[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

IDC on the future of multiuser systems. IDC has announced a report describing its view of the future in the "multiuser system" market. The company expects quite a bit of growth in this arena, with the market being worth $34.6 billion by 2004. Forecasts have been provided for individual operating systems as well:

System1999 revenue
2004 revenue
Windows NT$4.7$12.8

If reality comes close to matching these figures, there are some interesting conclusions to be drawn here.

Unix systems (which Unix was not specified in the release) are expected to hold almost half of the multiuser system market in 2004. Market share will drop, but revenues will increase as the whole pie gets bigger. In other words, proprietary Unix will be feeling the pressure, but the rumors of its death are still somewhat premature.

The Linux growth rate will continue to be phenomenal. Of course, we didn't need IDC to tell us that, but it's nice to see anyway.

Windows NT, it is said, will grow twice as much as Linux in absolute dollars (though you get a different story if you look at percentages). It will bring in three times as much revenue as Linux in 2004. It's worth pointing out one thing here, though: the revenue from an average Linux deployment is a fraction of that from a Windows deployment. One Linux CD, perhaps not even purchased, can power many computers. Thus, we conclude that Windows may bring in more money, but far more Linux systems will be deployed.

Finally, $4.1 billion is a reasonable chunk of change - and it only represents one segment of the operating systems market, and only in the United States. It may be a bit of a lean time for Linux companies at the moment, but people will be making money - serious money - with free software before too long.

Perhaps we didn't need IDC to tell us that either. But it's still nice to hear.

SDMI brings out the threats. Two very different approaches to the protection of audio data (i.e. music) and its creators have come out recently. They are worth a look.

Remember the SDMI challenge? The Secure Digital Music Initiative seeks to defeat copying of digital audio through the use of a number of watermarking technologies. SDMI issued a public challenge last year, offering prizes for those who could crack their technologies - as long as the victorious parties kept their findings secret. A number of people called for a boycott of this challenge, thinking that SDMI was really just trying to find obvious problems before deploying an expensive new system.

A group lead by professor Edward Felten at Princeton succeeded in a number of attacks against SDMI, but then chose not to claim the prize; instead, they decided to release their findings publicly. Not surprisingly, the SDMI crowd is not much pleased; thus this letter sent to Professor Felten by Matthew Oppenheim, Secretary of the SDMI Foundation:

Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material. Such disclosure is not authorized in the Agreement, would constitute a violation of the Agreement and would subject your research team to enforcement actions under the DMCA and possibly other federal laws.

Here, "the Agreement," is one of the click-through variety that accompanied the challenge.

Even the DVDCCA, in its challenge against the DeCSS code, has not tried to go this far. The DVD people have acknowledged that a textual description of the DVD content scrambling system is protected speech, and its distribution can not be restricted. The DVDCCA has limited its efforts to stamping out the code - an effort which gets going again next week. There is no "DeSDMI" code in circulation, and no immediate threat to SDMI-protected music. But the SDMI people aren't waiting for that to happen; they are out to shut down the distribution of information at a much more basic level. They will run into some interesting first amendment issues if they continue to pursue this case.

All this is happening, of course, in an attempt to protect technology which is already in commercial use. Rather than admit that they adopted a worthless protection scheme, they are trying to sweep the issue under the rug with legal threats. This, of course, will prove difficult to do, especially since Professor Felten and company have already published a paper describing how they attacked SDMI. Their conclusions are worth reading:

Certainly, the technical details of any scheme will become known publicly through reverse engineering. Using the techniques we have presented here, we believe no public watermark-based scheme intended to thwart copying will succeed. Other techniques may or may not be strong against attacks. For example, the encryption used to protect consumer DVDs was easily defeated. Ultimately, if it is possible for a consumer to hear or see protected content, then it will be technically possible for the consumer to copy that content.

The SDMI is fighting a losing battle. Unfortunately, it is still a battle, and a great deal of damage could be done before it is finished.

The EFF Open Audio License. So maybe digital watermarking and other copy protection schemes are a lost cause. And maybe the content industries will eventually wake up to the fact that treating their customers as if they were criminals is not the best marketing tactic. How, then, can a sustainable industry be built that better fits reality?

The software industry is ahead of music in this regard. Copy protection schemes were tried in the 1980's, with no more success than audio and video is seeing now. Much of the industry has moved on to hardcore legal bullying techniques; it still treats its customers like criminals. But proprietary software is increasingly threatened by, of course, free software. Free software licenses recognize that copying will happen, and that the users of software deserve a little more respect.

How a sustainable free software industry will look is still unclear - many companies trying to work in this area are having difficulties now. But it is reasonably evident that, when the intellectual property itself is not making money, companies need to look to performance for their revenues. Digital Creations founder Paul Everitt once justified the open-sourcing of Zope by saying (in paraphrase) "the ability to create Zope is far more valuable than Zope itself." Having shown how it can perform, Digital Creations is making money by applying its abilities to the needs of its clients.

Can this model work in the audio world? Consider, for a moment, the Grateful Dead. The Dead placed its live performances under an informal open license - its customers were empowered to tape Dead shows and make copies for their friends. One of the results is that the Dead was one of the top-grossing concert bands for decades. It worked for them, and for a number of other groups that have followed the same model.

The Electronic Frontier Foundation has just released version 1.0 of the EFF Open Audio License, which may well form the basis of a performance-based audio business model. This license looks very much like the GPL: unlimited copying, modification, and distribution are allowed, but you can not restrict the rights of others to further redistribute the result. There is an attribution requirement as well. The EFF has clearly taken a cue from the free software world:

As in the software communities, this license is intended to help foster a community of creators and performers who are free to share and build on each others' work while freeing their audience to share works that they enjoy with others, all for the purpose of creating a rich and vibrant public commons.

The presence of a new license does not, in itself, create a new music industry. It remains to be seen what level of interest this license will find in the music industry. It is true, though, that a great many musicians are not particularly happy with the current arrangement; things could change faster than many of us would expect.

Inside this week's Linux Weekly News:

  • Security: Pre-release advisories, OpenSSL update, new vulnerabilities in KFM, NEdit, SAFT/sendfile, and innfeed.
  • Kernel: Security modules; block drivers and plugging; non-GPL firmware in the kernel; Eric in KernelLand.
  • Distributions: Linux-Mandrake 8.0, FreeBSD 4.3, ASPLinux 7.1, Think Blue Linux for the 64-bit Zseries, RTLinux goes BSD.
  • On the Desktop: A first look at Ximian GNOME, KDE 2.2Alpha1, and KDE/GNOME put Linux on the desktop...almost.
  • Development: DirectFB - abstracting the Linux framebuffer for embedded devices, interview with the Simputer team and biology and open source.
  • Commerce: IBM: New AIX and Informix acquisition; Layoffs at Caldera.
  • History: Three years ago - proposed changes to the Uniform Commercial Code; Two years ago - gcc and egcs projects merge.
  • Letters: Italian web site registration; social research with Google; Bonobos are not unique.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

April 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

A new trend in security reporting? Pre-release advisories. This week marks the first time that we've seen "pre-release" versions of security advisories issued. In this case, "pre-release" advisories of vulnerabilities that are being discussed at this week's Black Hat briefings in Asia were issued by Asher Glynn from Secure Reality Pty in Australia. The vulnerabilities discussed impacted:

Each "pre-release" contains a title for the vulnerability but no details. In the cases above, all are titled "remote command execution" vulnerabilities, which certainly implies a level of severity. The details of the vulnerability are reserved for the upcoming talk.

Fortunately, patches to fix the reported problem are provided and the pre-releases indicate that the authors were notified.

So are "pre-release" advisories a good thing or a bad thing? What was the motivation for issuing the pre-releases?

It can certainly be viewed as a good thing that a warning of the vulnerability, complete with patches, was shared with the entire community before it was divulged as part of a conference proceedings. On the other hand, the pre-release also serves as a nice advertisement for the upcoming talk.

Withholding details of the vulnerability might draw ire among many, but because patches for the problem have already been provided, anyone who wishes to figure out the vulnerability has all the material they need to examine it themselves. So the only value withheld was the full description of the vulnerability, how it was found, how it was fixed, etc.

Overall, we are happy to see a pre-release, rather than no information at all, before details of new vulnerabilities are discussed in a conference setting. On the other hand, it is essential that such pre-releases provide patches or links to fixed versions of the vulnerable software, both to allow people to secure their systems and to provide a means of verifying the existence of the vulnerabilities.

Linux Security Module Project update. On this week's kernel page, Jonathan Corbet takes a look at the Linux Security Module Project, why it exists and how it is implemented. "This work is proceeding quickly; people who have an interest in how security modules hook into the system may want to make their views known before too long".

Researchers face legal threats over SDMI hack (News.com). News.com reports on the threats against Edward Felten and company, who are planning to release the information on how they cracked the Secure Digitial Music Initiative watermarking scheme (as covered on this week's front page). "'Your contemplated disclosure appears to be motivated by a desire to engage in scientific research that will ensure that SDMI does not deploy a flawed system,' the letter says. 'Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material.'"

Finding Fences in Cyberspace: Privacy and Open Access on the Internet (Journal of Technology Law and Policy). Ethan Preston has published a long article in the Journal of Technology Law and Policy which recommends that the term "Cyberspace" move from its current ad-hoc usage in language to being used in a legal sense, to provide a metaphor around which new legal language can be developed to address Cyberspace issues. "Law is based on language; law that diverges from the language that forms its base risks incoherence. Incoherent law is unpredictable. At the same time, facts develop and evolve much more rapidly than language, but injustice ensues if the law does not respond to changing circumstances". [From ISN].

CERT: The Next Generation (InfoWarrior.org). Richard Forno has published an article that takes a look at the changing face of CERT. "The CERT-EIA Internet Security Alliance will fail to be effective for several reasons, not the least of is that this new organization is charging for services found for free (or cheaper) elsewhere".

Also addressing the recent changes at CERT is this article at The Register. "That said, CERT still has its detractors among Internet security specialists, many of whom question the fairness of making current threat information which affects all Net users and systems administrators available to a select few, while everyone else must wait over a month for the free abstracts".

Security updates for Linux-Mandrake 7.0 and earlier discontinued. Simultaneous to announcing the release of Linux-Mandrake 8.0, MandrakeSoft also announced that security updates for Linux-Mandrake 7.0 and earlier would no longer be provided. They recommend that you upgrade your system to Linux-Mandrake 7.1, 7.2 or 8.0 (though obviously they would prefer 8.0).

Security Reports

Multiple security fixes in OpenSSL-0.9.6a. Jim Knoble dropped a note to BugTraq this week pointing out that OpenSSL-0.9.6a was announced this week and contains fixes for four security issues.

  • Security fix: change behavior of OpenSSL to avoid using environment variables when running as root.

  • Security fix: check the result of RSA-CRT to reduce the possibility of deducing the private key from an incorrectly calculated signature.

  • Security fix: prevent Bleichenbacher's DSA attack.

  • Security fix: Zero the premaster secret after deriving the master secret in DH ciphersuites.
The announcement closes with this message from the OpenSSL team: "We consider OpenSSL 0.9.6a to be the best version of OpenSSL available and we strongly recommend that users of older versions, especially of old SSLeay versions, upgrade as soon as possible".

Expect to see new packages from the distributors once they've had a chance to test the new release. Presumably new versions of OpenSSH, compiled against the new OpenSSL, will also be forthcoming.

KFM Insecure TMP File Creation Vulnerability. KFM is the KDE File Manager, provided in versions of KDE prior to KDE 2.X. KFM has been reported to create and use a directory in /tmp in an insecure manner. As a result, an attacker could use this vulnerability easily to overwrite or replace any file owned by the KFM user. We checked with Kurt Granroth at KDE and confirmed that no patch for this problem is currently available or planned. "We no longer support KDE1 in any way. The recommended 'patch' for this is to update to KDE2".

Unfortunately, the version of KDE currently installed on many (if not most) Linux systems is KDE 1 (witness the popularity of the Red Hat 6.2 implementation). Upgrading to KDE 2, while it can be done without upgrading the entire operating system, will likely be postponed until an operating system upgrade is performed, which leaves a lot of people with a security vulnerability and no quick fix. Fortunately, the severity of this particular vulnerability is somewhat limited, requiring local access and not providing root privileges (unless someone is unwise enough to be running kfm as root).

NEdit temporary file link vulnerability. NEdit, also known as the "Nirvana Editor", has been reported to contain a temporary file link vulnerability. Browsing through the NEdit.org website and mailing list, we did not see any official patches or updates for the program, so the patches provided by SuSE appear to be the first ones made available, to the best of our knowledge. BugTraq ID 2627.

SAFT/sendfile broken privileges. Sendfile is a Simple Asynchronous File Transfer (SAFT) implementation. SAFT is a relatively-new Internet protocol designed to allow people to asynchronously send files to someone without using mail attachments and MIME. This past week, Colin Phipps and Daniel Kobras discovered and fixed several serious bugs in the saft daemon `sendfiled' in which privileges were dropped incorrectly. These bugs could be exploited locally to gain root privileges. BugTraq ID 2631 and .

innfeed command-line buffer overflow. A buffer overflow in innfeed was reported this week. It is exploited via the "-c" command-line option, which can be run locally. Intel-based exploits have been published. Versions of INN prior to 2.3.0 include the vulnerable innfeed. An upgrade to INN 2.3.0 or later is recommended to resolve the problem.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • Lotus Domino R5 Server is reported to contain multiple HTTP-based denial-of-service vulnerabilities. An upgrade to Lotus Domino 5.0.7 should fix the problem. See also BugTraq ID 2565, 2571 and 2575.

  • Cisco Broadband Operating System (CBOS) on the Cisco 677 ADSL router contains a telnet vulnerability. Cisco has confirmed the problem and is working on a fix. They also indicate that they don't believe the vulnerability can be exploited to either grab the router's configuration or execute commands without authorization. Only the "sh nat" command is affected. BugTraq ID 2635.

  • Oracle 8 Server has been reported vulnerable to a denial-of-service attack. One unofficial report confirms the attack against a Linux system running 8.0.5.


Samba local disk corruption vulnerability. Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.8 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.8, of course). BugTraq ID 2617.

This week's updates:

Previous updates:

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19th LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found.

This week's updates:

  • Red Hat, custom configurations of Red Hat Linux 7.1 only

cfingerd format string vulnerability. Check the April 19th LWN Security Summary for the original report. This can be exploited remotely to gain root privileges and execute arbitrary code.

This week's updates:

Previous updates:

Hylafax format string vulnerability. Check the April 19th LWN Security Summary for the original report. Hylafax has released patches to fix the problem.

This week's updates:

Debian Security Advisory for exuberant-ctags. Check the April 19th LWN Security Summary for the initial report.

This week's updates:

  • Debian, original packages incorrectly compiled against unstable instead of stable.
Previous updates:

Netscape 4.76 GIF comment vulnerability. Check the April 12th LWN Security Summary for the original report. The vulnerability can be used to embed executable Javascript in GIF comments which are then executed by the viewer when loading the GIF file. This has been fixed in Netscape 4.77, which is available for download from ftp.netscape.com.

Note that the Immunix update for Netscape, listed below, is not StackGuarded. Apparently Netscape doesn't rebuild under StackGuard easily. The Immunix team did note that they have a version of Mozilla compiled with StackGuard which required "a few hacks". They are not directly supporting it, but would be happy to turn the patches over to a Mozilla developer, if there is anyone interested.

This week's updates:

Previous updates:

Multiple FTP daemon globbing vulnerabilities. Check the April 12th LWN Security Summary for the original report.

This week's updates:

Previous updates:

IP Filter fragment caching vulnerability. Check the April 12th LWN Security Summary for the initial report. IP Filter 3.4.17 has been released with a fix for the problem. BugTraq ID 2545.

This week's updates:

ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Exploits were released the week of March 29th for a ptrace/execve/procfs race condition in the Linux kernel 2.2.18. As a result, an upgrade to Linux 2.2.19 is recommended.

The Linux 2.2.19 release notes give the specifics on all the security-related fixes in 2.2.19 (all thirteen of them!) and give credit to the Openwall project and Chris Evans, for the majority of the third-party testing and auditing work that turned up these bugs. Fixes for the same bugs have also been ported forward into the 2.4.X kernel series.

This week's updates:

Previous updates:

licq URL checking problem. Check the March 22nd LWN Security Summary for the original report.

This week's updates:

Previous updates:

slrn buffer overflow. Check the March 15, 2001 LWN for the original report.

This week's updates:

Previous updates:

sudo buffer overflow. Check the March 1st LWN Security Summary for the original report.

This week's updates:

Previous updates:

mgetty tmp file race problem. mgetty was one of twelve packages reported in January to contain tmp file race problems. Check the January 11th LWN Security Summary for the initial report.

This week's updates:

Previous updates:


Know Your Enemy: Honeynets. LinuxSecurity.com features an article this month entitled "Know Your Enemy: Honeynets. Written by the Honeynet Project, this article describes what a Honeynet is and how to build one of your own. "A Honeynet is a tool for learning. It is a network of production systems designed to be compromised. Once compromised, this information is captured and analyzed to learn about the blackhat community. This idea is similar to honeypots, but there are several differences".

The paper is also available directly on the Honeynet Project site, along with the results from the April Scan of the Month.

Perhaps most interesting, though, are these comments from Lance Spitzner of the Honeynet Team. In them, he mentions a growing trend among script kiddies: don't bother to check whether or not a system is vulnerable first, just try the exploit and move on to the next system if it fails. "We have confirmed this brute force approach with the Honeynet Project. We have several different operating systems within our Honeynet, to include both Linux and Solaris. Often both systems are attacked with the same exploit, even though the attacks are architecture dependent (such as X86 or Sparc)".

What is the impact of this change in tactics? A lot more intrusion attempts and a lot more bandwidth usage, for a start.

Common threads (IBM developerWorks). For flexible (and fun) network security, this IBM developerWorks article shows how to create and use dynamic iptables firewalls.

MaraDNS 0.5.13 released. Another entrant into the field of alternate domain name servers, MaraDNS 0.5.13 is the latest version of this new Open Source name server. "Currently, MaraDNS is an authoritative-only nameserver. In other words, she has no support for caching or for "recursive name queries". I plan on having a stable release of MaraDNS with this ability released in early June".

MaraDNS is public domain code. While this is just about as free as it can get, the lack of legal protection will make it less desirable to many who prefer not to see their contributions potentially used in non-Open Source projects. Check the MaraDNS website for more information.

Netping. Lukasz Luzar has released a tool he calls netping. "I wrote a nice tool for scanning of networks to determine whether ICMP direct broadcast addressing is enabled (old, but still dangerous "smurf attack" issue)".


Upcoming Security Events.
Date Event Location
April 26, 2001Infosecurity Europe 2001London, Britain, UK.
April 26 - 27, 2001Information Security Asia 2001Singapore.
May 13 - 16, 20012001 IEEE Symposium on SecurityOakland, CA, USA.
May 13 - 16, 2001CHES 2001Paris, France.
May 29, 2001Security of Mobile Multiagent Systems(SEMAS-2001)Montreal, Canada.
May 31 - June 1, 2001The first European Electronic Signatures SummitLondon, England, UK.
June 1 - 3, 2001Summercon 2001Amsterdam, Netherlands.
June 4 - 8, 2001TISC 2001Los Angeles, CA, USA.
June 5 - 6, 20012nd Annual IEEE Systems, Man, and Cybernetics Information Assurance WorkshopUnited States Military Academy, Westpoint, New York, USA.
June 11 - 13, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.
June 17 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France.
June 19 - 20, 2001The Biometrics SymposiumChicago, Illinois, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

April 26, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.3. The 2.4.4 prepatch is up to 2.4.4pre7; it continues to accumulate bug fixes. There has been no word on when a real 2.4.4 release might happen. Alan Cox's patch, meanwhile, is up to 2.4.3ac14.

The security module project only recently got off the ground, but the people involved are not wasting any time in getting going. This project, remember, set out to define a generic security interface that could be used by any particular enhanced-security implementation to hook into the kernel without the need for further patching by the user. This interface would allow easy experimentation with several of the current offerings, and would make it (relatively) easy to switch between them. Linus has argued for this approach with the reasoning that, since there seems to be no agreement on what is the right approach to heightened security for Linux, there should be a simple way for all of them to work with stock kernels.

The interface that the group is settling on at this early stage is based on a structure called security_ops which, by way of a set of subsidiary structures, contains pointers to several dozen functions. The role of each function is to make a security decision in a particular situation, returning a value indicating whether or not a particular operation should be allowed. Thus, for example, before creating a symbolic link the kernel will make a call like:

    error = security_ops->inode_ops->symlink(dir, 
            dentry, oldname);
    if (error)
        goto nice_try_buddy;

The default implementations of these functions in the kernel simply allow anything at all. If a user wishes to impose a particular security policy, it is simply a matter of loading a module which replaces all of those functions with a new set that implements that policy.

This approach is conceptually simple, and has a very low overhead on systems where no added security policy is in use. It is relatively easy to implement; it's mostly a matter of deciding what operations need to be checked, and inserting a security_ops call for each one. A patch implementing this scheme already exists, thanks to the efforts of Greg Kroah-Hartman. It does not implement the full set of calls, of course, but it is a start which gives people something to play with.

There is one obvious limitation in this design: only one security policy can be in place at any given time. There is no way to "stack" multiple policies. That appears to be a deliberate design decision; as soon as you start playing with multiple policies you have the potential for no end of administrative problems and complicated interactions. Nonetheless, a stackable implementation would certainly allow for more flexibility in the creation and use of security policies.

There is also some discussion currently over whether one or more special system calls will be needed for the security module implementation.

This work is proceeding quickly; people who have an interest in how security modules hook into the system may want to make their views known before too long. There is now a web site available for the project, if you want further information.

Block driver API change. The 2.4.4 kernel will contain an incompatible API change that people working with block device drivers, at least, should know about.

The kernel maintains one or more "request queues" for each block driver in the system; it holds a structure for each I/O request which is waiting for attention from the device. In general, performance is improved if that queue is allowed to get reasonably long before being handed to the device itself. A long queue allows requests to be sorted to minimize disk head movement, as well as allowing the merging of contiguous requests.

The block I/O subsystem uses a technique called "plugging" to help with sorting and merging. When the request queue is emptied by the device, it will be plugged by the kernel, meaning that no more requests will be passed to the driver. The plug will be maintained for a short period of time while the queue fills, then the plug is pulled and the new set of requests will be processed.

For most devices, this mechanism works reasonably well. There are exceptions, however. RAM disk devices, for example, do not benefit from request sorting and merging; doing that work is simply a waste of CPU time. Compound devices, such as RAID arrays or disks managed by LVM, can not be sorted at that level; what looks like a pair of contiguous requests on a RAID volume will likely turn into operations on two or more separate devices later on. To accommodate these needs (and others), the block subsystem provides a function blk_queue_pluggable() which sets up a special "plug" function. Often all that function does is return, effectively disabling plugging.

At least, that's how it worked until recently. As of kernel 2.4.2, devices which simply disable plugging have not worked correctly, and, in 2.4.4, blk_queue_pluggable() is going away entirely. According to kernel hacker Jens Axboe, this change is being made because there are no longer any reasons for disabling plugging. A separate set of functions exists which allows control over sorting and merging of requests. But devices which truly do not benefit from sorting and merging probably should not be using a request queue at all. The 2.4 kernel allows drivers to provide a make_request() function which can be used to receive requests directly, before they go onto any queues.

The reasoning all makes sense, but changes of this nature make it clear that the 2.4 kernel has still not truly stabilized. When the core API is no longer changing, we can say that we have a stable kernel.

Non-GPL firmware in the kernel. Adam Richter posted a note on the Debian-legal list this week pointing out a bit of a licensing problem in the kernel source. Several of the header files in the drivers/usb/serial directory (such as keyspan_usa19_fw.h) contain the following text:

"The firmware contained herein as keyspan_usa19_fw.h is Copyright (C) 1999-2000 Keyspan, A division of InnoSys Incorporated ("Keyspan"), as an unpublished work. This notice does not imply unrestricted or public access to this firmware which is a trade secret of Keyspan, and which may not be reproduced, used, sold or transferred to any third party without Keyspan's prior written consent. All Rights Reserved.

This firmware may not be modified and may only be used with the Keyspan USA-19 Serial Adapter. Distribution and/or Modification of the keyspan.c driver which includes this firmware, in whole or in part, requires the inclusion of this statement."

Needless to say, this language is not exactly compatible with the GPL code that makes up the kernel.

The code in question is firmware for the Keyspan device; it is downloaded into the hardware when the driver initializes itself. In that sense, one can see it as not really being part of the kernel - it's part of the hardware. Certainly the kernel hackers have been willing to see it that way; the inclusion of this firmware is regarded as "mere aggregation," which is allowed by the GPL, even though the code is linked into the kernel image.

Not everybody agrees with that interpretation. But this issue came up on the Debian lists because Debian does not much care whether linking in restricted firmware in this manner is OK or not. Since the firmware is not free software, Debian does not wish to include it as part of its distribution. The Debian Project is highly inflexible in this regard, and most of its developers like it that way. While a conclusion had not been reached as this was being written, it seems likely that Debian will remove the Keyspan drivers from its kernels.

The longer-term solution has two different aspects:

  • Most modern hardware has code inside it, and that code is generally not free software. Even Debian happily runs on hardware that has restricted firmware in it. Adding the ability to update that firmware does not really change anything. Some tolerance of non-free firmware will likely be required in the future - though it is also important to make vendors aware of the need for better licensing.

  • In most cases, it is not really necessary to link the firmware into the kernel image itself. A solution for USB devices already exists where a user-space program downloads the firmware into the device via the hotplug mechanism. That removes this code (and its licensing issues) from the kernel, and also makes the kernel image smaller.
The user-mode solution will make a lot of things easier, but it is not likely to go into the mainline kernel until the 2.5 series starts.

Eric in KernelLand. Eric Raymond has had a busy week on the linux-kernel mailing list, and not all of it has been fun. As he seeks to expand his kernel contributions from CML2 into broader parts of how kernel development is done, he is running into resistance.

Relatively uncontroversial has been Eric's taking over responsibility for the Configure.help file. This file provides help text for (in an ideal world) every kernel configuration option. Maintaining this file along with the CML2 configuration system makes some sense, and nobody has complained, even though Eric has stated that he would maybe like to convert the file into an XML-based format.

Eric then released a tool called 'kxref', which attempts to find broken configuration symbols in the kernel source. These symbols can be typos, old configuration options that no longer exist, and other types of related cruft. This tool turned up 731 apparently broken symbols out of 2096 total - seemingly quite a few. Some of them were clearly bugs, but others, as it turns out, were not.

Eric started posting patches to eliminate the dead symbols, and that's where the trouble started. It seems that quite a few of the symbols aren't quite as dead as Eric thought. Or they have already been fixed in other places. Many of the problematic symbols, as it turns out, are in architecture-specific code, and the port maintainers started to get a little grumpy about Eric posting patches for "their" stuff.

The problem is this: the official Linus kernel is not the definitive tree for ports other than the x86, and perhaps the Alpha. Almost all of the other architectures have their own development trees elsewhere; they can be found on the main kernel.org page. Development on ports tends to happen independently of the Linus kernel for long periods of time, with merges happening when things appear to be reasonably stable.

For 2.4, things aren't that stable yet, and most of those merges have not yet happened. Thus, any changes to port-specific code as found in the Linus kernel will be difficult to apply to the real port-specific tree. Cross-port changes of the type being attempted by Eric are always going to present some logistical challenges, but now appears to be an especially poor time. Later in the stable series, when the port-specific trees are more in sync with Linus's kernel, should provide a better opportunity for this sort of cleanup.

Eric then went on to propose a new scheme for the MAINTAINERS file. This file lists, in theory, who is responsible for each part of the kernel source (curious people can look at the 2.4.3 version). Eric has concluded that this file "doesn't seem to be scaling well," mostly because he has had trouble finding maintainers for code he wants to change.

The new scheme would put a "map block" into most source files, listing who is responsible for it. New tools would then be created to merge these blocks into a coherent whole, and to make it easy, in theory, to find the maintainer for a specific module.

Response to this proposal has been almost uniformly negative. Not everybody agrees that the MAINTAINERS file is not scaling; Alan Cox, for example, says that updates are the real problem; people just don't bother to update the entries in the file. There appears to be some truth to that: is Remy Card really still maintaining the ext2 filesystem? Eric's plan might help somewhat by putting the maintainer entries with the code itself, but he also has a wider goal:

However, if you think about it, you'll notice there's a common thread in all the proposals I've been making. If you still have trouble seeing it, remember that I hack social systems as much as I hack code. And consider lkml as a social machine. And consider -- carefully -- the things it is demonstrably poor at.

This kind of language tends to turn off kernel hackers, who, in general, probably feel little need to have their social system hacked. At least, not in such an overt way. Eric may yet achieve many of his goals, but a bit of a lighter touch might help.

Other patches and updates released this week include:

  • Daniel Phillips posted a look at file deletion performance, as a way of figuring out why it takes so long to delete a large directory full of files.

  • Jes Sorensen announced the creation of a new Logical Volume Manager (LVM) mailing list. Evidently the closed and excessively moderated nature of the old list aggravated a lot of developers; there is also some disgruntlement over coding practices and unfixed bugs in the LVM code. In response, the LVM list has been opened up, but it may have happened too late.

  • Ingo Molnar tracked down a swapping performance problem and produced a patch to fix it. (There has since been an updated patch, but the original posting explains the nature of the problem).

  • Herbert Valerio Riedel released a version of the international kernel patch (which provides cryptographic capabilities) in a pure-module form.

  • A patch to make NFS work with ReiserFS was posted by Chris Mason. It's not presented as an optimal solution; instead, it's an attempt to produce a minimal patch that can get into the 2.4 kernel.

  • Alexander Viro has released a new version of his namespaces patch.

  • Tim Jansen posted version 0.2.0 of his device registry patch.

  • Ulrich Windl has posted an extension to adjtime() which fixes some limitations in that system call.

  • The 2001-04-24 release of the hotplug scripts was announced by Greg Kroah-Hartman.

  • Jeff Garzik has announced a web page for people dealing with ECN problems (see the September, 2000 kernel page).

  • D.W.Howells has released the fourth version of his R/W semaphore patch.

  • Bulent Abali announced a patch for "Memory Expansion Technology" (MXT) support. MXT uses hardware support to compress data stored in main memory, thus doubling its capacity. (See also this description of the design of the Linux MXT implementation).

  • Rusty Russell posted a lengthy netfilter patch intended for the 2.4.4 kernel.

  • Eric Raymond's latest CML2 patch is cml2-1.2.5.

  • Rejected patch of the week: somebody named Imel reached an interesting conclusion: "i found out that one of the big problem with linux and most other operating system is the multi-user thing." So he posted a patch which removes all permissions and privilege checking as a step toward the creation of a single-user kernel. Needless to say, the kernel hackers were not impressed...

Section Editor: Jonathan Corbet

April 26, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Linux-Mandrake 8.0. MandrakeSoft has released the latest version of their Linux distribution - Linux-Mandrake 8.0. This distribution uses the Linux 2.4.3 by default and includes XFree86 4.0.3, KDE 2.1.1 (with Konqueror), Gnome 1.4, Nautilus 1.0 and more. Under KDE, similar to SuSE 7.1, anti-aliased fonts become available as well.

Linux-Mandrake 8.0 is provided in three editions, Standard (desktop), PowerPack (desktop or server) and ProSuite (small to medium-size businesses). It also comes with their new on-line technical support platform, MandrakeExpert. Check their official press release for more details.

With this release, MandrakeSoft was also pleased to make available, for the first time, download locations in over 20 different countries.

An overview of Linux-Mandrake 8.0 is also available. It includes a graphical tour of their new Linux-Mandrake Control Center and a sampling of screenshots.

Congrats, guys; it is clear that a lot of thought and work has gone into this release.

CheckInstall. LinuxPlanet has put up an article about CheckInstall, an entrant into the field of potential solutions to the multiple package manager problem. "It is the coolest utility I've ever seen. If you run Slackware or any RPM-based distribution and if you ever compile your own applications, libraries, anything, it is a must-have, a really essential application".

Distribution News

Linux-Mandrake News. Bill Henning has put up an article covering "Running Apache / SSL / PHP / PostgreSQL" on the new Linux-Mandrake 8.0. "Mandrake 8 looks good so far (more in my upcoming review); it looks like it will make a great Apache/PHP/PostgreSQL development/deployment platform - and having the server prebuilt with https support is *much* appreciated. There are still some rough edges (as shown above) but I've yet to run into any show-stoppers".

Also for new Linux-Mandrake users, troels.rsync is a tool offered to help speed up download of the distribution. Check MandrakeForum for additional Linux-Mandrake 8.0 gotchas, tips, etc.

Debian News. Time to bash more bugs. The number of release-critical bugs listed on April 20th was 329. Focusing specifically on release-critical bugs, the famous Debian Bug-Squashing Parties have been making progress. The third party was held the weekend of April 13th through the 15th and over 190 bugs were squashed. The fourth Debian Bug-Squashing Party has been scheduled for the first weekend in May.

As part of an effort to decrease the total number of bugs in Debian, particularly in the base system, all of next week (April 30th - May 6th) has been designated Base Bug Week. During the week, the focus moves from just release-critical bugs to all bugs in the base Debian system. That includes writing patches for problems and writing or fixing documentation, something that allows more than just the developers to participate. A summary of the bugs in the base system is also available.

Too many kernel packages? One heated discussion from debian-devel this past week focused again on a split in philosophy between many developers. Is Debian just for those who want to learn all about the system? Or is it for everyone? In this particular case, the focus of the discussion was the number of kernel packages included with each kernel -- a total of 25 packages and over 110MB of space per kernel. The reason for the large number of packages was primarily the number of pre-built kernels optimized for various hardware platforms.

The advantage of the pre-built kernels is the goal of providing improved performance to the end-user without requiring that they learn how to build their own custom kernel.

The disadvantage is the size of the combined kernel packages, particularly given the load they place on debian mirrors around the world (many of which are highly constrained as far as bandwidth, speed, etc.)

Those that believe that every person that uses Linux should learn to build their own kernel were more likely to be concerned about the impact on the debian-mirrors. Others with a stronger priority on making Debian more accessible to a wide variety of people were more likely to consider the custom-built kernels essential. This underlying cultural rift was amusingly described by Vince Mulhollon.

The basic philosophical disagreement won't ever go away, but in the meantime, the number of custom kernels provided is being pared down to reduce the required disk space. Some suggestions have also been made about how to make creating custom kernels simpler and easier.

Meanwhile, on the HURD front, we were pleased to see a new Kernel Cousin Debian Hurd this week, after a three-week hiatus. Progress from the Turtle Autobuilder was reported and a new Most Wanted page has been created, to track tasks that people would like to see get done.

In other good news, Jeff Bailey has provided a patch to get Python to compile on the HURD and Douglas Hilton has had success using the Hurd on his dual-CPU system using the oskit SMP sample kernel.

SuSE News. SuSE Linux announced that the SuSE Linux 7.1 package is now available as a free download with full support in Japanese.

Slackware News. Presumably as a result of Wind River's purchase of BSDi and corresponding decision not to continue to support Slackware, ftp.slackware.com has moved and is now hosted at Sourceforge. Better access times, availability and rsync access are promised as a result. It appears to be popular; it took a few tries to get into the download area. (Thanks to David Killick).

The Slackware site also contained a rare summary of recent changes, so we'll take the opportunity to pass it on to you verbatim: "There is also another batch of updates to slackware-current, the ongoing development branch. The changes are mostly rearrangements of existing packages, but there's also a major Samba update. We're getting closer to a beta freeze...". Check the changelog for more details.

Yellow Dog News. Yellow Dog Linux 2.0 is still on the way "soon". Meanwhile, Terra Soft has announced that they will be bundling the LXP Applications server with the new distribution. The LXP Applications server was created by CommandPrompt.com and is distributed under the QT Public License (QPL). It is an Apache module "designed to broker and parse content through intelligent server-side inclusion".

Although LXP is Open Source, we did not find a current download site from which the source code could be accessed.

Think Blue News. Millenux, the distributors of Think Blue Linux for the IBM S/390, now have support for the 64-bit IBM zSeries as well. The work was done in cooperation with IBM. Note that the announcement is in German. The new version of Think Blue is based on Red Hat 7, with the Linux 2.4 kernel and is "mostly" compatible with the version of Think Blue for the S/390. (Thanks to Fred Mobach).

RTLinux News. The folks at FSMLabs, makers of RTLinux, have gotten into the BSD business as well, with the announcement of RTL/BSD, a version of RTLinux that uses NetBSD instead of Linux for its non-real-time component. "While standard RTLinux uses Linux as its general purpose OS, RTL/BSD uses NetBSD, providing the identical POSIX threads API and many of the same development tools. FSMLabs customers in instrumentation, communications, factory automation and other areas now have the option of working with the BSD OS".

ASPLinux News. ASPLinux 7.1 was announced last week, literally on the same day as the release of Red Hat Linux 7.1. ASPLinux strives to provide 100% compatibility with Red Hat, so their choice in releasing ASPLinux 7.1 at the same time as the Red Hat Linux 7.1 release underscores this commitment. It is currently available for download, but it will be a while before box sets of the new distribution are made available.

ASPLinux is based in Singapore and provides support, development and consulting services for Linux in Russia, the Ukraine and the Asia/Pacific region. For those of you who remember the Black Cat Linux distribution, that company merged with ASPLinux fairly recently. Check our ASPLinux coverage from the Singapore Linux Conference/LinuxWorld Singapore in March for more information on the ASPLinux distribution.

FreeBSD News. FreeBSD 4.3 was announced on Friday, April 20th. The new release includes bug fixes, security updates and many new features. Check the release notes for all the details. (Thanks to David Magda).

Distribution Reviews

Libranet Linux 1.90 (Duke of URL). Libranet Linux is a Debian GNU/Linux-based distribution from Canada. The Duke of URL has done a fairly thorough review of the installation and package set of this distribution, including plenty of screenshots. "This is a release that is worth trying and perhaps keeping. If you have ever wanted the stability of Debian and the newest major software packages then this is it. The trick is to survive the install".

SuSE 7.1 Professional: An Embarrassment of Riches (LinuxNovice.org). LinuxNovice.org has put out a review of SuSE 7.1 Professional. As usual, the report on SuSE's included documentation is glowing. He reports modifications to SuSE in order to adhere to the Linux Standards Base (covered in the file /sbin/init.d.README, explaining the new initialization system). The review also explores the menu system and the available applications a bit more than the average review, which produces some useful comments (and criticisms).

Section Editor: Liz Coolbaugh

April 26, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

I managed to put together a small test machine this week in order to begin real world testing of both GNOME and KDE. The motherboard is old - it doesn't even recognize modern DIMM memory - but the graphics card, disks and everything else is up to date. At least now I can begin to examine these two desktop environments more fully without forcing myself to switch from the warm, comfy and ancient confines of FVWM2 and friends.

After installing the latest version of KRUD, a Red Hat Linux 7.0 variation with added security, and configuring the box to run through my home network, I grabbed the latest version of Ximian's GNOME 1.4 distribution. This is my first serious look at this environment even though I've grown up with GTK+ (I was around when GIMP was a Motif application).

I started by going to the Ximian web site and following the instructions listed there. Installation gets started through the Lynx browser; you are told to run the following as root:

	lynx -source http://go-gnome.com/ | sh
This, of course, should make even the least security-conscious administrator nervous; Ximian is asking for a great deal of trust from its users.

Once you make that leap of faith, this operation eventually opens a graphical interface to query you about what to install and to show progress of the installation. Since I already had GNOME installed from the KRUD installation I wasn't sure if the update would work properly. It did. At one point installation of Ximian's GNOME stopped due to a lost network connection, but I didn't have to leave the installation program to restart it. I just went back (using the Back button in the graphical interface) and restarted it. This took a couple of attempts before it continued, but eventually the network problem cleared and installation proceeded just fine.

Installation requires root access so I was logged into GNOME as the root user initially, but after installing I logged back in as a normal user. The login screen provided the first time you log in with Ximian's GNOME 1.4 is very professional (and cute with the little monkey splash screen) and allows you to interactively configure your desktop for the new GNOME environment. This is a new feature for GNOME which Ximian calls Doorman.

The default GNOME environment I used with KRUD (Red Hat 7.0) had a different appearance than the Ximian desktop. First, the default GNOME setup with my KRUD/Red Hat Linux 7 installation provided a panel (a status bar with extra menus) that ran only across the bottom of the screen. With Ximian, the appearance is more Apple-ish, with a menu panel across the top and the status panel across the bottom. The pager stays on the bottom right. This setup is much more usable, in my opinion, because it separates out status from menus. The old way was a bit too crowded, even on relatively large displays.

With 64MB of memory the GNOME Control Center was a bit sluggish. Switching between configurable options (background, screensaver, and so forth) caused noticeable delays. While the question might be "why were you only running with 64MB?" the response would have to be "What happened to Linux running on older, cheaper hardware?" Well, the truth is Linux still runs just fine on such hardware, but the desktop portion of Linux may not. That said, the rest of GNOME seemed to function fine on slightly limited hardware. So the sluggishness may be isolated to the Control Panel itself.

There were few problems with my initial encounter with this new environment. According to the GNOME Hints window, the Global menu should be displayed with an Alt-F1 keystroke, but that didn't work with my keyboard. There are a whole host of terms here that need investigation. I suspect KDE will be the same way. Since I grew up with minimalist Unix environments, where my biggest concern was making sure ksh was available on Solaris, this will be a bit of a new experience. But my first impression says that with GNOME it will be a comfortable one.

This wasn't meant as a review of Ximian's GNOME 1.4 release by any means, just an introduction, a way of saying I'm now prepared (well, after my honeymoon next week, that is) to do some real probing of GNOME - and KDE as well. Expect better coverage as the year progresses.

Desktop Environments

Ximian releases Red Carpet, GNOME 1.4. The official press releases for Red Carpet and GNOME from Ximian hit the ether this week.

Ximian GNOME 1.4 heads out the door (ZDNet). Prior to the official releases on Tuesday, ZDnet examined Ximian's newest version of GNOME. "Nat Friedman, Ximian's president and co-founder, said his firm has been working around the clock since the GNOME (GNU Network Object Model Environment) 1.4 release to ensure that its offering would be easy to install and provide users with a robust desktop environment."

KDE Project Releases KDE 2.2alpha1. The KDE project also had a release this past week, KDE 2.2 Alpha 1 for bleeding edge users who aren't quite ready to compile from CVS.

Kernel Cousin KDE #6. Also released this week was the latest issue of the KDE Kernel Cousin. This week's developer discussions included a lengthy thread on KOffice, KDE 2.1 and duplicated code.

Office Applications

KOffice 1.1beta1 Released. The KDE Project announced that KOffice 1.1beta1 was available for testing. KOffice is an integrated office suite for KDE. The official release of KOffice 1.1 is scheduled for later this summer.

AbiWord 0.7.14. The AbiWord team released a new version of the AbiWord word processor. It's not a 1.0-release but it's getting pretty solid.

Desktop Applications

Websphere Homepage Builder for Linux (LinuxLookup). LinuxLookup briefly reviewed Websphere Homepage Builder 4.0 for Linux. "As I suspected it took awhile to load, due to the Wine interface and I really don't have a slow system. Other than the slow loading everything ran smoothly. I fiddled around with some of the wizards and found them relatively easy to use. I was able to create a basic site and publish it to my test Apache Web server in 20 minutes. It didn't look half bad for a test site." Note that this is the product for personal use, not the Java-based applications server known as Websphere 4.0.

GNOME applications for kids. Dov Grobgeld posted a link to some software he's written for his kids that makes use of the GNOME Canvas widget. While not quite production quality, these games do show some of the quality you can achieve with this widget.


GNOME Summary April 15 - April 21, 2001. Absent for a time, the GNOME Summary returned to publication this week. This week's summary includes news of Ximian's new CEO, news of the GNOME and KDE camps approaching a truce, and the release of GTK+-1.3.4.

Loki: 'I'm not dead yet' (ITWorld). LWN.net interviewed Scott Draeker last past week about Loki's rumored troubles. This week ITWorld interviewed Draeker about cutbacks and the future of Loki. "Not that Loki wouldn't benefit from a sudden surge in users of the Linux desktop, you understand. But certain things are needed before that can happen, Draeker believes, and not only are they not present today, he doesn't see them appearing anytime in the near future. What are those things? According to Draeker, before Linux can become mainstream, it must have a basic suite of applications and interoperability among them."

Advanced Theming Tutorial: Programming in *Style. This developer-oriented discussion explains how to program Qt widget styles, something akin to user themes but which requires actual programming to achieve.

Telsa Gwynne, the Bug Mistress, talks to Linux.com. Linux.com interviewed GNOME bug mistress Telsa Gwynne during GUADEC2. "Telsa Gwynne: I never tried KDE. When the KDE project started, I wasn't using X, and I was introduced to GNOME very soon after I got a machine that would run X. And I'm too busy trying to break GNOME to try KDE. (laughs)"

GNOME, KDE put Linux on the desktop--almost (ZDNet). ZDNet reviewed both GNOME and KDE, stating that KDE "comes much closer to delivering the sort of smooth interface that users have come to expect from the Macintosh and Windows operating systems." But both environments still need polishing. "In a few weeks, Ximian Inc. is expected to come out with its own distribution of GNOME 1.4, along with an easy installer program. We recommend that most sites interested in installing GNOME wait for the Ximian release to do so."

Section Editor: Michael J. Hammel

April 26, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

DirectFB.  Sven Neumann, one of the many wonderful GIMP developers I've met over the years, wrote recently to let me know that his company, convergence integrated media had released a bit of code as open source. DirectFB is a hardware abstraction layer for embedded systems that makes use of the Linux framebuffer to provide hardware graphics acceleration, support for various input devices and an integrated windowing environment with support for translucent windows.

The need for such hardware abstraction may not be obvious - after all, what is the framebuffer but an abstraction for the graphics hardware (according to the Framebuffer HOWTO). Both provide hardware independence (required by platforms like PowerPC and Sparc which gave rise to the original Linux framebuffer work). The real difference between the generic Linux framebuffer and DirectFB is that the latter provides graphics primitives not currently available to the former, not the least of which is alpha blending, otherwise known as transparent windows.

DirectFB provides access to various media formats using external modules to allow applications to load images, video and fonts. At the moment, PNG, JPEG and GIF images are directly supported. AVI movies can be read using the avifile module and other video devices are supported using the Video4Linux (V4l) interface. FreeType2 is used to render all fonts and provides antialiased font rendering to DirectFB.

While DirectFB provides its own window layering functions, it also has a backend version of GDK, the platform specific layer of the GTK+ library stack. That means that GTK+ programs can run on DirectFB (screenshot), and thus embedded devices, without the overhead of X. At the moment, however, only one application can access the framebuffer at a time.

Just recently the open-sourced version of DirectFB was added to the Debian unstable branch, meaning that it has found at least a potential home in the open source Linux distribution world. Whether or not this means DirectFB will find wide spread acceptance has yet to be seen. In the meantime, Sven and friends will continue their work, hoping for an embedded solution for graphics tools.

Noted in passing.  The KDE team is planning on releasing kdelibs-2.1.2 early next week after discovering that the just-released KOffice 1.1beta1 was having problems with the current libraries.


LDP Weekly News for 2001-04-24. This week's Linux Documentation Project Weekly News includes two new documents: the MP3 Player Box HOWTO and the Connecting to MS SQL 6.x+ via Openlink/PHP/ODBC mini-HOWTO


Simputer team interview (O.C. News). The Simputer team, designers of a GPL hardware platform, took some time this week for an interview by Open Collector News. "Our design is very different to the Intel reference design. Where the two designs might look alike, as in how the Flash is connected to the SA1110 for example, there is only one way to do it and this is clearly indicated in the data sheets, apart from the reference design."

Embedded Systems

Embedded Linux Newsletter for Apr. 26, 2001 (LinuxDevices). The weekly summary of the Embedded Linux world came this week by way of LinuxDevices.com. Features included a developers view of the new Agenda V3 Linux-based handheld system and an open camera server project.

Embedded Linux Newsletter (LinuxDevices). Too late for last week's Weekly Edition of LWN.net, the previous week's summary of the Embedded Linux marketplace was also posted at LinuxDevices.com. Topics that week included Inder Singh's view of the ELC Platform Specification and a sneak peek at Linux based cellphone/PDAs.


WINE Kernel Cousin returns. Brian Vincent wrote with news that he has taken over the WINE Kernel Cousin production, with his first issue already out and another due soon.

New Samba improves Windows mimicry (News.com). C|Net reports on the latest release from the Samba team. "The software offers cost savings not only because customers don't have to pay for the server operating system, but also because they don't have to pay "client" license fees for all the computers that use the server." (Thanks to Cesar A. K. Grossmann)

Samba 2.2: your way to Windows file/print services (ZDNet). Excited by the better integration with Windows, ZDNet reviewed the latest release from the Samba team. "Samba has always done exceptionally well at enabling MS-DOS and Windows systems to use Unix file/print servers exactly as if they were NT servers. This new version enhances its basic abilities by enabling a Samba server to act as an authentication source for both W2K and NT clients."

Network Management

OpenNMS Update, Vol 2., Issue 17. The OpenNMS Update for the week of April 24, 2001 includes a quick tip on process dependencies and SNMP threshold configuration.

New EVMS released. The Enterprise Volume Management System Project released a new snapshot of their project this past week.


Biology Yearns to Be Free (Wired). Wired News compared closed source and open source models in the world of molecular biology. "Applications in biology -- which include technologies from operating systems to gene databases -- in an open-source environment would give the best minds access to the information they need to invent new technologies and improve those that exist."

Software Development

Guikachu, resource editor for PalmOS files. A new release of Guikachu, a GNOME application for graphical editing of resource files for PalmOS-based pocket computers, has been made available from the project web site.


Khronos Group Completes OpenML 1.0 Specification. The Khronos Group, a consortium of digital media and graphics companies consisting of 3Dlabs, ATI, Discreet, Evans & Sutherland, Intel, NVIDIA, SGI and Sun Microsystems Inc., announced the delivery of the OpenML 1.0 specification. OpenML is a software environment that is complementary to the peer OpenGL API designed for digital content authoring across multiple operating systems and hardware platforms.

Commercial implementations of OpenML 1.0 are expected on Linux and other OS environments with shipments starting later this year.

System Administration

Omni 0.1. Following in line with the past two weeks, a new release of the Omni package was made available by the Omni Project this week. Omni is the package of printer drivers designed to work within the Ghostscript framework.

Web-site Development

Zope 2.3.2 beta 2 released. Zope.org released the second beta version of the 2.3.2 release this past week. Changes for this release have also been posted. If no other serious problems are found they expect to make the final release on Friday, April 27th.

A new dictionary interface, ZDictionary, has also been released. A sample implementation has been placed online.

Zope Newbies for Aprl 25th. A new issue of Zope Newbies has been published at the Zope Newbies website. News of note includes a fix for using Konqueror with Zope, a link to a Zope Talk of particularly good quality, and news on using Zope on OpenBSD.

Zope and MySQL e-book. Beehive has announced the release of an English language version of its e-book titled Zope and MySQL.

Generic Sort External Method for Zope. Oleg Broytmann has written a generic sort external method for Zope, as posted to their discussion site.

Window Systems

The Linux GFX project. A group of developers has decided that XFree86 is never going to produce the graphics environment they want, so they have gone off and announced the Linux GFX project. Its plan is to develop a new X server from scratch which is oriented around performance and have "a faster development cycle." People are already questioning whether it makes sense to start a new, competing project of this magnitude, but the Linux GFX folks seem to be determined. See the announcement if you would like to join their mailing list.

Section Editor: Michael J. Hammel

April 26, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Caml Weekly News. The latest release of the Caml Weekly News has been published.


If You Don't Know Perl, You Don't Know Dick (Linux.com). Linux.com talks with Dick Hardt, founder and CEO of ActiveState. "A great deal of our revenue so far has been around the 'bottled-water' business model, where we provide quality-assured versions of Perl for vendors that want us to have Perl work well or better with a particular technology of theirs. In this case we almost always invariably roll that out as open-source technology."

Quick Start Guide With SOAP and SOAP::Lite Part Two (Perl.com). Paul Kulchenko takes a deeper look at SOAP clients and servers in part 2 of this article on perl.com. "Another lightweight solution might be to implement the SOAP service as an HTTP daemon; in that case, you don't need to use a separate Web server. This might be useful in a situation where a client application accepts SOAP calls, or for internal usage."

This week on perl5-porters(Perl.com). This week's Perl5 Porters summary includes notes on quality control, placing modules in the core, regex debugger and ithreads.

This week on perl6-porters(Perl.com). This week's Perl6 Porters summary includes notes on internal data types, API conventions, and garbage collection.


PHP Weekly Summary. This week's summary of the PHP world includes a large amount of discussion on the developers' list focused on the idea of a PHP 4.1 release


Dr. Dobb's weekly "Python-URL!". The latest summary of the Python development world has been posted in Dr. Dobb's Python-URL!.

PyQt v2.4. The latest release of the Python bindings for the Qt toolkit have been posted to projects web site.


Dr. Dobb's weekly "Tcl-URL!" Summary. The latest summary of the Tcl development world has been posted in Dr. Dobb's Tcl-URL!.

Section Editor: Michael J. Hammel

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

IBM: New AIX and Informix acquisition. IBM was in the spotlight again this week. The release of AIX 5L has created a buzz. AIX 5L is IBM's next-generation version of its proprietary Unix variant. The 5L version is specifically tuned for Linux applications so it can manage both UNIX and Linux applications, as well as both 32- and 64-bit applications. While AIX remains a proprietary OS, it does come with the GNU and Open Source AIX Toolbox for Linux Applications so you can set up your favorite GNOME or KDE desktop and run all your favorite GNU applications and development tools.

This announcement has come with its fair share of satellite announcements. For example, SCO and Caldera announced a technology preview release of AIX 5L version 5.1 for Intel(R) Itanium(TM) processors. And you'll need some new hardware to go with that new OS, so IBM also announced the new midrange IBM eServer systems, the p620 and p660 which are powered by IBM's Silicon-on-Insulator (SOI) microprocessor technology. Also, it should not surprise anyone that the p660 and p620 eServers are available with Sendmail, Inc.'s Internet messaging solutions. Lawson Software, a provider of e-business solutions, has also announced support for AIX 5L.

Amidst all the hoopla over AIX 5L, the acquisition of Informix by IBM went relatively unnoticed. IBM and Informix Corporation have entered into a definitive agreement for IBM to acquire the assets of Informix Software -- Informix's database business -- in a cash transaction valued at $1 billion. More details are available in this press release from Informix, which also contains the company's first quarter results.

Layoffs at Caldera. Caldera Systems has filed a form 8-K with the SEC. It contains the following: "In anticipation of the closing of the acquisition of SCO's Server Software and Professional Services Groups (which is subject to shareholder approvals) and in an effort to reduce operating costs, Caldera Systems, Inc. announced today that it will reduce its workforce approximately 17% by eliminating 32 of its 188 positions. The reductions will target all functional areas of Caldera." There's no real information beyond that, but at the last Fall Comdex, Caldera CEO Ransom Love told LWN reporters that a layoff would be a likely result of the SCO merger, as the merger would create a number of redundant positions.

Compaq to Offer Linux Advanced Developer's Kit for AlphaServer. Compaq Computer Corporation has announced that it is offering Linux developers an Advanced Developer's Kit (ADK) for use with its AlphaServer GS Series systems. The developer's kit provides documentation and software, including the recommended tools and patches required for running the Linux 2.4 kernel with either SuSE 7.0 or Red Hat Linux 7.0 on AlphaServer GS Systems.

Jabber Foundation to promote IM standard. Jabber.com, Inc., along with leaders of the Jabber.org open source project, announced the formation of the Jabber Foundation to promote an Open Source Instant Messaging and Presence standard.

Red Hat Expands RHCE Program. Red Hat announced that RHCE training and exams will begin in May in five new U.S. cities: Dallas, TX, Denver, CO, Houston, TX, Los Angeles, CA and Seattle, WA.

Transmeta Announces 50% Increase In Revenues. Transmeta revenues jumped 50% to $18.6 million for the first quarter of 2001 from $12.4 million in the fourth quarter 2000. Net losses increased to $22.7 million, however.

OnLinePhotoLab.com closes. The start up company formed with Spencer Kimball, one of the original authors of the GIMP, has apparently folded. Word from a user of the site is that there is an email address to contact to get your pictures back, though the Web site no longer appears to work so it's not clear what that address might be.

April 2001 Netcraft Web Server Survey. Little change on the Web server front in the April 2001 Netcraft survey, but it's interesting to note in this survey that AltaVista, following Amazon's similar move last September, has dropped Compaq Tru64 (aka Digital Unix) in favor of Linux. But the report ends on a downside for Unix: "The life-signs of the proprietary Unix brands, other than Solaris, are not good in our Web Server Survey. Is the end of most proprietary Unix flavours nigh?"

Linux Stock Index for April 19 to April 25, 2001.

LSI at closing on April 19, 2001 ... 33.77
LSI at closing on April 25, 2001 ... 31.07

The high for the week was 33.77
The low for the week was 31.07

Press Releases:

Open source products

Proprietary Products for Linux

Servers and Software

Products and Services Using Linux

Products With Linux Versions

Java Products

Books & Training


Investments and Acquisitions

Financial Results

Linux At Work


Section Editor: Rebecca Sobol.

April 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Engelbart to Help Prodigy Fight BT Lawsuit (Linux Journal). Software patents are the focus of this Linux Journal article. British Telecom (BT) is suing the ISP Prodigy for patent infringement. BT claims to have a patent on hyperlinks. "'I can't imagine it. We were using hyperlinks way back', [user interface pioneer Douglas] Engelbart said. He said that he and his colleagues had hyperlinks working in 1965 or 1966. He added that he would prefer not to testify in the case, and would rather help Prodigy's lawyers behind the scenes. Last year, slashdot.org suggested videos of Engelbart's 1968 hypertext demo 'knock BT's patent for hyperlinking out of the water'."


IBM's graffiti ads runs afoul of city officials (CNN). Here's the fun news for the day, from CNN. It seems that IBM has gotten in trouble in San Francisco for spray-painting penguins on the sidewalk. "The signs are made from biodegradable chalk, [an IBM spokesperson] added, and can be removed easily. 'It washes right off, so it will be removed the next time it rains.' It rained in San Francisco Wednesday evening, but the penguins were still there Thursday morning, smiling broadly."

Peace, love and...Linux? (ZDNet). ZDNet covers IBM's Peace, Love and Linux sidewalk campaign. "According to Christine Falvey of the San Francisco Department of Public Works, IBM's timing was bad considering the recent Clean City Summit and a general push to keep San Francisco city streets clean."

TuxBox: Rising from Indrema's ashes (NewsForge). NewsForge has a story about the TuxBox project, which wants to pick up Indrema's work and produce a Linux-based gaming console. "The plan is to have 20 to 30 games, a combination of freeware and commercial titles, ready for the TuxBox when it's available to buy, and the TuxBox team hopes to offer at least one commercial game with the console."


Developer sites expanding (ZDNet). ActiveState's online resources are examined in this ZDNet article. "Although ActiveState did not have specific figures, [company founder and CEO Dick] Hardt said that in the few days since the launch of the online network, traffic to the company's Web site has been heavier. ActiveState normally gets more than a million visitors a month, he said."

Thieves R Us (Law.com). Mike Godwin writes about hardware that assumes everybody is a copyright outlaw in this Law.com article. "Put more broadly: Technologies that empower people don't discriminate between good uses and bad. So if we build constraints into our computer systems that prevent infringement, we're also making it impossible for users to engage in all sorts of lawful copying."

Embedded Linux flexes its muscles at ESC 2001 (LinuxDevices). Here's the traditional report on all things Linux from LinuxDevices.com, at the recent Embedded Systems Conference (ESC) 2001. "Just to be absolutely clear about what I'm saying, in my opinion the "big three" embedded OSes are, at the moment: (1) VxWorks, (2) Embedded Linux, (3) Embedded Windows -- or (1) VxWorks, (2) Embedded Windows, (3) Embedded Linux -- depending on how you count. These days, I doubt if you can find an embedded software or hardware vendor that doesn't attribute "must-support" status to Linux, or a developer who doesn't feel compelled to investigate Linux as an embedded OS option in the course of a new product development cycle."

Commentary: Apple increases its OS X options (ZDNet). Despite Michael Dell's views, Apple won't go the way of SGI according to this ZDNet commentary. And the reason is open source. "The real future of Mac OS X, however, lies in the development of Darwin, the open-source Unix foundation of Mac OS X, and in its eventual migration to the PC platform."

New Products

IBM targets Linux interoperability with AIX 5.1 (ZDNet). More on the release of IBM's latest version of AIX, targeted at Linux compatibility (through recompiles), comes in this article from ZDNet. "Among the other significant features of 5.1 are increased scalability, with the JFS2 file system enabling storage of large files of up to 4 Petabytes. The Java 2 Technology edition provides a cooperative interface between AIX and Java for increased application scalability."

IBM confronts Sun in Unix face-off (News.com). IBM is set to roll out a set of Unix servers in its battle with Sun, according to this C|Net News.com story. "The "Linux affinity" feature of AIX 5L means that Linux software can be more easily brought to IBM systems by software companies or customers who have access to the "source code" underlying the software. The feature allows Linux programs to take advantage of AIX features such as higher performance and control over how many computing resources different programs get, Kerr said."

Sun to open 'expanded Web' with Jxta (News.com). Part of the launch of Sun's new Jxta environment, Collab.net is set to announce an open-source programming community for the software according to this report from News.com. "Sun will release the software Wednesday under a license similar to that which governs the open-source Apache Web-server software--after Linux probably the most famous open-source effort--Sun said."

Hitachi unveils Crusoe/Linux tablet Net appliance (CNN). Hitachi placed its newest table on sale in Japan, complete with Crusoe processor and Midori Linux. "The built-in modem supports the IEEE 802.11b wireless networking standard and speeds of up to 11M bps (bits per second), although no base station is provided. Users will have to also buy a 802.11b-based home networking system or modem adapter with wireless support to connect to the Internet."

An Upgradable Appliance (ZDNet). ZDNet reviews the New Internet Computer (NIC), an inexpensive computing device that runs the Linux OS and Netscape browser from a CD.

The PictureBook, a.k.a Sony VAIO PCG-C1VN (Linux Journal). Linux Journal examines the Sony VAIO PictureBook (that's V-A-I-O, despite the article title) as a Linux system. "If these features aren't enough, toss in a built-in camera that, under Linux, can capture JPGs or write an AVI file. The mouse is one of those little pencil eraser-like gizmos but, on the plus side, it has three buttons rather than the more standard and expected two."


Linux takes another step forward (ZDNet). ZDNet examines Red Hat Linux 7.1 and its inclusion of the 2.4 kernel. "Red Hat 7.1 installs more securely out of the box than Version 7.0 did. By default, it installs firewall settings that block incoming IP traffic on ports below 1024 (with the exception of ports used for automatic IP address assignment) plus higher-numbered ports used by Network File System and X Window."

Alternative OS: Red Hat Linux with Nautilus (ZDNet). PC Magazine looks at running Red Hat Linux with Eazel's Nautilus. "Users can install Nautilus via the Web to machines running Red Hat 6, an extremely rare convenience in the Linux world. Linux enthusiasts will also appreciate that it can be obtained as an rpm, a package format that allows for relatively easy installation."

Section Editor: Rebecca Sobol

April 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



Sendmail Setup for Your Home Network (Linux Journal). This article from Linux Journal shows how simple it can (or should) be to make a Linux box act as a mail server to the outside world for a small home network using Sendmail. "Assuming the system is a home or small company network with a Linux machine running Sendmail as the mail server, Sendmail's functions will be to receive mail messages from machines on the internal network, deliver local messages to their respective users and deliver to the Internet messages for external destinations. Additionally, the server will receive mail from the Internet."

Linux-Mandrake donation center. Linux-Mandrake sent us word of their plans to open up a donation center for users to provide funding to individual projects at MandrakeSoft.

Mandrake 8 Apache/PHP/PostgreSQL hints. AboutLinux has an article on getting Apache, PHP and PostgreSQL running on a freshly installed Mandrake 8.0 system.

Why Can't My 2.4 Kernel See Some Web Sites? (ELToday). Enterprise Linux Today looks at problems with the ECN protocol, which is implemented in the 2.4 kernel. "Eventually, the network infrastructure will be updated so that this new protocol (currently experimental) is supported everywhere, but what can a Linux user do about the problem in the meantime? The good news is that there is an easy workaround, and it doesn't involve staying with the 2.2.x kernel."

Of course, we can't resist pointing out that LWN kernel page readers knew about this back in September, 2000.

Tip of the Week: rpm2cpio and cpio (LinuxLookup). RPM is pretty common format for Linux systems, but for the many people on non-RPM systems, this week's TOTW uses rpm2cpio and cpio to look inside the RPM package.


Linux@work Europe 2001 -- call for participation. Linux@work is one day event with a conference and exhibits. There is no charge for attendance but pre-registration is required. Linux@work will be held in cities around Europe during May and June.

Embedded Internet Conference. Here's a call for participation for the EIC, August 14-16, 2001 in the Santa Clara Convention Center.

Events: April 26 - June 21, 2001.
Date Event Location
April 26 - 27, 2001Linux Expo Road ShowEastern Europe
April 26, 2001Linux AfricaKyalami Exhibition & Conference Centre, Johannesburg, South Africa
May 5 - 6, 2001Linux Certification BootcampCupertino, California
May 8 - 10, 2001LinuxWorld(New Zealand ExpoCentre Greenlane)Auckland, New Zealand
May 9, 2001Linux@workOslo
May 9 - 10, 2001Linux ExpoSao Paulo, Brazil
May 10, 2001Linux@workStockholm
May 10 - 12, 2001LinuxWorld TaiwanTaipei, Taiwan
May 11, 2001Linux@workHelsinki
May 13 - 17, 2001Spring 2001 Enterprise Linux Implementation ConferenceSan Jose, CA
May 14 - 17, 2001The 2001 Applied Computing ConferenceSanta Clara, CA
May 15, 2001Linux@workFrankfurt
May 15 - 18, 2001Linux ExpoShanghai, China
May 16, 2001Linux@workZurich
May 17, 2001Linux@workMilan
May 18 - 19, 20012nd Magdeburger LinuxtagMagdeburg, Germany
May 18, 2001IST programme actions on free / open source software developmentBrussels
May 20 - 23, 2001eXtreme Programming(XP2001)Sardinia, Italy
May 24 - 26, 2001LinuxWorldKorea
May 29 - 31, 2001II Forum Internacional do Software LivreBrazil
June 6 - 7, 2001Linux ExpoMilan, Italy
June 7 - 8, 2001Second European Tcl/Tk User MeetingGermany
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 12, 2001Linux@workLondon
June 13, 2001Linux@workParis
June 14, 2001Linux@workBrussels
June 15, 2001Linux@workAmsterdam
June 20 - 21, 2001Linuxdays 2001St. Pölten, Austria

User Group News

Bjarne Stroustrup speaking at Columbia. Columbia University's ACM chapter announced that Bjarne Stroustrup, the creator of C++, will be giving a talk on "multiparadigm programming in C++" in 501 Schermerhorn Hall at 7:30pm on Thursday, April 26th. Admission is free, and all are welcome. The easiest way to reach Columbia is to take the 1 or 9 subway to 116th Street.

LUG Events: April 26 - May 10, 2001.
Date Event Location
April 26, 2001Bergen LUGBergen, Norway.
April 28, 2001Consortium of All Bay Area LinuxMenlo Park, CA.
April 28, 2001OLUG InstallfestOmaha, Nebraska.
May 1, 2001LUG of DavisDavis, CA.
May 1, 2001NorthWest Chicagoland LUG(NWCLUG)(Harper College)Palatine, Illinois.
May 1, 2001Missouri Open Source LUGKirkwood, Missouri.
May 2, 2001Silicon Valley LUGSan Jose, CA.
May 2, 2001KCLUG InstallfestKansas City, MO.
May 2, 2001Southeastern Indiana LUG(SEILUG)(Madison/Jefferson County Public Library)Madison, IN.
May 3, 2001Edinburgh LUGEdinburgh, Scotland.
May 5, 2001Twin Cities LUG(TCLUG)Minneapolis, MN.
May 5, 2001Sheffield LUG(ShefLUG)University of Sheffield, UK.
May 7, 2001Rice University LUG(RLUG)Houston, TX.
May 7, 2001Baton Rouge LUG(BRLUG)Baton Rouge, LA.
May 8, 2001Victoria LUGUniversity of Victoria, Victoria, British Columbia.
May 8, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale., NY.
May 9, 2001Toledo Area LUGToledo, OH.
May 9, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland.
May 9, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK.
May 10, 2001Boulder LUGBoulder, CO.
May 10, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.

April 26, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Three years ago (April 30, 1998 LWN): People began to spread the word about proposed changes to the Uniform Commercial Code. This effort eventually evolved into the proposed law known as UCITA, which remains a threat, though it seems to have bogged down in the last year.

Red Hat launched its first attempt at a commercial support program, which would be implemented by numerous "support partners" worldwide. LWN publisher Eklektix, Inc. was one of those partners...it seemed like a good idea at the time...

Linus's absence (due to the birth of his daughter) brought much kernel development work to a standstill; we commented thusly:

Nonetheless, this episode has pointed out that the "Linus model" has an important single point of failure. When Linus is out, nothing happens, and people's time is wasted. Linus should really have a deputy, somebody he trusts to put in patches and generally help with the whole process.

Three years later, it's nice to be able to note that, when Linus leaves town, development continues nicely via the "ac" patch series.

Salon Magazine said that, sooner or later, Microsoft would have to think seriously about releasing the source to Windows.

For the open-code Windows scenario to come true, Microsoft would have to be in a much weaker business position than it's in today. But somewhere down the line, the company may be staring at a growing mountain of legal trouble. It may confront an unmanageably vast load of user support problems. Its engineers may face an impossible-to-meet calendar for debugging Windows 2001 or Windows NT 6.0. And somebody in Redmond just might throw up his hands in dismay and take a big, brave risk.

Does the new look-but-don't-touch policy count?

Eric Raymond released The Rampantly Unofficial Linus Torvalds FAQ.

Two years ago (April 29, 1999 LWN): Richard Stallman confirmed that the gcc and egcs projects would merge. One of the more unpleasant free software rivalries came to a happy ending.

Red Hat 6.0 was released.

InfoWorld reported that SGI would announce a Linux strategy soon.

Some companies that have announced Linux strategies are opportunists, looking to cash in on a hot industry trend, according to Belluzzo, and the SGI CEO said he wonders "how aggressively are they going to contribute technology" to the OS. Will companies actually help develop the OS or "will they just throw a Red Hat CD in a box," he added, referring to Red Hat Software, a premier Linux developer and distributor.

SGI's strategy turned out to be quite a bit more than "just throw a Red Hat CD in a box", as can be seen from the SGI and Linux website.

SCO's CEO Doug Michels sneered at Linux in this ComputerWorld interview.

Linux is a religion. It's like considering the Catholic Church a competitor. I'm not a religion; I'm a commercial operating system. Companies like Red Hat ... take Linux technology with a lot less value added, and they package it up and say, 'Hey, this is better than SCO.' Well, it isn't. And very few customers are buying that story.

Looks like Caldera bought it ... SCO's Unix division that is.

One year ago (April 27, 2000 LWN): Red Hat's "piranha" tool turned out to have been shipped with a default password enabled, leading to a security vulnerability and charges that Red Hat had included a "back door" in its product. The charges were overdone; it was a simple mistake that was found and fixed quickly.

Red Hat's acquisition of Cygnus finally came to fruition with the announcement of the Red Hat Embedded Developer's Kit (EDK). Source-Navigator, one of the tools in the kit, had been a proprietary product. Red Hat released Source-Navigator and the entire EDK under the GNU GPL.

Applix launched VistaSource, a spin off of its Linux division. According to this News.com article, VistaSource was planning an IPO. Of course the IPO never happened and Applix recently sold VistaSource to Parallax Capital Partners. Now VistaSource will focus on tools for analysis of real time financial data.

Salon's Andrew Leonard added Chapter 6 to his "The Free Software Project" book. This chapter was actually the second to be posted and covers Mr. Leonard's trip to Finland.

Finland's love affair with high technology runs deep. The closer you look, the less remarkable it seems that a 21-year-old undergraduate at the University of Helsinki cooked up some code that ended up throwing the entire software industry into turmoil.

The LWN Penguin Gallery had grown to no less than 233 unique penguins. Over 300 penguins roost there now. [Pingoo Tux]


April 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

April 26, 2001

From:	 Rainer Weikusat <weikusat@mail.uni-mainz.de>
To:	 letters@lwn.net
Subject: Thieves 'r' us
Date:	 21 Apr 2001 13:09:19 +0200

        Technologies that empower people don't discriminate between
        good uses and bad. So if we build constraints into our
        computer systems that prevent infringement, we're also making
        it impossible for users to engage in all sorts of lawful

Why does nobody 'get that' that's exactly what the entertainment
industry probably wants: _Prohibit lawful copying_. 'Infringement'
will be done by your friendly Hongkong-based clonemaker anyway.

From:	 FB <fbochicchio@galactica.it>
To:	 letters@lwn.net
Subject: About the new italian law on news publishing
Date:	 Thu, 19 Apr 2001 22:42:45 +0200

Dear LWN editors,

I am a constant reader of your net magazine, and usually find your coverage
of linux-related news quite precise and informative.

I am also among the 35000 people that signed the petition against the new
italian law on news publishing; therefore I was pleased that LWN reported
this italian misadventure in the front page of the last issue.

While the coverage of this item was generally good, considering that it
was strictly (and unfortunately tipical) italian, in my opinion you
should have avoided the final comment about italian politics.

The way you put it ( or at least the way I read it ) it seems that the
approval of the law is somehow related to the fact that the new Italian
Prime Minister could be the owner of the major private italian TV network.

While I may share some of the expressed concerns, like the fact that the
future italian prime minister may have too much power over the italian
media, this is unrelated with the approval of the law: the law was voted by
both gouvernment parties and opposition parties (except a couple of small
ones), and the current gouvernment, which prepared the law, is opposed by
the party lead by Mr. Berlusconi ( the TV network owner ).

The reason behind the law is, IMO, that few in Italy percieve the
revolutionary potential of the Net ( and of these fews, some are maybe
scared by it ).

Francesco Bochicchio

From:	 Gary Shears
To:	 letters@lwn.net
Subject: backdoors in open source
Date:	 Thu, 19 Apr 2001 10:13:46 -0500

Regarding these paragraphs on your This Week in Linux History page for
April 19, 2001.

> Webmasters all over the world are going to be pulling all-nighters and
> tearing their hair out over this one. That is, webmasters who are unlucky
> enough to work for bosses who bought Microsoft. At the over 60% of sites
> running the open-source Apache webserver, webmasters will be kicking back
> and smiling -- because they know that Apache will *never* have a back door
> like this one.
> "Never" was, perhaps, a bit strong. There have been a couple of "back
> door" issues with free software recently, but they tend to be the sort of
> exception that provies the rule. Consider, for example, the back door
> found in InterBase shortly after the code was released.

I can't agree completely with your assessment that 'never' was too strong a
word to use, especially given the example you cite. The backdoor in
Interbase was put in place when the product was proprietary, and was
discovered after the code was released, and only because the code was
released.  Yes, it is possible that a back door can be placed in open
source code. However, it is highly unlikely that it would go unnoticed and
uncorrected for six years, as was the case with Interbase. If I recall
correctly, tcpwrapper was trojaned several years ago. This was discovered
and corrected within hours.  Also, a backdoor such as the one in Interbase
(a hardcoded user and password, to allow two parts of the program to
communicate) would never have passed muster in the open source world. It's
just poor programming practice.  I believe that such a backdoor will
*never* enter the apache tree.

Gary Shears

From:	 Mark Christensen <mchristensen@HTEC.com>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: Google data
Date:	 Mon, 23 Apr 2001 12:02:08 -0400

Though I don't attribute much significance to the fact that SourceForge has
more references on the internet than Beer -- at least as cataloged by Google
-- your report did get me thinking. 

What can we really learn about the state of the free software world from
looking at Google's data?  

So I did a couple of Free Software/ Open Source searches and tabulated the

172,000	"Free Software" AND "Open Source"
1,410,000	"Free Software"
2,430,000	"Open Source"
3,120,000 	Beer
3,570,000 	SourceForge
36,500,000	Linux
38,600,000	Porn 
53,100,000	Software

The first thing I noticed is that the references to free software and open
source combined are an order of magnitude less than the references to Linux.
This seems to indicate a significant disparity between the popularity of
Linux and any knowledge of the philosophies behind the movement that created

Another thing to notice is that only a small number of page include
references to both RMS's "Free Software," and ESR's "Open Source."
Moreover, almost twice as many pages use the Open Source designation
exclusively. This seems to indicate that there is some real disagreement
about which term to use, and the Open source people seem to have been a
somewhat more effective in advocating their particular rhetoric, and
associated philosophy.  

Another somewhat surprising piece of information is that Linux trails only
slightly behind Porn in number of page references on Google. 

I'm not sure we should take any of this data too seriously, but it is
interesting to think about what we could learn from this kind of data. 

I once was part of a cultural anthropology project which analyzed writings
on bathroom walls.  We broke the data down into a variety of categories, and
then by the gender, economic status, and age of the author.  It's surprising
what we learned about gender and class differences in the US from this
relatively simple study.  I'm sure some motivated college students with more
free time and energy could pull some really interesting data out of the
Google statistics.

From:	 George M. Sipe
To:	 editor@lwn.net
Subject: applications available on Linux
Date:	 Thu, 19 Apr 2001 21:30:31 -0400

Your On The Desktop piece this week bemoaned the lack of adequate tax
preparation software for Linux.  For many users, this is certainly true
of available native software.  However there are good alternatives in
Windows software running under Win4Lin or VMware.

I run Linux 24 hours/day and have done so for many years.  In the past I
had to reboot to Windows to run applications which simply did not have
acceptable Linux counterparts.  This was not convenient and interfered
with various functions I run under Linux - but there just wasn't a
reasonable option.  Some years back I bought Wabi and it helped, but it was
limited.  I have tried wine but it is even more limited (but improving).

Win4Lin (which I use) and VMware (which I understand to also be quite
good) solve this problem.  These are enablers for Linux on the desktop.
Most people are not willing to boot back and forth and since Linux
currently can't do everything they need, Linux is not be used.

These products do not get nearly the attention they deserve in the Linux
community.  I assume that is because (1) they are commercial and (2) they
implicitly acknowledge the continuing need for at least some Windows
software.  That's a shame, because they greatly expand the application
base and are also an excellent bridge to Linux for Windows users.
From:	 "M Clasquin" <CLASQM@unisa.ac.za>
To:	 <letters@lwn.net>
Subject: M Carling wrote:
Date:	 Tue, 24 Apr 2001 11:45:03 +0200

M Carling wrote:

>Bonobos and humans are the only mammals that can mate face to face.

Not so, porcupines have also evolved this ability, though their motives are
painfully obvious ...

Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds