[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The Unified Embedded Platform Specification. Embedded Linux has been much in the news, due to the semi-annual Embedded Systems Conference. One of the more interesting items has been the announcement from the Embedded Linux Consortium on the creation of the "Unified Embedded Platform Specification."

This specification seeks to create a set of standard interfaces for embedded Linux systems. It will be heavily based on existing standards, including POSIX, the Single Unix Specification, and the Linux Standard Base. The plan is to have the specification ready for public release in "a few months," with a test suite and certification program available within a year. The announcement talks of outsourcing the test suite development to either the Free Standards Group or The Open Group. Future additions will even include a graphical user interface specification.

The purpose, of course, is to better position embedded Linux to compete against the other contenders in the field: Windows CE, VxWorks, and even PalmOS. The embedded Linux industry senses victory: using Linux in embedded systems just makes too much sense to ignore. Source availability, good small-system performance, and no royalties make a compelling combination; even in the current economic climate, the embedded Linux firms are seeing a lot of interest. The Unified Embedded Linux Specification is intended to help ensure that Linux will dominate the embedded marketplace.

And there may be a real need for this specification. There are many contenders in this market (CoolLogic, Lineo, LynuxWorks, Montavista, Red Hat, REDSonic, TimeSys, Transmeta, Transvirtual, and many others), each of which is trying to distinguish its products from the others. In many cases, their strategies include the incorporation of proprietary software products. Embedded Linux products could easily diverge from each other to the point that they truly are different systems, and that is unlikely to be good for the market as a whole. If the specification is successful, this fragmentation may be avoided, and domination of the (embedded) world will be that much easier.

The end of free beer? Libranet Linux surprised a number of people a couple of weeks ago with its new download policy. Those wanting an ISO image of Libranet 1.8.2 can download it for free as always. If, however, you want version 1.9.0, you'll have to pay $15 first. Free downloads for this (Debian-based) distribution are now a thing of the past.

Meanwhile, there has been some grumbling about the fact that there is no installable SuSE 7.1 ISO image available. SuSE has chosen not to release the CD image, and the licensing of its YAST tool makes it difficult for others to do so. Note that the distribution is available on the net, and FTP installs are possible - but you can't make a CD.

What is going on here is reasonably obvious. Bandwidth can be expensive; as more people get broadband connections that make it possible to think about downloading CD images, the bandwidth required to provide those images skyrockets. Distributors also can't help but feel that CD image downloads will, to some extent, result in reduced sales. And distributors, in the end, need to make money, somehow.

Thus, we are starting to see some attempts at controlling ISO image downloads. An immediate question that comes to mind, of course, is whether users will accept having to pay for ISO image downloads. So we asked Libranet's Jon Danzig how things were going:

During the time we were on Slashdot we had the paying download going non stop. It's slowed down a bit now, but this is in my opinion caused by the lack of ongoing publicity rather than any negative reactions. People really like the idea that they can get the latest ISO [image] within a few hours rather than having to wait for the CD. The $15 price doesn't seem to cause anyone a problem.

In the short term, at least, it appears that payment for downloads might just fly.

Another question we have seen raised is whether this sort of charge is allowed by the GPL. That one is easy: the GPL does not require that anybody distribute software for free. There will be no licensing problem with a charge for downloading. If, however, a company attempts to restrict further redistribution of the downloaded software, that would be a different story.

If free downloads do get harder to come by, we will essentially be going back to the past. Five years ago, there was little interest in downloading an entire distribution - few people had that kind of patience. People who wanted Linux bought a CD, either from the distributor or from a retailer selling cheaper copies. It may turn out that the free download was a late 1990's anomaly, and not the way it works in the long run.

SourceXchange shuts down. In the battle for corporate funding of open source software, many models have been created. One of the first, and most obvious, was the matching of qualified developers with companies who had specific needs. At least two projects were started in 1999 to address this market: CoSource and SourceXchange. While the fate of CoSource is currently unknown, SourceXchange, which was originally started as a joint project between technical book publisher O'Reilly and Hewlett-Packard, has finally decided to call it a day.

In a story first seen on C|Net's News.com, Collab.net's CTO and Co-Founder Brian Behlendorf talked about the demise of SourceXchange. "While a unique idea, and one that we feel really adhered more closely to the open-source ideal than any other work-for-hire site ever did, it simply did not achieve the volume of business necessary to maintain the site and evolve the offering to meet the needs of sponsors and developers".

Behlendorf, whose Collab.net company was the parent of SourceXchange, noted in an email message that the site had been quiet for some time. "After an initial spurt of interest, and a couple of successfully completed projects, we found that the overhead of being the broker and having to manually assist developers and sponsors had a higher cost than what we were getting in return."

Behlendorf also said that he felt most companies were becoming comfortable using in-house developers for open source projects and that the market for outsourcing development just never materialized. "I thought by and large the sponsors and developers had an honest interest in seeing this model work, as did we," said the project's CTO, "and I was happy with the code that was produced through the service. We just didn't get critical mass, even to support a small business such as ours."

While SourceXchange is set to wrap things up, it's main competitor seems to be in a bit of limbo. CoSource, formed by a company called Veriteam, which later became VistaSource when bought by Applix who in turn recently sold it to Parallax, has posted no news on their Web site since October 2000 even though project requests and status updates are still being posted through the first week of April 2001. Unfortunately, the fate of this venture has not been mentioned in corporate responses to the demise of Applix's desktop products after the sale of VistaSource to Parallax.

The folks at CollabNet are not closing their doors completely, however, and will now be working full-time on their collaborative development platform known as SourceCast. Behlendorf also stated that the code for managing development projects under SourceXchange will be made available to interested parties, though as this time Collab.net doesn't currently have it packaged in a distributable format. Interested parties should contact Brian Behlendorf at brian@collab.net.

Inside this week's Linux Weekly News:

  • Security: Adore's kernel module and a way to protect against loadable kernel modules, ntp and Netscape vulnerabilities.
  • Kernel: Nailing down the 2.4 bugs; no more jiffies?; CML2 1.0.
  • Distributions: Fried Chicken Linux, DSPLinux and CDLinux join the list. News from Red Hat, Debian, Slackware, Linux-Mandrake and more.
  • On the Desktop: Bonobo comes out, GUADEC ends, and KDE goes in (embedded, that is).
  • Development: Apache 2.0, Kdevelop, Scientific Python, Two New Perls, O-O History.
  • Commerce: Embedded Systems have a Hot Time in San Francisco.
  • History: Three years ago Eric S. Raymond released Homesteading the Noosphere; two years ago, the Mindcraft study.
  • Letters: Auto upgrades; kernel summit; Wind River and the GPL.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

April 12, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

Adore those kernel modules. It seems highly likely the name of the Adore worm was chosen partially because it provides opportunity for so many humorous headlines and off-hand comments. However, there are a couple of points about the Adore worm that did not come to light before we published last week. The most important point is that the Adore worm, unlike the Ramen and Lion worms of which it was considered to be a variant, is the first worm to use a loadable Linux kernel module to hide its tracks.

We've been discussing the security impact of loadable kernel modules for some time. For example, in June of 2000, when a loadable kernel module (capcheck) was released in order to close a security vulnerability in the kernel (the 2.2 capability bug). This fix demonstrated the scope of loadable kernel modules, making it pretty much inevitable that rootkits such as Knark and now the Adore worm would make use of them on behalf of attackers.

Further back than that, though, we also discussed how the ability to load kernel modules could be disabled on a running system, by removing CAP_SYS_MODULE from the capability bounding set (see the December 2nd, 1999 Kernel Page) for instructions and caveats). Although root has the ability to remove capabilities, only init has the ability to add them. This means that loadable kernel modules can be used initially, when your system is booted, but then they can be disabled, preventing root kits like Knark and worms like Adore from using loadable kernel modules to cover their tracks.

This was considered something that only the most security-conscious sites would be interested in back in 1999. Nowadays, it is a configuration option that may want to be seriously considered by Linux distributors, particularly those that are marketing themselves as secure by default.

Cybercrime Treaty. A commentary on the International Treaty on Cybercrime from a lawyer's perspective marvels at the lack of attention paid to this bill, which could have enormous implications in terms of requiring law enforcement agencies, phone companies, ISPs and more to comply with evidence orders from nations all around the world. "One moment, an Internet provider might be turning over all Bulgarian folk songs on its system to an investigator. The next moment, it might be searching for e-mail traffic between customers in Latvia and the Ukraine".

Federal Computer Incident Response Center contracts out. The Federal Computer Incident Response Center is currently supported by a contract with CERT. According to this report, that will soon change. Day-to-day operations will, instead, be performed by Science Applications International Corp. (SAIC) and its partner Global Integrity Information Security. "The two companies proved their effectiveness during the 'ILOVEYOU' e-mail virus from the Philippines in May 2000. They were able to inform their customer, the Financial Services Information Sharing and Analysis Center, about the virus and how to counteract it hours before even the Defense Department could spread the word to the United States".

PGP Security's NAI Labs Partner With NSA. NAI Labs, a division of PGP Security, announced they are joining with the National Security Agency (NSA) and its other partners to further develop the NSA's Security-Enhanced Linux (SELinux) prototype. The $1.2 million deal will be paid over the life of the two-year contract, and the work will focus on research and development to improve the security of open-source operating system platforms

Security Reports

ntp remotely exploitable static buffer overflow. An exploit for a static buffer overflow in the Network Time Protocol (ntp) was published on April 4th. This exploit can allow a remote attacker to crash the ntp daemon and possibly execute arbitrary commands on the host. Patches and new packages to fix this problem came out quickly. It is recommended that you upgrade your ntp package immediately. If you cannot, disabling the service until you can is a good idea. For more details and links to related posts, check BugTraq ID 2540.

This week's updates:

Netscape 4.76 GIF comment vulnerability. Florian Wesch discovered that Netscape 4.76 would display the comment attached to a GIF file, but does not filter the displayed comment in any manner, allowing embedded javascript in a comment to be directly executed. This is apparently fixed as of Netscape 4.77, which is available for download from ftp.netscape.com.

IP Filter fragment caching vulnerability. IP Filter is a TCP/IP packet filter used in FreeBSD, NetBSD and OpenBSD. Darren Reed reported a serious vulnerability in IPFilter in which fragment caching can be used to pass through any packet, essentially destroying the function of the firewall. When matching fragments, only the source IP address, destination IP address and IP identification number are checked before the fragment cache is used. This is done before any rules are checked.

IP Filter 3.4.17 has been released with a fix for the problem. Check BugTraq ID 2545 for additional details.

Multiple FTP daemon globbing vulnerability. The FTP daemons used on BSD (and other Unix) systems have been reported vulnerable to multiple buffer overflows in glob() function. Check the related CERT advisory for more details.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • talkback.cgi, a cgi script from Way to the Web, is reported to contain a file disclosure vulnerability that can be used to view any file on the host. An updated version of the script has been released.

  • The perl script nph-maillist.pl, part of a web-based email list generator, does not filter input sufficiently and can be used to execute arbitrary commands. An exploit has been published; no vendor response so far. BugTraq ID 2563.

  • Ultimate Bulletin Board (UBB) Version 5.47e, an older and currently supported version of UBB, has been reported to be vulnerable to a password bypass vulnerability in its forum. This can allow an attacker to gain access to any message on the forum, regardless of membership privilege or password requirements. An upgrade to Ultimate Bulletin Board 6.01 should to fix the problem.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • Multiple vulnerabilities have been reported in Alcatel ADSL-Ethernet bridge devices, the most serious of which include both a cryptographic challenge back-door and the ability to remotely load new firmware, potentially including firmware containing sniffers or other attack software. No workaround or fix has been reported so far, nor any vendor response. Check the related CERT advisory for more details. Here is another related posting. BugTraq ID 2568 and 2566.

  • The Caucho Technology Resin webserver is reported to contain a JavaBean disclosure vulnerability. Resin is a commercial product released under a Developer Source license, meaning that, although development use is free, a license is required to deploy a product that includes or is developed with Resin. This vulnerability allows read access to any known JavaBean file residing on a host running Resin. No fix for this has yet been reported.

  • Cisco has reported that their Content Services (CSS) switch, also known as Arrowpoint, in older releases contains a security vulnerability that can allow a non-privileged user to escalate their privilege level. Free software upgrades are offered to resolve the problem.

  • The Watchguard Firebox II has been reported vulnerable to a denial-of-service attack when subject to bursts of specific malformed packets. The vendor has released an update.

  • The BinTec X4000 Router is reported to be vulnerable to a denial-of-service vulnerability because a SYN portscan will cause a lockup. Workarounds for the problem have been posted and include feedback from Bintec.

  • A denial-of-service vulnerability has been reported in the PIX Firewall 5.1. Cisco is working on the problem, but having difficulties recreating it.


ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Exploits were released the week of March 29th for a ptrace/execve/procfs race condition in the Linux kernel 2.2.18. As a result, an upgrade to Linux 2.2.19 is recommended.

Last week, Alan Cox put up the Linux 2.2.19 release notes, finally giving the specifics on all the security-related fixes in 2.2.19 (all thirteen of them!) and giving credit to the Openwall project and Chris Evans, for the majority of the third-party testing and auditing work that turned up these bugs. Fixes for the same bugs have also been ported forward into the 2.4.X kernel series.

This week's updates:

Previous updates:
  • Immunix (March 29th)
  • Linux 2.2.19 release notes
  • Caldera, 2.2.19 security fixes (April 5th) backported to 2.2.10 and 2.2.14, the kernels used in various Caldera products

VIM statusline Text-Embedded Command Execution Vulnerability. A security problem was reported in VIM last week where VIM codes could be maliciously embedded in files and then executed in vim-enhanced or vim-X11. Check BugTraq ID 2510 for more details.

This week's updates:

Previous updates:

mailx buffer overflow. Check the March 15th LWN Security Summary for the original report. The buffer overflow is only exploitable if the program is shipped setgid mail.

This week's updates:

Previous updates:

mc binary execution vulnerability. Check the March 8th LWN Security Summary or BugTraq ID 2016 for more details.

This week's updates:

Previous updates:

joe file handling vulnerability. Check the March 1st LWN Security Summary for the initial report.

This week's updates:

  • Slackware (from the Changelog, updated April 10th)
Previous updates:

Multiple vulnerabilities in splitvt. Multiple vulnerabilities were reported in splitvt in the January 18th LWN Security Summary, including several buffer overflows and a format string vulnerability. An upgrade to splitvt 1.6.5 should resolve the problems.

This week's updates:

  • Slackware (from the Changelog, updated April 10th)
Previous updates:
  • Debian (January 25th)
  • Debian, updated advisory due to package mixup (January 25th)

pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

This is the first distribution update we've seen for this four-month-old vulnerability.

This week's update:


Trustix Secure Linux 1.4.80. Trustix has announced the release of Trustix Secure Linux 1.4.80, a beta release toward the 1.5 stable version. It is nicknamed "Ooops," and is incompatible with 1.2 in a number of ways; read the announcement closely.

Lion Internet Worm Analysis. Max Vision has posted his analysis of the Lion worm and the three variants of it that have been identified so far. (Thanks to Jose Nazario).

Security Focus announces Malware Repository. Security Focus announced this week that they will be maintaining a repository of malware samples in order to make such software readily available for analysis. "Initially, the page will contain samples for Ramen, Lion, and Adore, plus anything else that comes out between now and then. We will be maintaining copies of new items from now on, and will not be making an attempt to go back in time to get a complete collection, unless someone wants to volunteer a personal collection".

Bastille Linux 1.2.0rc1. Bastille Linux has version 1.2.0rc1, the first release candidate for their upcoming 1.2.0 release. This version is considered stable enough for use on production systems.

Detecting Loadable Kernel Modules (LKM). Toby Miller has posted a paper on detecting loadable kernel modules. It goes over the basics of loadable kernel modules, /lib/modules, conf.modules and kstat.

Linux Security Module mailing list. Crispin Cowan has announced a new mailing list called linux-security-module. "The charter is to design, implement, and maintain suitable enhancements to the LKM to support a reasonable set of security enhancement packages. The prototypical module to be produced would be to port the POSIX Privs code out of the kernel and make it a module. An essential part of this project will be that the resulting work is acceptable for the mainline Linux kernel"


Upcoming Security Events.
Date Event Location
April 12, 2001RSA Conference 2001San Francisco, CA, USA
April 17 - 18, 2001E-Security ConferenceNew York City, NY, USA
April 20 - 22, 2001First annual iC0N security conferenceCleveland, Ohio, USA
April 22 - 25, 2001Techno-Security 2001Myrtle Beach, SC, USA
April 24 - 26, 2001Infosecurity Europe 2001London, Britain, UK
May 13 - 16, 20012001 IEEE Symposium on SecurityOakland, CA, USA
May 13 - 16, 2001CHES 2001Paris, France
May 29, 2001Security of Mobile Multiagent Systems(SEMAS-2001)Montreal, Canada
May 31 - June 1, 2001The first European Electronic Signatures SummitLondon, England, UK
June 1 - 3, 2001Summercon 2001Amsterdam, Netherlands
June 4 - 8, 2001TISC 2001Los Angeles, CA, USA
June 5 - 6, 20012nd Annual IEEE Systems, Man, and Cybernetics Information Assurance WorkshopUnited States Military Academy, Westpoint, New York, USA
June 11 - 12, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

April 12, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is 2.4.3. Linus has released 2.4.4pre2, which contains another set of fixes (including some of the bug fixes described below). Alan Cox, meanwhile, is up to 2.4.3ac4. While that patch is billed as containing mostly architecture-specific fixes, it also includes a merge of the user-mode Linux port (which was covered on the February 15 LWN kernel page).

Nailing down the bugs. This week saw significant progress toward finding and fixing the remaining serious bugs in the 2.4 kernel.

  • The elusive problem that would cause processes to hang in an uninterruptible ("D") state turns out to have been caused by a bug in the reader/writer semaphore implementation. These semaphores had not been much used until recently, so the bug, which has been present for a long time, had not caused any trouble. Andrew Morton, after pounding on the problem for a while, finally gave up and wrote a completely new implementation which fixes the problem - at the cost of breaking a fair amount of code. It also turns out to be hard to implement the new scheme on old 386 processors, which lead to a long discussion of just how well 386 systems should be supported at this stage. It looks like it will be possible to make 386's work reasonably well, though, in the end.

  • The "filesystem corruption under high load" bug was, after great effort, nailed down by Ingo Molnar and others at Red Hat. There is a rare case in the ext2 filesystem where it can drop a block that is still in use; it was introduced in 2.4.0-test6. A patch is out which fixes the problem.

  • One other D-state bug in the logical volume manager code was fixed by Jens Axboe.

  • Jonathan Morton has posted a patch with a number of virtual memory fixes - including one which fixes the problem where the out-of-memory process killer would be invoked too soon.

Those two fixes should show up an a 2.4.4 prepatch shortly, though the semaphore fix may take a little while to stabilize.

There appear to some outstanding issues with the aic7xxx SCSI adapter driver, though many of them seem to be the result of incorrectly applied patches.

No more jiffies? An interesting discussion (and patch) came up this week which could lead to a very different timekeeping technique in the kernel. We'll start with a little background...

The kernel currently handles most of its timekeeping tasks by means of the timer interrupt. It's a hardware interrupt driven by the clocks that all modern systems have; on most architectures the clock is programmed to deliver this interrupt 100 times per second (but the Alpha and IA-64 run at 1024). The clock interrupt handler does a number of things, including seeing if the current process has used its allotted CPU time, running any deferred tasks whose time has come, updating process accounting, and incrementing a little variable called jiffies. The jiffies counter is, among other things, a measure of the uptime of the system; it is used for many timing-related tasks within the kernel.

The timer tick system has been seen as imperfect for a while. Among other things, it imposes a 10ms resolution on most timing-related activities, which can make it hard for user-space programs that need a tighter control over time. It also guarantees that process accounting will be inaccurate. Over the course of one 10ms jiffy, several processes might have run, but the one actually on the CPU when the timer interrupt happens gets charged for the entire interval.

A new problem came up, however, over at IBM. On their S/390 mainframes, they can run a great many independent "Linux images," each of which is a full, independent kernel. With its own timer interrupt. As Martin Schwidefsky pointed out in his posting on the subject, with 1000 images running, the timer interrupt overhead gets to be significant - up to 100% of the available CPU. That, of course, is not the sort of mainframe performance that IBM had in mind, so they had to make some changes. Those changes, essentially, were to eliminate both the timer tick and the jiffies variable.

The timer tick can go away because the kernel does, in general, know when something will next need its attention. There's a handy, sorted list of upcoming timer events, and the kernel knows how long the current process should be allowed to run before being scheduled out. So, the system's interval timer can be set to exactly the right time when something needs to happen. This timer can, simultaneously, be set with much higher resolution and to a much longer interval than the regular clock tick.

Eliminating jiffies is a little tricky, since a great deal of code makes use of it. A quick grep for jiffies the 2.4.3 source turns up over 3700 references. The variable needs to go, since there isn't a nice, regular clock tick to keep it updated. But fixing that many places in the source just does not sound like a whole lot of fun. For those of you who are into the details, the IBM S/390 fix looks like:

  #define jiffies ({ \
          uint64_t __ticks; \
          asm ("STCK %0" : "=m" (__ticks) ); \
          __ticks = (__ticks - init_timer_cc) >> 12; \
          do_div(__ticks, (1000000/HZ)); \
          ((unsigned long) __ticks); \
Essentially, every reference to jiffies gets turned into a read of the real-time clock. Since every access to jiffies (except one) is a read, this technique works - for the IBM architecture, which has relatively new and clean code.

This approach fixes almost all of the problems with the old scheme. The regular timer interrupts, along with their overhead, is gone. The timer on most systems can be programmed with great precision, meaning that very high resolution timers can be supported. That will make certain types of processes (MIDI sequencers, software modem drivers, high-speed video, etc.) run far better. And process accounting, done when the process reschedules, will be extremely accurate.

The change is not without its costs, though. The code changes are significant, of course, meaning that this change is a 2.5 item. A certain amount of extra overhead will need to be added to system calls to keep everything updated in the absence of a timer tick. If not done carefully, this overhead could outweigh the savings on normal systems (which do not run 1000 independent Linux images...). There is also some overhead added to the scheduler.

In fact, George Anzinger, one of the developers behind the high resolution timers project, posted a message stating that the project had decided to avoid the no-tick approach due to the cost of that extra overhead. They seem willing to reconsider, though. The advantages of this approach seem to be strong; we may well see it adopted in the 2.5 development series.

CML2 1.0 released. Eric Raymond has announced the 1.0 release of CML2, the new kernel configuration system. The announcement talks about the plans for integrating CML2 into the 2.5 development series, and provides a lengthy discussion on why CML2 is better. (See also last week's LWN kernel page for a discussion of the new kernel build system as a whole).

Kernel summit webcast available. As LWN readers are probably tired of hearing, the Linux 2.5 Kernel Summit was held on March 30 and 31. The presentations at the summit were videotaped, and they are now available in RealPlayer format from the OSDN web site.

Toward a security module interface. One of the conclusions that came out of the Kernel Summit was that the various groups working on security enhancements to Linux should agree on a standard interface. In that way, the projects could interoperate, and it would be easy to switch from one approach to another. To that end, Crispin Cowan has announced the creation of the "security module" mailing list. The purpose of the list is to explore the enhancement of the kernel module interface to support the development of pluggable security modules. Those who are interested in the topic are encouraged to sign up; subscription instructions are in the announcement.

Other patches and updates released this week include:

  • Romain Dolbeau has posted a framebuffer driver for the Permedia3 chipset.

  • Jeff Dike has released a version of user-mode Linux for the 2.4.3 kernel.

  • Daniel Phillips has posted a document describing the on-disk format of his ext2 directory indexes.

  • Maneesh Soni posted a patch which improves the performance of file descriptor management on SMP systems.

  • Justin Gibbs released version 6.1.11 of the aic7xxx driver.

  • Andre Hedrick posted an IDE driver patch which provides support for the Promise Ultra100 TX2 chipset.

  • LVM 0.9.1 was released by Heinz J. Mauelshagen.

  • Version 0.1.1 of the device registry patch (which provides a database of all physical devices on the system) has been posted by Tim Jansen.

Section Editor: Jonathan Corbet

April 12, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

New Distributions

Fried Chicken Linux. In our amusements category this week falls our newest distribution, Fried Chicken Linux, from the IT University of Copenhagen. Why the name "Fried Chicken Linux"? Apparently some imaginative people think the logo for the IT University of Copenhagen looks like a fried chicken.

Fried Chicken Linux is a distribution tied to Red Hat Linux. It serves as a repository for packages specific to the IT University of Copenhagen. Those packages are then integrated with Red Hat and served up. Get your Fried Chicken here! (Thanks to Jesper Juhl).

DSPLinux. On the embedded front, RidgeRun, Inc. announced its DSPLinux distribution. In the embedded field, it is interesting to note how the terminology changes. Rather than being promoted as an operating system, DSPLinux is promoted as a Software Development Kit (SDK). "The demonstration shows how the company's DSPLinux Software Development Kit (SDK) can reduce development time by allowing application developers to work in parallel with developers writing the low-level drivers and board support functions".

In any case, DSPLinux, as the name suggests, is targeted at Digital Signal Processors (DSPs). The Linux kernel is run on the ARM chip, while real-time tasks are run on the DSP.

CDLinux. Another project to develop a version of Debian that runs directly off of CD was recently announced: CDLinux. When it was pointed out that DemoLinux, a distribution with a similar goal, is also Debian-based, the author gave a few reasons for his decision to build CDLinux instead. "There're some reasons I started to do my own, one of them is they only provide ISO images, while I'm a poor dial-up user. The other reason is their deeply involved kernel patch is for 2.2 and I feel porting the code to 2.4 is too tiresome. The third reason is I don't like there many special dialogs asking user questions".

As a result, instead of providing a separate distribution hierarchy, CDLinux will essentially be a program that will build a CDLinux image given access to "some kind of Debian archive".

Housewife's Linux (a.k.a. Linux washing powder. Housewife's Linux is a new distribution mentioned on MandrakeForum. However, we've chosen not to include it on our distributions list due to its failure to follow even the most basic rules of building a Linux distribution. "While claiming to be generic linux, this package isn't compatible with any other Linux distribution. Even the "GIC" (grains in carton) packaging format is completely different from well-known "rpm-" and "deb-" packages we grew accustomed to". (Thanks also to Christof Damian).

Distribution News

Red Hat News. Stephen Smoogen sent us an official announcement of Red Hat's new ftp structure. It includes a complete remapping from the old directory structure to the new.

Meanwhile, new perl packages for Red Hat have been released. They fix problems with the DB_File module introduced by the recently released Berkeley db packages (which were in turn required to support the rpm 4.0.2 release ...).

The process from upgrading from Wolverine to Rawhide is ready to be tested. If all goes well, it should be pretty slick. "How's about a virtually painless up2date session to bring Wolverine up to today's rawhide? And what if the new version of up2date actually upgrades your kernel for you?!?!" Note, this is for bleeding-edge, Red Hat testers, not for the faint of heart.

Debian News. A progress report on the Woody freeze has been released. "In short: there hasn't been any". The optimistic schedule has been bumped back a couple of months. The lack of working boot-floppies is the key stumbling block. However, not all the news is bad. "The remaining aspects of the release aren't looking too bad: almost all the outdatedness in testing is fixed (glibc 2.2, X 4, perl 5.6, debconf), and the only remaining issues (KDE and Gnome 1.2/1.4) look like they should be able to be resolved in the next few weeks".

Meanwhile, the next Bug-Squashing Party will be held this weekend, the 13th through the 15th of April.

Debian developers should also note the new instructions on orphaning a package.

"Dwarf's Guide to Debian GNU/Linux" has now been packaged up. This is a book, by Debian developer Dale Scheetz, which covers package management tools, installation and basic systems administration.

Slackware News. All three platforms got security updates this week for ntp, joe and splitvt. Symlinks have been added to support Java and other packages that expect to find basic commands (date, echo, false ...) in /usr/bin. Openssl has been upgraded to 0.9.1a. GNU screen-3.9.8 was installed, but is not setuid root by default due to security concerns. This means that the 'w' command will not work with it correctly and neither will 'talk'. Many other package updates went in this week as well.

Both the Intel and Sparc platforms got a merge of the recent ham package updates from Arno Verhoeven.

Linux-Mandrake News. Last week, we managed to miss Mandrake Forum's transformation into a multi-lingual site. The site now supports German, French and English, so you can follow threads in the language of your choice. This doesn't guarantee that all posts will be translated into all languages, and the most active is still English, but if you prefer to post in German or French, you can, and only readers that have asked to see posts in that language (presumably because they can read them) will see your comments. Fun stuff.

Tractopel RC1 is out. Of course, this is better known as the first release candidate for the upcoming Linux-Mandrake 8.0. Problems have already been reported with this version, so don't plan on installing it on any production systems. Another candidate will likely be out shortly.

Also out this week was the first release candidate for MandrakeSecurity, (a.k.a MandrakeFirewall, a.k.a Mandrake Internet Security Pack, a.k.a "cookfire"). MandrakeSecurity is a light-weight version of Linux-Mandrake aimed at creating an easy-to-use firewall. The latest version has been upgraded to Linux 2.2.19 and contains many other additional features as well.

Progeny Linux ships. Progeny Linux Systems, Inc. announced the release of the first edition of Progeny Debian. The download edition is available now at www.progeny.com/download. The box set will be available on April 23rd.

Trustix Secure Linux News. Trustix has announced the release of Trustix Secure Linux 1.4.80, a beta release toward the 1.5 stable version. It is nicknamed "Ooops," and is incompatible with 1.2 in a number of ways; read the announcement closely.

Conectiva News. Conectiva published this description of various updates made recently to their High Availability support, including an update to the more stable heartbeat 0.4.9.

Redmond Linux News. Redmond Linux Beta 3 had been released. This distribution is aimed at personal use and is intended to be an easy introduction to Linux for the newcomer and casual computer user. "'This Beta 3 release brings Redmond Linux to the level of stability and number of features needed for home use,' he [Joseph Cheek] continues. 'We've got everything a home user needs - full Internet access, word processing, spreadsheet, and financial management software, multimedia, and entertainment - without the excess software that's commonly attached to an operating system'".

deepLinux News. After a year of near-dormancy, deepLinux has been reformed. The company will announce a number of new product offerings, including a web server, a firewall, and a database server, in the very near term. One of those announcements made it out this week, their release of deepLinux ExOp Server beta 1, a full version of GNU/Linux featuring the SGI-optimized Apache Web server.

KRUD News. KRUD users can now use krudlookup to find the package in which a required binary is currently stored. Check the announcment for more details.

A similar functionality that covers multiple RPM-based distributions can be found on Rpmfind.net.

Hard Hat News. MontaVista Software Inc. announced the 2.0 release of its kernel 2.4 based Hard Hat Linux operating system. Hard Hat Linux includes support for x86/IA-32, PowerPC, StrongARM, MIPS, and SH architectures. For more details on their Hitachi SuperH support (SH), check this press release.

BlueCat News. Also from the embedded space, LynuxWorks' BlueCat Linux 3.1 now supports the MIPS architecture. "Supported architectures now include MIPS, Intel's Pentium, XScale and x86 compatibles, ARM family (including Thumb extensions), StrongARM, PowerPC (including PowerQUICC) and Hitachi SuperH".

Astaro Security Linux News. Astaro Security Linux, a Linux-based firewall solution that also includes stateful packet inspection, released version 1.803 this week. This minor update to the stable tree includes new virus pattern files.

Distribution Reviews

Conectiva Linux 6.0. We seemed to have missed this originally, but C|Net did a rather reasonable review of Conectiva Linux 6.0 back at the end of March. "Although we were generally impressed with the installation procedure, we were frustrated that Conectiva installed headers for kernel 2.2.18 rather than the included 2.2.17 kernel--an annoying oversight. Thankfully, the problem is easily fixed by downloading a new kernel or the correct headers from Conectiva's Web site."

Section Editor: Liz Coolbaugh

April 12, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

While this page strives to approach the Linux desktop from an end-user perspective alone, it's impossible to ignore the more technical (and often less comprehensible) developmental issues since they outnumber general use news items by a large margin. As the Linux desktop evolves, we hope to move development issues back to the Development page and leave this page for issues related to simply making use of the desktop.

-- Senior Editor, Michael J. Hammel

Ximian releases Bonobo 1.0. While not something the average desktop user is likely to use directly, Bonobo 1.0 is a major step forward to the interoperability users are demanding from the Linux desktop. Bonobo is the component object library for GNOME that is to be used by applications to share resources with other applications. This release was announced by Ximian, the commercial group formed by original GNOME author and leader Miguel de Icaza.

So what is Bonobo? As Ximian developer Michael Meeks told me at LinuxWorld at the end of January, a Bonobo is actually a monkey which happens to be "very good at coupling". In software terms it refers to a product which is supposed to be very good at allowing software packages to interoperate more seamlessly. Bonobo provides an interface which applications can use to embed features from other applications in themselves. It also allows a program to offer features to other applications which they can use. Examples of this might include a spreadsheet embedding a postscript graphic or a finance package embedding an HTML browser.

The reason this release is important to end users is that Bonobo is a major piece of the core GNOME facilities - the stability of many applications is dependent on those core facilities. Without a stable core, you have unstable applications. And that's bad. But the 1.0 release is considered stable (not perfect, just stable), and that means the road to a stable GNOME desktop is paved just a bit smoother now.

So while Bonobo in itself isn't something end users will use directly, it is something they should care about. Applications can now begin to integrate on the GNOME desktop in a fashion that is consistent and requires less duplication of development effort - and thus we get those applications sooner.

Despite the promise that Bonobo 1.0 brings, there is still a downside for the Linux desktop as a whole. KDE and GNOME use different methods for embedding features of one application into another. While GNOME's Bonobo is based on the standardized CORBA definition, KDE uses an implementation called KParts which is not compatible with Bonobo. This means KDE applications can integrate with each other and GNOME applications can integrate with each other but KDE applications can't integrate with GNOME applications. And even though both KDE and GNOME are both committed to working towards common goals and an easily integrated desktop, this particular issue will be a sticky one for some time to come.

GUADEC Results. The GNOME User and Developer European Conference was held last week and by all accounts was very productive. A posting to the GNOME Office mailing list gave a summary of the conference, which was held in Copenhagen. There were some interesting items noted in this summary. The first is that a list of applications is being considered for the official GNOME Office distribution. Four applications - the Gnumeric spreadsheet, the AbiWord word processor, Guppi for charting and graphing, and Dia for diagramming - are considered essential. A list of eight other applications are under consideration for inclusion including the Evolution mail system and GIMP. Although each application in this secondary list is a valuable too in its own right we have to ask if they are really necessary for the average office. Software bloat has been a serious problem in the past with applications, and with office packages now including 5, 6 or even 10 applications the problem is only multiplied. Another point raised during the talks was release dates for various packages. The Gnumeric 1.0 spreadsheet release is expected by the end of the year and should include Bonobo support. On a larger scale, the release of GNOME Office 1.0 is expected to come with GNOME 2.0. This means by Dec 31, 2001. Things could get rather interesting for the GNOME desktop user in time the New Years holiday period.

Eazel launches Reef Project. Eazel has announced their next major project, known as Reef, intended to handled live content over the Web. " Our current primary target language is Python, but multi-language support is in the works. For communication back to the server, we will be working with both XML-RPC and SOAP, since they each have their advantages and disadvantages. We will also be watching the nascent XML Protocol working group of the W3C closely."

It appears that the goal here is to provide packaged sets of tools that are easily downloadable by users in order to make use of live content. While a laudable goal, one has to wonder if the pipes to the home will ever be large enough to make live content even worth your time.

Desktop Environments

Building KDE themes for Linux. IBM developerWorks posted an a tutorial this week that shows the average user how to make use of the new KDE 2.1 environment and themes. "Overall, there's much more functionality in the new Control Center, and some extensive improvements in fine-grained control of the user interface. As the KDE2 beta cycles continued in the late Summer and early Fall of 2000, e-mails and bug requests for a Theme Manager flew fast and furious." (A free registration is required to access this tutorial.)

Minutes of the GNOME Advisory Board Meeting. The GNOME Advisory Board met during GUADEC on Thursday, April 5th and Sunday, April 8th last week in Copenhagen. Minutes from that meeting have been published. High on the todo list are the formation of regional foundations and working on better interoperability with KDE, as well as the determination as to whether an official office suite should be specified for GNOME.

Office Applications

Configuring Outlook to use Linux servers. The folks at Bynari have posted a configuration manual describing how to make the Outlook client work with Linux-based servers. Essentially, it's a recipe for eliminating Exchange.

Desktop Applications

Review of Konqueror/Embedded. BrowswerWatch took a look at KDE's Konqueror/Embedded version and its impact on embedded browser technology. "'While Konqueror is based on the KDE HTML rendering engine, Hausmann explained, 'It is not a fork of the KDE browser codebase. Part of the build process copied the original browser sources into the new build environment."

Tax software furthers Linux spread (News.com). C|Net says you can buy tax software for Linux now - if you file your taxes in Germany.

GIMP on MacOS X. This isn't a Linux desktop issue, but a desktop issue of interest in general to GIMP users:   MacGIMP is reporting that Chris Turkel has GIMP 1.2 running on MacOS X, with screenshots to prove it.

Building, or dropping, the future...

Trolltech Previews Qt 3.0. The preview of QT 3.0, Trolltech's next version of the toolkit used by the KDE Desktop environment, includes support for database access and an updated Qt Designer.

Plug is pulled on Indrema box plans (VideoBusiness Online) . The Linux-based Indrema game console project has apparently died. According to this story, the company was unable to find funding for the product development to continue. "[Indrema president John] Gildred said that although Indrema is dead, he will take the interactive TV portion of his dream to his new employer, a major Japanese consumer electronics company."

Section Editor: Michael J. Hammel

April 12, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

Apache Software Foundation Releases 2.0 Beta [Apache] The Apache Software Foundation (ASF) has announced Apache 2.0.16, the first public beta of the Apache 2.0 Web Server. The Overview of New Features lists the following Core enhancements:
  • Support for Unix/Posix threads which allows Apache to run in a hybrid multiprocess/multithreaded mode.
  • A New build system that is based on the popular autoconf and libtool packages.
  • Multiprotocol Support Work to allow for the serving of protocols other than http.
  • Better support for non-Unix platforms including BeOS, OS/2 and Windows.
  • Platform Specific Multi-Processing Modules which allow for the isolation of platform specific code from the main server and can also be used to select threaded or forking operation.
  • A New Apache API which addresses problems with the Version 1.3 module ordering and adds more capabilities from new modules.
  • Native IPv6 support to support the next generation of Internet protocol.
  • I/O Filtering by Apache modules which allows CGI script output to be filtered on the server side.

The list of Module Enhancements for Apache 2.0 includes:

  • mod_auth_db with support for the Berkeley DB 3.0 database.
  • mod_auth_digest with support for session caching across processes.
  • mod_charset_lite a new module for character set translation.
  • mod_dav a new module that supports HTTP Distributed Authoring and Versioning (DAV).
  • mod_file_cache a new caching module that duplicates mod_mmap_static functionality and extends the caching abilities.

The Changes with Apache 2.0.16 document lists all of the changes in detail.

Overall, this is a fairly major release of Apache with some nice new capabilities, and no doubt, some new bugs. Apache 2.0 is not recommended for production servers, but it would be a good idea to try it out in an experimental mode and report any problems that you encounter back to the development team.


mSQL 3.0 pre 2 available. Hughes Technologies has announced the availability of mini SQL (mSQL) version 3.0 pre 2.


LDP Weekly News - 2001-04-10. This week's updates to the Linux Documentation Project include new HOWTO's for 3D Modeling and LDAP use, and updates to the Linux Kernel HOWTO and Secure Programming HOWTO documents.

Embedded Systems

Embedded Linux Newsletter for Apr. 5, 2001 (LinuxDevices). The summary for the past week in the embedded Linux marketplace has been published by LinuxDevices.com. The Embedded Linux Newsletter this week covers Rick Lehrbaum's "State of Embedded Linux" talk at the Colorado Linux Info Quest and Wind River's acquisition of BSDi, as well as other stories.

Developer interest in Embedded Linux skyrockets (LinuxDevices). According to this LinuxDevices.com report, interest in using Linux as an embedded system solution has surged since 1998, making it the #2 system of choice behind Wind River's VxWorks.

Filesystem Software

Learning Linux LVM, Part 2 (IBM developerWorks). IBM developerWorks shows how to add a logical volume to the root filesystem in order to add more disk space. "While the transition to LVM is a bit of an ordeal, once the transition is complete, managing filesystems becomes tremendously easier. As an example, I decided to resize my new /home logical volume, adding about 2 Gigabytes worth of space to the end of the filesystem. First, I added additional capacity to my "lv_home" logical volume, and then I used the resize_reiserfs utility to expand the filesystem so that it would use this additional capacity."


Wine Weekly News seeks a new editor. The Wine Weekly News is looking for a new editor, if you have talents in that area, there's a void to fill.

Network Management

Preventative DNS (kuro5hin). In this column on kuro5hin, Dylan Griffiths shows, in fairly complete detail, the process involved in moving from BIND to djbdns for DNS services.

OpenNMS Update v2.15. The latest edition of the OpenNMS Update is out and covers the release of OpenNMS 0.7.2, web UI authentication problems, and configuration issues.

Printing Systems

Open Source Omni Printer Driver version 0.0.8. A new version of the Omni Printer Driver has been released. "The Omni printer driver provides support for over 250 printers using the Ghostscript framework. In addition, it provides a model for dynamically loading printer drivers, creating new devices by editing device description files, and simplifies new printer driver development by allowing for the subclassing of previous device features." The list of supported printers contains quite a few printers, but HP models are noticeably absent. Omni is licensed under the Lesser Gnu Public License (LGPL). (Thanks to Kelli Wiginton.)


Linux in Science report #8. The April 2, 2001 edition of the Linux in Science Report is out, covering the recent Linux World Expo. "Overall, there were a number of interesting displays. Among these were the dual-processor Athlon system demonstrated by ASL Labs at the MandrakeSoft booth, a very cool display by members of the Brookhaven National Laboratory demonstrating the use of Linux in physics research there, the Flight Gear flight simulator project with a running FlightGear demo, and also the Etherboot project which has made important strides in making booting x86 PCs over a network an easier proposition." A number of open source science projects are listed at the bottom of the report.

Medical software's free future (bmj.com). BMJ.com's letters section contains a discussion about open source software in medicine. "An obvious route forward for the public sector would be to state that all software developed at the public's expense be licensed as open source, although the General Public License may not be the optimum licence."

Molecular Biology related programs for Linux. The Bioinformatics site is now hosting Molecular Biology related programs for Linux, a repository for Linux based Molecular Biology software. Over 50 programs are featured on the site to help you with that penguin cloning project.

Scientific Python 2.2 released. Version 2.2 of Scientific Python is available. "ScientificPython is a collection of Python modules that are useful for scientific computing. In this collection you will find modules that cover basic geometry (vectors, tensors, transformations, vector and tensor fields), quaternions, automatic derivatives, (linear) interpolation, polynomials, elementary statistics, nonlinear least-squares fits, unit calculations, Fortran-compatible text formatting, 3D visualization via VRML, and two Tk widgets for simple line plots and 3D wireframe models." This release features a revised package structure and has built in support for the netCDF data format.


Kandy, a new KDE PIM program for telephones. A new KDE PIM program known as Kandy has been announced. "Say hello to Kandy. Kandy is an application which allows to you communicate with your mobile phone. It aims at providing synchronisation for phone book, appointments and other data stored on the mobile." The Kandy project is in its early stages and the developer is looking for help.

Web-site Development

Zope News. The latest news from the Zope site contains a number of new Zope related software updates. Included are LDAPLoginAdapter 1.2 and New Core Session Tracking 0.8 as well as info on browsing Zope source on line and a new Hong Kong Zope users group.

Zope Developer's Guide preview release. The first preview release of the Zope Developer's Guide has been announced. "The ZDG picks up where the Zope Book leaves off. Its main focus is teaching you how to develop Zope products."

PHP Weekly Summary for April 9, 2001. The April 9, 2001 edition of the PHP Weekly Summary is out. This week's topics include a patch that allows libc style argument swapping in printf, a recently opened XML-RPC extension with a PHP extension, from Epinions, Hebrew and Polish manual translations, and more.

Window Systems

Kernel Cousin KDE Issue #5 is Out. Topics covered in this week's KDE development mailing lists include Kaboodle, the light-weight embeddable media player, KDE DB connectivity issues, global KPrinter support, the new Gideo development branch and sending mail with KMail.

KDevelop 3.0 Now Developer-Ready. KDevelop contains Gideon, "which is very near to being usable and complete", according to Bernd Gehrmann. Gideon, the codename for KDevelop 3.0, can be thought of as a modular lego-like framework for an IDE.

GNUStep Weekly Update. The latest news from the GNUStep project is the announcement of the LaunchPad 1.0 release. LaunchPad is a collection of libraries for creating non-graphical tools and applications using an API based on OpenStep and the MacOS X API.

Section Editor: Forrest Cook

April 12, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Build your own Java-based supercomputer (IBM developerWorks). Aashish Patil writes about building a Java based supercomputer in an IBM developerWorks article. "If you've ever wanted to build your own supercomputer but have been held back by the demands of parallel programming in C, Pseudo Remote Threads is for you. This prize-winning Java programming model greatly simplifies parallel programming on clusters, bringing supercomputing out of the laboratory and into the hands of everyday Java programmers." The examples are run on Windows boxes, but the concepts apply to Linux as well.


LISA 0.7 released. Version 0.7 of LISA, the Lisp-based Intelligent Software Agents, has been announced. "LISA is approaching the middle stages of development and is now considered 'alpha' software. The inference engine itself is quite stable, and it should be possible to develop reasonably sophisticated knowledge bases for experimentation."


New stable and development versions of Perl. A new stable version of Perl, version 5.6.1, has been announced. This release includes a long list of bug fixes and compatibility improvements.

Also, for those who are interested in the latest development release of Perl, version 5.7.1 has been announced. Improved Unicode support seems to be the main area of work in this release, some new modules are also included.

The Perl Journal returns (Use Perl). The recently demised Perl Journal is coming back to life according to Jon Orowant. "It's been a very long winter, full of angst and attorneys. I'll write more later, but wanted to share the good news as soon as possible."


Dr. Dobb's Python-URL!, Apr 9. This week's retrospective on the python world includes PEP 245 and 246 updates, PyTalk - a natural language program, a 2.0 port to OS/2 and installation help for Windows users (who apparently tend to cry a lot).

Pygame 1.0 released. Version 1.0 of Pygame has been released. Changes since the 0.9 release include a finished surfarray module, module exit cleanups, bug fixes, and cleaner code for different platforms.

Also included on the site is a new Pygame Code Repository with some example programs.

PyChecker - a Python source code bug finder. Neal Norwitz has announced PyChecker, a bug finder for Python.

The announcement claims that pychecker can find the following problems:

  • No doc strings in modules, classes, functions, and methods
  • self not the first parameter to a method
  • Wrong number of parameters passed to functions/methods
  • No global found (e.g., using a module without importing it)
  • Global not used (module or variable)


Ruby Cookbook Web site launched. A new web site dedicated to the Ruby programming community has launched. The site provides code fragments, classes, and modules, intended to help the new Ruby programmer get up to speed quickly.


Squeak Smalltalk 3.0. Squeak is a multi-platform open-source Smalltalk compiler with built in multimedia capabilities. Version 3.0 of Squeak has recently been released. "Squeak is an open, highly-portable Smalltalk-80 implementation whose virtual machine is written entirely in Smalltalk, making it easy to debug, analyze, and change." Squeak is being distributed under an Apple Computer, Inc Software License.


This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for April 9, 2001, with the usual collection of useful information from the Tcl/Tk development community. This week's edition mentions a call for Tcl core team Tk maintainers, the upcoming Tcl-2001 conference, and more.

Tcl/Tk 8.3.3 released. Tcl/Tk version 8.3.3 has been released. This version features lots of bug fixes and performance improvements.


maki: serving XML via Apache and Python. The initial release of maki, a Python based XML server for Apache, has been announced. "The purpose of maki is to serve XML files via the web. A web developer can specify that the XML data be processed or transformed through any number of steps. Each step is either a stylesheet transformation or a custom process. A processor that evaluates embedded Python code is included. The output of each step is passed as the input to the next step (similar to a Unix pipe). Additionally, the output of each processor step can be cached for a user-specified time period. All configuration is in a central XML file that specifies rules based on matching paths against regular expressions."

If you are wondering about where the name comes from: "The name maki refers to maki-zushi (rolled sushi). The choice of name is somewhat arbitrary, although you are welcome to read meaning into it." Maki has been released under the GPL license.


History-making components (IBM developerWorks). James Durham looks at the history of Object Oriented Programming in an IBM developerWorks article. "This timeline explores some of the key events of components and object-oriented programming in the last 50 years. We could have gone back further to John von Neumann's 1946 proposals that changed computer architecture forever, or perhaps further back to ENIAC, Babbage or even Pascal. However, we decided to begin in 1951 since the birth of the widely publicized UNIVAC seems to spark the commercial engine that drives the modern pursuit of object-oriented programming and development."

The Story Behind the Parrot Prank (O'Reilly). Simon Cozens reveals the truth about the April Fools Day Parrot Language hoax. "All right. I admit it. In case you haven't guessed by now, Parrot was a very elaborate April Fools' Day hoax. It seems to have caught a lot of people out... including some people who really ought to know better. I've had a couple of requests from people who want to know how the hoax was perpetrated, so here's the story."

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Embedded Systems have a Hot Time in San Francisco. This week the Embedded Systems Conference hit San Francisco and with it came a flood of press releases as vendors vied to show off their best new products. New alliances and new resolves promise a great future for Linux in the embedded space. Most of the major Linux players made multiple announcements, so by company (and in no particular order):

MontaVista made a range of announcements, from the release of Hard Hat Linux 2.0 and the Hard Hat Linux 2.0 Professional Edition which features a comprehensive suite of development tools, to the open source release of its hot swap infrastructure code. Now a Source Forge project. Then, in cooperation with Hitachi Ltd. they released Hard Hat Linux and development tools for the Hitachi SH-3 and SH-4 microprocessors. If that wasn't enough for one week, they also joined with Trolltech to provide Trolltech's Qt/Embedded development framework with MontaVista's Hard Hat Linux distribution in a comprehensive platform - OS, development framework and embedded windowing system. Conference goers were treated to the latter running on a Compaq iPAQ.

Lineo, Inc. released new SecureEdge Appliances, Firewall and Network Attached Storage and the Lineo Embedix[tm] Board Development Kit (BDK). They announced the opening of the new Lineo Embedded Systems Center in Silicon Valley. Lineo also made some alliances: they announced a partnership with ARM to further the development and use of embedded Linux on ARM®core-based microprocessors; with Trolltech, to ensure that Trolltech's Qt/Embedded application framework integrates seamlessly into Lineo's Embedix[tm] software development kit; and with Metrowerks, makers of CodeWarrior®. The CodeWarrior for Embedix Development System for the PowerQUICC II[tm] MPC8260 is shipping now.

Red Hat, Inc. announced that it has joined the EEMBC, the Embedded MicroprocessorBenchmarking Consortium. Through its membership in this consortium, Red Hat will have access to the EEMBC (tm) benchmark code, which will allow it to optimize code generation for its partners. Working with Altera Corporation they announced a version of the Red Hat GNUPro embedded development tools that support Altera's ARM.-based and MIPS.-based Excalibur(tm) embedded processor solutions. The company is also supplying Morpho Technologies with a GNUPro tool suite compatible with their m_RISC-based reconfigurable DSP (rDSP(tm)) chip.

Lynuxworks announced a new release of BlueCat(TM) Linux with MIPS support and the CodeWarrior(TM) Integrated Development Environment (IDE) Edition for LynuxWorks Development Tools. With these tools, companies using Linux and Solaris host development environments can deploy on LynxOS(R) and BlueCat(TM) Linux targets.

Any way, that's the tip of the iceberg. More announcements from ESC are scattered through the press releases, and not just in the categories created specially for this week. Look for ZF Micro Devices, Inc., formerly ZF Linux Devices, Altera, ARM and many other exciting embedded announcements.

Intel releases iSCSI reference software as open source. Intel has released a reference implementation of the iSCSI specification for next generation storage systems as open source software.

Mountain View Data Announces Availability of SnapFS Beta. Mountain View Data announced the availability of the beta version of SnapFS, enhancing journaling file systems with the capability to capture and retain multiple snapshot versions of files and folders. SnapFS beta is currently available for the Linux 2.2 kernel in conjunction with the Ext3 journal file system.

Komodo(TM) IDE - the Killer Mozilla Application. ActiveState announced the release of the Mozilla based Komodo 1.0. Komodo is a Perl and Python, multi-language integrated development environment (IDE) based on the Mozilla application framework.

SuSE's Free Linux Program for US High Schools. SuSE Linux has announced SuSE's Free Linux Program for US High Schools. Initially, SuSE will sponsor more than 2,000 boxes of SuSE Linux throughout US public and private high schools.

Linux Stock Index for April 05 to April 11, 2001.

LSI at closing on April 05, 2001 ... 28.23
LSI at closing on April 11, 2001 ... 28.67

The high for the week was 28.71
The low for the week was 26.86

Press Releases:

Open source products

Embedded Systems Conference

Embedded Java

Distributions and bundled products

Proprietary Products for Linux

Servers and bundled products

Products and Services Using Linux

Products With Linux Versions

Java Products


Personnel & New Offices

Financial Results

Linux At Work


Section Editor: Rebecca Sobol.

April 12, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Another MIT Innovation: Open Source Education (Newsfactor). Newsfactor.com reports on The Massachusetts Institute of Technology's plans to give its courseware away for free on the Internet. "While many schools and universities struggle with the question of how best to integrate the Internet into their curricula, the Massachusetts Institute of Technology (MIT) announced Wednesday that it will publish materials for almost all of its courses on the Internet.

The initiative will take about a decade to complete and will include lecture notes, syllabi, exams, simulations and streaming video lectures for nearly all of the research university's 2,000 courses."

Open-source development drives innovation (News.com). The Wharton School has published, through C|Net, a paper on how open source drives innovation through the power of the community. The results of the research as to why programmers volunteer their time and energy makes for an interesting read. "In all this, an important aspect that Metiu and Kogut studied was why software engineers across the world would volunteer their time to develop free software. Their conclusion: Engineers intrinsically have a gift-giving culture, and the motivations are also driven by norms of reciprocity, reputation enhancement, and by love of their work. They may also benefit financially in the future. Vendors and engineers are increasingly asking to move from a mere fee payment structure to a share of profits in the final product."

NSA Takes the Open Source Route (Wired). Wired reports on the NSA/NAI agreement to continue work on the NSA's SELinux project. "Despite the irony of his old firm teaming up with the agency that tried to have him locked up for publishing the PGP program in 1991, Zimmermann wasn't all that surprised to hear of the partnership. "There are numerous government agencies that use PGP," he said."

Open source: Payback time...Linux *is* more secure! (ZDNet). AnchorDesk author Patrick Houston says that Linux really is more secure than Windows9x/ME, and gets ZDNet security expert Rob Lemos to explain why. "Linux/Unix systems include permission-based access to files and limit access to the critical files to the root (i.e., superuser) account. That limits the damage that a normal user can do to a system. Windows 9x/Me, on the other hand, has no such concept of a separation of powers."

Open source to industry: It's payback time (ZDNet). Bruce Perens, now with HP, is organizing a meeting of industry leaders and open source advocates in order to ask companies to relinquish software patents in exchange for benefits received from open source software. "The meeting will be by invitation only, said Perens, who added that he had already secured the interest of several leading open-source figures. Brian Behlendorf, president of the Apache Software Foundation, which oversees development of the widely used Web server software, is understood to be signed up, as is N2K Chief Executive Larry Rosen and Berkeley University Professor Pam Samuelson."

Experts: Virus Threat To Linux Low (TechWeb). This article from InternetWeek says that Linux has a low vulnerability to virus attacks. "W32.Winux itself is innocuous: It has no mechanism for spreading itself or a "payload" for damaging computers, and it doesn't execute automatically when opened. When manually executed, the virus infects all the executable files in its folder and the parent folder, so that those files also become virus files."

Linux's 'Maddog' sees computers everywhere (CNN). Linux International Executive Director Jon "maddog" Hall says that desktop computers are becoming ubiquitous devices that aren't quite PCs anymore. "The problem with most PCs, Hall argued, is that they are fixed in a room and are limited for some computing purposes. While the machines will grow in power, PCs will not give all users the flexibility they want. So, Hall thinks they will serve an important role in the future but will not be the center of home computing, as Gates has proposed."

The Linux Kernel Summit (Linux Journal). Chris DiBona has written up a good summary of the Kernel Summit. "What I took away from the meeting was a greater sense of the complete inevitability of Linux. That this all can come about and has worked this well for ten years is a monumental achievement; one that will benefit computer science and engineering for decades to come."


IBM takes Linux push to Asia (News.com). IBM wants to expand the Linux presence in Asia, to the tune of $200 million. "Since the initial announcement, seven centers have become operational: Tokyo; Shanghai, China; Beijing; Taipei, Taiwan; Seoul, South Korea; Bangalore; India; and Sydney, Australia. So have four competency centers in Beijing, Seoul, Bangalore and Yamamoto, Japan."

AMD: We're committed to Linux (The Register). While they "eventually plan to have the 64-bit architecture work on a variety of Linux distributions, including SuSE and Red Hat," AMD's manager of Advanced Micro Devices' software research and development group, Wayne Meretsky, says license links on their web site were just plain mistakes. "It was a clear oversight on our part," Meretsky said of the license. "It's obviously silly, and we're getting it addressed as soon as possible."

Open-source firm reverses strategy (C|Net). ArsDigita is moving from an open source strategy to one of proprietary Java modules mixes with services. "Instead of just offering services around the open-source ArsDigita Community System (ACS) software for setting up e-commerce Web sites, the company will begin selling proprietary software modules, said Dave Menninger, senior vice president of marketing. In addition, the company's latest version of ACS has been rewritten using Sun Microsystems' Java language instead of the previous TCL language." (Thanks to Christof Damian)

Wind River answers Linux challenge with BSDi acquisition (LinuxDevices.com). LinuxDevices.com has posted a thorough article on Wind River's acquisition of BSDi. "Questioning the GPL's suitability for use in embedded system projects is likely to be a continuing theme of Wind River's response to the rapidly emerging developer interest in Embedded Linux." Worth a read.

BSDi Unix buy reshapes open source (News.com). News.com looks at the acquisition of BSDi. "Wind River, the dominant company in the embedded market, has been grappling with the arrival of Linux in much the same way that Microsoft faces competition from the upstart operating system for servers."

Wind River: Improvements will come with acquisition (Upside). In this expanded coverage on Wind River's acquisition of BSDi, Upside looks at how another acquisition, Eonic Systems Virtuoso operating system, could help Wind River compete in the embedded DSP marketplace, while BSDI will allow Wind River to improve tools and middleware it sells to network router and switch manufacturers. "The acquisitions were [not] an enormous deal, but they should help fill out Wind River's offerings. The BSDi acquisition, in particular, should help Wind River against embedded Linux providers like Red Hat (RHAT)."


Linux To Play Broader Role In Embedded Systems (TechWeb). TechWeb looks at the momentum open source is gaining going into the Embedded Systems Conference. "The open-source migration to the embedded market has gained significant momentum. Even Wind River Systems Inc. (stock: WIND), which has long dominated the embedded market with proprietary operating systems, has moved toward the open-source camp."

Linux gains corporate respectability (ZDNet). This Wall Street Journal article posted to ZDNet says that Linux has finally achieved corporate acceptance. In another indication of Linux's mainstream acceptance, an IDC survey found 20 percent of corporations were using Linux to operate some of their databases last year, and 10% were using it as part of human-resources and customer relationship-management systems. Those percentages are double the year-ago levels. "Critics and nonbelievers can no longer dismiss the Linux market as a fad," says Al Gillen, research manager for IDC.

Linux Web Hosting Market Set to Boom (InternetNews). According to research conducted by Idaya, a Brighton, England based ISP, the Linux market is set to grow by 150% by mid 2002. "45 per cent of respondents see open-source software as the dominant web hosting technology by 2003, although it should be added that 33 per cent take a contrasting view Nearly two-thirds of ISPs believe that leading open-source software meets enterprise-level standards comparable to those met by proprietary software." (Thanks to Evelyn Mitchell)


Linux Hardware and Software (ZDNet). ZDNet reviews eLinux.com and other Linux friendly shopping sites. "Seek and ye shall find at eLinux, which features 42,000 hardware and software products. The site is so serious about Linux, many of its desktop and notebook systems don't come bundled with that 'other' OS. Features include Linux news and a community forum."

A bandwidth lifesaver (ZDNet). ZDNet shows how to use the Iperf package to run network performance monitoring on Linux systems. "We deployed a Linux server on the residential network and dropped a second server on the same network segment as the registration system. Both test servers, called endpoints, had Iperf installed. If our filters were working properly the amount of traffic Iperf could push out of the residential network would be limited to 10Mbps."


Pogo Linux Velocity Workstation review (Signal Ground). Pogo Linux is a company selling pre-configured Linux systems. Signal Ground took a look at the Pogo Linux IDE RAID-based Velocity system. "Although Pogo sells some dual-boot systems with Windows ME or 2000 installed, their Velocity lineup is RedHat 7.0 exclusively. The manual told us what the root password was, and we were soon looking at the default GNOME desktop. It seems Pogo has put most of their effort into a customized Helix GNOME desktop. KDE is also available at the logon screen, giving users a choice of desktop environments. This is a Good Thing."


Wind River's Fogelin on the acquisition of BSDi (LinuxDevices). LinuxDevices' Rick Lehrbaum interviews Wind River's John Fogelin about Wind River's recent acquisition of BSDi. "RL: You may be aware that there's currently a growing interest within the Embedded Linux Consortium in pursuing standards for Embedded Linux. This isn't just a defensive move by Embedded Linux vendors, but it's also being driven, in large part, by some proprietary OS vendors who want to be more "Linux-like" -- or "UNIX-like" as you put it -- such as QNX and LynuxWorks. Do you foresee Wind River playing a pivotal role in helping to define some common standards for "POSIX-and-beyond," which could be shared among all of these OSes?"


Getting Certified with the Linux Professional Institute (Linux Journal). Dan York of the LPI provides a status update to the LPI in this Linux Journal online article. "From the very beginning, we have felt that LPI's exams should use industry standard practices (from a field of test development called "psychometrics") to be sure our exams are scientifically and statistically valid, as well as legally defensible. The legal defensibility becomes an issue in the United States where the moment a hiring or promotion decision is made based on a certification, you need to be able to prove that your exam is not based on biased information. We do this through a lengthy process referred to as a 'job task analysis'."

Holes found in file server software (News.com). While FTP's glob() function is open to attack on some systems, according to this C|Net story, Linux boxes are fundamentally safe. "While wu-FTP contains the vulnerable function--known as "glob()"--it works in a slightly different way with Linux systems, leaving most of those systems protected from the exploit."

Torvalds rips into Mac OS X (ZDNet). This ZDNet article wants to stir things up by saying that Linus is trashing Apple. "'Frankly, I think it's a piece of crap,' Torvalds writes of Mach, the microkernel on which Apple's new operating system is based. 'It contains all the design mistakes you can make, and manages to even make up a few of its own.'"

MS and Its Terms of Embarrassment (Wired). Wired News covers Microsoft's backtracking on the terms of use for its Passport service. "But on Wednesday, a spokesman for the company said that greed had nothing to do with it. People should ignore the Passport terms of service because they're no longer valid."

Why you should be using FireWire (ZDNet). According to this ZDNet article, the Linux world understands the importance of FireWire technology. Even if Intel doesn't. "When I enquired earlier this week about whether Intel had any plans to integrate 1394 into its motherboards' chipsets, I got an unequivocal reply:"Intel has no plans to put 1394 on our motherboards." Can't get clearer than that. Unfortunately, Intel's party line is based on a fallacy, that 1394 is just an A/V technology. This is patently false. But Intel also has a vested interest in seeing 1394 be marginalized into a niche product and having USB 2.0 succeed."

Section Editor: Forrest Cook

April 12, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



Configuring Outlook to use Linux servers. The folks at Bynari have posted a configuration manual describing how to make the Outlook client work with Linux-based servers. Essentially, it's a recipe for eliminating Exchange.

NetPBM reference guide. Resurrecting an old project from last year, LWN.net Daily and On the Desktop editor Michael J. Hammel has released a reference guide in postscript format for NetPBM, the suite of command line graphics utilities for Linux/Unix systems. The guide is designed for a front/back, 4 column landscape printout on legal sized paper so that a 4 page fold out can be made. The original is in ApplixWords, if anyone wants to try their hand with converting to a more public format.

Creating hog heaven with IBM WebSphere Homepage Builder (IBM developerWorks). This article from IBM's developerWorks site shows how to use the personal WebSphere package for Linux to create a personal web site. "When you're satisfied with your Web page, you're ready to send it up the Web server for the whole world to see. This is where the File Transfer application comes into play. This application works just like an FTP application. Select Tool, then File Transfer. You'll need to create a profile for the server you intend to publish to."

The State of Embedded Linux (LinuxDevices). Rick Lehrbaum has made available the slides from his talk at the CLIQ on the State of Embedded Linux.

The Newbie takes on the Screen-Grabbers (Linux Orbit). This article shows how to get and save screenshots using KDE and GNOME "Screen-Grabbers".

Tip Of The Week: Terminfo. Linuxlookup examines the terminfo database and compares it to the old /etc/termcap file.

Setting up Apache with mySQL, Frontpage 2000 Extensions, and PHP NHF. This LinuxNewbie article gives step by step instructions.


OMG Days Europe 2001. LogOn Technology Transfer and the Object Management Group (OMG) announced the successful conclusion of OMG Days Europe 2001. There's also a schedule for next year.

Linux@work 2001. More Linux@work one-day seminars are coming up in May and June.

April/May/June events.
Date Event Location
April 9 - April 13, 2001. Embedded Systems Conference San Francisco, California.
April 12, 2001. 2001 Twin Cities Linux Solutions Conference - A Real Time Perspective Radisson South, Bloomington MN.
April 20, 2001. 2nd Annual Symposium on Pliant Implementation and Concepts (ASPIC 2001) Paris, France.
April 23 - April 27, 2001. Linux Expo Road Show Eastern Europe.
April 24 - April 26, 2001. Linux Africa Kyalami Exhibition & Conference Centre, Johannesburg, South Africa
April 25, 2001. Real-time and Embedded Systems Forum Conference Berlin, Germany
May 9, 2001. Linux@work Oslo, Norway.
May 9 - May 10, 2001. Linux Expo Brazil São Paulo - Anhembi - Palácio das Convenções.
May 10, 2001. Linux@work Stockholm, Sweden.
May 11, 2001. Linux@work Helsinki, Finland.
May 13 - May 17, 2001. Spring 2001 Enterprise Linux Implementation Conference Doubletree Hotel, San Jose, CA.
May 14 - May 17, 2001. The 2001 Applied Computing Conference Santa Clara, CA.
May 15, 2001. Linux@work Frankfurt, Germany.
May 15 - May 18, 2001. Linux Expo China Shanghai Mart, Shanghai, China.
May 16, 2001. Linux@work Zurich, Switzerland.
May 17, 2001. Linux@work Milan, Italy.
May 20 - May 23, 2001. eXtreme Programming - XP2001 Villasimius, Cagliari, Sardinia, Italy.
June 7 - June 8, 2001. Second European Tcl/Tk User Meeting Hamburg-Harburg, Germany
June 12, 2001. Linux@work London.
June 13, 2001. Linux@work Paris.
June 14, 2001. Linux@work Brussels.
June 15, 2001. Linux@work Amsterdam.
June 25 - June 30, 2001 USENIX Annual Technical Conference Boston, Massachusetts.
June 29 - July 1, 2001 Linux 2001 - Linux Developers' Conference Manchester, UK.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Employment Opportunities

UNIX Software Administrator UK. The School of Electronics, Computing and Mathematics at the University of Surrey, in Guildford in the UK has a vacancy for a UNIX Software Administrator. This post will be responsible for evaluating, updating and enhancing the wide range of Solaris and Linux application software within the school. This includes basic GNU tools and utilities, web-hosted services, open-source application suites such as GNOME and industry standard commercial software. The salary range is £26,216 to £30,967. For more information, please email Mike Stonebank at M.Stonebank@eim.surrey.ac.uk or call him on +44 (1483) 879826.

User Group News

LUG Events: April 12 - April 26, 2001.
Date Event Location
April 12, 2001. East Side Phoenix Linux Users Group (PLUG) Sequoia Charter School, Mesa, AZ.
April 12, 2001. Boulder Linux Users Group (BLUG) NIST Radio Building, Boulder, CO.
April 14, 2001. Sheffield LUG with Rusty Russel(ShefLUG) University of Sheffield, UK
April 14, 2001. Consortium of All Bay Area Linux (CABAL) Menlo Park, California.
April 14, 2001. Route 66 Linux Users Group La Verne, California.
April 15, 2001. LUGOD/UC Davis Computer Club Installfest - postponed Davis, CA.
April 15, 2001. Beachside Linux User Group Conway, South Carolina.
April 16, 2001. Linux Users' Group of Davis (LUGOD) Z-World, Davis, CA.
April 17, 2001. Kansas City LUG Installfest Kansas City Public Library, Kansas City, MO.
April 17, 2001. Bay Area Linux User Group (BALUG) Four Seas Restaurant, Chinatown, San Francisco.
April 17, 2001. Linux Stammtisch Bandersnatch Brew Pub, Tempe, AZ.
April 18, 2001. New York Linux User's Group(NYLUG) IBM Building, New York, NY.
April 18, 2001. Arizona State University Linux Users Group (ASULUG) Tempe, AZ.
April 18, 2001. Linux User Group of Groningen Groningen, Netherlands.
April 18, 2001. Central Iowa Linux Users Group (CIALUG) West Des Moines, IA.
April 19, 2001. Linux User Support Team, Taegu (LUST-T) Taegu, Korea.
April 19, 2001. St. Louis LUG (SLLUG) St. Louis County Library, Indian Trails Branch, St. Louis, Missouri.
April 19, 2001. South Mississippi Linux Users Group (SMLUG) Barnes & Noble, Gulfport, Mississippi.
April 19, 2001. Rice Linux User Group (RLUG) Rice University, Houston, TX
April 20, 2001. Rock River Linux Users Group (RRLUG) Rockford College, Rockford, Illinois.
April 21, 2001. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
April 21, 2001. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
April 21, 2001. North Texas Linux Users Group (NTLUG) Nokia Centre, Irving, Texas.
April 24, 2001. Hazelwood LUG Prairie Commons Branch Library, Hazelwood, Missouri.
April 24, 2001. West Side Phoenix Linux Users Group (PLUG) Glendale Community College, Glendale, AZ.
April 25, 2000. Central Ohio Linux User Group (COLUG) Columbus, Ohio.
April 25, 2001. Linux User Group of Assen Assen, Netherlands.
April 26, 2001. Bergen Linux User Group (BLUG) Bergen, Norway.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

April 12, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Three years ago (April 16, 1998 LWN): The U.S. Postal Service announced that it was using Linux.

Eric S. Raymond released Homesteading the Noosphere

Salon's Andrew Leonard interviewed Eric Raymond.

The first time I met Eric Raymond, the co-author of "The New Hacker's Dictionary," he flamed me hairless after I sent him e-mail seeking clarification of a point of research for a project I was working on.

LWN started its Daily Updates page.

Apache was named Network Magazine's web server product of the year.

Slashdot carried an editorial by Peter de Vries on why he believes that Microsoft will decline in the future.

The very fact that so much attention has been given to Department of Justice's probe into Microsoft should be an indication that the corporate world is waking up to the state of the computer industry. Why do I single out corporate interests in particular? Because most major transitions in computing technology have been foreshadowed in the corporate marketplace long before "six pack joe" realized what the next "wave" was going to be. The purchasing decisions made by corporations help form the personal preferences of their employees. These decisions also effect what products are taught (and therefore promoted) in educational environments.

The current development kernel version was 2.1.96 which was mostly bug-fix release, with a new aic7xxx SCSI driver.

Miguel de Icaza sent us a GNOME status report. GNOME was coming along quickly.

Guido van Rossum announced the release of Python 1.5.1

Steve Savitzky introduced the first song written under the FGPL (Filk General Public License).

Those Looking for GPL'd or otherwise public software for CAD didn't have many options. The gEDA, the GNU Electronic Design Automation project was in version 0.0.1 then. It has come a long way since then.

The Freely redistributable software in business page, an Australian-based collection of resources for businesses was listed as a "Link of the Week". This is still a good resource though it hasn't been updated for almost a year.

Two years ago (April 15, 1999 LWN): Mindcraft published a Microsoft-funded study which was hotly debated by pretty much everyone except Microsoft. They found:

Microsoft Windows NT Server 4.0 is 2.5 times faster than Linux as a File Server and 3.7 times faster as a Web Server.

Later they admitted:

Mindcraft made some Linux configuration and tuning mistakes in this benchmark. However, the original results and the Open Benchmark results are close.

The Capital Research Center came out against free software and issued this rather lengthy report. While the real target was Ralph Nader they went after free software as one of his causes.

The letter is evidence of Nader's commitment to "free software," a radical concept that will remove most software from the store shelves if the concept succeeds. The thinking goes that software developers will voluntarily create and improve software products. The "source code" or basic recipe for each program will be released the general public, essentially draining all economic value from the product itself.


But what happens when the OSS method of production is applied to thousands of software applications with millions of users requiring product support and attention to their particular needs? How do consumers identify the products they need when software is constantly evolving and there are no standard products that enable users to share compatible information? The 'free' nature of OSS quickly collapses into chaos.

The Linux FreeS/WAN project issued a press release covering FreeS/WAN version 1.0. FreeS/WAN is now in version 1.9.

Break-ins based on ftp were on the rise. Anonymous ftp users were advised to use the latest version available, and to check configurations carefully. In particular users were advised to add "no dirs" to the upload line of their ftpaccess file.

An NFSv3 client implementation for Linux was released by Trond Myklebust. This release moved Linux into current NFS technology. The initial release was, of course, for the adventurous only.

IBM Thinkpad users received another resource, the IBM Thinkpad page.

Some updates to UltraPenguin (a version of Red Hat for UltraSparc systems) were announced.

A Python-based 3D role playing game engine, the PyRPG project, announced their 0.0.1 release.

The first full release of Fnorb, version 1.0 had just been announced. Fnorb is a Python-based CORBA ORB.

Chris Nelson wrote Mozilla's Open Source Success.

Mozilla *was* a first in the industry, and it is wrong to judge it by the success of previous Open Source efforts.

This article on WebMonkey is also about Mozilla's successes and about the Gecko browser, too.

As we arrived at the recent Mozilla party in San Francisco, ostensibly to celebrate the one-year anniversary of Netscape's open source project, we felt a bit hesitant: Would this be a birthday party ... or a funeral? After all, new owner AOL had laid off 400 of its recently acquired Netscape employees the previous day. And then, just hours before the party, word spread that the party's host, Mozilla evangelist Jamie Zawinski, had resigned. We worried that we'd spend the night crying into our smart drinks.

Silly us. The Sound Factory was packed to overflowing by 10 p.m., and Mozilla fans danced and networked until security eased everyone out the door at well past 2 a.m. Even Zawinski was smiling. And much of the talk (when we could hear one another) revolved around Web developers' high hopes for Gecko, the all-new layout engine being previewed on Netscape's Web site.

Here is an open letter to Microsoft from Eric Raymond, Larry Augustin, Russell Nelson, L. Peter Deutsch, Larry Wall, and Guido Van Rossum, regarding the murmurings that they might open up some of the Windows source. Although the letter was titled "from the Open Source Community", other members of the community objected and the signatories of the letter did not intend to represent anybody but themselves.

We'd like to remind Microsoft that (as Jamie Zawinski put it recently in his Mozilla resignation announcement) open source is not magic pixie dust. Code that's badly designed or non-functional won't instantly improve simply by being open-sourced.

John Dvorak asked What's Going On at Microsoft? in this ZDNet article. He suggested that Microsoft should "embrace and extend Linux."

Nobody writing in the popular press wants to predict the emergence of a gentrified Linux as the next major change on the desktop environment or in the Fortune 500. Well, I'm doing so now. The way I see it, Linux's code base is under much tighter control than Windows'. I've talked to too many ex-Microsoft folk who all tell me that nobody has a handle on Windows' code. It's completely out of control--a hodgepodge of objects and subsystems nobody fully understands. Though this may or may not be true, things are different with Linux.

Sub-$500 Linux computers were available from TheLinuxStore. It even looked like a reasonably configured system, lacking only the monitor to be truly usable. You won't find those anymore. TheLinuxStore was new then, and its opening was covered by News.com.

Responding to criticisms that the Linux interface isn't yet easy enough to use, [chief information officer John] Wise said, "I don't think people have taken a look at the KDE interface," which is stable, easy to use, and looks like Windows.

In addition, the Gnome user interface is looking increasingly promising, he said.

Meanwhile at the other end of the scale, Penguin Computing announced an eight-processor Linux server system.

Eric Raymond told us he was spending his vacation putting out a new version of the Jargon File. As he put it:

A browse through the Jargon File is like a voyage of rediscovery. These are the Linux culture's roots.

One year ago (April 13, 2000 LWN): LWN lead this edition with an editorial about "the subversive power of free software". The Uniform Computer Information Transactions Act (UTICA) had just passed in the state of Maryland. There were ongoing issues with the DVD and "cphack" affairs. The Freenet project and the Gnutella project were both looking like they might allow 21st century subversives to build an infrastructure that would help keep future cats out of the bag. Upside talked with FSF's lawyer Eben Moglen about the "Popular revolt for freeware".

While such legal activity might seem tangentially related to the world of Gnu/Linux operating systems, for a growing number of concerned observers, Moglen included, the recent spate of legal challenges represent yet another curious piece in an as-yet-unassembled puzzle.


"We -- the free software community -- are sitting in the very intersection these corporations need to come through, barreling toward this splendid paradise they've envisioned of a seamless Internet where purchased content is delivered in a secure pipeline directly from producer to user," Moglen says.

Linuxcare delayed [and later canceled] its IPO.

SecurityFocus.com had just set up a Linux focus area with information of interest to Linux users.

Intel Corporation announced it would release the code for its Common Data Security Architecture (CDSA) software.

The 2.3.99-pre5 development kernel had just been released, fixing a "brown paper bag" problem in the filesystem code of 2.3.99-pre4, which caused it to crash on boot.

Wichert Akkerman released doc-central, a system for browsing Debian's documentation with a web browser.

MontaVista Software ported Hard Hat Linux to IBM's PowerPC 405GP processor. MontaVista was also working with Applied Data Systems to port Hard Hat Linux to the Intel StrongARM SA-1110 platform.

The Linux Documentation Project had just reworked its website and was going strong.

Garbage collection was added to Python.

IDC declared Linux to be red hot in the server market. Server shipments grew 166% between the fourth quarters of 1998 and 1999.

In a recent IDC survey of 200 Linux users ... the majority of participants estimated that their Linux servers offered at least 4 9s in availability, which translates to less than one hour of unexpected downtime per year.

BigStorage Inc. announced its sponsorship in the ReiserFS filesystem project.

Dallas Semiconductor announced a Linux powered voting booth which used Dallas Internet components. Using iButtons and computer chips in stainless steel cans this voting booth provided registered, private ballots, and a Tiny InterNet Interface (TINI) relayed real-time voting results over a live network. They could have used a few of these in Florida during the last presidential election.

Further demonstrating the flexibility of the iButton/TINI technology, the "central server" in this election is nothing more than a laptop running Linux.

The first Colorado Linux Info Quest (CLIQ) was the subject of a Linux Advocate column by Scott Dowdle.

First off, I love Larry [McVoy]. He is cool. He is funny. He is blunt. He is honest. Did I mention he is funny? Ok, anyway... Mr. McVoy gave a speech (like the PHP guy) on what you would think would be a very dry topic... how to scale Linux to the Enterprise. Larry reminds me of Norm McDonald. Do you know who Norm McDonald is? If not, he was the 'Fake News Guy' on Saturday Night Live for a couple of years before he got fired and got his own sitcom.

News.com looked at the life-after-death of gnutella and other open source Napster clones.

Whatever the outcome of the Napster lawsuit, the open-source Gnutella movement may well prove to be the more dangerous branch of the file-swapping technology trend. Because Napster runs through only a few central servers, it is an easy target for lawyers seeking to shut down the service or for those looking for individuals swapping files through the Napster software. Gnutella has no central location. It's modeled after the way the Internet itself is connected:

April 12, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

April 12, 2001

Date: Thu, 05 Apr 2001 12:59:20 +0000
From: Oliver White <ojw@unite.com.au>
To: letters@lwn.net
Subject: Auto-upgrades and trust

Some very valid points have been made, this week, regarding automatic
upgrades of software. I love debian's upgrade features and frankly, I
consider the risk of getting unwanted software worth it. At the end of
the day, if I have to reinstall my system I'll survive. I don't run
critical services on my box.

The folks at Eazel are looking at creating a business model around
automatic updates (or so you report). Trust is of the utmost importance
to this business model. If they can keep a clean record of user
satisfaction then they'll have a steady income. We can stop being system
administrators (unless we want to be) and get on with the business of
using our tools. This is all very good.

A server administrator might want to use authentication and
authorisation for their upgrades. Someone like myself might just want to
be offered the release notes before allowing the system to upgrade

Upgrade service vendors are going to have to keep their customers very
happy if they want to stay in business. I think this fact alone ought to
comfort us.

Oliver White
WorldForge Developer
Date: Sat, 7 Apr 2001 11:35:42 -0600
From: yodaiken@fsmlabs.com
To: letters@lwn.net
Subject: Kernel hackers meeting

Couple of things that struck me:

1. NUMA discussion. This was not really focused on NUMA (in case anyone cares, I think NUMA
   is good architecture, and cc-numa is a major advance on SMP for _small_ numbers of
   processors -- less than 8). The issue was how to design kernels for big MP machines and there
   is a major argument between people who think that IRIS was a success and should be
   emulated and those of us who think IRIS shows exactly how dangerous the "fine
   grained locking everything" approach to kernel development is.  My position is that
   people should look at other designs like VMS Galaxy and Puma   and at
   the real needs of applications before blindly following IRIS into disaster. 
   I also think that it's very wrong to believe that one can easily add complexity to the kernel
   and make it an option that "compiles out".
2. Rik's memory management talk. Critical point: scaling up should be
   also considered in terms of effects on scaling down. The design tradeoffs between
   low-end and embedded and the upper end servers are becoming critical issues and the
   issues raised in the NUMA boff are important everywhere. 

3.  Bitkeeper. Both RTLinux and PowerPC Linux trees are bitkeeper based and have been for 
    some time. 

Victor Yodaiken 
Finite State Machine Labs: The RTLinux Company.
 www.fsmlabs.com  www.rtlinux.com

Date: 6 Apr 2001 22:04:34 -0000
From: Eric Smith <eric@brouhaha.com>
To: letters@lwn.net
Subject: Wind River vs. GPL


In the lead story of your 5-APR-2001 issue, you wrote:

> Part of the explanation, certainly, is Wind River's distrust of the GPL.

Not surprising.  In 1995-1996 I worked for a company using VxWorks in an
embedded product.  VxWorks is, of course, not GPL'd.  But the
development tool chain was GCC, GDB, etc.  Wind River had a somewhat
customized version of GDB, which, for instance, was task-aware.  When we
requested the source code to their GDB in order to use it on another
platform, they provided us with only the unmodified, official GDB source

When we pointed out that the GPL required them to provide us with the
sources used to build the binaries that they had shipped us, they
refused, saying that their modified version was proprietary.

I left that company before I could pursue the matter any further.  But
others have told me that they've had the same experiences with Wind
River since then.

Apparently Wind River was unafraid of section 4 of the GPL, which
provides that if they copied or distributed GDB without complying with
the GPL terms, their license to use GDB would be terminated, and they
would henceforth be unable to use or distribute GDB in any form.

Eric Smith
Date: Fri, 6 Apr 2001 17:18:54 -0400 (EDT)
From: Joe Klemmer <klemmerj@webtrek.com>
To: <letters@lwn.net>
Subject: The Stability of 2.4.x

	Regarding the stability of the 2.4.x kernel -

> The 2.4.0 kernel was about as stable as it could have been, really.
> The last set of problems takes a wider community of users to find;
> that's what "dot-zero" releases are for. Every stable kernel series
> has taken a few releases to truly stabilize, and 2.4 is no exception.
> Some rough edges remain, but it's getting there.

	Everyone knows that the "stable" kernel isn't really stable till
it reaches the .10 level.  When 2.4.0 was released I remember a bunch of
us Linux people were all saying the same thing when asked by lay-people if
they should upgrade, "Wait till .10".  Maybe that should be a motto...

	"It's good to go at one dot oh!"

Joe "No, I _don't_ have anything better to do" Klemmer

If I actually _could_ spell I'd have spelled it right in the first place.

Date: Tue, 10 Apr 2001 03:06:19 -0700
From: Seth Johnson <seth.johnson@realmeasures.dyndns.org>
To: letters@lwn.net
Subject: Information Producers Initiative

I am starting an project called the Information Producers Initiative.

I have pasted a draft of a basic position paper below.  I would like
very much if I could obtain comments on it, perhaps through this list
and/or other public fora.  It is a very general foundation on which
specific policy positions are meant to be based.

I am presently considering developing commentaries on HIPAA (a federal
law addressing medical records privacy) and the Tasini and Napster

I am specifically interested in obtaining any information regarding
other initiatives that might be similar to this, and what's been tried
and what happened to these initiatives.

I have set up a list for people who are interested in these matters. 
Subscription is by sending an email saying "subscribe C-FIT_Community"
to ListServ@realmeasures.dyndns.org.

Forward this message freely as you wish.

The text below is also available at: 

Thanks for your help,

Seth Johnson
Committee for Independent Technology

The Information Producers Initiative

A Project of the Committee for Independent Technology

The Committee for Independent Technology holds that a proper
consideration of information-related public policy must focus on what
the state of technology means for all citizens.

We believe that a well-founded understanding of the condition in which
citizens presently find themselves as a result of information
technology, should focus on one fundamental principle.

This principle is that information is used to produce new information. 
To put another cast on the same point, information that is accessible in
whatever form has never merely served the purpose of consumption.  This
may seem to be an obvious point, but when it is considered in light of
the new modes of public access that have developed, and the flexible
means of using information that are now at hand, one sees that this
principle is more important now than it may ever have seemed to be

In the past, only specific groups of people, engaged in specific types
of activities, had their interests assessed in terms of their capacity
as information producers.  The public at large has been treated as mere
consumers of information in many areas, with public policy reflecting
this tendency.

Now, however, we all have the capacity to participate in the development
of human knowledge, on a reasonably equal footing with all other
citizens, because of the forms of access to the public sphere that are
now available, and to the forms of information that may be found there,
by means of public communications networks such as the Internet.  This
puts us all in an entirely new position with respect to our abilities to
access, manipulate and produce information.

We may now manipulate information in a profoundly flexible way.  We may
quickly access any work that is available electronically on public
communications networks.  We may, with great facility, decompose any
digitized work into component parts.  We may manipulate, analyze,
synthesize, select and combine the conclusions, observations, discrete
facts, ideas, images, musical passages, binary bits and other elements
of any information in digital form.  We may efficiently produce useful,
meaningful and creative expressive works on the basis of this flexible
access to information.

But perhaps the most far-reaching way in which information technology
affects our condition as citizens, is in the fact that we may all now
distribute our information products to the public at large in a powerful
and convenient manner that obviates the need to rely on publishers and
other intermediaries who have traditionally provided public access to
information producers.

We must no longer allow our rights in the area of the access to and use
of information and information technology, to be regarded merely as
rights of consumption.  All citizens must assure that policy makers no
longer treat their interests in information merely with respect to their
capacity as consumers.  We must advocate for and guard our broader
interests as information producers in equal standing in the public
sphere, possessing essential powers and rights in the access, use and
communication of information.

The Committee for Independent Technology seeks to assure that the rights
and capabilities of all citizens are not undermined through public
policies that restrict the ordinary exercise of their rights to access
and produce information by flexible means.

Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds