[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The Caldera/SCO deal completes. Caldera Systems - now Caldera International - announced on May 7 that its acquisition of much of SCO had finally been completed. It has been a long process - the deal was originally announced last August. With this [Caldera/SCO] acquisition, Caldera now claims to be "the largest Linux company in the world." Certainly it will be a change for the company, and perhaps for the Linux industry in general.

Caldera is getting SCO's Server Software and Professional Services divisions, along with UnixWare and OpenServer. This all brings:

  • A vast increase in headcount, quadrupling Caldera's staff to over 700 people.

  • A major increase in cash flow. Caldera's revenue for the quarter ending January 31 was just over $1 million. Throw in the SCO divisions and that number jumps to almost $25 million. Similarly, revenue for the year 2000 goes from $4.3 million to $143.5 million.

  • SCO's massive sales channels and marketing organization. Caldera now claims over 15,000 resellers worldwide.

  • And, of course, the proprietary UnixWare and OpenServer products.

None of this comes for free, of course. SCO gets $23 million in cash now, another $8 million in installments after a year, and 16 million shares in Caldera. If Caldera manages to make more than expected from OpenServer, SCO gets a 45% cut of the excess as well.

All that revenue looks nice, but it's best not to lose sight of the overall picture, as found in the registration statement (warning: 2MB of legalese) filed in March:

Caldera has not been profitable. The server and professional services groups have not been profitable and their revenue has been declining.

Somehow Caldera is going to have to find a way to arrest the fall in SCO's revenues while cutting enough costs to actually make a profit. As an added little challenge, Caldera gets the costs of the SCO groups immediately, but none of their accounts receivable or bank balances, meaning that those groups will be a dead weight until the new invoices go out and get paid. Caldera has money in the bank, even after handing $23 million to SCO, but it may well see those reserves shrink quickly in the near future.

Caldera's hopes, of course, are to work the company firmly into the enterprise market by way of SCO's existing extensive customer base and deployments. The current UnixWare and OpenServer business can be extended by improving those products' interoperability with Linux. Meanwhile, as SCO customers begin to think about transitioning over to Linux, Caldera will be very nicely positioned to help them out. With luck, SCO's customers will drive Caldera's Unix and Linux business for years to come.

It might just work, if Caldera can manage to keep the attention and loyalty of SCO's customer base, and if it can get revenue and expenses a little better in line. Those are big ifs, but nobody said that the business world was easy. This is a new phase in the development of the Linux business community, we're most curious to see how it will turn out.

No profitable businesses? That said, give us a moment to gripe about one sentence buried deep within the Caldera/SCO registration statement:

Caldera knows of no company that has built a profitable business based in whole or in part on open source software.

Is it really true that no open source company has been profitable? How about:

  • Sleepycat Software has been doing nicely with the Berkeley DB for years.

  • Digital Creations has built a solid business on Zope, and was briefly profitable before taking a new investment and launching into another expansion phase.

  • Prosa srl was doing well before its acquisition by Linuxcare, and is now reborn from the ashes of that mess.

  • Cygnus Software was an open source company way back before most people had heard of free software, and did very well.

  • Red Hat, which bought Cygnus, is closing in on profitability.

  • Cybersource has been doing well in the support business for years (see this week's Letters to the Editor Page).

  • It is not much of a stretch to include O'Reilly & Associates on this list.

  • Let us express our apologies right now to all of the profitable companies that we left out.

Business is hard, and free software business may yet prove to be harder than many others. But it should not be said that nobody has succeeded.

PriorArt.org enters the software patent fray. A new site called PriorArt.org has announced its existence. This site is positioned as a way for free software developers to avoid having their techniques patented out from underneath them.

The idea is this: patents can be invalidated by a demonstration of "prior art" - proof that somebody else had already invented the technology of interest. Prior art must be documented, however; it's not enough for somebody to say that they were using a technique years ago. It is also highly preferable that the prior art be available to patent examiners when a patent is applied for. When the information is easily available, the patent should be denied at that stage. Otherwise a court case may be required to bust a patent that has been issued, and that is an expensive proposition.

So PriorArt.org is inviting free software developers to disclose their innovations through their site. Disclosures go into a large database, which may be searched by anybody. It is claimed that this database, which is maintained by IP.com, is consulted by patent examiners. Disclosures are timestamped and notarized (somehow) so that there is no doubt as to the timing of any particular discovery.

This approach thus differs from BountyQuest, which focuses on digging up prior art to break patents which have already been granted.

The service is not truly free. The normal charge for this sort of disclosure through IP.com is $19.95. This charge is not being waived for free software disclosures; instead, donations are being solicited to purchase "publication vouchers" for free software inventions. IP.com thus hopes to make money from this operation - and an extensive database full of inventions could prove useful as well.

Any effort which helps defeat software patents is helpful, certainly. There are some problems with this approach, though, that could affect its long-term success.

For example, consider the problem of who will actually disclose inventions through this system. Free software developers are busy people who are unlikely to find the time to write up every "invention" and feed it to a web site - especially a web site for a proprietary database which requires a credit card number even to submit a "free" disclosure. Remember also that the most obnoxious software patents cover techniques that seem obvious to developers. Reasonable hackers don't tend to think that a little function they just put together might be patentable.

Disclosures will also be limited, of course, by the number of donations received to pay for them. At $20 per disclosure, the bill could get high fairly quickly.

But, more to the point, free software developers already disclose everything they invent, in the clearest possible form: working code. Source repositories on SourceForge and many other sites contain a detailed, time-stamped history of free software development. Rather than try to convince developers to write up their techniques, it would be preferable to find a way to mine the incredible database of prior art that already exists. A detailed of the kernel, gcc, emacs, PostgreSQL, or any other significant free software project would probably yield more prior art than will ever find its way into PriorArt.org.

In the end, however, this is all defensive action, based on the idea that the patent system is really OK, the only problem is that insufficient information is available to patent examiners. If you believe that the real problem is in the concept of software patents to begin with, these approaches will seem inadequate. Wouldn't it be better if we could fix the patent laws, and prevent software patents from being implemented where they do not yet exist?

Bruce Perens: Software Patents vs. Free Software. For a different approach to software patents, consider this lengthy piece by Bruce Perens:

Ironically, some of the biggest patent holders are the Free Software Community's own partners, companies like IBM and HP that have aggressively incorporated GNU/Linux into their business plans and expect significant revenue from it before long. IBM is said to hold 10% of software patents, and HP is one of the largest patent holders in general. It's important for us to start a dialogue with these and other partners. That's why I am calling a summit meeting on Free Software and The Law.

This meeting will have some specific goals, including getting a formal promise from the companies involved that they will not sue free software developers for patent infringement. Even better would be a promise to defend developers from patent suits brought by others. The companies involved in the meeting are, after all, benefitting from the work of these developers.

It will be interesting to see what comes of this summit, but patience will be required - it's happening at the end of August, after the LinuxWorld conference.

Inside this week's Linux Weekly News:

  • Security: Immunix 7.0 released with licensing changes, Turbolinux "spring cleaning", OpenSSH 2.9, new vulnerabilities in cron, Samba, minicom, and man-db.
  • Kernel: Buffer cache, page cache, and block I/O; ReiserFS: ready for prime time; ESR confronts brutality and heuristics.
  • Distributions: Yellow Dog Linux 2.0, an introduction to the development team behind it, the Debian Weekly News returns and Slackware moves up to Gnome 1.4.
  • On the Desktop: Desktop speed, Gtk+ 1.3.5, Mozilla 0.9, Multimedia with Fer de Lance.
  • Development: LinuxFund grants awarded, LSB 0.9, Cal3D, OpenSSH 2.9, Apocalypse 2.
  • Commerce: Craig Mundie's speech, Playstation Linux update.
  • History: The Wang patent lawsuit, AFUL founded, Ken Thompson trashes Linux, Free Standards Group formed.
  • Letters: The Linux support business; responses to Mundie; the trouble with packaging systems.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

May 10, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

Immunix 7.0 commercial release. Immunix 7.0 is now commercially available for those wishing to buy their own CD. It comes with a subset of Red Hat 7.0 with the majority of the binaries recompiled using StackGuard and FormatGuard-enhanced compilers, thus protecting users from most buffer overflows and format string vulnerabilities, whether known or unknown. It also includes SubDomain, a kernel extension providing "least privilege confinement", the ability to specify exactly precisely what files a program can access and what actions it can perform.

Before you go out to purchase Immunix 7.0, though, you need to be aware of the licensing changes that have occurred between the release of Immunix 6.2 and the release of Immunix 7.0. Immunix 6.2 was available as a free download under the GPL. Immunix 7.0 is, instead, under a new license, which includes this phrase:

The license granted to End User by WireX shall be a non-exclusive, non-transferable license to use Licensed Software on the Designated Equipment in machine-readable form only, solely for End User?s internal business purposes (Authorized Use). End User is not entitled to receipt or use of the source code to any Licensed Software. End User shall not modify, decompile, disassemble or otherwise reverse engineer the Licensed Products.

This language means that the Immunix distribution itself cannot be freely redistributed. That may, initially, seem to be impossible legally, since it includes a great deal of software licensed under the GPL. However, there is no restriction on the GPL'd software within Immunix, just on the bundled product itself.

The restrictions on Immunix stem from both the inclusion of the SubDomain product, the non-kernel portions of which are both proprietary and closed source, and the inclusion of BSD-licensed binaries, for which they currently include source (but may not in the future) but which they place under a proprietary license.

This would imply that you could take Immunix, remove SubDomain from it, remove or replace the BSD-based binaries with ones that you've compiled yourself (with or without StackGuard or FormatGuard) and then distribute the result freely. However, if you haven't done the above, then legally you are not allowed to freely distribute what you download or purchase or to use the CD on multiple machines.

A full discussion of WireX's choice of license for Immunix can be found in this thread on the immunix-users mailing list.

As a result of this licensing choice, the Immunix distribution itself no longer meets the requirements of the Debian Free Software Guidelines. In essence, it is a Linux distribution that is not Free Software; although built primarily with free software, it is a proprietary product.

It is notable that this move resembles comments made this week by Caldera's Ransom Love. "Love said he thinks Microsoft was right in its claim that the GPL doesn't make much business sense. Consequently, Caldera is likely to add a non-GPL licensing mechanism -- most likely one based on the BSD license -- to its repertoire in the coming months". We disagree with Mr. Love on this point; we believe the GPL makes a great deal of sense, both for business and non-business users. Nonetheless, both Caldera and WireX are, to the best of our knowledge, making choices that are legal.

It is possible that, in reaction to these licensing changes, someone else may step forward to make a competing Linux distribution with StackGuard and FormatGuard-protected binaries that is actually Free Software. This would mirror what happened when the licensing behind QT affected KDE and speared the development of Gnome. Alternately, if the audience for this product is small and does not, in general, care about the issue of free software versus proprietary software, Immunix may move forward uncontested in this arena.

We have always been strong proponents of WireX and their work in the past; StackGuard and FormatGuard have been important contributions to the community and Immunix 7.0 looks like an excellent product. Their licensing choices, though, while understandable from a revenue perspective, may end up hampering the adoption of Immunix. In particular, the use of closed source programs for security is one that we particularly distrust, so their choice to make portions of SubDomain closed source is a bit disheartening.

Turbolinux security advisories return. After a period of total inactivity lasting almost six months, Turbolinux has issued a spate of new advisories this week. The turnaround on the advisories is admittedly terrible; the vulnerabilities that they fix go as far back as July 20, 2000. Presumably, the cause of that terrible response has now been addressed.

As a result, Turbolinux appears to be doing a general house-cleaning, checking known vulnerabilities against its distribution and trying to get fixes out for them (no matter how old). Before Turbolinux gets all the negative attention, though, it is worth taking a look at the vulnerabilities they've now addressed, as we've done below in our Update Section. The vulnerabilities in it are listed in reverse order of when they were reported (most recent ones first).

You'll quickly notice that many of the vulnerabilities, even the ones that have been known for quite a while, have not been addressed by all the other distributions either. Perhaps a "spring cleaning" should be on the list for all the security teams.

OpenSSH 2.9 released. OpenSSH 2.9 has been announced. This release includes a number of new features, some fixes, and makes version 2 of the SSH protocol the default. "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support."

'No limits' browser planned (BBC News). The BBC News talks about a promised new browser, Peekabooty, which The Cult of the Dead Cow is planning on releasing this year. The goal of Peekabooty is to combine encryption and a Gnutella-like network to circumvent censorship. "The inventors of the new browser said they were developing it for people living under restrictive regimes who wanted to see information they were otherwise denied."

Although China, Malaysia, Singapore and many Arabic countries are given as specific examples of countries that restrict what their constituents can view on the web, the DeCSS case might arguably add the USA to the list and Germany could be argued for inclusion as well. (Thanks to Fred Mobach).

Open Source Security Testing Methods (LinuxSecurity.com). The folks at LinuxSecurity.com talk with Pete Herzog, creator of the Open-Source Security Testing Methodology Manual. "As it is, security testers are an innovative group who need to be both methodical and radical to perform their job well. This manual works with them, guiding their hand, not forcing it."

Security Reports

vixie-cron crontab permissions lowering failure. It has been reported that a security fix applied to fix a problem back in January has resulted in a failure to drop permissions properly. As a result, a local root exploit has been introduced. Paul Vixie Vixie Cron 3.0pl1 fixes this latest problem.

Samba 2.0.9 released (security fix). Andrew Tridgell has released Samba 2.0.9, which fixes the security bug (from April 19th) that he had thought was fixed in 2.0.8. If you're running a 2.0 version of Samba, an upgrade is recommended; look for one from your favorite distributor soon. 2.2.0 users are not affected by this problem.

Minicom XModem Format String Vulnerability. Multiple format string vulnerabilities have been reported in Minicom which can be triggered when sending files via XModem. As a result, uucp privileges can be gained by a local user. An exploit has been published. No patch or update has been published so far, though removing the setgid bit from minicom will close the hole (and disable minicom for non-privileged users) temporarily. Check BugTraq ID 2681 for more details.

Red Hat 7.1-specific improper swapfile creation vulnerability. Red Hat has issued an advisory warning swap files (not swap partitions) created during an upgrade to installation of Red Hat 7.1 are created with improper permissions, allowing world-read access. Red Hat Linux 7.1 offers the option of creating swapfiles during the upgrade if the amount of swap space available is less than the physical RAM.

The world read-access exposes data in the swapfile, including potentially passwords. An updated mount package has been issued to fix the problem.

mandb symlink vulnerability. Debian reported a symlink vulnerability in mandb, a tool distributed with the man-db package. The vulnerability was found by Ethan Benson. Debian has provided updated packages to fix the problem. Other distributions that install man setgid will also be impacted.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • Al-Stats is a freeware CGI package that can be used to track website traffic. Vulnerabilities have been reported in Al-Stats that can be used both to view files outside the web server tree and possibly overwrite files. Downloading the latest version will resolve the problems. BugTraq ID 2705.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:


gnupg 1.0.5 released with multiple security fixes. gnupg 1.0.5 was released on April 29th. Check the May 3rd LWN Security Summary for details. An upgrade to 1.0.5 is recommended.

This week's updates:

Previous updates:

KDEsu tmplink vulnerability. Check the May 3rd LWN Security summary for details. Fixes for the problem are included in kdelibs-2.1.2. The KDE Project recommends an upgrade both to kdelibs-2.1.2 and to KDE 2.1.1.

This week's updates:

Previous updates:

Zope Zclass security update. Check the May 3rd LWN Security Summary for the original report. Sites running Zope should upgrade as soon as possible.

This week's updates:

gftp format string vulnerability. Check the May 3rd LWN Security Summary for the original report or BugTraq ID 2657 for additional details. The problem is fixed in gftp 2.0.8 and later.

This week's updates:

Previous updates:

NEdit temporary file link vulnerability. Check the April 26th LWN Security Summary for the original report or BugTraq ID 2627 for additional details.

This week's updates:

Previous updates:

ntp remotely exploitable static buffer overflow. Check the April 12th LWN Security Summary for the original report. An exploit for this vulnerability has been published and it is remotely exploitable to gain root access, so updating ntp is a high priority for anyone using it. For more details and links to related posts, check BugTraq ID 2540.

This week's updates:

Previous updates:

Netscape 4.76 GIF comment vulnerability. Check the April 12th LWN Security Summary for the original report. The vulnerability can be used to embed executable Javascript in GIF comments which are then executed by the viewer when loading the GIF file. This has been fixed in Netscape 4.77, which is available for download from ftp.netscape.com.

This week's updates:

Previous updates:

sgml-tools temporary file vulnerability. See the March 15th LWN security page for the initial report or 2683 for more details.

This week's updates:

Previous updates:

vixie-cron long username buffer overflow. Check the February 22nd LWN Security Summary for the original report.

This week's updates:

Previous updates:

Analog buffer overflow. An exploitable buffer overflow in analog was reported in the February 22nd LWN Security Summary. Version 4.16 contains a fix for the problem, which affects all earlier versions. Check BugTraq ID 2377 for additional details.

This week's updates:

Previous updates:

dhcp buffer overflow. Check the January 18th LWN Security Summary for the original report from Caldera.

This week's updates:

Previous updates:

squid tmprace problem. Check the January 11th LWN Security Summary for the initial report.

This week's updates:

Previous updates:

dialog lockfile symlink vulnerability. Check the December 28th, 2000 LWN Security Summary for the original report of this problem.

This week's updates:

Previous updates:
  • Debian (December 28th, 2000)

pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

This week's update:

Previous updates:

ed symlink vulnerability. Originally reported on November 30th, 2000, Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.

This week's updates:

Previous updates:

ncurses buffer overflow. Check the October 12th, 2000 LWN Security Summary for the initial report of this problem.

This week's updates:

Previous updates:
  • Caldera (October 19th, 2000)
  • SuSE (November 2nd, 2000)
  • FreeBSD (November 16th, 2000)
  • Debian (November 30th, 2000)
  • Red Hat (November 30th, 2000)
  • Red Hat, Alpha packages added for RH7 (November 30th, 2000)
  • Immunix (December 7th, 2000)

Format string vulnerability in locale. Check the September 7th, 2000 LWN Security Summary for the initial report or BugTraq ID 1634 (updated January 18th, 2001) for more details. The updates below also address other glibc security issues discussed in the past five months, including the glibc LD_PRELOAD file overwriting vulnerability and the glibc RESOLV_HOST_CONF file read access vulnerability.

This week's updates:

Previous updates:

cvsweb. Versions of cvsweb prior to 1.86 may allow remote reading/writing of arbitrary files as the cvsweb user. Check the July 20th, 2000 Security Summary for the original report from Joey Hess. The FreeBSD advisory also contains a good summary of the problem.

  • Turbolinux, an update to cvsweb-1.93-1 without comment on why the previous update to cvsweb-1.91-3 was not sufficient. This is the same version of cvsweb that FreeBSD provided as a fix.
Older updates:


Prelude 0.3. Prelude is a Network Intrusion Detection system that MandrakeSoft will be shipping with MandrakeSecurity as an alternative to Snort. Version 0.3 has just been released, but is reportedly much further along than one might expect from a 0.3 level release.

PIKT 1.13.0. PIKT, otherwise known as the Problem Informant/Killer Tool, version 1.13.0 was released on Tuesday, May 8th. "PIKT, an innovative new paradigm for administering heterogeneous networked workstations, is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, and managing system configurations. You can also use PIKT as a basis for managing system security".


Kernel Security Extensions BOF at Usenix. NAI Labs is sponsoring a Kernel Security Extensions BOF (Birds of a Feather session) at the upcoming USENIX Technical Conference being held June 25th through the 30th in Boston, Massachusetts, USA. "Crispin Cowan (WireX), Peter Loscocco (NSA), Amon Ott (RSBAC) and Robert Watson (NAI Labs and the FreeBSD Project) have kindly agreed to kick off the session with short presentations on their work".

For those people unfamiliar with Birds of a Feather (BOF) sessions, they are generally informal events that bring together experts and enthusiasts in a given field. This looks like an excellent one; we wish we could be there.

Digital Rights v. Free Speech: a focus of the upcoming Internet Security Conference. TISC 2001 is coming up June 4th through the 8th, in Los Angeles, CA, USA. It will include a CEO Roundtable entitled "Digital Rights Enforcement". "The TISC CEO Roundtable will include discussion of the current events, technologies and constitutional rights debate surrounding the Secure Digital Music Initiative (SDMI) as it relates to the Digital Millennium Copyright Act (DMCA)".

Upcoming Security Events.
Date Event Location
May 13 - 16, 20012001 IEEE Symposium on SecurityOakland, CA, USA
May 13 - 16, 2001CHES 2001Paris, France
May 29, 2001Security of Mobile Multiagent Systems (SEMAS - 2001)Montreal, Canada
May 31 - June 1, 2001The first European Electronic Signatures SummitLondon, England, UK
June 1 - 3, 2001Summercon 2001Amsterdam, Netherlands
June 4 - 8, 2001TISC 2001Los Angeles, CA, USA
June 5 - 6, 20012nd Annual IEEE Systems, Man, and Cybernetics Information Assurance WorkshopUnited States Military Academy, Westpoint, New York, USA
June 11 - 13, 20017th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and RiskOrlando, FL, USA.
June 17 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France
June 18 - 20, 2001NetSec Network Security Conference(NetSec '01)New Orleans, Louisiana, USA.
June 19 - 20, 2001The Biometrics SymposiumChicago, Illinois, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

May 10, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is 2.4.4. There have been no kernel releases (not even prepatches) from Linus since 2.4.5pre1came out on May 2.

Alan Cox remains busy; his latest is 2.4.4ac6, which contains another long list of fixes but nothing radical.

To top it off, Alan has also started the 2.2.20 prepatch series with 2.2.20pre1. At this point, only serious fixes are going in at this point: "Expect me to be very picky on changes to the core code now."

Moving block devices to the page cache. In last week's kernel page we looked at a subtle metadata corruption bug brought about by the fact that I/O to block devices uses the buffer cache, while the filesystem code uses the page cache. Conversation on this topic has continued in this (otherwise slow) week, so it's worth another look. Some background first...

Linux systems use two distinct caches to improve performance. Both are used to keep copies of disk-resident data in main memory, and thus to avoid excessive disk I/O operations. These caches are:

  • The buffer cache holds individual disk blocks; entries in the cache are indexed by the device and block numbers. Unix-like systems have had a buffer cache for a very long time, and the block I/O system is built around the "buffer head" structure used to implement the buffer cache.

  • The page cache, instead, holds full pages. The pages come from files in the file system, and, in fact, page cache entries are indexed (more or less) by the file's inode number and the offset within the file. A page is almost invariably larger than a single disk block, and the blocks that make up a single page cache entry may not be contiguous on the disk.
The page cache tends to be easier to deal with, since it more directly represents the concepts used in higher levels of the kernel code. Thus, over time, parts of the kernel have shifted over from using the buffer cache to using the page cache.

The individual blocks of a page cache entry, of course, are still managed through the buffer cache. But, as we saw last week, accessing the buffer cache directly can create confusion between the two levels of caching.

Reading and writing a block device directly, as is done by utilities like dump and fsck, works only with the buffer cache. It turns out that Linus wants to change this behavior, even though he is not tremendously concerned about the corruption problem discussed last week. Having block devices use the page cache will clean up a lot of design issues, improve performance, and gets away from the idea of using the buffer cache as a cache. The buffer cache, for Linus, really should just be a low-level block I/O mechanism that leaves the actual caching tasks to higher levels.

Not much time passed before Andrea Arcangeli released a patch moving block I/O into the page cache. Essentially, he has eliminated the special-purpose block_read and block_write functions, and made a block device look like a large file. So now the general-purpose file I/O functions may be used instead.

As an added bonus, Andrea has obsoleted the raw I/O interface, implementing instead an O_DIRECT flag which may be used to perform I/O directly between the device and user space. This change makes raw I/O a much more straightforward affair, since it's no longer necessary to set up and bind the separate /dev/raw devices.

A change of this magnitude, of course, would not normally be expected to go into the 2.4 kernel - though some other surprising things have made it in. Expect to see something like Andrea's patch be incorporated early in the 2.5 cycle, however.

ReiserFS - ready for prime time. Hans Reiser has posted a note saying, essentially, that all of the real bugs in the ReiserFS filesystem have been fixed as of 2.4.4. Since the filesystem was included in 2.4.1, its user base has grown greatly and that has, not surprisingly, led to an increase in bug reports. The ReiserFS hackers have been tracking down these problems quickly, and many fixes have come out. As a result, the "beta period" appears to have come to a close.

There are a few outstanding issues, though. ReiserFS still only works on small-endian machines, for example (a patch exists which fixes this problem, but it hasn't seen wide testing yet). You still need to apply an additional patch to use ReiserFS and the NFS server together. And the filesystem checker tool still needs some work. But the biggest problems appear to have been overcome; the "experimental" label may be removed from ReiserFS in a kernel release soon.

The problem of broken configurations in CML2. Now that a lot of the CML2 issues have been resolved, people are starting to think more about how they will actually use the new kernel configuration system. And a bit of a problem has come up.

Anybody who builds a lot of kernels becomes quickly enamored of the "make oldconfig" operation, which makes a configuration from an old kernel work with a new one. It will stop and ask about any new configuration options, and it makes some attempts to resolve things when an old configuration violates the rules in the new kernel.

Some hackers noticed that CML2 did not handle things well when a new kernel adds rules that make an old configuration invalid. Eric Raymond's initial response was to say that recovering from broken configurations was too hard. He had the numbers to back the point up:

But wait! There's more! If some of the variables participate in multiple constraints, the numbers get *really* large. Worst-case you wind up having to filter 3^1976 or


distinct configurations. The heat-death of the Universe happens while you're still crunching.

People might have been more impressed with this display of mathematical analysis skills if it weren't for the fact that make oldconfig works with the old configuration system. The problem, perhaps, is that the technique used (configure out anything that breaks the rules in the new kernel) lacks the sort of elegance that Eric would like to see in his code:

I guess you didn't know that I trained as a mathematical logician. On the one hand, that predisposes me to try to find "elegant" solutions where you might regard brutality and heuristics as more appropriate.

Elegance appears to have lost, though - witness the announcement of CML2 1.4.0, the "brutality and heuristics" release...

Other patches and updates released this week include:

Section Editor: Jonathan Corbet

May 10, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page. Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Yellow Dog Linux 2.0. We spoke with Kai Stats, co-founder and CEO of Terra Soft Solutions this week about their upcoming release of Yellow Dog Linux 2.0. Yellow Dog Linux is one of two Linux distributions that focus exclusively on the Apple PowerPC and IBM RS/6000 hardware platforms (the other is LinuxPPC).

For the past two years, Terra Soft Solutions (makers of Yellow Dog Linux and Black Lab Linux) have felt that the biggest barrier to adoption has been the installer. As a result, the Yellow Dog Linux development team has spent the last fourteen months building a brand-new installer for YDL 2.0 from the ground up. Kai Stats just returned from a road tour demonstrating beta versions of YDL 2.0, culminating last week with a presentation at the Macintosh Business Expo in Portland, Oregon.

Kai commented:

During my road tour, I had the chance to watch resellers (who are not always that technically-savvy) install Yellow Dog Linux without needing a manual or guide. That was really exciting for me. The feedback from the audience was very positive.

Now we can go beyond the geek barrier, to touch people in the office, people who aren't technical, who just want to do web browsing, graphics and other applications.

The team of people who put the new release of Yellow Dog Linux together include a couple of TerraSoft executives wearing dual hats, Kevyn Shortell, former Linux Technologies manager from Apple Computer, who is now Chief Technology Officer for Terrasoft Solutions and Dan Burcaw, co-founder of the company, and also Chief Information Officer. In addition, Hollis Blanchard and Ben Mesander have both worked part-time on the new release under contract to TerraSoft Solutions.

There is another big change coming with the release of Yellow Dog Linux 2.0. Formerly, TerraSoft Solutions supported two PowerPC-based distributions, Yellow Dog Linux, the more general-purpose distribution, and Black Lab Linux, which was tailored both for embedded systems development and for high-performance, parallel computing. Now, however, the two distributions will become one.

Black Lab Linux, instead of being separate from Yellow Dog Linux, will be available as an enhancement CD providing developer tools for Yellow Dog Linux customers. This has allowed Black Lab Linux developer Jeremias Sauceda to focus on adding new functionality to the developer tool set rather than on the many tasks involved with supporting a full distribution.

Like most Linux distributions, looking at the staff actually paid by the company behind the distribution (if there is one) only tells part of the story. TerraSoft Solutions also thanks community members Tom Rini, from MontaVista Systems, who helped with various video driver issues, Andrew Clauson, the author of parted and Jeremy Smith, for his work on "propaganda".

The source code to the new installer will be released under the GNU GPL.

Meanwhile, the development team is turning their attention to the next release of Yellow Dog Linux where they will be fine-tuning the new installer, and porting some new applications. "We expect to gain a lot of feedback from our customers, both upgrade and new, and put their suggestions into action", said Kai in summary.

The ROCK Linux Philosophy (O'Reilly Net). From the O'Reilly Network we get this essay on the philosophy behind the ROCK Linux distribution. "ROCK Linux aims to be admin-friendly. There is no YaST, Linuxconf, or Control-Panel. Configuration is done where it has to be done: in the config files. A configuration tool has to help an administrator -- not replace him (I don't think that it's possible to replace an administrator with a config tool.)."

Distribution News

Red Hat News. For those of you who have been following Red Hat's development of Red Hat Linux 7.1 via the Wolverine mailing list, note that the Seawolf mailing list opened up on April 16th and is covering issues in the new version of the distribution.

Debian News. The Debian Weekly News has returned, as of Sunday, May 6th with a new three-person editorial team to replace former editor Joey Hess. The new editors are Jean-Christophe Helary, Joe 'Zonker' Brockmeier and Tollef Fog Heen. We're happy to see DWN return and we wish all the new editors the best of luck.

Meanwhile, after this week's DWN was published, Anthony Towns sent out his second progress report on the state of the Woody freeze. Most importantly, strong progress has been made solving the problems with the boot-floppies, so a preview release of Woody is now expected to make it out in the next few weeks.

The Kernel Cousin Debian Hurd for May 8th is also available.

Linux-Mandrake News. Those of you interested in Linux installations on laptops may want to check out this description, covering installing Linux-Mandrake 8.0 on an IBM Thinkpad. "Wobo has sent me a description of Tractopel instalation on his Thinkpad, and his description starts with 'WOW, that was really smooth'."

If you're in Germany and would like to meet up with a couple other Linux-Mandrake enthusiasts, check out the planned road-trip.

Slackware News. Massive changes have gone into the Slackware trees this past week, the highlight of which is an upgrade to Gnome 1.4. Mozilla, Galeon and Nautilus packages have been made available, along with a package of Ogg Vorbis utilities, Samba updates, new elflibs, mc, xf86prog and freefont packages. "Do we know how to prep for beta, or what?"

Linux Router Project News. The Linux Router Project reports that Sangoma has recently become an LRP Sponsor and has provided "very generous support to further the LRP effort".

FreeBSD News. The FreeBSD'zine is a bi-weekly on-line magazine that reports on FreeBSD. Here is the May 2nd edition.

Linux for the S/390 News. A bug database has been added to the Think Blue site, along with some updated packages.

Minor Distribution updates

  • A new stable release of Astaro Security Linux, 1.811, has been made available. It includes major feature enhancements, including much improved support for mobile users with dynamic IP addresses. Astaro Security Linux is a firewall solution.

  • Along the same vein, Gibraltar Firewall 0.98c was released this week. Gibraltar is Debian-based and runs directly from CD-ROM; no installation required.

Distribution Reviews

Comparison: Red Hat 7.1 and Linux-Mandrake 8.0 (Newsforge). Newsforge is running an article by Jeff Field comparing Red Hat 7.1 and Linux-Mandrake 8.0. "Mandrake and Red Hat are very similar, at most one revision off from each other. Already in this fast-paced world both are outdated, as the 2.4.4 Linux kernel has just been released. However, Mandrake is the winner in up-to-date major software releases."

Distribution Errata

Per reader-request, three of the distributions on our distributions list have officially been moved to the inactive list: Alphanet, Gentus, and Storm Linux.

Section Editor: Liz Coolbaugh

May 10, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

The latest poll from the KDE.com gives people a chance to vote on what feature they would most like to see in KDE soon. "I just installed Linux Mandrake 7.2 (until my SuSE package arrives), and after upgrading to KDE 2.1.1, I feel that a KDE port of the configuration utilities could bring a huge amount of polish to this distribution. A KDE interface to Linuxconf might be a good start. Others would however prefer a KDE installer, and some simply think that KDE should be faster and/or less of a memory hog. Here's your chance to cast a vote and voice an opinion".

The answers are coming in on the poll and KDE dot News reports that the area of greatest concern for KDE 2.2 is speed. The report includes suggestions for C++ program speed improvements from KDE developer Waldo Bastian.

This discussion on speed brings some interesting questions to mind. Some of us (but not all of us) at LWN still use the ancient, but reliable FVWM window manager for our daily needs and tend to work with KDE and GNOME only for testing purposes. Some of us are also running relatively old (300 MHz and slower) CPUs. Older hardware tends to amplify the effects of slowness.

It would be interesting to run a speed test of FVWM, GNOME, and KDE on what these days is considered a slow machine, for example, a 200 MHz or even a 120 MHz Pentium if one can be found. Non-scientific, but real-world experience shows that FVWM is the fastest environment and, at least last year, KDE tended to be a bit more snappy than GNOME. The standard disclaimer that KDE and GNOME are much more than simple window managers such as FVWM applies as always.

An interesting phenomenon of moving to a slower machine is how sluggish everything feels. Try working on a faster machine for a few weeks, then go back to the slower machine. What used to seem normal now feels very slow and unresponsive. Perhaps the KDE and GNOME developers should consider this approach for optimizing performance if they don't already do so.

Of course, with the slowdown in the tech economy, good deals are to be found on fast machines. The most practical solution for most people may well be to get a new motherboard with a 1.3 GHz CPU, install the latest KDE or GNOME, and not worry about small differences in window system performance.

Desktop Environments

This week's GNOME Summary. The GNOME Summary for May 5, 2001 is out. It includes brief coverage of the May 1 GNOME board meeting, the GNOME Packaging Project, and more.

GTK+ 1.3.5. A new beta of GTK+ (and dependent libs) is now available. This beta has a draft of the new default look and adds a dependency on the Accessibility Toolkit (ATK). Installing the beta won't affect your stable GTK+ version and RPMs are available. So install it, break it and report bugs.

Ximian GNOME 1.4: The Monkey Has Landed (LinuxPlanet). LinuxPlanet also takes a look at Ximian's package. "Ximian has also added a pair of applications unique to the company's release: MonkeyTalk and Red Carpet 1.0, both of which we'll look at further on in this review. Briefly, MonkeyTalk is a help application that connects users with a live chat session in a stripped-down version of the IRC program xchat; and Red Carpet is a package management tool designed to ease software installation and removal."

Miguel de Icaza: Can't We All Just Get Along? [A Response to Dennis Powell] (LinuxToday). Miguel has put out his response (via LinuxToday) to Dennis Powell's article in the LinuxPlanet. "As with anyone who has questions about what we are trying to achieve or how we are doing things, I'd like to address and bring clarity to some of the issues surrounding GNOME and Ximian in Dennis' column, especially as they regard the control of GNOME, the role of my and other companies".

GNOME 1.4 reviewed (C|Net). GNOME 1.4 is reviewed by CNet. They like it, for the most part. "Linux (and Unix) users will find that GNOME 1.4 offers an effective and stable environment. GNOME 1.4 setup is hampered by its sheer size and download time, but current GNOME users will find this upgrade more than worth the effort."

Release of a new set of XML/XSLT libraries. Updated versions of both libxml and libxslt have been announced. They promise bug-fixes, speed improvements and full readiness to handle the GNOME project documentation formatting needs (note that KDE is also reportedly deploying the libraries).

People Behind KDE: Werner Trobin. Werner Trobin, a member of the KOffice team, is interviewed as part of the continuing People Behind KDE series. "How and when did you get involved in KDE?

About three years ago I installed Linux for the first time and started to use KDE. As I already did a lot of programming before on DOS/Windows I tried to play with some toy applications and enjoyed it. After reading Kalle's article in the c't archive (yes, *this* Kalle article) I decided to do some KDE program as my final project on school (with another guy from my class). Fortunately our teachers agreed and so it all started."

Desktop Applications

Nautilus 1.0.3 is out. As announced on Gnotices, Nautilus 1.0.3 is out. It has a number of performance improvements, and a few new features, like a news sidebar.

Mozilla 0.9 released. Mozilla 0.9 has been released. There are a few new features (such as automatic proxy configuration), but most of the work appears to have been in the area of performance improvements.

Fer de Lance - Truly Intelligent Multimedia Browsing. The dot (dot.kde.org) is covering the Fer de Lance project. This project aims to properly integrate GIFT's technology in Free Software desktop environments and browsers.

Defenestrating Windows (LinuxDevices). LinuxDevices founder Rick Lehrbaum discusses his experiences in moving from Windows to Linux on his daytime work machine. "It all started back in December of '99. Since I was going to be running a Linux-related website, it only made sense to try to do my work on a Linux-powered desktop computer."

Section Editor: Forrest Cook

May 10, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

The LinuxFund funds a new round of grants.

The LinuxFund has announced the funding of a new round of grants for open-source software and open-hardware developers. Five projects will each receive a $1000 grant. This round's projects include the Simple DirectMedia Layer, Ocularis, the Leviathan Project, OpenDecoder, and GNUpdate.

  • Simple DirectMedia Layer is a multi-platform multimedia library that provides access to audio and graphics framebuffer devices for developing games and other multi-media software.
  • Ocularis is a project that aims to improve accessibility for the visually impaired and includes interfaces to speech software and X window system simulation. The project aims to provide the tools to allow the visually impaired to communicate and work through computers without assistance from others.
  • The Leviathan Project is a proposed book library management system that will handle book check in and out, renewals, and holds. The goal is to replace expensive proprietary systems that are currently in use by cash poor libraries.
  • OpenDecoder aims to create an open hardware based Ogg Vorbis audio decoder so that audio technology may be built without the encumbrance of the proprietary patents that hamper MP3 projects.
  • GNUpdate is a universal package management system that will allow Debian and Red Hat users to use each others' package formats. GNUpdate also has the capability of performing automatic package updating, and management of local CVS repositories.
In all, it looks like an interesting, and fairly diverse set of projects has been picked for this round of funding. Programmers with a need for support on their projects should keep this resource in mind. (Thanks to Dan Mueth)


Linux Standard Base 0.9. The Linux Standard Base project is getting toward the end of its specification process. Version 0.9 of the LSB has been released, and is in a 30-day comment period. Once the comments have been addressed, the LSB will go to the Free Standards Group for adoption.


GLAME 0.4.1 released. A new version of the GLAME audio editing tool has been released. This version fixes some bugs that turned up in the recently released GLAME 0.4.0.


Manage CORBA with scripting (Unix Insider). Unix Insider takes a look at CORBA in a Regular Expressions article: "For the purpose of this column, the main point to take from CORBA's history is that the protocol is a smashing success. We mean this in a precise sense: CORBA 1.0 was difficult, expensive, and esoteric. Ten years later, CORBA costs little or nothing (at least in some varieties), it is widely used, and hobbyists and students expect to use it safely."


PostgreSQL version 7.1.1 released. A new version of the PostgreSQL database has been released. Version 7.1.1 contains mostly bug fixes and optimizations. upgrading from version 7.1 does not require a dump/restore operation. Some new interactive documentation is also available for PostgreSQL version 7.1.


Linux Documentation Project News for May 8, 2001. Here's the May 8 edition of the LDP weekly news.

Embedded Systems

LinuxDevices.com Embedded Linux newsletter. Here's the latest LinuxDevices.com Embedded Linux newsletter, with pointers to the LinuxDevices articles for the past week. Topics include an updated tiny SBC list, conference information, an open-source camera server, several video systems, and more.


Cal3D - 3d character animation library. The initial release of Cal3D, a free, skeletal based character animation library has been announced. "This release is significant due to the extreme scarcity of Free Software options for skeletal-based animation, and thus may provide a very important advancement for Free Game development projects."

Mail Software

Mailman version 2.0.5 released. Another new release of Mailman, the Gnu mailing list manager has been announced. Version 2.0.5 is a bugfix release that fixes a problem with stale lock files.

Network Management

OpenNMS Update v2.19. For the latest news on OpenNMS, a project that is building a fully distributed network management platform, check this week's OpenNMS Update v2.19. The OpenNMS team will be talking tomorrow at the Boulder Linux User Group, if you are interested in meeting them in person.

Printing Systems

CUPS 1.17 released. Version 1.1.7 of the Common Unix Printing System (CUPS) has been released. This version has improved configuration scripts, better documentation, a number of non-root command modes, and lots of bug fixes.


OpenSSH 2.9 released. OpenSSH 2.9 has been announced. This release includes a number of new features, some fixes, and makes version 2 of the SSH protocol the default.

Software Development

An Introduction to Extreme Programming (O'Reilly). O'Reilly's Linux DevCenter features an article on Extreme Programming, somewhat of a catch-phrase these days. "In its purest form, Extreme Programming is simple. The central tenet is, 'Find the essential elements of creating good software, do them all of the time, and discard everything else.'"

Web-site Development

OpenACS 3.2.5 announced. OpenACS is an Open Source toolkit for creating "Web services with a collaborative dimension". It is based on the ArsDigita Community System (ACS) but uses PostgreSQL instead of Oracle. OpenACS 3.2.5 has just been announced and includes multiple, important security fixes as well as support for PostgreSQL 7.1.

Midgard Weekly Summary (May 4th). Like many "weekly" development reports recently, the Midgard Weekly Summary took a hiatus for a month or two. However, it is back now with a lot of news to cover. One particular highlight, Henri Bergius (one of Midgard's original architects) has started a new commercial firm, Nemein Solutions, which uses Midgard as a core technology.

Zope Weekly News for May 4th. The Zope Weekly News for May 4th is out. Topics include a Berkeley Storage beta, the Zope book, Zope 2.4 progress, SmartObjects compared to an ODB, and more.

Squishdot 1.1.0 released. A new version of the Zope based Squishdot news publication system has been announced. The Squishdot 1.1.0 The list of changes includes a number of changes, including improved searching, modified HTML parsing, and use of Zope 2.3.2 Btrees.

MoinMoin 0.9 released. A new version of MoinMoin, a Python based Wiki program has been announced. Version 0.9 adds some new XSLT features, more user configuration actions, and several bug fixes.

Section Editor: Forrest Cook

May 10, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Convert C to C++ with a Python program. A new Python script that converts C code to C++ has been announced.


Caml Weekly News for May 9, 2001. The latest edition of the Caml Weekly News is out. Topics this week include an announcement for a new French Caml book and a beta release of the Caml Development Kit.


Simplify XML programming with JDOM (IBM developerWorks). IBM's developerWorks features an article by Wes Biggs and Harry Evans on XML programming with JDOM. "In many ways, the Java language has become the programming language of choice for XML. With groundbreaking work from the Apache Software Foundation and IBM alphaWorks, there are now complete tool chains for creating, manipulating, transforming, and parsing XML documents."


SBCL 0.6.12 released. Version 0.6.12 of SBCL, Steel Bank Common Lisp, has been released. This version includes bug fixes, optimizations, and some patches from CMU Common Lisp have been worked in.


Apocalypse 2. Larry Wall has released Apocalypse 2, the second article in a series describing Perl 6. Atoms, molecules, data types, variables, names, literals, context, lists, files, and properties are covered.

Using SOAP::Lite with Perl (IBM developerWorks). Joe Johnston discusses the use of Perl to work with SOAP. "Marrying SOAP, the darling protocol of the Web services world, to Perl, the grande dame of Web programming languages, is a natural fit. This article will present a no-nonsense approach to using SOAP::Lite, Perl's window into SOAP Web services."


PHP Weekly News for May 7, 2001. The May 7, 2001 edition of the PHP Weekly News is out. This issue covers PHP 4.0.6 RC1, Advanced Data Types, extension dependencies, variable, class and function naming issues, and more.


This week's Python-URL. Dr. Dobb's Python-URL for May 7 is out, with coverage of the new iterator proposal, the Java Python Extension, dealing with fixed point calculations for currency, and more.

Developing a full-text indexer in Python (IBM developerWorks). The next installment in the Charming Python series looks at an indexer module for better searches.


This week's Tcl-URL. Dr. Dobb's Tcl-URL for May 7 is out, with the latest from the Tcl/Tk development community.

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Craig Mundie's speech. Is anyone really suprised that Microsoft execs attack open source software? It has happened before and it will happen again (and again and again). They don't 'get it' and people that invested in the cathedral model will not easily understand the bazaar (to borrow a metaphor). The more Microsoft attacks open source the more obvious it becomes just how threatened they are by it. The latest incident happened on Thursday May 3, when Microsoft Senior Vice President Craig Mundie gave a speech entitled "The Commercial Software Model" at the New York University Stern School of Business. The speech talks about Microsoft's "shared source" model, which, of course, avoids all of the problems of free software. Of the open source model he says:

The OSS development model leads to a strong possibility of unhealthy 'forking' of a code base, resulting in the development of multiple incompatible versions of programs, weakened interoperability, product instability, and hindering businesses' ability to strategically plan for the future. Furthermore, it has inherent security risks and can force intellectual property into the public domain.

Given the timing of the speech, on LWN publication day, we've had a week to gather the many replies. Others have already said everything that needs to be said, and then some, so without further ado here are some of the replies.

  • Richard Stallman and Eben Moglen issued this press release, "The GNU General Public License Protects Software Freedoms".

    Moglen noted that Microsoft's confusion about the GPL's origins is not surprising. He said that 'taking advice on what the GPL means from Microsoft is like taking Stalin's word on the meaning of the US Constitution. They don't understand and they're not trying to understand: they're simply trying to scare people out of dealing with a competitor they can't buy, can't intimidate, and can't stop.

  • Alan Cox wrote "This is How Free Software Works".

    The power of the network was not unlocked by IPR [Intellectual Property Rights]. It was unlocked by free and open innovation shared amongst all. The Internet is not the product of a corporation. The World Wide Web is not the product of a corporation. These great enabling technologies were created by co-operative innovation.

  • SiliconValley.com interviewed Linus Torvalds to get his reactions.

    When Mundie wants you to think about all the work that companies have done in order to get patents, he also wants you to forget about all the work done by people like Einstein, Rutherford, Bohr, Leonardo da Vinci and a lot of other people who have done a lot more for humanity than most companies have ever done.

  • Tim O'Reilly:

    But Mundie's contention that open source encourages code forking is a red herring. Windows 95, 98, NT, 2000, and Me provide a more compelling example of 'unhealthy forking of a code base' than any open source project.

  • NTK:

    Should anyone believe his observations about the future of Open Source? As Mundie himself once said 'We persist. We're driven by some innate belief about how these things are going to unfold.' Even, it seems, when they unfold in completely the opposite direction.

  • Salon's Andrew Leonard has taken a worthwhile look at what Microsoft is really after.

    The GPL is a big problem for .NET, because an Internet infrastructure constructed out of GPL-protected software is one that can be freely extended and made more valuable without having to pay any particular company for the privilege. Microsoft doesn't want to live in that world.

  • Evan Leibovitch.

    In explaining the philosophy, Mundie tried to show that Redmond understands the benefits of building a community around access to source code, while putting such strict limits on the code that the access is of extremely limited value.

  • The Embedded Linux Consortium:

    Dr. Inder Singh, ELC Chairman and CEO of LynuxWorks, said, 'Microsoft's broadside against open source shows they feel threatened by the rapid momentum of Linux in markets that Microsoft desperately needs to dominate as PC sales slow down. These include the server market and emerging, volume-rich embedded markets like set-top boxes, Internet appliances, Personal Digital Assistants, home gateways, factory automation and the automobile.'

  • LynuxWorks:

    Microsoft's scattered and uninformed comments against Open Source and GPL shows how threatened the company feels by the growing momentum of Linux in markets that they desperately want to dominate after the desktop PC.

There are more, but that's more than enough already.

Playstation Linux update. On May 9 we received an update from Japan on Linux for the Playstation 2. It seems that Sony doubled the number of units it planned to sell (to 2000), and sold the entire stock in all of eight minutes.

An additional announcement of additional shipments came out the next day, though there was no mention in regard to quantity and date.

One would hope that they would conclude that there is interest in Linux on their hardware...

Linux NetworX / EBIZ merger canceled. Another merger goes down: Linux NetworX has announced that it will not be merging with EBIZ after all. The two appear to be parting on relatively good terms, and will retain some joint manufacturing and reseller agreements.

MontaVista's Hard Hat Linux in China. MontaVista Software has announced that it will be distributing and supporting Hard Hat Linux in China, in partnership with PocketIX Software.

This week's News from the Linux Professional Institute (LPI). In this week's LPI-News, the LPI has announced a new Linux jobs board, a report from Comdex Chicago, and large sales of bulk exams to IBM and NEC. A progress report on the Level 2 exams is also given. "There are now 430 LPIC-1 graduates worldwide, as of March 31st 2001. Congratulations on this achievement - to you all".

IBM's community S/390 system. Have you been wishing you could play with Linux on an S/390 mainframe, but couldn't find room in your basement for the hardware? IBM's willing to help out. The Linux Community Development System makes virtual machines running Linux on a ten-processor S/390 available to people who want to port and test Linux applications. You even get a choice of SuSE or Turbolinux on your virtual system...

Linux Stock Index for May 03 to May 09, 2001.

LSI at closing on May 03, 2001 ... 32.30
LSI at closing on May 09, 2001 ... 33.02

The high for the week was 33.82
The low for the week was 32.30

Press Releases:

Open source products

Distributions and bundled products

Proprietary Products for Linux

Products and Services Using Linux

Products With Linux Versions

Java Products

Books & Training


Investments and Acquisitions

Personnel & New Offices

Financial Results

Linux At Work


Section Editor: Rebecca Sobol.

May 10, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Linux makes a move into handhelds (News.com). This C|Net article looks at the future of Linux on handheld devices. "[IDC analyst Kevin] Burden anticipates market share for the open-source Linux operating system will be very small compared with Palm's OS and Microsoft's Pocket PC, which have been in the market longer and are more established. But, "two years down the road, we may be talking about Linux a lot more," he said."

Pigeon-powered Internet takes flight (News.com). Did you know there is a standard for using pigeons to transfer information using the Internet Protocol (IP)? Well, there is and the Bergen Linux Users Group has implemented that protocol. "The pigeon protocol didn't mean the fastest of networks, though. Taking an hour and 42 minutes to transfer a 64-byte packet of information makes the pigeon network about 5 trillion times slower than today's cutting-edge 40 gigabit-per-second optical fiber networks."

Argentina Mulls Open-Source Move (Wired). According to this Wired article, Argentina may become the first country to require that Open Source software be used in government offices. Argentina is under pressure to reduce software piracy; the government itself is apparently one of the larger violators. Switching to free software will remove the legal pressure, as well as save the country money. "But switching to open-source software would mean big savings for the government, which is already crippled by a $145 billion debt, said Mario Albornoz, the director of the Institute of Social Studies of Science and Technology".

DVD copyright appeal hinges on what's fair (CNN). CNN has an article on the DVD appeal. "Meanwhile, Jack Valenti, president of the Motion Picture Association of America (MPAA), the umbrella group for the studios that lodged the case against 2600, issued a terse press statement saying he remains confident that the appeal will not be overturned, although he believes that the defense made use of 'red herrings' to obscure the facts. It was not immediately clear what red herrings Valenti was referring to."


Caldera completes Unix acquisition (News.com). News.com reports on the completion of the SCO acquisition by Caldera Systems. " SCO initially derided Linux as immature, but the Unix clone nevertheless encroached on the company's Unix products at the same time that much of the Unix spending was being lavished on Sun Microsystems and other Unix server companies."

Site of the Month: Linux2order.com (ZDNet). ZDNet reviews Linux2order.com. "We have some minor quibbles with the site--notably, you have to register, even to access the free downloads. Still, Linux2order offers convenient, inexpensive alternatives to snail-speed downloads." Linux2order.com will also mail you a custom-burned Linux CD.


Killer Applications for Open Source (Consulting Times). Consulting Times looks at Linux in Business, and why open source makes sense. "Last year, Linux made it into MIS departments, because it had a compelling reason to do so. For many, that reasons revolved around eliminating dozens of servers and dissimilar operating platforms in favor of a small cluster, a rack of 1U boxes or simply because Linux is a multi-user operating system. Many companies found that Linux helped recycle their UNIX resources and people. Also, network appliances like Cobalt?s Raq and Qube made sense to so many people."


The Evil3D team reviews Shogo: Mobile Armored Division. The Evil3D team has provided this review of Hyperion's Linux port of Shogo: Mobile Armored Division. "In Shogo you are Sanjuro, and it is your duty to kill everything in site. Well, not really. For Anime, there has to be a plot in there somewhere right? Right! To help you remember that, the local guards will "kindly" remind you not to peg the wrong person. Of course by doing it "kindly" they end up killing you. So as you jump into the game, check your fire. Target assessment will keep you on your toes when its trigger time!"


A gathering of GNOMEs (LinuxPower). Christian Schaller writes about his experience at GUADEC 2 in this LinuxPower article. "Day three started with a keynote speech by Richard Stallman. This was user day so there were many more people here than the previous two days. I don't have an exact number but I would guess something like 250-300 people. Fun thing was that when Richard had arrived the previous day he found the the GUADEC catalog used the term Linux instead of GNU/Linux. To fix this he had managed to make little white stickers with a new introduction text which he went around and 'patched' onto every catalog he could find. He also 'patched' all of the catalogs which where to be handed out to users this morning, so everyone got a GUADEC catalog personally patched by Richard Stallman himself. Nobody can accuse Richard for not being thorough :) Richard's speech was interesting and really pointed out why software patents are more damaging to the people they are intended to help than helpful."

The trouble with JXTA (OpenP2P). The O'Reilly OpenP2P site is running this criticism of JXTA. "What does an active research community absolutely not need? Great big Sun stomping in and slamming down standards left, right and center. The only thing most P2P applications have in common is TCP/IP; everything else depends on the specific P2P application. This is quite natural when everybody is trying out ideas, because few of the P2P applications share much above the presentation layer."

.comment: Wanna Invest in a Bridge? (LinuxPlanet). Here's a most cynical article on Linux Planet on Ximian, Eazel, and the Free Software Foundation. "I am not alleging impropriety here. It could be that it's all mere coincidence. But it is absolutely undeniable that the FSF has thrown its support behind a desktop controlled by two for-profit companies, one of which has an officer who sits on the FSF's board; the same company has purchased advertising aimed at confounding those who are seeking a desktop that is truly free in every rational sense of the word; and the other company has suggested that users can assist its product in surviving but help it avoid paying its bills by donating to the Free Software Foundation, or else an officer of that company has flung down and danced upon his fiduciary responsibilities by saying, in a communication that is part of his corporate function, that people might want to send money to the FSF instead of the company. And they all do it, evangelists as they are for 'free' software, with a holier-than-thou air."

Section Editor: Forrest Cook

May 10, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



The sayings of Caveman Og. Thanks to Rick Moen, it's now possible to peruse an archive of Caveman Og's postings to news.admin.net-abuse.email. Even the spam wars can be fun. "Og say if you tribe have coffee, and you tribe keep cat, put coffee down, and shoo cat away. Og know Og make'm you laugh, spill coffee on cat and keyboard. You see'm post from Og, you assume you also see'm this warning. Og not warn again. Og not want ship another stone keyboard to Australia."

A data compression primer (IBM developerWorks). If you have wanted to know more about data compression, this article is for you.

Tip Of The Week: Be Lazy With alias. LinuxLookup looks at the alias command.


2,261 pre-registered to Linux@work Europe. This free series of Linux events is taking place in European cites now.

Events in the Netherlands. Fred Mobach wrote to us about several events coming up in the Netherlands that look interesting. First is the Linux 2001 congress, May 22 - 23, 2001 in Ede, the Netherlands.

Next, the Unix Users Group the Netherlands, NLUUG will present a spring conference. The topic of this conference is UNIX and High Availability, but we have it on good authority that several presentations will be GNU/Linux oriented. You can find the program here. The conference will be held May 31, 2001 in the congress centre "De Reehorst", also in Ede, the Netherlands.

The previously mentioned Linux@work series will visit Amsterdam on June 15, 2001.

Then, Networking Event 2000, ne2000, will take place July 19 - 25, 2001 in Nuenen, The Netherlands, South. Fred Mobach is presenting a workshop on "How to build a secure GNU/Linux server". There should be other workshops of interest to the GNU/Linux crowd as well.

MontaVista Seminars Help Software Developers Evolve. MontaVista Software Inc. is sponsoring four half-day seminars for embedded software developers in California, the Midwest and Canada. The seminars, entitled "Moving from a Proprietary RTOS to Embedded Linux", will be held at the Santa Clara Hilton in Santa Clara, Calif., on Thursday, May 24; at the Irvine Hilton in Irvine, Calif., on Thursday, May 31; in Chicago on Tuesday, June 5; and in Toronto on Thursday, June 7. All seminar times are from 9 a.m. to 1 p.m.

NCSA to Host 'Linux Revolution'. The National Computational Science Alliance is sponsoring a Linux users' and system administrators' conference June 25 - 27, 2001 in Urbana, IL, the home of the National Center for Supercomputing Applications (NCSA) at the University of Illinois, Urbana-Champaign.

USENIX 2001 brings world's best minds to Boston. Here's an update from USENIX including some new speakers. USENIX is taking place at the Boston Marriott Copley Place in Boston, Mass. from June 25 - June 30, 2001.

Red Hat Introduces Red Hat TechWorld. After dropping its involvement in the Linux conference segment via the original Linux Expo in Durham, North Carolina, Red Hat has now returned with a series of global events entitled "Red Hat TechWorld". The first one is scheduled for September 17 - 18, 2001, in Brussels, Belgium.

Annual Linux Showcase. The Annual Linux Showcase & Conference wants to remind everyone that the call for papers is open until June 5, 2001. ALS takes place November 6 - 10, 2001 in Oakland, CA.

Events: May 10 - July 5, 2001.
Date Event Location
May 10, 2001Linux ExpoSao Paulo, Brazil
May 10, 2001Linux@workStockholm
May 10, 2001LinuxWorld(New Zealand ExpoCentre Greenlane)Auckland, New Zealand
May 10 - 12, 2001LinuxWorld TaiwanTaipei, Taiwan
May 11, 2001Linux@workHelsinki
May 13 - 17, 2001Spring 2001 Enterprise Linux Implementation ConferenceSan Jose, CA
May 14 - 17, 2001The 2001 Applied Computing ConferenceSanta Clara, CA
May 15, 2001Linux@workFrankfurt
May 15 - 18, 2001Linux ExpoShanghai, China
May 16, 2001Linux@workZurich
May 17, 2001Linux@workMilan
May 18 - 19, 20012nd Magdeburger LinuxtagMagdeburg, Germany
May 18, 2001IST programme actions on free / open source software developmentBrussels
May 19 - 20, 2001LinuxCertified.com Linux FundamentalsCupertino, California
May 20 - 23, 2001eXtreme Programming(XP2001)Sardinia, Italy
May 22 - 23, 2001Linux 2001 congressEde, the Netherlands
May 24 - 26, 2001LinuxWorldKorea
May 24, 2001MontaVista seminar(Santa Clara Hilton)Santa Clara, Calif.
May 29 - 31, 2001II Forum Internacional do Software LivreBrazil
May 31, 2001The Unix Users Group the Netherlands Spring Conference(De Reehorst)Ede, the Netherlands
May 31, 2001MontaVista seminar(Irvine Hilton)Irvine, Calif.
June 5, 2001MontaVista seminarChicago.
June 6 - 7, 2001Linux ExpoMilan, Italy
June 7 - 8, 2001Second European Tcl/Tk User MeetingGermany
June 7, 2001MontaVista seminarToronto.
June 11 - 14, 2001Hot Springs Educational Technology Institute conference(Hot Springs High School)Hot Springs, Arkansas
June 12, 2001Linux@workLondon
June 13, 2001Linux@workParis
June 14, 2001Linux@workBrussels
June 15, 2001Linux@workAmsterdam
June 20 - 21, 2001Linuxdays 2001St. Pölten, Austria
June 25 - 30, 2001USENIX Annual Technical ConferenceBoston, Massachusetts
June 25 - 27, 2001NCSA Linux users' and system administrators' conference(University of Illinois)Urbana, IL
June 29 - July 1, 2001Linux 2001 Developers'' ConferenceManchester, UK
July 4 - 9, 2001Libre Software MeetingBordeaux, France
July 5 - 8, 2001LinuxTag 2001 - Stuttgart,Germany

User Group News

Linux User Group of Davis. LUGOD will meet on May 21, 2001 where they will discuss LDAP: Lightweight Directory Access Protocol presented by Brian Lavendar.

The Nashua Chapter of the Greater New Hampshire Linux Users Group. The Nashua Chapter of GNHLUG will meet on May 23 at Martha's Exchange in Nashua, NH. Rob Lembree of Metro Link will discuss Universal Plug & Play, Mobile Computing, and other up and coming technologies for Linux.

LUG Events: May 10 - May 24, 2001.
Date Event Location
May 10, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
May 10, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.
May 12, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
May 12, 2001Route 66 LUGLa Verne, CA
May 14, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
May 15, 2001Bay Area Linux User Group(BALUG)(Four Seas Restaurant, Chinatown)San Francisco, CA
May 15, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
May 15, 2001Linux Stammtisch(Bandersnatch Brew Pub)Tempe, AZ
May 16, 2001Central Iowa LUGWest Des Moines, IA
May 16, 2001Linux User Group in GroningenThe Netherlands
May 16, 2001Arizona State University LUG(ASULUG)Tempe, AZ
May 17, 2001St. Louis LUG(SLLUG)(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
May 17, 2001Omaha LUG(OLUG)Omaha, Nebraska
May 17, 2001South Mississippi LUG(SMLUG)(Barnes & Noble)Gulfport, Mississippi
May 18, 2001Rock River LUG(RRLUG)(Rockford College)Rockford, Illinois
May 19, 2001SVLUG InstallfestSilicon Valley, CA
May 19, 2001North Texas Linux Users Group(NTLUG)(Nokia Centre)Irving, Texas
May 19, 2001Eugene Unix and GNU/Linux User Group(EUGLUG)Eugene, Oregon
May 20, 2001Beachside LUGConway, South Carolina
May 20, 2001LUGOD / UC Davis Installfest(LUG of Davis)Davis, CA.
May 21, 2001Haifa Linux Club(Technion CS dept. bldg.)Haifa, Israel
May 22, 2001Hazelwood LUG(Prairie Commons Branch Library)Hazelwood, Missouri
May 23, 2001Linux User Group in AssenNetherlands
May 23, 2001The Nashua Chapter of the Greater New Hampshire LUG(GNHLUG)(Martha's Exchange)Nashua, NH.

May 10, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Three years ago (May 14, 1998 LWN): How many of you remember the Wang lawsuit, alleging that Netscape had violated its Videotex patents with its web browser? On May 6, 1998 that lawsuit was dismissed. Netscape's lawyers credited people on the net with having sent in much useful information that lead to the dismissal of the suit.

The Association Francophone des Utilsateurs de Linux et des Logiciels Libres was founded to promote free software in the French-speaking world. In the last three years it has been a powerful force behind free software in France. Happy Birthday!

Corel made a much-hyped "we support open source" announcement, which essentially boiled down to the company porting all of its applications to Linux.

Dell claimed that none of their customers wanted Linux in this ZDNet article. LWN received an open letter from Jim Dennis to Dell telling them that their customers were already using Linux on Dell computers. Dell still isn't completely convinced. To this day the main Dell site does not mention Linux and won't even point you to the Dell Linux site.

Two years ago (May 13, 1999 LWN): Ken Thompson, perhaps best known as the co-author of Unix, was interviewed by IEEE Computer. His comments about Linux were somewhat negative.

My experience and some of my friends' experience is that Linux is quite unreliable. Microsoft is really unreliable but Linux is worse. In a non-PC environment, it just won't hold up. If you're using it on a single box, that's one thing. But if you want to use Linux in firewalls, gateways, embedded systems, and so on, it has a long way to go.

Eric Raymond talked to Ken about his "anti-Linux" stance and provided LWN with summary of the conversation, which was much less negative than the original statement.

The best news, I guess, is that Ken says he didn't intend to write off Linux itself as simply an anti-Microsoft backlash; what he was trying to say was that he believes the recent popularity of Linux in the press is an anything-but-Microsoft phenomenon. He adds ``i very much appreciate the chance to look at available code when i am faced with the task of interfacing to some nightmare piece of hardware'' and that ``i think the open software movement (and linux in particular) is laudable.''

Of course Linux is still a work in progress, and having someone like Ken Thompson point out flakiness just gives developers another challenge. Those areas where Ken saw flaky code two years ago, we see Linux flourishing today.

Linus released kernel 2.3.0, beginning the new development series.

The U.S. Ninth Circuit Court of Appeals decided that the U.S. Government's Crypto export regulations were in violation of the first amendment. Source code is speech, and the government can not regulate it, they said. While the decision was only binding in a few western states, it was an important step in allowing the free flow of cryptographic information that we enjoy today.

Open Season was an article appearing in Wired about free software.

Never mind that some of these open-source-come-latelies may be trying to cover up for some misbegotten product that would never have had a prayer in the marketplace, or that they may well be aiming to exploit open-source resources without giving anything back in return. Those two little words - open source - have become a magical incantation, like portal in 1998 or push in 1997. Just whisper them and all will be yours: media attention, consumer interest, and, of course, venture capital.

Of course these days venture capital is pretty hard to come by, regardless of magical incantation. Nonetheless several open source companies are profitable. See this week's front page.

One year ago (May 11, 2000 LWN): Security was very much in the news. Microsoft users were contending with the "ILOVEYOU" virus/worm that was turned loose on the net by somebody with a strange idea of fun. Nicholas Petreley wrote:

Put bluntly, most developers in the Linux community would not be stupid enough to create a program as insecure and dangerous as Outlook. And if anyone were foolish enough to do so in the open source community, such a design would not be likely to survive the peer review it would receive.

True enough, but LWN warned Linux users not to gloat. It is true that we have little enough to worry about with viruses like "ILOVEYOU", but this was also the week that apache.org was cracked and the folks at Digital Creations found an ugly problem with redirects. The Apache hack turned out to be an exploit of a badly configured configuration file, easy enough to document and fix. The redirect problem is not that hard to fix either, but it still exists on many sites and has been occasionally exploited.

From time to time Microsoft advocates like to point out that with open source software there is no one that you can sue when bad things happen. Of course, even with proprietary software there are no guarantees. Although millions of people were affected by "ILOVEYOU", with damages estimated in the billions of dollars, Microsoft disclaimed any responsibility. Phil Agre wrote that "Microsoft shouldn't be broken up. It should be shut down."

Red Hat gave up its portal ambitions, laying off most of the Wide Open News staff and ceasing original writing there. Instead, Red Hat went into the venture capital business. "Red Hat Ventures" would make investments of $500,000 to $2 million in new, open source-related companies, they announced. Investments had already been made in Sendmail, Inc., Rackspace.com, and e-smith.

The Linux Standard Base (LSB) and Linux Internationalization Initiative (LI18NUX) joined forces to become the Free Standards Group. An announcement about the 0.9 release from the Free Standards Base is covered on this week's development page.

May 10, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

May 10, 2001

From:	 Con Zymaris <conz@cyber.com.au>
To:	 letters@lwn.net
Subject: Re: Why is the support business so hard?
Date:	 Tue, 8 May 2001 14:34:51 +1000

LWN asks:

> Linux has taken off, and the support options exist.  So why are so few
> companies buying those support services?  Perhaps there are far fewer
> important Linux deployments than people think.  Without deployments,
> there is little need for support contracts.  We don't believe it, though

You ask the right questions, now I'll happily provide our version of some
answers. In short, Linux is causing a small boom in our systems
professional services business in Australia. The market is there if you
want to work it.

First, some background. Cybersource has been successfully providing
Unix/Linux/Internet Professional Services in Australia for 10 years. Linux
has gone from being a small part of our revenues, to perhaps the largest
part, in the space of the last 4 years. Our target market is broad. SMEs,
Government and Corporate. While it's true that for the most part, the
majority of the growth in Linux services has been in the SME area, this is

Perhaps the big-name US-based support organisations who have been
experiencing problems have been trying to pitch business primarily to the
larger customers; these same customers who are only now moving into Linux.
Due to the cost of overheads (very high-profile advertising, largish
instant staff, expensive high-profile location offices) that some of these
big-name Linux support organisations carry, they actually _need_ to target
customers in the higher margin corporate and government. It is our belief
that to start small (Cybersource has only 40 staff) and grow organically
through word-of-mouth, befits the Linux/Open Source market better, than to
start with a big-expenditure splash, as made in recent years by the
various big-name Linux support start-ups. Grow with the market, not ahead
of it.

In short, the demand is really out there. Join us in bringing Linux and
free software to the business world.


Con Zymaris

Con Zymaris <conz@cyber.com.au> Level 9, 140 Queen St, Melbourne.  9642 5997
Cybersource: Successfully Providing IT Professional Services for 10 Years
Specialists in Unix/Linux, TCP/IP and Web App. Development  www.cyber.com.au
From:	 "CARNIELLO, MIKE L. [FIN/1820]" <mike.l.carniello@pharmacia.com>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: Advocacy, not unreasonableness
Date:	 Thu, 3 May 2001 14:16:45 -0500

To the Editor,

Your recent comments regarding Linuxcare (03-MAY-2001) indicate that perhaps
it's time to yet again adjust your rose-colored glasses you seemingly use
for OpenSource/Linux issues. You mention:

"What if the truth were something else: what if Linux users simply do not
need support? ... Could it be that, in the end, technical support services
are only needed for proprietary, black-box systems?"

Oh, come on! Linux is incredibly complicated operating system to use and
maintain, whether server-based or desktop-based. Support is needed for all
types who come in touch with a Linux system - end users, application
adminis, system admins, and hardware people. This support may be provided by
intra-company or external sources, but it still must be provided.

You go on to appropriate the corporate catchphrase 'empower' in writing:
"Free software empowers its users to take responsibility for keeping their
own systems going."

Empowers??? I think the word you're looking for is "forces." And that's not
necessarily a bad thing, but it is a double-edged sword.

Mike Carniello
From:	 "Michael Farnbach" <mfarnbach@conneq.com>
To:	 <editor@lwn.net>
Subject: Support for Linux
Date:	 Thu, 3 May 2001 11:22:08 -0700

First, I have always loved your journalistic style.  But maybe the tone
on the front page of this weeks issue was a little too appologetic?

Either way I'd like to add my two cents being somewhat in the support
industry myself.  I remember calling Eklektix a while ago when you were
one of the only games in town when it came to Linux support, Liz truely
is cool.  Since then I have installed various machines in small
buisnesses and I can attest that they just run.  Our longest out box
just recently was brought in for service.  We updated it, added a raid1
and a journaling filesystem and a better web admin tool (we were using
swat and linuxconf).

The amazing part is that we hadn't touched, rebooted, been contacted by
them in the 18 months since we deployed it.  It just worked, and Time
flew by.  And since the client's office is pretty low on Linux knowledge
I can assure you they weren't kind to it and shouldn't be accused of
pampering or administring it themselves.  We haven't ever been called
for support on any of our other deployed boxes either.

Linux seems to be the perfect Drop and Forget server deployment tool for
a small IT outsourcing buisness like ours.
From:	 Rob Landley <rlandley@austin.rr.com>
To:	 letters@lwn.net
Subject: LinuxCare's "support" business.
Date:	 Fri, 04 May 2001 17:59:52 -0500

Making money from Linux tech support runs into two problems.  First of
all you don't need it, and secondly you can do it yourself.

First, most of the support people need is the "getting it to work in the
first place" variety.  Install and configuration is a one-shot deal, not
an ongoing revenue stream.  Once you've configured a reliable system, it
can get buried behind sheetrock during remodeling and nobody's likely to
notice for about five years.  (This has actually happened to novell
servers and PDP 8 systems. 
http://www.techweb.com/wire/story/TWB20010409S0012 ).  Perhaps you
contract out the installation of the system and take out an insurance
policy against anything going wrong the first few months, but after a
while there's no reason to keep paying for babysitting.

Secondly, if you're not going to totally outsource your information
technology infrastructure (not just a "tech support" contract but having
the servers and their caretakers live in an IBM data center), then
you're going to have an IT staff.  Even if it's just one guy, he'll have
the complete source code to everything and will be quite capable of
fixing things himself.  Perhaps he'll have to search a few newsgroups to
find the information he needs, but keeping it running will be part of
his job.

So LinuxCare's problem is that it either does too much or doesn't do
enough.  Red Hat provides install time support, and IBM provides
throw-money-at-the-problem complete solutions.  In between, there's just
not much revenue.

Linux has never been something you make money ON.  It's something you
make money WITH.

From:	 Derek Kite <derekkite@netidea.com>
To:	 letters@lwn.net
Subject: Support business so hard?
Date:	 Sat, 5 May 2001 20:00:38 -0700

Support in any industry is a treacherous business. I work in the 
refrigeration service industry, and the number of company failures are very 
high. The difficulties are due to the high level of competence required from 
not the managers or salesmen, but the people with the dirty fingernails. Good 
technicians are rare and rather independant minded, more likely to start 
their own small service company than work for a large firm, or would rather 
be part of a small organisation. The only advantage that a large firm has is 
connections to head office, and a depth of expertise that the likes of 
IBM. Otherwise, the only difference is a larger overhead.

Why would someone hire Linuxcare over the local small firm of competent linux 
technicians? I hope for their sake the reasons are clear in their customer's 
mind. All I know is that there will be many failures, especially of large 
firms that sell services. But there will be (and is) a large industry of 
small firms that will do increasingly well as linux becomes a common option.

Derek Kite
From:	 "John Carter" <john.carter@tait.co.nz>
To:	 <letters@lwn.net>
Subject: Package mechanisms break Open Source.
Date:	 Mon, 7 May 2001 11:28:16 +1200 (NZST)

Current distributions and package mechanisms break the power of Open

In the bad old days if you wanted a program you downloaded the source,
compiled and ran. If it died you fired up gdb, sniffed around, fixed it
and sent the patch in. If it lacked, you added code until it did what you
want. If you didn't know how things worked, you "Used the Source Luke".

Distributions and package mechanisms and the need to squeeze onto small
disk drives have removed the current generation from that.

Now disk drives have grown huge.

Distribution and Package tools should now by default put unstripped
binaries _and_ the source onto your drive. If a process segfaults, it
should drop you into gdb.

I'm willing to bet you the pace of Open Source evolution will increase by
a factor of a 100 if this recommendation is followed.

John Carter                             Phone : (64)(3) 358 6639
Tait Electronics                        Fax   : (64)(3) 359 4632
PO Box 1645 Christchurch                Email : john.carter@tait.co.nz
New Zealand

From:	 "james c" <james_dasfleet@hotmail.com>
To:	 letters@lwn.net
Subject: Someone To Sue
Date:	 Fri, 04 May 2001 15:56:19 -0000

I had to laugh when I read your item which quoted 32BitsOnLine as saying "I 
would sleep better knowing that I could shift blame to Bill Gates."

Does 32BitsOnLine think Mr Bill cares?

I've heard similar statements many times in my consulting career, usually 
from a manager who says something like "we have to buy commercial products 
so there is someone to sue if it goes wrong".

My usual response is along the lines of "So imagine we buy a database from a 
multi-national corporation, and something in it breaks and we lose a million 
dollars. Do you really think you can sue AcmeMegacorp/Microsoft/whoever? 
Their lawyers would take you apart, haven't you ever actually read a licence 

I'd much rather have a product with good support, or the source code so I 
can support it in-house, than one with the supposedly sleep-inducing 
properties of an un-sue-able megacorp behind it.

From:	 Max.Hyre@cardiopulmonarycorp.com
To:	 letters@lwn.net
Subject: Free-Software's impetus, contra Mr. Mundie
Date:	 Fri, 4 May 2001 15:43:01 -0400

   Dear LWN:

   Though it is true that repeated sales of Free Software is not a
viable business model, this observation only applies to that class
of people involved in making money by selling the software.  It
completely ignores the class of people making money using such
software as a tool.

   For this second class, the cost of software is a loss, mitigated by
its utility.  Getting that utility at a fraction of the cost will be
an extremely attractive proposition.  It makes sense for them to band
together with others, even competitors, to develop and improve
programs which are part of their infrastructure.

   Witness the Apache Group, which grew out of a number of webmasters,
for whom the server is a means, not an end.  Even if some of them were
business competitors, so long as that business wasn't selling Web
servers, they were better off cooperating to sharpen the tool.

   Such cooperation doesn't arise out of nothing.  But all it takes is
one generous soul to free a useful program.  That early, probably
minimal and buggy, program then serves as a focus about which the
larger group organizes.  Think of it as the impurity which starts
crystallization of a supersaturated solution.  The effects are all out
of proportion to the initial stimulus, but rather reflect the size of
the group which can fruitfully use the program.

   =That= is why a model that's unworkable for a software company can
nevertheless thrive.  It's not a business model, it's an operational
model. The worth to its users is greater than its worth to a single
proprietary company.

   When Mr. Mundie asks:

	2.Should an information-based economy protect the
        intellectual property assets that are driving its

he's missing the point that the ``information-based economy'' for
which the answer is `yes' comprises only software companies.  When
``economy'' is understood to take in =all= businesses, the answer
frequently becomes `no'.  He actually alludes to this when he points
to ``the shift of focus away from the technology IP to content IP''.

   The only way a company can hope to continue making the big bucks
from ``technology IP'' is to =own= that IP.  So long as protocols can
be independently implemented, such a company is at risk of losing
customers to a clone.  (Watch for a push to outlaw reverse engineering
generally.  We already have an attempt to do that for encryption
methods, in the DMCA.)

	 [The GPL] also fundamentally undermines the independent
	 commercial software sector because it effectively makes
	 it impossible to distribute software on a basis where
	 recipients pay for the product rather than just the cost
	 of distribution.

Bingo!  He's got it, but can't accept it because it threatens his
business model exactly in proportion to how much it helps other
businesses.  GPLed software is worth the big bucks a maximum of once.

		 Best wishes,

			    Max Hyre
From:	 David Kastrup <David.Kastrup@neuroinformatik.ruhr-uni-bochum.de>
To:	 letters@lwn.net
Subject: Open Source and Forking
Date:	 Sat, 5 May 2001 02:36:50 +0200

Mundie from Microsoft has told us that Open Source carries the danger
of leading to forked software.

Open Source pundits tell us proudly that few examples of serious
forking exist, presumably because of the discipline of Open Source

Both are way off the mark.  The question is: who wants to fork code in
the first place?  It turns out that individuals not out to make fast
money are not interested in forking third party code, or even working
with it.  Sad witness to this fact are, for example, literally dozens
of independent Web browser projects with different feature sets and in
different state of progress.

In almost all cases, the incitement to forking is only there for
commercial entities.  This is essentially what happened to the BSD
code base: the free base remained strong, and every company rolled
their own specialties.  Forks all around, and exactly because all of
these companies were able to protect their added value, their
intellectual property.  All but a few have died since, because the
cost of maintaining a separate fork beside a prospering free tree is
high.  This is the reason for proprietary Unices collapsing under the
impetus of the currently available free Unices.

So what does this tell us?  Forks rarely have a future in Open Source.
Even where proprietary forks are allowed (as with a BSD license),
natural selection tends to kill them off.  Where the incentive of
property is absent in the first place (such as with the GPL), forks
are even more rare.  Most of them have remerged at some time (such as
the gcc/egcs fork).  Only the strongest projects have a chance of
keeping more than one branch alive after a fork.  One of these rare
cases has been the Emacs/XEmacs split.

So it seems that Open Source does not lead to forking, and voluntary
programmers are not interested in forking either.  They either want to
help improve an existing project, or roll their own.  The only reason
for forking is to make money off your additional invested work by
keeping your branch proprietary.  So a license like the GPL is about
the strongest imaginable measure against forking, whereas a BSD-like
license relies on the power of natural selection to let only the
worthy projects survive and thrive.

In short, forking is about the least of our worries.  Total
duplication of effort is much more prevalent.

David Kastrup, Kriemhildstr. 15, 44793 Bochum, Germany
Email: David.Kastrup@neuroinformatik.ruhr-uni-bochum.de
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds