software for free.

The overwhelming majority of musicians belong to something analogous to
the free software community.  Some create music for love.  Some support
themselves by providing teaching and other services.  Some have jobs
related to music where their most creative work is indulged as an adjunct
to what makes money.

We honor one another's ideas by copying them, disseminating them, adapting
and improving them.  There are ethical constraints on this borrowing, but
they have little to do with copyright.  We are pretty free with sources
because what we respect is the ability to do something with them.  All
this must be very familiar to you and your readers.

A tiny minority of musicians are associated with what you call "the music
industry":  the mass-market, recorded, popular music industry.  Most
musicians have little interest in these products.  Many of us feel they
are of inferior quality; many of us believe this industry is inimical to
the advancement of the art; but most of us just don't care about it.  We
recognize, however, that the products are accessible, successfully
marketed, and very popular.

The users of Napster, it seems to me, are overwhelmingly people who want
this kind of music, and want it for free.  I hold no brief for the
producers whose products they appropriate, any more than I shed tears for
the members of the Software Publishers Association.  I fail to see,
however, why advocates of free software should make common cause with
these nonpaying consumers of proprietary products.

I am mystified by these words:  "Piracy is not the issue.  It is, instead,
a dishonest smokescreen put up by those who feel that a lucrative business
is threatened by new technologies."  Unlike free software, the threat is
not from new products, but from new, unauthorized methods of disseminating
proprietary products.  If there is such a thing as "piracy," what else can
it be?

Tom Permutt
tompermutt@home.com

   
Date: Tue, 6 Mar 2001 17:09:53 -0500 (EST)
From: "Ken D'Ambrosio" <kend@flyingtoasters.net>
To: <cdreward@riaa.com>
Subject: An open letter to the RIAA:

Jack Valenti meets Obi-Wan Kenobi

It really is interesting, in the grand scheme of things: the Recording
Industry Associationg of America (RIAA) is desperately fighting a battle
in the judicial system to shut down sites such as Napster.  It even
appears as if they are winning.  The ironic, and, truthfully, sad part,
however, is that they Just Don't Get It: instead of fighting Napster, and
trying to hold back technology (neo-Luddites of the world, untie!), they
should be seeing this as a grand opportunity to expand their horizons.
However, the RIAA is interested in one thing, really: money.  Sure, they
dress their fight up as if they were fighting for the poor, starving
artists, but it's the record labels that they really care about, because
that's where Mr. Valenti finds his paychecks coming from.  And so, in an
attempt to keep their money, the are, instead, about to throw it away.  It
is likely in the extreme that Napster will be shut down in the very near
future -- it's virtually impossible for them to keep copyrighted music
off "their" service, since the music is really on the PCs of people
scattered across the country.  While they can certainly cut out names of
songs that are copyrighted, schemes (such as putting them into pig
Latin) are already in the works to circumvent this, and it's unlikely the
courts will care.  Therefore, I believe that Napster will, eventually, go
away.

So where does Ben Kenobi come into the picture?  If you think back to Star
Wars, when Ben Kenobi is fighting Darth Vader, he says, "Strike me down,
and I will come back more powerful than you can imagine."  This is clearly
the case with the RIAA -- they obviously have no idea that they are
currently digging their own grave.  Instead of working with a centralized
"authority" such as Napster, to provide clients with easy, paid, access to
copyrighted material, they are going to squash the centralized authority...
and decentralized MP3 (etc.) sites will instead crop up to fill the
void.  Instead of having one tangible "foe," they will now have thousands,
if not millions, of sites, scattered throughout the world, in different
jurisdictions, running different software, all distributing (unpaid!)
copyrighted material.  If it's done right, it will even be untraceable.
There are probably just a few days left wherein the RIAA could actually
use Pandora's box for synergy; after they shut down Napster, however, they
will have won the battle, which will make their losing the war a virtual
certainty.  Instead of helping bring their artists into a more accessible
form of distribution, they will have slammed the lid shut on a what could
have been an unparalleled form of legal IP propagation, and will have
ensured that piracy, in heretofore unseen amounts, occurs.

Bottom line: the RIAA is the artist's (and studio's) own worst enemy.  The
Internet is here, but, instead of taking advantage of the single largest
peacetime economic engine ever, they're trying to fight it, and are now
doomed to fail -- hurting the very people they purport to represent.

It's really just sad; sad, and pathetic.  If I were a member of the RIAA,
I would certainly be calling for Jack Valenti's resignation right about
now, because it's 100% clear that he doesn't understand the forces at
work, and is causing infinitely more damage for both his clients, and the
users of the material, than would someone who understood, and *utilized*,
technology.

Sincerely,

Ken D'Ambrosio

   
Date: Wed, 07 Mar 2001 07:56:20 +0800
From: Leon Brooks <leon@brooks.fdns.net>
To: bkproffitt@home.com
Subject: wrong planet

You wrote here http://www.linuxplanet.com/linuxplanet/opinions/3064/1/ that:

 > I started laughing very loudly when I saw the latest IBM ad for 
Linux. [...]

 > Linux is hardly at its best these days, now is it?

It's never been better, and will always be better.

IBM's ad shows that they have learned something from Microsoft's 
upending of the chessboard halfway through the passionfingering of OS/2. 
Many people are not aware that Microsoft VMS, derived from Digital's 
Mica project and better known as Windows NT, was originally called 
``OS/2 NT'' (the name was changed when Windows 3 sold well).

IBM have an exceptionally clear understanding, pounded home by bitter 
experience, that if Microsoft get control of the basic protocols that 
run the Internet, everyone else is dead meat. They are doing with Linux 
as Sun are doing with StarOffice: starving Microsoft of opportunities 
for unfair leverage.

Regardless of how well they (or others) do in the marketplace, IBM 
understand that uless they adopt and push an Open (Libre) platform, they 
and everyone else will eventually become a Microsoft-controlled zombie, 
absorbed into what many people half-joking call The Borg, a corporate 
Microserf. You may not think that's so bad (and many people would 
agree), but the survival rate of corporate Microserfs is not an 
encouraging one.

Peace, Love and Linux is entirely appropriate. IBM are no angels, but 
they (and everyone else) need a certain amount of freedom (not unlike 
the freedoms espoused in the Sixties) to survive, and they know it, and 
unlike most of the dazed, confused IT corporations out there, are doing 
something about it.

Time will tell, but I suspect that IBM will come out of this as a 
butterfly from a chrysalis, clear of vision and strong of purpose as in 
the Sixties, but having lost a lot of the bully from its character. Even 
if they don't, their support for Open internet infrastructure is a 
worthy cause, and needs your support, not your scorn.

-- 
It's not that I'm afraid to die. I just don't want to be there
when it happens. -- Woody Allen

   
To: letters@lwn.net
From: sharkey@superk.physics.sunysb.edu
Subject: Another take on Jim Allchin's statements
Date: Thu, 01 Mar 2001 15:41:31 -0500


There's be a lot of hullabaloo lately regarding Jim Allchin's statements
cautioning against the government getting involved in the development
of works to be licensed under the GPL.

(See http://dailynews.yahoo.com/h/zd/20010220/tc/microsoft_clarifies_exec_s_open-source_concerns_1.html)

I've read very many broad interpretations of these remarks, but,
in this case I think it's better to give Mr. Allchin the benefit of the
doubt and interpret his remarks more narrowly.  What he is cautioning
against is the use of the GPL for "taxpayer-funded software development".

What people seem to forget is that the history of copyright law seems
to support Mr. Allchin's position.  You have to remember that the whole
purpose of intellectual property law is to increase creativity and
innovation among private citizens, not from within the government itself.
Because of this, government works are not eligible for copyright
protection.

(See http://www.loc.gov/copyright/circs/circ1.html#piu)

Government works are put into the public domain immediately.  That's
how we ended up with copies of the Starr Report on bookshelves across
the country seemingly within minutes of its release.  Anyone can print
copies of government works and do just about whatever they like with them.

Now, I don't necessarily think this is a good thing.  I'd love to see
the U.S. government start to fund software development much the way
science is funded now, but copyright law, as it is now, wouldn't seem
to allow this to be done using a license as restrictive as the GPL,
and without copyright, the GPL has no teeth.

Copyright law is always in a state of flux and you can certainly imagine
that the amount of congressional activity needed to establish a
National Software Foundation would be large compared to the relatively
small addendum to copyright law that would be needed to control
federally funded software with copyright, but Mr. Allchin is taking
the conservative view that copyright restrictions should continue to be
a right of the public alone.

You can agree or disagree with this position, but I don't really see
Jim Allchin expressing this point of view being Microsoft's attempt
"to create a cloud around the GPL" or "create a split in the free
source community" or any other such nonsense.  It's just a conservative
statement from a conservative person who works for a conservative
company.  No real surprises there.

Eric Sharkey
sharkey@superk.physics.sunysb.edu
   
Date: Thu, 01 Mar 2001 21:30:22 +0000
From: Thomas Sippel - Dau <t.sippel-dau@ic.ac.uk>
To: letters@lwn.net
Subject: Three cheers for Jim Allchin and Microsoft's Freedom to Innovate

Hello,

reading again after two weeks what Jim Allchin said about Open Source 
software destroying innovation, I think he has a point, and is
quite right to be worried. He is also right to be worried that 
legislators should understand this. The state has the power to force
people to do some things in a particular way. Take driving. The state
forces me (in Britain) to drive on the left hand side of the road,
in America, on the right. 

This stifles innovation. A manufacturer trying to build a killer product
round driving on the "other" side will simply get nowhere. The state can
also decide  between two competing products, both for its own use, and
for forcing people to use it. Often it tries to be scrupulously neutral
between competitors. But if there is a with-cost and a cost-free choice,
choosing the with-cost one, and asking people to fork out for that is
very difficult.

For the last eight years or so Microsoft had a two pronged marketing 
strategy. One side was build around "making it easier". Microsoft 
claimed to make computer use feasible for all those who can claim 
"I don't understand all this technology stuff". Having on your side 
the people who cheerfully claim to be too stupid to understand is a 
powerful weapon. It is almost impossible to argue against, because 
those who claim to be too stupid to understand will give you about 
two minutes to coonvince them otherwise, and then walk away because 
they can't understand your arguments.

This a wonderful strategy to employ when marketing to schools, for 
example. Yes, the software is not free, but it costs little and is
so easy to use, and the little ones are not technically versed enough
to use the somewhat uncouth cheaper or free software. But if the free
software works well enough, this argument no longer holds. Software
does not need to be brilliant - the Microsoft offerings are a splendid
case in point. Good enough software at a low cost or free (as in free 
beer) is an explosive mixture.

The second prong of Microsoft's marketing strategy was "innovation",
under this motto it has for some time waged war on its customers, and 
against all the rules it has been getting away with it. It has been 
doing this by ensnaring people, and in particular organisations, into 
the upgrade treadmill. Similar practices are common in many industries,
fashion, for example, or cars, where buying last years model is not
really the done thing.

With computers, due to the fact that there is still rapid technical 
development, people would of course like to have a newer, faster computer.
Just as they would like to have a newer car, or a new carpet in their
office. Organisations have long been able to deal with that. But with
software innovation, especially if done the Microsoft way, this is not
the case. If a few people in an organization get a newer version of
Office, and those on last years cannot read the documents they any more, 
then the organisation cannot just ignore that.

Of course, it could tell people with the shiny new boxes to shape up 
and save their documents in last year's format, or a compatible one 
like html. But hey, "I am too stupid to understand all this technical
stuff, I just click the 'Save' button, and it saves it. And I got this
new computer setup with these easy to use features, and now you tell
I should use it as if the stone age had never ended". 

Explaining why people should use compatible file formats costs time,
at least two hours for every hour of explanation (one person to do 
the exxplaining, the other the listening). And all that because the
employer is too mean to give everybody halfways decent kit. Why not
save this time and spend a few cents on software - the others will 
have to upgrade eventually anyway.

As far as innovation marketing goes, Microsoft's software upgrade 
strategy seems to me a lot closer to that of a glazier that pays 
thugs to smash windows than to that of a fashion designer or motor
company that makes last years model obsolete.

If there is free software available, than such a strategy does not
work any more, its impossible to undercut the price of the free
(as in beer) software, and where new features are actually wanted
people will build them into free (as in GNU) software. And if there
is a cost conscious Big User (like the state) going to use free 
software, then Microsoft's strategy is in tatters.

About two years ago there was an initiative in Austria and Germany
to ensure that public procurements consider an Open Source or free
alternatve. I guess Jim Allchin wanted to remind us that the free 
software is now good enough for those who "do not understand all that
technical stuff", and who "just want to get their work done".

I, for one, would like to thank him for that.
 
                                Thomas

*   Why not use metric units and get it right first time, every time ?
*
*   email: cmaae47 @ imperial.ac.uk
*   voice: +4420-7594-6912 (day)
*   fax:   +4420-7594-6958
*   snail: Thomas Sippel - Dau
*          Linux Services Manager
*          Imperial College of Science, Technology and Medicine
*          The Center for Computing Services
*          Exhibition Road
*          Kensington SW7 2BX
*          Great Britain
   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds