[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Loki cuts staff, but remains for the long haul  Rumors have flourished recently regarding the demise of popular Linux games maker Loki Entertainment Software. The problem seems to have started with posts to the LinuxGames web site from an ex-employee of Loki, who was just out looking for other work and out to let people know he was moving on. Discussion ran rampant on why so many developers were leaving Loki. Was the company in trouble? Is Tribes 2 the last gasp for the premiere Linux gaming company and all around favorite of the hacker crowd?

Not hardly. Like many companies in the high tech arena, Loki has to deal with the realities of a tight economy and, on top of that, a small market niche. While games on Linux seem to thrive and be one area the public is not overly concerned with paying cash for software, there really isn't a large enough market to support a large development team at Loki. The desktop world needs to evolve further to expand Loki's penetration.

"The Linux market is still very small--much smaller than the Mac market," said Loki co-founder and President Scott Draeker in an email interview with LWN.net. While the community as a whole has been very good to the company, and the press has offered high praise for their products and support, no one is making a fortune at the small California based company. "Some [people] have assumed that all the good news and good work we were doing meant that we had all become instant millionaires. Not a chance."

In fact, Draeker says they aren't even making money yet. Then again, that doesn't mean they're ready just yet to shut the doors to the business. "We're in this for the long haul. We want to build a Linux gaming industry. That takes time and plenty of sweat and cash. And no, we are not profitable. But we aren't going anywhere either."

Finding cash has been a high priority for Draeker since last year. He says the company knew back in December that funding wasn't becoming available and that employees were told about the situation. "We told them they were welcome to stay," noted Draeker, "or start to look for other jobs. A number of people left over a period of 3 months. At that point most had gone about as far they could with the ups and downs associated with being a start up in a down market." Now the company is running at break even levels. Says Draeker, "We've cut back to a size where we can sustain our operations exclusively from sales revenue. That said, we are still looking for funding partners."

Loki is in the midst of a releasing two new games for the Linux platform: Tribes 2 and Sid Meier's Alpha Centauri. Tribes 2 is a first person shooter based on team tactics, where players work within teams to do battle with human and AI opponents. Alpha Centauri is a simulation and strategy game where players conquer entire planets or build their own utopian society on earth. They've also started a bonus program to offer discounts on multiple purchases from their Web site, as well as a program for LUGs (Linux User Groups) that can purchase products in quantity at a discount with Loki picking up the shipping charges.

While the release of two new games can likely help maintain revenue to keep the company going, Loki's software plans are not designed for porting games alone. "A great deal of the work we've done on projects like SDL and OpenAL lays the foundation for us to access larger markets for our products. Our open source projects aren't really designed for porting games, but for creating them."

At the recent Colorado Linux Info Quest conference, Draeker compared the gaming industry to Hollywood. "Lots of movies get made but just a few blockbusters make the profits. Loki is looking for a blockbuster." Although he alluded to the possibility of Loki working on games for console systems in the future, he said the recently canceled Linux-based game console Indrema was never more than vaporware. Loki hadn't been working on games for that system.

In the short term Loki remains focused on building revenue streams. In a tough economy that often requires cutting back, even for a Linux favorite like Loki. But it's not the end. Just a speedbump. World domination, at least for Loki, may still just be a point and click away.

Fun laws in Europe. The United States has taken a lot of grief in recent years for a number of laws that, shall we say, were not particularly well thought out. Every now and then, however, the world makes it clear that the U.S. has no monopoly on legal silliness. This has been one of those weeks.

Consider, for example, the new copyright directive issued by the European Council of Ministers. As good a summary of any, perhaps, can be found in this congratulatory message from the European Commission. The purpose of the directive is to "harmonize" European laws on copyright, and, incidentally, "bring European copyright rules into the digital age." That, of course, is code for adopting something that looks much like the American Digital Millennium Copyright Act (DMCA), which has already caused more than its share of problems.

Consider, for example, the following:

Firstly, rightholders have complete control over the manufacture, distribution etc. of devices designed to circumvent anti-copying devices. A more flexible solution in this regard would have carried a greater risk of abuse and piracy.

This language is described as "a balanced compromise." This is exactly the sort of provision that got the DeCSS code in trouble in the U.S.; expect similar problems in Europe.

The directive has little interest in fair use in any form. Even time shifting of television programs is regarded as an actionable use for which compensation should be expected.

In general, the directive is fearful of digital copying:

However, as far as private copying is concerned, the quality and quantity of private copying and the growth of electronic commerce all mean that there should be greater protection for rightholders in digital recording media (whereby unlimited numbers of perfect copies may be made rapidly).

When a government is trying to restrict rights, it always helps to have an enemy. Copying is now that enemy, and any sort of means is justified in attacking it. But the free software world thrives on copying and freedom of information. The new European copyright directive reduces that freedom; it is only a matter of time until the free software community runs afoul of it.

Web site registration in Italy. Italy, it seems, has a new law which defines web sites, especially those which are periodically updated, as "editorial content," and makes them subject to the laws covering newspapers. What that means, essentially, is that Italian web sites must:

  • Present the name and address of the publisher, as well as the location of the site's server.

  • Be registered with the locality in which they are published, and pay all the associated fees.

  • Register a "managing editor," who bears responsibility for what the site publishes. This editor must be a member of the "Order of Journalists," which is not a particularly easy thing to do: one must pass a state examination, and one must have completed eighteen months of study in the presence of at least four registered journalists.

Those interested in the details can see Come mettersi in regola con le norme sulla stampa ("How to comply with the press regulations") on the InterLex site. (The text, strangely enough, is in Italian).

The attitude behind this whole thing, perhaps, is best summarized by this quote from Paolo Serventi Longhi, the secretary of the Federazione nazionale della Stampa (the national journalists' union), as found in Punto Informatico:

Thus ends, at least in Italy, the absurd anarchy which allows anybody to put information online without regulation, controls, or guarantees of a minimal quality or standards to the user of information products...

(Translation by the editor).

The law places responsibility on Internet service providers as well; ISPs can find themselves responsible for the operation of a "clandestine press." It also applies to servers that are hosted outside of Italy - as long as the content originates in Italy or is transmitted into Italy. Violators are subject to fines and up to two years in jail.

We talked briefly with Michel Morelli, producer of the Italian Linux news site ZioBudda, who sees this law as "a threat to 3/4 of the Italian Internet," and who pointed out this online petition calling for the repeal of the law. The petition had almost 34,000 signatures as of this writing; certainly it could use more.

This sort of law is scary, even in Italy, which is full of weird laws that are widely ignored. Regularly-updated web sites are not uncommon - the other variety is generally called "dead." In particular, any site hosting free software certainly needs regular updates, or it is useless. Any kernel.org mirror could find itself in trouble. Even if it is not widely applied, this kind of law can be used to shut down sites that somebody in power finds inconvenient.

It also does not take a whole lot of paranoia to imagine this sort of reasoning leading to the conclusion that distribution of software, too, needs more "regulation, controls, and guarantees." Consider that Italy is about to elect a Prime Minister who controls half the television channels in the country (to a post that controls the other half), and who has stated his intent to create a new "ministry of information" under the control of an industry leader. And consider that these sorts of bad ideas have an unpleasant habit of spreading across borders.

Free software will not get very far without freedom, and threats to freedom come in many forms. We have a lot of battles to fight, still.

Inside this week's Linux Weekly News:

  • Security: Red Hat mkpasswd password generator, new vulnerabilities in IPTables, Samba, cfingerd, bubblemon and more.
  • Kernel: Zero-copy networking goes in; letting the child go first on fork().
  • Distributions: Slackware faces hard times, but will continue, Red Hat Linux 7.1 is released, Ratatosk closes down.
  • On the Desktop: Taxing software, KParts is not MICO, and more GUADEC summaries.
  • Development: PostgreSQL 7.1.
  • Commerce: Open source software in EU public administrations, ActiveState launches ASPN Initiative.
  • History: Two years ago Caldera released OpenLinux 2.2, one year ago - backdoors.
  • Letters: Paying for downloads; Wind River and the GPL; we are corrected on the topic of bonobos.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

April 19, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

Red Hat mkpasswd limitations. A limitation in the Red Hat mkpasswd command was discussed on BugTraq this week. Mkpasswd is an expect script that can be used to generate random passwords. Similar to a recently reported problem with a password generator for the Palm, it seems that mkpasswd uses an inadequate seed, based on the process ID, which results in a much smaller pool of passwords than is expected.

Of course, the smaller the pool of passwords, the easier it is to brute-force a password.

In addition to the importance of using a good random seed in the password generator, the need to reseed was also discussed. Using the Tcl 8 rand() function as an example, it was shown that seeding only once produce in the range of 22,000 passwords before duplicates began to occur. The Tcl 8 rand() function uses the system clock for a seed. Alternately using a weaker seed but reseeding with each invocation, more than 45,000 passwords were generated without a duplicate occurring.

We expect an update for the Red Hat mkpasswd command will be provided in the near future. Meanwhile, sites that use password generators to assign passwords may want to look more closely at the algorithms upon which they are depending.

Disabling Module Loading Caveat. A piece of information was accidentally left out of last week's lead-in editorial, which talked about using the capability bounding set to disable the loading of kernel modules. In June of 2000, Patrick Reynolds sent in a Letter to the Editor pointing out that "/proc/sys/kernel/cap-bound maps directly to the cap_bset variable in kernel memory". As a result, unless CAP_SYS_RAWIO is disabled (it controls access to /dev/mem), it is possible to use /dev/mem to load new code into the kernel (this will require access to a valid System.map file).

Unfortunately, disabling /dev/mem will break many things, including X and potentially many other user-space programs.

The use of capability bounding sets will still assist in protecting systems from many current rootkits that use loadable kernel modules, but, as common with most security issues, they only provide a partial solution. (Thanks to Neale Pickett for pointing out our error in omitting this information last week).

Carko distributed-denial-of-service tool. A new distributed denial-of-service tool, named Carko, was reported on various systems this week. Carko is a clone of stacheldraht+antigl+yps, with apparently as little as one source code line difference. However, it has been updated to leverage much newer vulnerabilities, in particular a buffer overflow in snmpXdmid under Solaris.

Although Carko is not currently targeting Linux vulnerabilities, it is a reminder that the problem of distributed denial-of-service attacks has not been resolved. For now, the best defense for all of us is not only to close all vulnerabilities on our own systems in a timely manner, but also to encourage and support everyone else we know to do likewise. Carko is spreading because the availability of hosts with open vulnerabilities is vast.

CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for April is out. It covers computer security from a military defensive point of view, the fake Microsoft certificates, and more.

Microsoft: Closed source is more secure (SecurityFocus). SecurityFocus has put up a report from Microsoft security head Steve Lipner's talk at the RSA Conference. "Lipner slammed the open source development process, suggesting that the often-voluntary nature of creating works like the Linux operating system make it less disciplined, and less secure. 'The open source model tends to emphasize design and development. Testing is boring and expensive.'"

Reading through the comments posted to SecurityFocus revealed little support for Lipner's words, but that could be expected from an audience that is both security-savvy and extremely familiar with Open Source software. The most relevant comment we found was from "Will" who pointed out that the majority of advisories from Microsoft credit people outside their own staff for finding the security holes. That indicates that a "dedicated, trained, full time and paid" staff isn't the answer either. Neither closed source nor Open Source software is as secure as it needs to become.

Security Reports

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Under Linux 2.4, IPTables is used for building firewalls. It is implemented under the NetFilter framework, a raw framework for filtering and mangling packets. A vulnerability has been reported in the manner that the RELATED state is implemented which can be exploited to potentially bypass a firewall and access ports that are assumed to be protected.

The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found. Presumably the patch, or its future incarnation, will be provided in an upcoming version of 2.4. Meanwhile, the original posting provides details that network engineers will want to examine to improve and tighten the use of the RELATED state.

Samba 2.0.8 security issue. Andrew Tridgell posted a note to BugTraq that Samba 2.0.8 has been released to address a significant security vulnerability that allows local users to corrupt local devices (such as raw disks).

cfingerd format string vulnerability. A format string vulnerability has been reported in cfingerd ("Configurable Finger Daemon") which can be used remotely to gain root privileges and execute arbitrary code. An exploit for this vulnerability has been published and a patch to fix the problem is available.

  • Debian

    Debian Security Advisory for exuberant-ctags. Colin Phipps discovered that the exuberant-ctags package, as distributed with Debian GNU/Linux 2.2, creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5. Other distributions that ship this package will also be impacted.

    bubblemon kmem permissions vulnerability. bubblemon, an application that displays CPU and memory load as bubbles in a jar of water, is installed setgid kmem under FreeBSD. As a result, it can be exploited to execute arbitrary commands under group kmem. It has not been reported whether or not the same problem crops up on other BSD systems or on Linux. A new version, Bubblemon 1.32, has been released with a fix for the problem.

    web scripts. The following web scripts were reported to contain vulnerabilities:

    • Crosswind's Cyberscheduler is reported to contain a buffer overflow in the variable that holds the time zone information. An exploit for the problem has been published and a fix is reportedly available on the Crosswind website.

    Commercial products. The following commercial products were reported to contain vulnerabilities:

    • Lightwave ConsoleServer 3200, a console switch, discloses sensitive information to non-authenticated users. A hardware upgrade (a new network card using embedded Linux) to resolve the problem is scheduled for this summer. Until then, the only workaround is to firewall the device to prevent connections from outside the local network.

    • A format string vulnerability has been reported in Hylafax hfaxd. Successful exploitation of the vulnerability will allow an attacker to gain root privileges. Hylafax has released patches to fix the problem.

    • Cisco VPN 3000 Concentrator is vulnerable to a denial-of-service attack based on its inability to properly handle specific malformed IP packets. Upgraded firmware to correct the problem is available.

    • NCM Content Management System contains a perl script, content.pl, which does insufficient input checking. As a result, it can be exploited to execute arbitrary SQL queries. An upgrade to fix the problem has been released.

    • Trend Micro Interscan Viruswall, a software scanning package that watches SMTP, FTP and HTTP transfers, contains multiple CGI programs that have buffer overflows in them. As a result, the package can be exploited remotely to gain root access. An upgrade to fix the problem has been made available.

    • The Cisco Catalyst 5000 Series has been reported vulnerable to a network storm as a result of receiving a 802.1x frame on an STP block port. Software updates for the problem are either available now or promised in the near future.


    Netscape 4.76 GIF comment vulnerability. Check the April 12th LWN Security Summary for the original report. The vulnerability can be used to embed executable Javascript in GIF comments which are then executed by the viewer when loading the GIF file. This has been fixed in Netscape 4.77, which is available for download from ftp.netscape.com.

    This week's updates:

    Previous updates:

    ntp remotely exploitable static buffer overflow. An exploit for a static buffer overflow in the Network Time Protocol (ntp) was published on April 4th. This exploit can allow a remote attacker to crash the ntp daemon and possibly execute arbitrary commands on the host. Patches and new packages to fix this problem came out quickly. It is recommended that you upgrade your ntp package immediately. If you cannot, disabling the service until you can is a good idea. For more details and links to related posts, check BugTraq ID 2540.

    This week's updates:

    Previous updates:

    IP Filter fragment caching vulnerability. Check the April 12th LWN Security Summary for the original report. IP Filter 3.4.17 has been released with a fix for the problem. BugTraq ID 2545.

    This week's updates:

    Multiple FTP daemon globbing vulnerability. Check the April 12th LWN Security Summary for the original report.

    This week's updates:

    Previous updates:

    ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Exploits were released the week of March 29th for a ptrace/execve/procfs race condition in the Linux kernel 2.2.18. As a result, an upgrade to Linux 2.2.19 is recommended.

    Last week, Alan Cox put up the Linux 2.2.19 release notes, finally giving the specifics on all the security-related fixes in 2.2.19 (all thirteen of them!) and giving credit to the Openwall project and Chris Evans, for the majority of the third-party testing and auditing work that turned up these bugs. Fixes for the same bugs have also been ported forward into the 2.4.X kernel series.

    This week's updates:

    Previous updates:
    • Immunix (March 29th)
    • Linux 2.2.19 release notes
    • Caldera, 2.2.19 security fixes (April 5th) backported to 2.2.10 and 2.2.14, the kernels used in various Caldera products
    • Trustix (April 12th)
    • Progeny (April 12th)
    • Progeny, advisory updated due to error in update instructions. (April 12th)

    OpenSSH 2.5.2p2 released. OpenSSH 2.5.2p2 was announced the week of March 29th. It contains a number of fixes (including improvements in the defenses against the passive analysis attacks discussed in the March 22nd LWN security page) and quite a few new features as well.

    This week's updates:

    Previous updates:

    pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

    This is the first distribution update we've seen for this four-month-old vulnerability.

    This week's update:


    Hacker Tools and Their Signatures, Part One: bind8x.c. Toby Miller has started a series of articles detailing hacker exploits/tools and their signatures. The first article in this series focuses on bind8x.c. "The discussion will cover the details of bind8x.c and provide signatures that will assist an IDS analyst in detecting it. This paper assumes that the reader has some basic knowledge of TCP/IP and understands the tcpdump format".

    New Security Mailing Lists. In an apparent effort to lessen the load on the BugTraq mailing list, Security Focus has announced four new mailinglists:

    • SECTOOLS - For the announcement of new or updated (free) security tools.
    • SECPAPERS - For the announcement of new security papers, articles, & books.
    • SECEVENTS - For the announcement or call for papers for events (e.g. conferences, symposia, etc).
    • SECPROD - For the announcement of new or updated security products.

    Adore Detection. Duncan Simpson wrote in this week to point out a couple of tools that can be used to detect the Adore worm, including rkscan and checkps 1.3.2. "Checkps 1.3.2 in kill scanning mode should now detect adore due to two additional tests as to whether a pid really exists (adore "fixes" the kill system call)".


    Upcoming Security Events.
    Date Event Location
    April 20 - 22, 2001First annual iC0N security conferenceCleveland, Ohio, USA
    April 22 - 25, 2001Techno-Security 2001Myrtle Beach, SC, USA
    April 24 - 26, 2001Infosecurity Europe 2001London, Britain, UK
    May 13 - 16, 20012001 IEEE Symposium on SecurityOakland, CA, USA
    May 13 - 16, 2001CHES 2001Paris, France
    May 29, 2001Security of Mobile Multiagent Systems(SEMAS-2001)Montreal, Canada
    May 31 - June 1, 2001The first European Electronic Signatures SummitLondon, England, UK
    June 1 - 3, 2001Summercon 2001Amsterdam, Netherlands
    June 4 - 8, 2001TISC 2001Los Angeles, CA, USA
    June 5 - 6, 20012nd Annual IEEE Systems, Man, and Cybernetics Information Assurance WorkshopUnited States Military Academy, Westpoint, New York, USA
    June 11 - 13, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.
    June 17 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France

    For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

    Section Editor: Liz Coolbaugh

  • April 19, 2001

    LWN Resources

    Secured Distributions:
    Astaro Security
    Engarde Secure Linux
    Kaladix Linux
    NSA Security Enhanced
    Openwall GNU/Linux

    Security Projects
    Linux Security Audit Project
    Linux Security Module

    Security List Archives
    Bugtraq Archive
    Firewall Wizards Archive
    ISN Archive

    Distribution-specific links
    Caldera Advisories
    Conectiva Updates
    Debian Alerts
    Kondara Advisories
    Esware Alerts
    LinuxPPC Security Updates
    Mandrake Updates
    Red Hat Errata
    SuSE Announcements
    Yellow Dog Errata

    BSD-specific links

    Security mailing lists
    Linux From Scratch
    Red Hat
    Yellow Dog

    Security Software Archives
    ZedZ.net (formerly replay.com)

    Miscellaneous Resources
    Comp Sec News Daily
    Security Focus


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Kernel page.

    Kernel development

    The current kernel release is still 2.4.3. Linus's 2.4.4 prepatch has reached 2.4.4pre4; it includes much more stuff from Alan Cox's "ac" series, a number of fixes, and, interestingly, the zero-copy networking patch (see below). Alan Cox's series (currently at 2.4.3ac9) is getting smaller as the patches get into the mainstream kernel, but there's still quite a bit of stuff there. Some of what's there, including the user-mode Linux patch, will evidently not go to Linus at all, at least for now.

    Zero-copy networking will be in 2.4.4. This patch, by David Miller, Alexey Kuznetsov, and others, has been in development and testing for some time, and was incorporated into the "ac" kernel series back in 2.4.2ac4. In a way, it is a surprising change to see in a stable kernel series, since it makes fundamental changes deep in the networking code. From all reports, however, it is solid, and, in certain situations, it should produce significant performance benefits.

    Zero-copy networking speeds things up by avoiding, whenever possible, copies of the data to be transferred. In an optimal case, a buffer full of data sent over the network by an application (an FTP server, say) will go directly to the network interface from the application's memory. Without zero-copy networking, however, that's not how things are done - at a minimum, the data is copied into kernel space and assembled into one or more packets before going to the wire. All that copying can slow things down and fill up the cache; it's not surprising that people want to eliminate it.

    Making zero-copy work is not straightforward, and the patch is large. Various issues have to be dealt with, including:

    • A fast and flexible method must exist for locating the user data array in physical memory, locking it down, and making it available to the hardware. As has been covered before on this page, the "kiobuf" mechanism was deemed too heavyweight for the networking code. So zero-copy networking passes around simple structures with direct pointers to the struct pages for the user buffer.

    • A user buffer must be assembled into one or more packets, with headers, before transmission. Zero-copy requires that the separate pieces remain apart until joined by the hardware - the alternative is to copy the data into a kernel-space packet buffer. So the kernel must be able to keep track of packets that are stored in several distinct pieces, and the network drivers (and hardware) must be prepared to handle the "scatter/gather" operations that piece together the packets at transmission time.

    • Most network protocols require checksums to be calculated for packets at transmission time. Normally the kernel calculates the checksums, but doing so requires, of course, a pass over the data. If you are going to iterate over the data to calculate the checksum, you might as well copy it while you're at it; the difference in cost is relatively small. If, instead, you want to do zero-copy networking, your hardware must be capable of supplying the checksum - and the driver must be able to tell it to do so.

    • Systems where zero-copy networking makes sense are also likely to have tremendous amounts of memory - above the kernel "high memory" mark and perhaps more than can be addressed with 32 bits. If you're transferring data directly to and from user buffers, you must be prepared for them to be in high memory - and the device must be able to address that memory.

    To handle all of this stuff, the zero-copy networking patch makes some fundamental changes to the networking core code. Traditionally, packets are passed around via a struct sk_buff structure, usually referred to as an "skb." The skb contains the entire packet, headers and all. With zero-copy, an skb can now be "paged," or "nonlinear," meaning that it consists of several pieces which are not contiguous in memory. Much of the code which handles skb structures must be changed to take this new structure into account.

    The driver interface has also seen changes. There is a new "features" variable in the netdevice structure which is used to mark some of the capabilities of the device (and its driver); these include the ability to perform checksums, deal with high memory, and do scatter/gather I/O. This variable was actually added in 2.4.0-test12, just before the official 2.4.0 release, but it's only with the zero-copy patch that it is seeing some real use.

    The change in the driver interface means that zero-copy I/O is only possible if the relevant network driver has been updated to support it. So far, only the AceNIC and Sun HME drivers have been fully converted. The work required appears not to be large, assuming that the hardware is reasonable, so more drivers will likely be updated in the future.

    Zero-copy networking is not a win for everybody; it really only makes sense on high-end hardware and very fast networks. In that situation, though, it should be a real performance win; expect more amazing web server benchmark results in the near future.

    Children first. Adam Richter posted a patch which makes a subtle change in the way the fork() system call works. It is interesting to look at as an example of how little tactical changes can affect operating system performance.

    On Unix-like systems, the child of a process that forks gets a copy of the parent process's entire address space (normally). Actually copying everything, of course, would be most inefficient. Read-only memory (such as program code) can be simply shared, but writable memory requires a bit more cleverness. The technique used is to share the data space, but to mark it "copy on write" (or "COW"). Both processes see the same COW pages, until one of them tries to make a change. At that point, the kernel makes a copy of the relevant page, making it private to the process, which is unaware that anything has happened.

    The 2.4.3 kernel, on a fork(), puts the child process into the run queue and resumes executing in the parent. The child will run sometime later as part of the normal timesharing of the processor. It turns out that this is not the best way of doing things from a performance point of view, though.

    The parent process will likely go on modifying its private data, causing the system to make copies of the various COW pages shared with the child process. But the child, in most cases, is unlikely to ever look at those pages; instead, it will probably perform a few operations, then go and exec() some other program, which breaks its attachment to the shared pages. If the child were to run first, the parent would probably not need to copy all those pages, and performance would be improved.

    And, in fact, according to Linus, the performance difference is visible. As a result, this patch went into 2.4.4pre4 (though it does not show up in the changelog).

    Other patches and updates released this week include:

    • Eric Raymond has released cml2-1.2.0. Testing activity has been high, resulting in a number of squashed bugs. The performance problems appear to be a thing of the past, and much of the recent discussion has moved to things like the proper colors to use in the X configuration interface. Eric has thanked everybody who has participated in the conversation, "even the most mossbacked grumbling conservatives."

    • Alexander Viro has posted a patch which moves ext2 directories to the page cache.

    • Bharata B. Rao has released a new version of his patch to arbitrate access to the debug registers in the kernel.

    • Maneesh Soni has a fix for the longstanding module unload race problems that uses a two-phase cleanup scheme.

    • Linus Torvalds sent out a design for a new fast user-space semaphore implementation. It would be blindingly fast, especially in the no-contention case, but would also abandon the SYSV semaphore API.

    • Jari Ruusu has released a filesystem encryption mechanism which is implemented as a loadable kernel module. It's aimed at people who want encrypted files, but do not want to apply the full international kernel patch.

    • A read-only Veritas filesystem implementation was released by Christoph Hellwig.

    • Johan Verrept has released a USB host controller interface for user-mode Linux. This code will allow the debugging of USB drivers in a user-mode kernel, making development of those drivers a much more pleasant task.

    Section Editor: Jonathan Corbet

    April 19, 2001

    For other kernel news, see:

    Other resources:


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Distributions page.

    Lists of Distributions
    Woven Goods

    Embedded Distributions:

    BluePoint Embedded
    Compact Linux
    Embedded Debian
    Hard Hat Linux
    OnCore Systems
    RedBlue Linux
    Royal Linux
    White Dwarf Linux

    Familiar (iPAQ)
    Intimate (iPAQ)
    Linux DA

    Secured Distributions:
    Astaro Security
    Engarde Secure Linux
    Kaladix Linux
    NSA Security Enhanced
    Openwall GNU/Linux

    Special Purpose/Mini
    2-Disk Xwindow System
    Mindi Linux

    Coyote Linux
    Fd Linux
    Fli4l (Floppy ISDN/DSL)
    Linux in a Pillbox (LIAP)
    Linux Router Project
    Small Linux

    BBLCD Toolkit
    Crash Recovery Kit
    innominate Bootable Business Card
    Linuxcare Bootable Business Card
    Sentry Firewall
    Timo's Rescue CD
    Virtual Linux

    Zip disk-based

    Small Disk
    --> Peanut Linux
    Relax Linux

    Bambi Linux
    Flying Linux

    ARM Linux
    Scyld Beowulf
    Think Blue Linux
    (Oracle's NIC)
    NIC Linux
    PA-RISC Linux
    Black Lab Linux
    Yellow Dog
    (Older Intel)
    Monkey Linux

    DOS/Windows install
    Armed Linux
    Phat Linux

    Diskless Terminal
    GNU/Linux TerminalServer for Schools


    Please note that security updates from the various distributions are covered in the security section.

    News and Editorials

    Slackware faces new obstacles, challenges. LinuxToday broke the news this week that Wind River, having purchased BSDi and vocalized its displeasure with all things under GPL and particularly with Linux, has laid off the Slackware development staff. Patrick Volkerding later confirmed the news, indicating that he, too, would be laid off, but stating strongly that Slackware is not folding up shop. He has sufficient funds to publish the next edition of Slackware, which is nearing release, but not enough funds to pay Chris Lumens, David Cantrell, and Logan for their on-going work.

    Note that Slackware is one distribution that has always paid its own way, bringing in sufficient revenue to keep the project going, without making millionaires of anyone. As long as Patrick Volkerding continues to lead the project, it is probable that Slackware will continue. The major impact of these new money problems will be a temporary distraction from development (noticeable already in this week's Changelog entries, or lack thereof) and possibly a difficulty supporting the new Alpha and Sparc versions of Slackware.

    In our experience, Slackware has possibly the most loyal following of all Linux distributions, even if that following is not large compared to the number of Red Hat Linux users. The next few months will demonstrate the worth of that loyalty.

    For those Slackware users that would like something concrete they can do to show their support, Slackware now has a Paypal account. Simply donate money via Paypal to "paypal@slackware.com".

    MandrakeSoft's Donations Page. On a similar note, though not accompanied by similar bad news, MandrakeSoft's Donations page is now on-line. In response to customer demand, MandrakeSoft has promised to provide a mechanism by which fans of the Linux distribution can donate money. In particular, many Linux-Mandrake fans that download the software for free have asked for a means by which they could also support the company.

    The page accepts donations and allows the contributor to specify the Linux-Mandrake project they would like to support.

    The Linux-Mandrake donations page and Slackware's Paypal account will be interesting tests to see how much, if any, money can be raised on a regular basis via voluntary donations. It is a particularly interesting way to support a commercial company and an interesting contrast, for example, to LinuxPPC's decision to become a non-profit organization, allowing such donations to become tax-deductible.

    We will be watching the results with interest.

    Red Hat Linux 7.1. Here is the announcement from Red Hat on the release of Red Hat Linux 7.1. It includes, of course (and among other things), a 2.4 kernel, tighter "out of the box" security, a new "customization guide," and the TUX web server.

    Although the most impressive improvements have been made in the server arena, desktop users can also look forward to new versions of Gnome, KDE, XFree86 and Mozilla. A new graphical version of Kickstart is intended to improve unattended installations.

    The security enhancement include such common-sense ideas as disabling network-based services by default and extend to configuring a firewall as part of the installation.

    Also announced by Red Hat was its new "Software Manager," which makes more Red Hat Network services available.

    Ratatosk closes down. The Ratatosk Project was an effort by Martin Skjoldebrand to provide a database of available distributions. Unfortunately, due to time commitments, Martin has closed the site down and moved on to work on the mhd helpdesk system. He has offered to make a copy of his distributions database available to people that ask.

    Distribution News

    SuSE News. Joshua Uziel pointed out a couple of weeks ago that the Sparc version of SuSE Linux was available for download. This week, SuSE Linux announced the release of the media-kit for SuSE Linux 7.1 for the Sparc architecture, containing a jewel case with the CDs. No printed documentation is included; the on-line documentation must be used.

    Tomsrtbt News. Tomsrtbt comes out in favor of free beer. Seemingly in response to this week's LWN article on how some distributions are making it harder to download a CD image for free, Tomsrtbt has announced that the distribution will be "available as a downloadable media image forever". Incidentally, tomsrtbt-1.7.250 has been released. (Tomsrtbt is a floppy-based distribution).

    Turbolinux News. Turbolinux, Inc. has announced the availability of BROKEN LINK Turbolinux Server (TLS) 6.5, its enterprise level Linux distribution. TLS 6.5 supports five languages, including English, Japanese, Korean and Chinese (traditional and simplified). This version includes a journaling file system.

    Debian News. Debian 2.2r3 has been released. This is a bugfix release, consisting mostly of security updates.

    Debian has posted a press release noting how to go about adding the 2.4 kernel to a Debian 2.2 distribution.

    Red Hat News. In addition to the release of Red Hat Linux 7.1 this week, Red Hat also put out a bugfix advisory for their Update Agent. This bugfix closes multiple bug reports and applies to Red Hat Linux 6.2 and 7.0. New packages are included for up2date, python-xmlrpc and rhn_register.

    deepLinux News. A package manager has been added to deepLinux ExOp, at customer request. The DeepLinux package manager is based on the Slackware package manager, with minor cosmetic changes intended to make the package manager easier for people migrating from support Unix systems such as Solaris.

    Slackware News. A new version of the Slackware Administrators Security Toolkit has been released, version "This release fixes an installer issue and a potential race condition, includes more documentation, clarified XFree86 versions (not updated for X 4.0 yet), and removes shell limits".

    Linux-Mandrake News. From the MandrakeForum website, here are some interesting headlines from the past week:

    More Distribution updates

    Distribution Reviews

    SuSE Linux 7.0 Professional review. Bill Henning has resurfaced with a review of SuSE Linux 7.0 Professional, the version of SuSE Linux aimed at proficient technical users. Of course, SuSE Linux 7.1 is already out there, but the review of the documentation provided with SuSE Linux is worth a peek. "The documentation is nothing short of excellent - it is very comprehensive, and they have had much more success in removing "germanisms" from the documentation with this release".

    Section Editor: Liz Coolbaugh

    April 19, 2001

    Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

    Caldera OpenLinux
    Debian GNU/Linux
    Red Hat

    Also well-known
    Best Linux
    Conectiva Linux

    Rock Linux

    Non-technical desktop
    Icepack Linux
    Redmond Linux

    Boston University
    Red Escolar

    General Purpose
    Alzza Linux
    aXon Linux
    Bad Penguin Linux
    Black Cat Linux
    BluePoint Linux
    BYO Linux
    CAEN Linux
    Cafe Linux
    ChainSaw Linux
    Circle MUDLinux
    Complete Linux
    Console Linux
    Corel Linux
    Darkstar Linux
    Elfstone Linux
    ESware Linux
    Eurielec Linux
    eXecutive Linux
    Fried Chicken
    HA Linux
    Halloween Linux
    ix86 Linux
    Lanthan Linux
    Linpus Linux
    Linux Cyrillic Edition
    Linux MLD
    LinuxOne OS
    Linux Pro Plus
    LNX System
    Lute Linux

    NoMad Linux
    Omoikane GNU/Linux
    PingOO Linux
    Plamo Linux
    Project Ballantain
    Rabid Squirrel
    Root Linux
    Serial Terminal
    TimeSys Linux/RT
    Tom Linux
    VA-enhanced Red Hat
    Vine Linux
    Virtual Linux
    WinLinux 2000

    GNU/Linux Ututo
    Definite Linux
    Red Flag
    Linux Esware
    Kaiwal Linux
    Thai Linux Extension

    Related Projects
    Chinese Linux Extension

    Historical (Non-active)
    MCC Interim Linux
    Storm Linux


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's On the Desktop page.

    Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

    Office Suites
    Ability (*)(w)
    Anywhere Desktop (*)
    (formerly "Applixware")
    GNOME Office
    StarOffice / OpenOffice
    Siag Office
    WordPerfect Office 2000 (*)(w)

    Java / Web Office Suites
    ThinkFree Office (*)
    Teamware Office (*)
    Cybozu Office (*)

    Desktop Publishing
    iceSculptor (*)
    Maxwell Word Processor
    Mediascape Artstream (*)

    Web Browsers
    Netscape (*)
    Opera (*)

    Handheld Tools
    Palm Pilot Resources
    Pilot Link

    On The Desktop

    Taxing software:  Considering the time of year here in the US, it isn't all that surprising that I was recently asked if I knew of any software for Linux that could help with producing tax returns. While the question is a bit moot at this point for US users, it is still interesting to note just what options are available in this category of applications.

    First, there are plenty of financial packages around for Linux, starting with the very popular GNUCash. While a decent clone of Quicken (with quite a few features still to go, however) GNUCash does offer extensions for writing tax software. There just doesn't seem to be any written yet. While GNUCash is great for managing finances in general, you can't handle your taxes with it.

    The problem isn't that projects don't exist to handle tax processing, there are plenty of those:

    • gTaxEstimator
    • GNUTaxes
    • PTax98, which appears to have been capable of calculating a 1040EZ form, at least in 1998. It uses a Tk based interface running Perl.
    • LeTax

    The bigger problem is that writing tax software is a difficult proposition. An extended discussion on finding and writing tax software took place late last year on Slashdot. The gist of the story is that because tax laws change and can be interpreted very loosely it's difficult to write accurate software for helping to calculate taxes. We're talking about something more than just an online form that adds numbers. It needs to be something that understands tax law.

    While tax software is difficult to write, it's not impossible. In fact, it's already been done - in Germany. Last week we reported on the release of Buhl Data Services' Tax2001, a tool for creating German tax forms that apparently runs on WINE. And this isn't the only country outside the US with projects for making Tax forms - a project is underway to help Canadian's handle their taxes, too.

    Even though there is a lack of available native software, it's not impossible to do your taxes using Linux. You just need a Web browser. Sites like SecureTax.com or TurboTax for the Web offer online services for users of any platform, though it has been reported that this latter service may require your browser to be Netscape or IE or else it may not work.

    Tax season is over for most Americans, and I'm not sure when taxes are due elsewhere, but managing your money using Linux is a year round process. While I use the Applix spreadsheet program to keep my budget, there are many other financial tools available. These include tools ranging from managing stock portfolios to balancing checkbooks to doing payrolls. Don't expect all of these to provide beautiful windowed interfaces just yet. Most tools are still primitive in form, but they are getting better. Expect to see a big advance in these tools over the next year since both of the major desktop environments - KDE and GNOME - now have very stable and extensible interfaces.

    KDE's KParts is not MICO.  It was pointed out to me after last week's column on Bonobo's use of a CORBA implementation that my report on KDE using MICO was, well, just a little out of date. That was an understatement. The move from the CORBA-based MICO to the current KParts happened long before KDE2 was released. KParts is a non network transparent, shared library approach that was considered easier to develop with and provided better performance. The best clarification came from Daniel Burckhardt, who stated:

    Bonobo uses ORBit as a CORBA implementation while KDE experimented with MICO long before KDE2 was out. KDE abandoned CORBA-based interprocess communication because there were performance and compilation issues with MICO and because they felt that they could still fill their needs with a simpler approach. So they based DCOP (KDE's alternative to Bonobo) on libICE, part of the X11 libraries.

    KParts has an extension called XParts, which is how KDE embeds non KDE parts such as Gecko. Interestingly, searching for CORBA on KDE's web page didn't show anything about KParts. While this is understandable - KParts isn't CORBA - there was no information that said "KParts provides the equivalent to or similar functionality as CORBA". I just needed something that would point me to KParts when looking for KDE's counterpart to Bonobo. It was late and I really didn't know what exactly I was looking for anyway. Hopefully that's a problem I'll rectify as I get some test systems put together and can experiment more thoroughly with KDE and GNOME. Daniel also provided a note that KDE leader Matthias Ettrich is considering bringing CORBA back into the fold:

    To everyone's surprise, KDE's founding father Matthias Ettrich recently started a discussion about maybe bringing CORBA back to KDE, this time based on ORBit instead of MICO. For a good summary about possible advantages and disadvantages of that approach, have a look at Kernel Cousin KDE #5

    Monkey business.  Finally, it seems that while Ximian may be a barrel full of monkeys, the Bonobo project can't claim such a close heritage. Thanks to M Carling who pointed out the fact that Bonobos are not monkeys at all, but rather sit just off the branch that spawned humans. Carling also offered an update on the Bonobo's mating habits, but we'll leave that for a Discovery channel special.

    Desktop Environments

    Ximian hires new CEO. Co-founder Nat Friedman is stepping over to a VP role at Ximian to make room for a veteran CEO, David Patrick.

    KOffice 1.1 approaching Beta 1. In a posting to the KOffice Development mailing list, David Faure notes that the 1.1 Beta 1 release of KOffice is scheduled for packaging on April 18th. He included a release plan for the KOffice 1.1 release as well.

    Interoperability -- Progress at GUADEC. GNOME hacker David Mason wrote this GUADEC II coverage, reflecting on the progress made in ensuring GNOME/KDE interoperability. "We were graced by the presence of four or five KDE members. This was one of the more positive events to occur during the whole show. We had one formal meeting in the form of a BOF and many informal conversations throughout the show."

    Trolltech announces Qt 3.0 preview. Trolltech has gotten around to announcing its preview of Qt 3.0. The announcement includes a list of the new features in this upcoming release.

    GNUStep Weekly Update. The GNUStep project posted their weekly update. While GNUStep continues drive towards a desktop environment to rival GNOME and KDE, this update is probably of more interest to developers than users.

    Enlightenment gets a facelift. Noted in passing - the Enlightenment web site got a major update this past week. While most of the site is still under development, the Goodies page does give a nice overview of how the 0.17 release will be breaking out components of the window manager into low level back end services that can be used by other projects.

    FVWM2 update. FVWM2 also slipped in a little update on their web site back at the end of March - a new release candidate: 2.3.31.

    Desktop Applications

    It's Play Time: Linux Games Shipping Next Week. Loki has announced they are shipping two new games next week: Tribes 2 and Alpha Centauri Planetary Pack. They're offering both at a discount price when bought together.

    On the go...

    A developer's perspective on Agenda's VR3 Linux PDA (LInuxDevices.com). LinuxDevices presents a developers point of view on the new Agenda VR3. "It is encouraging to report that the VR3 is a fairly successful implementation of a Linux PDA, from both a user's and a developer's point of view."

    Guadec Diaries. In one of the more amusing and thorough diaries covering the recent GNOME User and Developer European Conference (GUADEC), Telsa Gwynne tells of her travails following (and leading) Alan Cox and company around the conference.

    Thanks to Havoc Pennington, who let us know about Dave's report and sent in one of his own.

    More GUADEC summaries can be found here.

    Section Editor: Michael J. Hammel

    April 19, 2001

    Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

    Desktop Environments

    Window Managers (WM's)

    Minimalist Environments

    Widget Sets

    Desktop Graphics
    CorelDRAW (*)(w)
    Photogenics (*)

    Windows on Linux

    Kids S/W
    Linux For Kids

    Send link submissions to lwn@lwn.net


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Development page.

    Development projects

    News and Editorials

    PostgreSQL 7.1 is out, almost exactly one year after the 7.0 release. PostreSQL, of course, is a full-featured relational database management system with a long history. It remains the most feature-rich free database implementation (but MySQL claims better performance, still). The major additions in 7.1 can be seen in the announcement; in general, development this time around has been oriented toward the removal of long-standing PostgreSQL limitations. New features include:
    • The addition of a "write-ahead log," which resembles the operation of a journaling filesystem. PostgreSQL need not wait until all the changes in a particular transaction make it to disk; instead, they need only be written to the log. As a result, commits will happen more quickly, and the performance of the system as a whole should be much improved.

    • Anybody who has tried to store large items in a PostgreSQL database is likely to have run into the attribute length limitation. As of 7.1, that limitation is no more; a new technique called "The Oversized Attribute Storage Technique" ("TOAST") addresses the problem.

    • Outer joins are now supported. In general, complex queries should work much better and more quickly.
    For those who are interested, the full set of changes can be found in the version 7.1 changelog; it's a long list.

    The era of free software database management systems is getting closer, as the available software approaches the proprietary systems in power and performance. Given the current pace of development and the increasing level of commercial support behind free software databases, it would be surprising if corporate adoption did not begin to increase. Consider, for example, the success story related in this Linux Journal article by Great Bridge CEO Robert Gilbert:

    Just Sports saved itself a boatload of money by using the Linux operating system and PostgreSQL, a powerful open-source database management system, all running on Apache-powered servers. The final product is fast and highly customized with functions not available to users of Microsoft, Oracle or other proprietary software.

    Companies are understandably nervous about their relational database systems - if the database doesn't work, the rest of the system is guaranteed to have problems. As the performance, reliability, and features of the free alternatives become clearer, though, the economics of free databases are likely to inspire many more stories like the one related above.

    Samba 2.2.0 released. The Samba Team has released samba-2.2.0, the first major Samba release in some time. The list of new features can be found in the announcement; it is long, and is oriented, of course, toward even tighter integration between Windows and Unix/Linux systems.


    CSL 0.1.1. The initial release of CSL - the Common Sound Layer - has been announced. CSL is an attempt to encapsulate audio code into a single module in order to facilitate the easy creation of portable code.


    Qt Mozilla released. The effort to port Mozilla to the Qt toolkit began sortly after the initial Mozilla source release. As of April 17, the results are actually available as part of the regular Mozilla source tree; see the announcement for details.


    Alinka Clustering Letter. The Alinka Clustering Letter is celebrating its first birthday. This newsletter provides a rundown of interesting conversations, events, and announcements from the Linux clustering community.


    LDP Weekly News for Apr. 17, 2001. The latest issue of the LDP Weekly News carries word of updates to the XML-RPC and Apache Overview HOWTO's, among others.


    Linux in education report #42 for April 16. The latest issue of the Linux in Education report has been published.

    Embedded Systems

    Building a Linux/RTAI based software radio (LinuxDevices). LinuxDevices.com describes a do-it-yourself demonstration of the capabilities of RTAI, a real-time Linux add-on. The demo consists of a floppy-booted Linux system that uses an RTAI task to create a radio carrier on which synthesized music is superimposed.


    The Finicky Financial Trading System. Version 0.5 of the Finicky Financial Trading System is out. FFTS is oriented toward front-office trading and risk management; it looks like a good tool for the more advanced investors out there. It is based on Qt and PostgreSQL, and it is licensed under the GPL.


    The Chopping Block returns. After a bit of an absence, the Chopping Block, an electronic newsletter covering the WorldForge project, has released an April issue. It covers the Acorn 0.3 release, WorldForge outreach efforts into the gaming community, an interview with Acorn team head Al Riddoch, and more.


    Wine Status A new Wine Status Report came out on April 16. It is terse and oriented toward those who know the code, but it does give an overview of where the various Wine components stand.

    Mail Software

    Mailman 2.0.4 has been released. The biggest changes in this release are fixes to make it work with Python 2.1; for people who aren't upgrading their Python soon this release is considered "optional."

    Network Management

    OpenNMS Update. The OpenNMS Update for April 17 is out. It covers the 0.7.3 release, upcoming road shows, and more.

    Office Systems

    GNU HaliFAX Viewer 0.21. Version 0.21 of the GNU HaliFAX Viewer has been released. It is the fax viewer component for the HaliFAX project, which plans to provide a set of client applications for free fax systems.


    Linux in Science report #9 for April 17. The latest issue of the Linux in Science report has been published.

    Software Development

    Savannah status report. Savannah, the GNU Project's answer to SourceForge, has posted a status report. It seems that Savannah will be open to free software projects that are not part of GNU, something which had not been clear until now. There is, however, trouble in that a web interface is needed for GNATS, and nobody is currently on the job. If you're looking for a project to help out GNU, this could be the one.

    SourceForge more popular than beer? Here's a news item on the SourceForge site pointing out that a search on Google for "SourceForge" turns up 3,570,000 hits, while searching for "beer" only gets 3,120,000. This presumably means something...


    Draft 6 of the POSIX/Single Unix Specification available. The Austin Common Standards Revision Group has announced the release of draft 6 of the "Joint Revision to POSIX and the Single Unix Specification." This standard draft is a mere 3698 pages long; nonetheless review and comments are being requested. The comment period will be open until May 21.

    Web-site Development

    Zope 2.3.2 beta 1. The first beta of Zope 2.3.2 has been released. This release fixes some problems with Zope 2.3.1; it looks like a small patch, and no further changes are planned before the official 2.3.2 release.

    Zope 2.4 will require Python 2.1, to the evident disgruntlement of some Zope users. People who follow the bleeding-edge Zope code will need to get Python 2.1 installed fairly soon; everybody else can wait until they decide to install Zope 2.4, which, of course, does not exist yet. The 2.4 release will contain a number of internationalization improvements, and those require the better Unicode support that Python 2.1 provides.

    PHP Networking (ONLamp). ONLamp has posted a tutorial article on PHP's networking functions. It gives particular attention to sending mail from PHP scripts, but it also gives an overview of the networking functions in general.

    Window Systems

    New developer releases of GTK+ libraries. Owen Taylor posted to various mailing lists yesterday the release of new libraries for the GTK+ family. Included here are GTK+-1.3.4, GLib-1.3.4 and Pango-0.15. Pango is the library for the layout and rendering of text being written for the upcoming 2.0 release of the GTK family of libraries. Note that these are all developer releases, not intended (just yet) for production applications.

    Section Editor: Forrest Cook

    April 19, 2001

    Application Links
    High Availability

    Open Source Code Collections
    Le Serveur Libre



    Programming Languages


    Free ISO C reference manual. Sandro Sigala has released a reference manual for the C language under the GPL; it is available as PostScript or as LaTeX source.


    Caml weekly summary. David Mentré has kindly sent us his overview of events in the Caml programming community.


    Glasgow Haskell Compiler version 5.0 released. A new version of the Glasgow Haskell compiler, which is a Haskell 98 implementation, has been released.


    Volano Report. A new Volano Report on Java network performance is out. Linux-based systems do well on the network messaging benchmark, and the Blackdown Java implementation maxes the scale on the network scalability test. As was stated by John Neffenger, who ran the tests: "Blackdown's Java VM using green threads on Linux is the only hope for pure Java servers with lots of connections -- at least while we're waiting for the Java 1.4 'new I/O' (or a different Linux threading model)."


    Python 2.1 is out; the announcement went out on April 17. It includes a number of new features, including nested scopes, the __future__ mechanism, weak references, function attributes, support for more platforms, and more.

    This week's Python-URL. Here is Dr. Dobb's Python-URL for April 16, with coverage of the 2.1 release, Python interfaces, and other news from the Python development world.

    Python-dev summary. The Python-dev summary for April 11 is also out. It talks about the magic __debug__ variable, inverse string interpolation, and other topics relating to the development of the Python language.


    This week's Tcl-URL. Dr. Dobb's Tcl-URL for April 16 is out, with coverage of the Tcl/Tk 8.3.3 release and more.

    Section Editor: Forrest Cook

    Language Links
    Caml Hump
    Tiny COBOL
    g95 Fortran
    Gnu Compiler Collection (GCC)
    Gnu Compiler for the Java Language (GCJ)
    IBM Java Zone
    Free the X3J Thirteen (Lisp)
    Use Perl
    O'Reilly's perl.com
    Dr. Dobbs' Perl
    PHP Weekly Summary
    Daily Python-URL
    Python Eggs
    Ruby Garden
    MIT Scheme
    Why Smalltalk
    Tcl Developer Xchange
    O'Reilly's XML.com
    Regular Expressions

     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Commerce page.

    Linux and Business

    Open source software in EU public administrations. A European Commission initiative called IDA ("Interchange of Data between Administrations") ran a symposium on "Open source software in EU public administrations" back in February. The presentations from the symposium are now available online, in PDF format. The presentations are worth a look; they provide a view into how a number of European governments are looking at open source software.

    For those who would rather not deal with PDF files, Stéfane Fermigier has kindly provided us with one of these documents, the conclusions, in plain text. In short, their conclusions are good news for the open source community.

    ActiveState launches ASPN Initiative. ActiveState has announced the ActiveState Programmer Network (ASPN), which delivers tools and knowledge to enable programming with open source technologies. For example, the ASPN includes quality-assured binary distributions of Perl, Python and Tcl; multi-language and platform IDEs; technical references, sample code and other helpful information. Access to ASPN is not completely free and open, at least not for all resources that ActiveState has to offer. There are three levels at which developers can join. ASPN Open provides a free online resource for casual and new programmers. ASPN Komodo builds on ASPN Open and is designed for professional programmers. The Komodo IDE and updates for a year are included with ASPN Komodo, priced at $295 for an annual subscription. ASPN Perl includes access to all O'Reilly Perl texts and other Perl programming resources, on top of everything ASPN Komodo offers, and has an annual subscription fee of $495.

    Samsung, Lineo form Lineo Korea. Samsung and embedded Linux maker Lineo have formed a joint venture called Lineo Korea.

    National Semiconductor, Samurai announce Brazilian Linux system. National Semiconductor and Samurai have announced that, in response to a challenge from the Brazilian government, they have designed an inexpensive, Linux-based computer intended to provide affordable Internet access. It uses a flash drive, and has no moving parts.

    BSDi to Become iXsystems, Inc.. The sale of the BSD operating system units to Wind River haven't closed down BSDi. They apparently will be changing their name to iXsystems, licensing BSD/OS from Wind River and concentrating on rack mounted systems, server appliances and advanced systems.

    New IBM Chips to Drive Innovative, Lower-Power Internet Appliances. While mostly just hype for new IBM chips, this press release states a fairly obvious point of view for the future of computing. "In the PC environment, one proprietary operating system and one standard chip type defined how the products would look and perform. Internet appliances, however, are expected to take many forms, made possible by software like Linux and IBM WebSphere, as well as adaptable chip technology like PowerPC IAP."

    Linux Stock Index for April 12 to April 18, 2001

    LSI at closing on April 12, 2001 ... 29.47
    LSI at closing on April 18, 2001 ... 31.83

    The high for the week was 31.83
    The low for the week was 29.21

    Press Releases:

    Open source

    Proprietary Products for Linux

    Servers and bundled products

    Products and Services Using Linux

    Products With Linux Versions

    Java Products

    Books & Training



    Financial Results

    Linux At Work


    Section Editor: Rebecca Sobol.

    April 19, 2001


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Linux in the news page.

    Linux in the news

    Recommended Reading

    The beast of complexity (Economist). The Economist has put together a lengthy survey of the software industry, which includes, among much other stuff, a look at open source. "Open-source communities, for example, are fascinating social structures. Similar communities could one day produce more than just good code. Thomas Malone, professor of information systems at the Massachusetts Institute of Technology, sees great opportunities ahead: 'The Linux community is a model for a new kind of business organisation that could form the basis for a new kind of economy.'"

    Battle for the Unseen Computer (Technology Review). According to this article, LynuxWorks questions the suitability of Linux to the embedded world. "It is just such real-time operation that skeptics say eludes Linux. Linux is built to run a given command from start to finish. That's why the embedded systems that run on Linux to date are ones where real time is not critical, such as the Kerbango radio. Disagreement about the best way to make Linux real-time-and whether it's possible to make Linux real-time at all-are splintering the embedded-Linux movement into less-than-friendly factions."


    In an instant (Denver Rocky Mountain News). Jabber.com's business model and technology from the open source Jabber project may make it the de facto standard for instant messaging, says this article from the Denver Rocky Mountain News. "Instant messaging is seen as having great potential in a number of areas, including employee collaboration... That could help speed up the way business is conducted and projects are completed. [Unfortunately,] the big players, trying to protect their own markets, have been reluctant to embrace an industry standard."

    iomojo creates open camera server project (LinuxDevices). LinuxDevices.com writes about Silicon Valley startup iomojo, an embedded Linux company that is designing a media-centric server appliance. "Basically, all that's required to implement iomojo's camera server is an appropriately configured computer running Linux, equipped with an inexpensive video camera and video capture card. The latter two items are available for a few hundred dollars."

    Freenet developer to create commercial apps (InfoWorld). Here's an InfoWorld article on Uprizer. "The outstanding difference in the software Uprizer develops compared with that for Freenet will be absence of those capabilities that shield users' identities. Clarke said the goal is to retain the positive qualities of the Freenet architecture but deliver software that is palatable to corporate users."

    Ian Clarke's Uprizer Gets $4 Million (NewsBytes). NewsBytes reports on Uprizer, the company created by Freenet founder Ian Clarke. Uprizer has evidently scored $4 million in venture funding, from Intel no less. "Uprizer can save businesses money in the distribution of software, games, video and other content, he said. 'We feel we can streamline that process and help people save money on bandwidth cost.'"

    HP Backs Open Source Server (ZDNet). HP thinks the Enhydra server software is becoming another important piece of the open source world. "Part of the reason HP is backing Enhydra is its ability to deal with eXtensible Markup Language messaging and wireless applications based on I-mode and Java 2 Micro Edition cellular phones. Netservers are often used to host wireless applications, and the availability of Enhydra helps "companies looking for ways to use mobile technologies," said Nigel Ball, general manager at HP's e-Services Partner Division."

    Game Over for Video Console Firm Indrema (San Francisco Chronicle). The SF Chronicle covers the demise of the Linux-based Indrema game console project. "Indrema said it amassed an active community of 50 to 100 developers, and that "potentially hundreds" of projects were in the works. Most of those titles will be redirected to personal computers running Linux, Gildred said. He denied that a lack of big-name developers contributed to Indrema's flameout."

    Plans for Linux game console fizzle (News.com). News.com looks at the demise of Indrema. "[Indrema CEO John] Gildred said there were close to 200 Indrema games in development, including 30 or 40 far enough along that the company hoped to have them available when the console launched. The fate of those games and the Indrema format will likely hinge on current negotiations to sell Indrema's intellectual property. If the Indrema standards and other technology are released as open-source software, the format may live on."


    Low-cost Indian PC to hit market soon (News.com). C|Net reports that India is getting ready to launch its inexpensive Linux-based Simputer. "Vinay Deshpande, president of the Manufacturers Association of Information Technology (MAIT), said the low-cost was due partly to the use of the Linux operating system and other open-source software."

    O'Reilly's look at Napster alternatives. O'Reilly's P2P site does a rundown of the available alternatives to Napster for searching for programs, images, video, documents, and, of course, MP3 files. Most of the options make use of Gnutella.


    Opinion: Inder Singh on The ELC Platform Specification (LinuxDevices). Dr. Inder Singh has written this opinion piece on why he believes the ELC Platform Specification will succeed where the POSIX effort failed. "Now, there is a real opportunity for Linux to fulfill the promise of UNIX and POSIX. Linux is already available from many vendors, and since all the different versions start with the same kernel, there is a high degree of compatibility and interoperability between different embedded Linux distributions. At the same time, Moore's law has largely eliminated the resource constraint issue. In fact, with the falling prices and increasing power of system-on-chip (SOC) devices and memory, and the growing software complexity of embedded applications, a Linux style of operating system with its process model is an excellent fit for today's high volume embedded devices compared to the legacy flat address space real-time operating systems that can work with MMU-less CPUs."

    Here's a copy of Singh's slide presentation given at the ELC's annual membership meeting on April 9, 2001. Singh is the Chairman of the Embedded Linux Consortium (ELC) and is also CEO of LynuxWorks.

    Linux gets embedded (ZDNet). In a short summary of who's who in the Linux Embedded marketplace, ZDNet says that the little guys are taking on the big players with high hopes. "Linux, a clone of the Unix operating system that competes with Windows, got its start in servers. A number of companies, such as TimeSys, Red Hat, Lineo, LynuxWorks and MontaVista Software have been working to squeeze it into smaller embedded devices such as network routers, handheld computers and set-top boxes."

    Microsoft's campaign to help Linux on the desktop (ZDNet). According to this ZDNet article, Microsoft is doing the Linux desktop a favor by releasing XP - because XP uses XML as its file format. "Office's use of XML could help the Linux desktop as much as Microsoft's opening of SMB allowed Samba to help Linux become such a competitive server. To be sure, there are still usability issues with current Linux GUIs, and Windows still runs many more applications than the Linux desktop."

    Leave everything to me... not! (ZDNet). Evan Leibovitch says in this ZDNet op-ed piece that while Microsoft offers too little choice, Linux offers too much. "It's a feature, not a bug, that Linux is about choice. Recently I wrote about the increasing progress being made by the Linux Standard Base, a group that seeks to make life easier for software developers while encouraging diversity among Linux distributions. And I've been happy to hear reports coming from this month's GNOME developer's conference, GUADEC II, where interoperability was a major concern."


    Red Hat Unveils Latest Linux Distribution (InternetNews). InternetNews reviews Red Hat Linux 7.1. "The latest release also includes updated versions of the GNOME and KDE GUIs, as well as Mozilla. And, for the international audience, 7.1 has increased internalization that supports the global user community with fully translated GNOME interfaces in Japanese, Spanish, French, German and Italian."

    Moving up to the big time (ZDNet). ZDNet examines Red Hat's jump into the 2.4 kernel with their just released 7.1 distribution. "Perhaps the most important news is that Red Hat's distribution comes with improved security built in. For example, in almost all Linux distributions, the default setting is to automatically set up Internet programs like Sendmail and Apache with their open network ports, even if you don't plan to use either program. In Red Hat 7.1, these default to keep the ports closed and thus prevent would be raiders from exploiting programs that you might not even have known were running."

    NuSphere MySQL: Free Beer in a Tall Glass (LinuxPlanet). LinuxPlanet reviews NuSphere MySQL. "The folks at NuSphere have a good idea, and they have in effect done for the middleware tier what Linux distributions have done for the operating system tier. It would be nice to see an integrated Open Source search engine tool, and perhaps a WebDAV-aware HTML editing tool, in a future release. Even without these items, though, NuSphere is useful enough to be worth considering for business oriented server deployments."

    Apache 2.0 scales to Windows (ZDNet). ZDNet takes a look at the Apache 2.0 beta. "Unfortunately, this build still lacks any official administration tools, our biggest complaint with the earlier versions."

    The life and times of Linus Torvalds (ZDNet). ZDNet reviews Linus Torvalds biography, "Just for Fun, The Story of an Accidental Revolutionary". "He uses the Red Hat IPO, when he realized that he was actually worth something financially, as an example. ''Regardless of the image that has caught on in the press, of me as a selfless geek-for-the-masses living under a vow of poverty,'' says Torvalds, ''I was, frankly, delirious.''"

    Section Editor: Rebecca Sobol

    April 19, 2001


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Announcements page.



    Bynari publishes series of white papers. Bynari has published a series of white papers in PDF format covering subjects from systems administration to cost analysis of using Linux for messaging platforms to setting up Outlook for use with Linux servers.

    Iptables Basics (Linuxnewbie.org). An introduction to IPTables has been made available over at Linuxnewbie.org. "First you need to know how the firewall treats packets leaving, entering, or passing through your computer. Basically there is a chain for each of these. Any packet entering your computer goes through the INPUT chain. Any packet that your computer sends out to the network goes through the OUTPUT chain."

    Linus biography. In what looks like a sort of unauthorized biography, the Softpanorama Open Source Educational Society has posted a biography of Linus and the evolution of Linux. While it carries a lot of interesting material, it could use a little editing. "After graduation Linux stayed with university for some time and as he admitted himself he actually spent most of his time working on Linux." Note: That's not a typo on our part. (Thanks to Ben De Rydt)

    Tip Of The Week: Shell Looping (LinuxLookup). This week's tip is on shell looping. "Linux shells offer loop constructs that allow you to iterate over some specified values. In the shell, these values are frequently generated from the output of some other command."

    LinuxUser issue 8. Articles from LinuxUser #8 are now available for download in PDF format.

    Camelot Communications to Launch Camelot Media. The 'Threads' newsletter will focus on XML, Java, Web Services, Wireless and Open Source Software. Ken North will be the Editor-in-Chief.


    IST programme actions on free / open source software development. On May 18, 2001 IST will present a conference on free/open source software development in Brussels. David Faure, KDE developer and official representative, will give the keynote.

    Projeto Software Livre RS. II Forum Internacional do Software Livre presents Projeto Software Livre RS May 29 - May 31, 2001 in Brazil. Confirmed participants include Timothy Ney - president of the Free Software Foundation, Rasmus Lerdorf - creator of PHP, Kenneth Avery Coar - member of the Apache consortium, Bruce Perens and LinuxChix.

    Linuxdays 2001. Linuxdays 2001 takes place in St. Pölten, Austria, June 20 - June 21, 2001.

    Events: April 19 - June 14, 2001.
    Date Event Location
    April 20, 2001. 2nd Annual Symposium on Pliant Implementation and Concepts (ASPIC 2001) Paris, France.
    April 23 - April 27, 2001. Linux Expo Road Show Eastern Europe.
    April 24 - April 26, 2001. Linux Africa Kyalami Exhibition & Conference Centre, Johannesburg, South Africa
    April 25, 2001. Real-time and Embedded Systems Forum Conference Berlin, Germany
    May 8 - May 10, 2001. LinuxWorld Auckland, NZ.
    May 9, 2001. Linux@work Oslo, Norway.
    May 9 - May 10, 2001. Linux Expo Brazil São Paulo - Anhembi - Palácio das Convenções.
    May 10, 2001. Linux@work Stockholm, Sweden.
    May 10 - May 12, 2001 LinuxWorld Taipei, Taiwan
    May 11, 2001. Linux@work Helsinki, Finland.
    May 13 - May 17, 2001. Spring 2001 Enterprise Linux Implementation Conference Doubletree Hotel, San Jose, CA.
    May 14 - May 17, 2001. The 2001 Applied Computing Conference Santa Clara, CA.
    May 15, 2001. Linux@work Frankfurt, Germany.
    May 15 - May 18, 2001. Linux Expo China Shanghai Mart, Shanghai, China.
    May 16, 2001. Linux@work Zurich, Switzerland.
    May 17, 2001. Linux@work Milan, Italy.
    May 18 - May 19, 2001. 2nd Magdeburger Linuxtag Magdeburg, Germany.
    May 20 - May 23, 2001. eXtreme Programming - XP2001 Villasimius, Cagliari, Sardinia, Italy.
    May 24 - May 26, 2001. LinuxWorld Korea.
    June 6 - June 7, 2001. Linux Expo Crowne Plaza, Milan, Italy
    June 7 - June 8, 2001. Second European Tcl/Tk User Meeting Hamburg-Harburg, Germany
    June 12, 2001. Linux@work London.
    June 13, 2001. Linux@work Paris.
    June 14, 2001. Linux@work Brussels.

    Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

    User Group News

    FRPythoneers Meeting Notes 2001-04-16. The meeting notes for the April Front Range Pythoneers meeting are available. There is quite a bit of detail which should be of interest to Python programmers everywhere.

    2nd Magdeburger Linuxtag. On May 18 and May 19, 2001 the Magdeburger Linux User Group and their partners present the 2nd Magdeburger Linuxtag in Magdeburg, Germany.

    Hot Springs Educational Technology Institute conference. The Hot Springs lug will be presenting 6 formal workshops over the 4 days of the conference, June 11 - June 14, 2001. You must be signed up in advance for the workshops, and space is going fast.

    LUG Events: April 19 - May 3, 2001.
    Date Event Location
    April 19, 2001. Linux User Support Team, Taegu (LUST-T) Taegu, Korea.
    April 19, 2001. St. Louis LUG (SLLUG) St. Louis County Library, Indian Trails Branch, St. Louis, Missouri.
    April 19, 2001. South Mississippi Linux Users Group (SMLUG) Barnes & Noble, Gulfport, Mississippi.
    April 19, 2001. Rice Linux User Group (RLUG) Rice University, Houston, TX
    April 20, 2001. Rock River Linux Users Group (RRLUG) Rockford College, Rockford, Illinois.
    April 21, 2001. LUGOD Demonstration Borders Books and Music, Davis, CA.
    April 21, 2001. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
    April 21, 2001. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
    April 21, 2001. North Texas Linux Users Group (NTLUG) Nokia Centre, Irving, Texas.
    April 24, 2001. Hazelwood LUG Prairie Commons Branch Library, Hazelwood, Missouri.
    April 24, 2001. West Side Phoenix Linux Users Group (PLUG) Glendale Community College, Glendale, AZ.
    April 25, 2001 The Nashua Chapter of the Greater New Hampshire Linux Users Group Martha's Exchange, Nashua, NH.
    April 25, 2000. Central Ohio Linux User Group (COLUG) Columbus, Ohio.
    April 25, 2001. Linux User Group of Assen Assen, Netherlands.
    April 26, 2001. Bergen Linux User Group (BLUG) Bergen, Norway.
    April 28, 2001. Consortium of All Bay Area Linux (CABAL) Menlo Park, California.
    May 1, 2001. Missouri Open Source LUG (MOSLUG) Culpeppers Restaurant, Kirkwood, Missouri.
    May 1, 2001. Linux Users' Group of Davis (LUGOD) Z-World, Davis, CA.
    May 1, 2001. NorthWest Chicagoland Linux User Group (NWCLUG) Harper College, Palatine, Illinois.
    May 2, 2001. Kansas City LUG Installfest Kansas City Public Library, Kansas City, MO.
    May 2, 2001. Southeastern Indiana Linux Users Group (SEILUG) Madison/Jefferson County Public Library, Madison, IN.
    May 2, 2001. Silicon Valley Linux Users Group (SVLUG) Cisco Building 9, San Jose, CA.
    May 3, 2001. Edinburgh Linux Users Group (EDLUG) Holyrood Tavern, Edinburgh, Scotland.

    Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

    April 19, 2001



    Software Announcements

    Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

    The Alphabetical List and Sorted by license


    Our software announcements are provided courtesy of FreshMeat


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Linux History page.

    This week in Linux history

    Three years ago (April 23, 1998 LWN): Linus announced "Linus 3.0". A girl, 3270g (7lb 3oz), otherwise known as "Daniela."

    Netscape, Sun, Oracle, and others formed a group called "ProComp" to "promote" competition in the computer business - by bringing down Microsoft. Those famous high-tech figures Robert Bork and Bob Dole were brought in to help.

    But before Bork sits down in an attempt to rewrite the law, he will need to brush up on his knowledge of the Internet. "I am going to have to analyze something about this technology," he said at Monday's news conference. "My wife gets on the Internet, but she'll have to teach me about it."
    -- Wired News.

    Three years ago, LWN editorialized that the best thing to do about Microsoft was to ignore it and build the best free system we could. In the year 2001, it's easy to believe that Linux has done more for competition in the software world than Bork and Dole ever did.

    Two years ago (April 22, 1999 LWN): Caldera released OpenLinux 2.2, becoming the first major distribution to come out with the 2.2 kernel. Nicholas Petreley raved about it in InfoWorld. He predicted that this version would challenge Linux on the desktop, mostly by making it easier for Windows users to install Caldera OpenLinux without losing Windows.

    Caldera isn't the perfect answer to Linux on the desktop. But even with a minor flaw or two, Caldera OpenLinux is at least 51 weeks closer to being perfect than I ever would have imagined. In short, Bill had better get out of the way. Because it looks like an 18-wheeler is unexpectedly barreling down the road in his direction.

    In spite of Mr. Petreley's predictions, Linux remains under-utilized on the desktop.

    Corel announced that its upcoming distribution would be based on Debian and KDE.

    The gcc and egcs projects agreed to merge, bringing an end to a long and sometimes destructive fork in one of the more important free software projects. The end result is called "gcc," but was based mainly on the egcs code base.

    The birth of Evolution? Miguel de Icaza posted this note exploring the need for a truly powerful mail client.

    The Mindcraft benchmark (mentioned in last week's history page) spawned a flurry of articles, mostly defending Linux. Mindcraft admitted that its Linux system was not tuned at all, while its NT system was tuned very well for the test. In this ZDNet article looked at some of the reasons that NT was able to beat Linux in this test and what Linux needed to do to improve in the future.

    For one thing, there's a useful lesson here for Linux resellers and integrators. Linux tuning information is hard to gather up. Yes, it's there. But, it really requires an expert Linux user to find it. If Linux is to win commercially, information known only to Linux gurus and hidden away in a dozen Web sites needs to be gathered together and made more readable and approachable. For new users, learning advanced Linux is still much too difficult.

    Tuning information may be no easier to find two years later, but one important thing has changed: far less tuning is required, in many cases, to get Linux to perform well.

    Jesse Berst wrote this ZDNet article. He accuses Linus Torvalds of taunting Microsoft during a Spring Comdex keynote in which Linus predicted Linux would crush Microsoft. Later on Jesse writes:

    Peer past the posturing and PR boasting on both sides, and here's what's really going on: Linux is making steady progress on the server side, especially for must-stay-up installations. But it's making no dent in Windows NT's growth as the standard OS for departmental servers. And it is light years away from being a threat to anybody on the desktop.

    Well Linux has made a serious dent into server market now, and while not quite "there" on the desktop, "light years away" seems like quite an exaggeration.

    Tim O'Reilly had a somewhat different point of view. During an interview he said,

    If the open-source community doesn't get it, they are going to end up fighting the old battle trying to win on the desktop. But you know, who cares about the desktop? The web is the platform. What you want to be is like 'Intel inside' - you want to be like 'open source inside' for the next generation.

    These days we do see 'open source inside' for a large segment of the web, and in many other spaces as well.

    One year ago (April 20, 2000 LWN): A back door was found in Microsoft's FrontPage server software. It was apparently deliberately inserted by a Microsoft engineer and had been there for years. Eric Raymond had some things to say about it.

    Webmasters all over the world are going to be pulling all-nighters and tearing their hair out over this one. That is, webmasters who are unlucky enough to work for bosses who bought Microsoft. At the over 60% of sites running the open-source Apache webserver, webmasters will be kicking back and smiling -- because they know that Apache will *never* have a back door like this one.

    "Never" was, perhaps, a bit strong. There have been a couple of "back door" issues with free software recently, but they tend to be the sort of exception that provies the rule. Consider, for example, the back door found in InterBase shortly after the code was released.

    Brendan Shea became the first new Debian maintainer in a long time, showing that the new maintainer process was finally working again.

    The ugly stock market hit in force when several Linux stocks, including VA Linux Systems, Caldera, and Andover.Net, fell below their initial offering prices for the first time. Of course, people holding those stocks now would see the prices of a year ago as a very nice thing...

    VA Linux, which traded at $320 a share following its IPO in December, went into a freefall almost immediately and hit a low of $26.88 last week. Thats below its IPO asking price of $30. Larry Augustin, chief executive of VA Linux, which makes Linux-based computers, has seen his personal wealth plummet from a post-IPO $2 billion to just over $200 million. That doesn't even get you a table near the kitchen in Silicon Valley.
    -- Forbes.

    Corel's Linux distribution was selling well. The company had just released Corel Linux with German, French and Dutch support. The press release claimed that this was the "First Multilingual Linux O.S.", which was not true. In a ZDNet story about Corel's chances of survival a variety of factors from plunging stock prices to allegetions of insider trading by then CEO Michael Cowpland.

    [CTO Derek] Burney says Corel pretty much owns the Linux desktop market, though there is competition. Both Caldera Systems and Macmillan USA, for example, sell Linux for the desktop on retail shelves for $10 to $20 less than Corel's Linux.

    Mentioned too, is the expected merger between Corel and Inprise, which never happened. The general conclusion was that Corel would survive if it could make Linux work for them. While Corel still supports Linux for some software, the company (with funding from Microsoft), has headed back to its Microsoft roots, sans the beleaguered Cowpland.

    The Linux Standard Base project announced the release of version 2.1 of the Filesystem Hierarchy Standard.

    April 19, 2001


     Main page
     On the Desktop
     Linux in the news
     Linux History

    See also: last week's Letters page.

    Letters to the editor

    Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

    April 19, 2001

    From:	 Charlie Stross 
    To:	 letters@lwn.net
    Subject: Free downloads of CD images
    Date:	 Thu, 12 Apr 2001 12:17:13 +0100
    Apropos the lack of a SuSE 7.1 downloadable CD image ...
    Here in the UK, I rent a colocated server. Bandwidth costs between £7
    and £15 (i.e. $10-$22) per gigabyte per month. Thus, if I were to provide
    an FTP service, downloadable CD images would cost roughly $5-$10 a pop.
    Of course, by buying bandwidth in bulk (my very own OC3 line!) I could
    probably cut the cost by an order of magnitude. And bandwidth costs
    in Europe are higher than in the US; again, it's an order of magnitude
    cheaper where you're standing.
    Nevertheless, the key fact is that those distributors who provide FTP-able
    CD images are providing a service which costs them money to run. In the
    beginning, when they were poor, they sold CD's. Then they floated or
    otherwise became cash rich, and could afford to run FTP servers with
    enormous bandwidth. Now that the economy is looking gloomy, is it any
    surprise that they're seeking to transfer the burden of costs back onto
    the shoulders of the consumers (who are, after all, the people who used
    to pay them by purchasing CD's)?
    There's a lot to be said for Tannenbaum's Law: "never underestimate the
    bandwidth of a pick-up truck travelling cross-country with a trunk full
    of magnetic tapes" -- or, in its contemporary incarnation, the bandwidth
    of a FedEx parcel full of DVD-ROMs.
    NB: I just did the following:
      dd if=/dev/cdrom of=suse-7.1.1.iso
      bzip2 -9 suse-7.1.1.iso
    This compressed the image file from 601,997,312 bytes to 507,265,922.
    Which suggests to me that there's still a bit of slack space in those
    filesystems full of oh-so-compressed RPMs. Given that enhanced
    compression would cut the cost (to the distributors!) of running a
    download service by up to 15%, maybe it's about time someone looked
    into the best way of providing a CDROM image. Maybe a tiny bootable
    Rock Ridge partition followed by a highly compressed filesystem?
    -- Charlie Stross
    I are sigfile disease!!
    All your quote are belong to us.
    Copy us every "sig"!
    From:	 "Lou Grinzo" 
    Subject: "End of free beer"
    Date:	 Fri, 13 Apr 2001 10:05:08 -0400
    I think your coverage in the "end of free beer" piece was very fair and
    enlightening.  But I do want to add one comment: Companies blaming bandwidth
    for the need to charge are being disingenuous, to say the least.  There's a
    perfectly good way for them to distribute ISO images with very little
    bandwidth requirement on their part: They can break them up into pieces and
    distribute them via newsgroups.
    There are already tools available for doing this, including the
    closed-source RAR and my own open-source BitBox, and the process has been
    very well worked out a long time ago by the people who exchange things like
    CD-size anime movies and other binaries in newsgroups.  All SuSE or anyone
    else has to do is upload their ISO image once every two weeks (a very
    simple, automated process), and the download burden would be spread across
    hundreds or thousands of newsgroup servers around the world.  It also makes
    it easier for the user to grab really huge packages, like entire distros, in
    pieces, without the hassle of trying to connect to a swamped ftp server,
    I'm amazed that no one in the open source community is routinely doing this,
    and I've been trying to convince people to give this approach a chance.
    (See my web page for BitBox at
    http://home.stny.rr.com/gizmodrome/bitbox.html, for example.)
    In fact, I think it might be a good idea to get a few broadband users (like
    myself) to band together (The Broadband Band? <g>) and take turns uploading
    packages like various distros, the binaries for the latest KDE, GNOME,
    Ximian, or whatever.  This should be restricted to just those packages that
    can be uploaded legally, of course, but that would clearly help a lot of
    people gain better access to free software.
    Take care,
    Lou Grinzo
    From:	 Nathan Myers 
    To:	 letters@lwn.net
    Subject: Wind River Systems' liability
    Date:	 Thu, 12 Apr 2001 02:15:19 -0700 (PDT)
    From: Nathan Myers <ncm@nospam.cantrip.org>
    Re: WRS (alleged) perfidy, and what to do about it
    To the editors,
    Last week LWN published a letter hinting that Wind River Systems may 
    have deliberately violated the GPL.  Readers may wonder, suppose that 
    happened to me, what could I do about it?  (Disclaimer: I'm not a 
    lawyer, but this is my understanding.  Further, I am only using WRS 
    as an example here; I have no personal knowledge of any violations.)
    First, if Wind River didn't give you the binaries, they don't owe you
    the changed sources.  They are only obliged to offer the sources to 
    somebody who got the code from them.
    Second, if you're not the copyright holder, you don't have "standing"
    to enforce it.  Only the copyright holder and whoever they empower has 
    the right to sue.  (In the case of Gdb, I believe this is the FSF.)  
    If the FSF decides not to enforce it, they are effectively extending 
    additional rights to Wind River Systems beyond what is in the GPL.  
    They may choose to demand money from WRS in exchange for that 
    extension, e.g. as part of an out-of-court settlement.
    Third, if you are the copyright owner of code accepted into Gdb, you 
    assigned rights to that code to the FSF, so you still depend on them 
    to enforce it.  However, you may have standing to file a suit if the 
    FSF just can't be bothered, but will testify that they haven't offered 
    WRS any additional rights.  FSF could, in principle, undermine your 
    case any time by settling separately with WRS.  Similarly, WRS might 
    pay their customer(s) not to testify on your side, making it harder 
    to prove your case.  These risks might make it hard to find a lawyer
    to take the case "on spec".
    Fourth, if WRS does this with a product in which you own code and for
    which you *haven't* assigned rights to the FSF, you can sue.  (The Linux 
    kernel is an example of a GPL'd work for which copyright assignments 
    are not collected.)  Besides forcing WRS to release the code, you might 
    collect substantial damages for past violations.  Or, something might go 
    wrong (e.g. you miss filing some paper, or you draw a crooked judge) in 
    which case you could end up owing various people lots of money.
    In summary, it can be pretty hard, and can be dangerous, to enforce 
    the GPL.  
    Nathan Myers
    From:	 Richard Stallman 
    To:	 eric@brouhaha.com
    Subject: Wind River violating the GPL
    Date:	 Sat, 14 Apr 2001 22:12:54 -0600 (MDT)
    Cc:	 letters@lwn.net
        I left that company before I could pursue the matter any further.  But
        others have told me that they've had the same experiences with Wind
        River since then.
    If anyone has had this experience, he should inform the FSF.  We can
    enforce the GPL, if we have people who can swear to the particulars of
    a violation.  In general, when you know of a violation of the GPL, you
    should always inform the copyright holders of the program in question,
    because they are the ones who have "standing to sue" if the license
    is violated.
    From:	 Havoc Pennington 
    To:	 editor@lwn.net
    Subject: guadec interoperability progress
    Date:	 14 Apr 2001 12:03:35 -0400
    People might want to read Dave Mason's report from GUADEC here:
    Two notable things, first we had a group of KDE hackers at GUADEC and
    a keynote by Matthias Ettrich, and a lot of good interaction/planning
    went on; second the GNOME Foundation Board of Directors adopted the
    following statement:
      We believe that for GNOME to be successful, it needs to interoperate
      with other computing environments and services platforms. Thus we
      are in favor of increased collabration with KDE to insure end users
      will be able to seamlesly mix KDE and GNOME applications.
    The fact is that one primary virtue of open source software, and our
    big selling point vis-a-vis the proprietary world, is that we put the
    needs of the user first - we put the customer in
    control. Interoperability is a specific customer need that's
    underserved by the proprietary world. So we are making
    interoperability - not just with KDE, but with Windows, Java, etc. - a
    primary concern of the GNOME project.
    A second motivation for our statement is the observation that ISVs are
    often scared off by press reports of the GNOME/KDE conflict, and they
    fear that they will select the wrong desktop to support with their
    applications. Thus we are joining with the KDE project to commit to
    interoperability, and to ensure that selecting a development platform
    for an application will not mean selecting one or another group of
    users. That is, ideally, users using GNOME or KDE should not care what
    toolkit was used to develop an application. This will be our goal, and
    already the GTK+ and Qt teams have been working together on various
    initiatives. And of course it's already true that apps written with
    GTK+ or Qt will work fine on either desktop; the remaining challenges
    are primarily cosmetic.
    This is not to say there can't be friendly competition between GNOME
    and KDE. But it should be comparable to the competition between
    various window managers; they all work with all apps, and the choice
    is up to users. Users should even be able to choose some of the
    lower-profile desktops such as XFCE or GNUStep if they
    like. It's just a harmless user preference. 
    Competition on this level is beneficial, a good way to ensure progress
    continues - witness the stagnation in Motif/CDE once the "desktop
    wars" were over, and compare it to the constant advances made by GNOME
    and KDE. But competition must be accompanied by a firm commitment to
    interoperability. So we are making that commitment and following
    through by working closely with the KDE team.
    This isn't all new at GUADEC; see http://www.freedesktop.org where
    work has been going on for some time. But progress at GUADEC I hope
    makes our seriousness of purpose very clear.  We are firmly committed
    to the view that the real war is between free software and proprietary
    software. The war between GNOME and KDE is decidedly over, with users
    and free software as the victors.
    From:	 Jim Dennis 
    To:	 lwn@lwn.net
    Subject: MMU-less CPUs: ucLinux
    Date:	 Sun, 15 Apr 2001 15:51:40 -0700
    > Opinion: Inder Singh on The ELC Platform Specification (LinuxDevices)
    >  Press, April 14 (Saturday)
    > Dr. Inder Singh has written this opinion piece on why he believes
    > the ELC Platform Specification will succeed where the POSIX effort
    > failed. "Now, there is a real opportunity for Linux to fulfill the
    > promise of UNIX and POSIX. Linux is already available from many
    > vendors, and since all the different versions start with the same
    > kernel, there is a high degree of compatibility and interoperability
    > between different embedded Linux distributions. At the same time,
    > Moore's law has largely eliminated the resource constraint issue. In
    > fact, with the falling prices and increasing power of system-on-chip
    > (SOC) devices and memory, and the growing software complexity of
    > embedded applications, a Linux style of operating system with its
    > process model is an excellent fit for today's high volume embedded
    > devices compared to the legacy flat address space real-time
    > operating systems that can work with MMU-less CPUs."
     I feel the need to point out that Linux (uCLinux) can run on 
     CPUs which lack MMUs (paging and virtual memory support).
     Naturally more info on uCLinux can be found at http://www.uclinux.org
     It concerns me that Dr. Singh would express such ignorance of
     such an important segment of his own field.  uCLinux is one of the
     major forces in embedded systems.  He re-iterates his lack of 
     interest in non-MMU CPUs in this white paper at
     Anyway. That's a nitpick I suppose.  Hopefully Lineo (the company
     with the greatest commercial interest in uCLinux) will use their 
     position on the ELC to ensure that uCLinux is not slighted in 
     drafts of this ELC Platform Spec.
     On another note, here are some of my personal comments on 
     Linux and embedded systems.
     In discussing Linux and embedded systems I think it's useful to 
     distinguish between systems that use the Linux kernel in their
     target hardware, and though that use a tool chain hosted on Linux 
     to support other kernels on the target platform.  
     I'm sure Dr. Singh is familiar with this issue since BlueCat Linux
     is used as a development host for both the LynxOS kernel and for 
     the BlueCat Embedded target.  Perhaps the oversight is deliberate
     since it appears that LynxOS has no support for systems with no MMU.
     (Though one might infer that the BlueCat embedded target might, 
     considering its references to the ARM7 *with MMU*, and other references 
     to other ARM7 and ARM9 systems which don't specify their MMU support).
        (*) http://www.lynuxworks.com/bluecat/index.html
     Once upon a time I perceived a distinction between "turnkey" and 
     "embedded" systems which seems to have been lost.  Perhaps it was
     a misperception on my part.  
     Traditionallly it seemed that the term embedded system referred to
     software/firmware which was incorporated into devices which served
     some primary function that was *not* related to computing or information
     processing.  For example, devices which are "embedded" into a microwave
     oven, or the many MCUs and CPUs that are built into a typical modern
     automobile.  Often these devices have been designed under significant 
     constraints on memory, storage, power consumption, heat dissipation,
     RF emissions and or sensitivity, tolerance to physical vibration and
     G-forces, heat and other hostile environmental factors.
     The term "turnkey" seemed to be applied to dedicated computing 
     devices that were primarily intended to manage data.  Thus POS
     (point-of-sale), and telephony switchgear were traditionally referred
     to as "turnkey" systems rather than embedded systems.  This distinction
     was additionally useful since "turnkey" systems generally were less
     constrained (relative to common desktop and laptop computing equipment).
     In other words the design contraints placed on a telephone switch or
     a POS terminal (cache register) aren't significantly more onerous than
     those placed on a quality server or desktop.  (Oddly enough there are
     somewhat tighter constraints placed on telco equipment regarding RF and
     sound emissions; but they aren't much different).
     By my reckoning a PDA would be a turnkey system.  Like a laptop, it
     is primarily a data/information management device (although it does
     have significant power consumption, heat dissipation, and physical
     size/weight and computing (RAM/storage) footprint constraints.
     However, a cell phone fits into an interest gray area.  It's primary
     function is communications but many ancillary computing functions
     (such as WAP/WML browsers) have been incorporated into new cell 
     phones (with more on the way).
     Perhaps this blurring of terminology has occurred because of a 
     blurring and blending of requirements and applications.
    From:	 "John D. Rowell" 
    To:	 letters@lwn.net
    Subject: You would think they would know better by now
    Date:	 Fri, 13 Apr 2001 21:43:18 -0700
    Cc:	 Henry Kingman ,
    	 Rick Lehrbaum 
    In the "Linux gets embedded (ZDNet)" story on LWN today ("Press, 
    April 13 (Friday the 13th)"), you reserved a paragraph to mock the use of
    "clone" as the relationship between Linux and Unix, as a display of
    how theoretically incompetent the source of the article was.
    May I recommend that the LWN Editors take a moment to check out the 
    following quite authoritative link:
    or simply open up the README file in the root directory of _any_
    Linux kernel (2.4.3-ac5 for instance, if the above link doesn't
    seem to be up to date enough), and pay special attention to the
    paragraph under "WHAT IS LINUX?".
    I guess the old saying _is_ true, nobody reads the documentation
    anymore. sigh.
    John D. Rowell      <me@jdrowell.com>        <jdrowell@appwatch.com>
    [irc: jdrowell]     http://jdrowell.com      http://appwatch.com
    [icq: 6273503 ]     my GPL'd apps            Free Software / Open Source
    [pgp: http://jdrowell.com/pgpkey] "I see fat people!"
    From:	 M Carling 
    To:	 lwn@lwn.net
    Subject: Correction
    Date:	 Thu, 12 Apr 2001 13:58:25 -0700 (PDT)
    Cc:	 michael@helixcode.com
    Bonobos are not monkeys.  They are apes.  BTW, "very good at coupling" is
    a great euphemism.  Bonobos mate about 20 times per day.  Also, Bonobos
    and humans are the only mammals that can mate face to face.
    The family tree looks like this:
                                   /  \
                                  /    \
                                 /      \
                                /        \
                               /          \
                             Apes        Monkeys
                             /  \          /|\
                            /    \        / | \
                           /      \
                          /        \
                         /          \
                        /            \
                     Lesser         Great
                      Apes           Apes
                 (e.g. Baboons)      /  \
                      /|\           /    \
                     / | \         /      \
                                  /        \
                                 /          \
                            Orangatang      /\
                                           /  \
                                          /    \
                                         /      \
                                        /        \
                                       /       Gorilla
                                    /  \
                                   /    \
                                  /      \
                                 Man     /\
                                        /  \
                                       /    \
                                      /      \
                                     /        \
                                  Bonobo    Chimpanzee
    Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
    Linux ® is a registered trademark of Linus Torvalds