[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Red Hat makes a profit - sort of. With some fanfare, Red Hat has announced its results for the first quarter of its 2002 fiscal year. The core point, of course, is that the company claims to have made a $600,000 profit in this quarter, which ended on May 31.

The company made $11.3 million in revenue from subscriptions, and $14 million from the various consulting and development services. There is no separate item for "Linux distribution sales," leading one to believe that they have been folded into "subscriptions." Red Hat also earned almost $4.5 million in interest from its sizeable cash holdings. On the down side, the "cost of revenue" was $11.1 million, sales and marketing ran $10.7 million, research and development $4.3 million, and administrative expenses were $3.4 million.

In other words, Red Hat actually, using these numbers, operated at a $3.9 million loss. It was the interest income that put it nominally into the black.

This is a significant achievement on Red Hat's part. The company had not promised profitability for another year yet, but that state has been reached now. They have gotten there despite a harsh economic downturn that has savaged many other Linux companies. And Red Hat has not drifted from its commitment to free software; the company still employs a great many free software developers, and gives back a great deal to the community. Red Hat shows that it can be done.

Or so we hope. A closer look at the numbers shows a slightly more complicated story than what we have seen so far. The $600K profit comes out of the "adjusted" results. The adjustments that have been made include the omission of three sets of expenses:

  • "Amortization of goodwill and intangibles": $20.8 million.
  • Stock-based compensation: $3.7 million.
  • Merger and acquisition costs: $3.7 million.
Once you figure those in, suddenly Red Hat shows a loss of $27.6 million, or 16 cents per share. The justification for leaving them out is that they are, it is said, one-time charges that do not show the steady state of the company. And one could argue that the goodwill costs, reflecting money that went out the door some time ago, should be left out. But the fact remains that the "total assets" claimed by the company dropped from $505 million at the end of February to $471 million at the end of May. Red Hat may have achieved "operating profit," but it doesn't look 100% sustainable quite yet. At some point the assets need to start increasing.

What about future quarters? During the company's conference call, Red Hat management explicitly refused to provide any sort of guidance regarding future results. They will not even guess, at this point, at whether they can remain profitable or not. These are uncertain times for most companies, but most are sufficiently on top of their situation to offer estimates of how things will go. Red Hat, evidently, has no clue. The company did say, however, that no significant changes in staffing were expected over the next quarter.

So it remains to be seen whether this is the beginning of Red Hat's money-making operations, or whether it is, instead, the company's high point. Red Hat appears to be doing things right in a lot of ways, to the free software community's benefit. With luck, they'll pull it off.

Red Hat to become a database company? One other detail that Red Hat let slip in its conference call was that the company would soon announce a relational database product and associated services. No further information is available from the company at this time; it is making people wait until the marketing people say it's time.

The hope, clearly, is that relational database systems will help drive the next phase of corporate acceptance of free software, and that Red Hat will be able to provide those systems and the services that go with them. It remains to be seen how well that will work; database customers are used to getting their databases and operating systems from different vendors. Red Hat will have to offer something new and compelling to attract customers in this field.

Red Hat will stick with its open source approach for its database offering. Assuming that Red Hat is smart enough not to try to implement a relational database management system from scratch, it will have to adopt one of the existing, free database systems: MySQL, PostgreSQL, InterBase, or SAP DB. Red Hat as been careful, thus far, to not tip its hand regarding its selection.

There are some rumors about, however, that PostgreSQL will be the platform chosen by Red Hat. Certainly it would be a worthy choice; the PostgreSQL team has worked long and hard to produce a top-quality relational database system. Such a move, however, could prove to be a challenge for the companies that are already providing commercial support for PostgreSQL.

The most prominent of those, perhaps, is Great Bridge, the company founded by early Red Hat investor Frank Batten Jr., and the employer of much of the PostgreSQL core team. We talked briefly with Great Bridge CEO Bob Gilbert, who was very upbeat about Red Hat's possible entry into the PostgreSQL market. "What took them so long?" Mr. Gilbert welcomes Red Hat, and looks forward to Red Hat's contribution to PostgreSQL development.

If you believe Mr. Gilbert, the PostgreSQL market is a good one to get into. The company is finding customers in each of several target areas; PostgreSQL is being received well. Larry Ellison and Oracle, he says, should start getting worried "yesterday."

Mr. Gilbert's confidence may well be justified, but Red Hat's entry into the database market still has the potential to shake things up. We'll revisit this topic once the company has made its plans public.

GnuCash and library dependencies, again. Last week's item about the GnuCash 1.6 release and its many library dependencies drew more than the usual amount of mail, including this response from the GnuCash project itself. We seem to have hit a bit of a nerve there. So this week we'll follow up with two more articles; this one looks at the library dependency issue again, and the following one is a quick review of the 1.6 release itself.

Some members of the GnuCash development community felt that the project had been unfairly singled out for criticism when they would rather have seen attention paid to the stable release that they had worked so hard to produce. So let us say it here: GnuCash, at the moment, demonstrates the kinds of problems that can come up with massive shared library dependencies, but GnuCash is not, itself, the problem. GnuCash is a high-quality application which fills a pressing need in the free software community, and it has gotten there partly because its developers have taken the greatest possible advantage of work done by others. We never meant to criticize the project itself.

There are pitfalls, however, with a reliance on large numbers of shared libraries. Especially when a number of those libraries are not widely available on common distributions. If nothing else, it makes it very hard for people to use your software.

In the proprietary world, users will expect to be able to install a new "stable" release of a web browser, mail program, file manager, or personal finance program on their current system. Most do not expect to have to massively upgrade parts or all of their system first. (What happens when the application messes with their system anyway is a different, sad story that Linux users, happily, need not experience).

The people who have reported success with GnuCash 1.6 are, for the most part, running distributions like Debian unstable ("sid") or Mandrake's Cooker. The exception appears to be the just-released SuSE 7.2 distribution. Nonetheless, many users of a personal finance application will not be pleased to have to upgrade their operating systems just to install or upgrade it. If you tell them that, not only do they need to upgrade the operating system, but they must use an unstable version of a distribution, they will simply walk away.

There may be no easy solution to this problem. One of the characteristics of free software is rapid development, and few of us would have it any other way. But fast development implies a lot of upgrades if you want to keep up, and, often, the need to run beta versions of software. These requirements may be hard to reconcile with the needs of desktop users, who just want things to work without their needing to mess with them. This will be a continuing challenge for those developing desktop applications.

About GnuCash 1.6. The GnuCash package has long had the features that one really needs to handle personal finance - see LWN's review from back in 1999. It has, however, remained far behind the proprietary packages with regard to the features offered. People who really want to run free software for [gnucash main window] everything have been able to use GnuCash for some time; just about everybody else has been inclined to wait.

With the 1.6 release, the feature gap is closing. The application as a whole has a much more finished look, and the online help is greatly improved. Quite a few important new features have been added. GnuCash still has not caught up with the proprietary packages in a number of ways, but it has gotten a lot closer. Once the distributions catch up and make GnuCash 1.6 easy to install and run, its user base should grow.

The first thing likely to be noticed by GnuCash users who upgrade to 1.6 is the new, XML database file format. The program converts older files to the new format, but must ask a number of questions in the process - especially if the file contains a lot of stock accounts. The XML format is certainly nice for a number of things, but there is a downside as well: the size of the database file grows by almost a factor of ten. Over 1KB is required for each transaction (i.e. a check) (example). GnuCash 1.6 is noticeably slower to load or save data in the new format. That's the sort of price we pay for a transparent file format.

Of course, for those with huge GnuCash files, taking advantage of the new PostgreSQL back-end may well prove the best way to go.

A crucial improvement in GnuCash 1.6 is in the report generator. Reports in version 1.4 were somewhat crude and could not be directly printed - one [GnuCash report window] had to export the report in HTML and feed it to a web browser first. Version 1.6 reports are more tightly integrated into the system, look better, and include the obligatory bar and pie charts.

GnuCash has always had a strongly international approach and supported multiple currencies. The new version has strengthened that approach, and includes detailed support for the Euro.

Other features include: more business-oriented support (things like depreciation reports), tax preparation support, improved QIF importing, internal updating of stock prices (no more need for an external application), a loan calculator, and even a built-in web browser.

GnuCash 1.6 also includes support for the "GnuCash network." The network does not currently provide much in the way of services; the registration window doesn't even work, and will not until version 1.6.1. One can presume, however, that providing useful services through that channel is part of somebody's business plan, and that things should start showing up there soon.

What's still missing? Many users would most like to see support for scheduled transactions; this feature is apparently under intensive development and should be there for the next major release. It's still not possible to directly import information from banks or credit card companies. No budgeting tools are provided. GnuCash still doesn't really understand loans, and will not handle the amortization for you. And several other things, doubtless.

The GnuCash developers have set themselves the goal of blowing the proprietary finance packages (both personal and business) out of the water with a free alternative. It is an ambitious goal, and, as of 1.6, it has not yet been achieved. Things are clearly heading in the right direction, however; GnuCash is more than usable now. If you are still balancing your checkbook with a proprietary package, it may be time to consider making a change. (See also: the GnuCash web site).

Inside this week's Linux Weekly News:

  • Security: The Danger of Posting Images, a look into the world of 13 year old hackers, new vulnerabilities in fetchmail, rxvt and more.
  • Kernel: Linux Device Drivers 2nd Edition; API changes in stable kernels; FOLK.
  • Distributions: Agenda-VR, Sentry Firewall CD, the Mandrake Cooker Weekly News.
  • On the Desktop: Netscape 6.1, XFree86 reviewed, Ogg Vorbis and yet more on pilot-link.
  • Development: GCC 3.0 announced, Ogg Vorbis decode RC1, Stallman on scientific publishing, mod_lisp 2.0, GHC 5.00.2.
  • Commerce: Compaq initiatives, Goldbox, GCC 3.0.
  • History: Software patents, Handhelds.org and "open sores".
  • Letters: GnuCash and shared library hell; non-executable stacks.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

June 21, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

The Danger of Allowing Users to Post Images. A major discussion thread on BugTraq this week started when John Percival posted a note entitled The Danger of Allowing Users to Post Images. With it, he included an exploit developed by Chris 'stallion' Lambert which could be used with almost any web script that uses cookie session/login data to validate CGI forms.

Many such web scripts, including threaded discussion forums like Infopop's Ultimate Bulletin Board or ezboard allow users to post images to the forum. This means that they accept user input in the form of HTML-embedded references or URLs. They do not, however, necessarily check the input they receive to make sure it does not contain additional HTML commands, such as possible hostile query-strings. As a result, another user clicking on such as image may be unwittingly executing HTML commands. If such a user has additional privileges, such as a forum administrator, more damage can result.

BugTraq ID 2871 addresses this issue and currently lists four affected applications: ezboard, Infopop's Ultimate Bulletin Board, VBulletin and WWWThreads. Fixes for Ultimate Bulletin Board and VBulletin have been made available. However, the basic issue is not specific to the applications, but just a demonstration that input verification vulnerabilities are extremely wide-spread in current web-based scripts. Time to take a look at your web scripts and look at how you are currently verifying the user input you receive, particularly if that input is in the form of HTML or other executable code.

CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for June is out. It covers a wide range of topics, including the grc.com attacks and the Honeynet project. "The results are fascinating. A random computer on the Internet is scanned dozens of times a day. The life expectancy of a default installation of Red Hat 6.2 server, or the time before someone successfully hacks it, is less than 72 hours. A common home user setup, with Windows 98 and file sharing enabled, was hacked five times in four days. Systems are subjected to NetBIOS scans an average of 17 times a day. And the fastest time for a server being hacked: 15 minutes after plugging it into the network."

One of the links inside this month's CRYPTO-GRAM is to The Strange Tale of Denial of Service, an account by Steve Gibson of his research into the world of distributed denial-of-service attacks. In this case, the machines used to deploy the attacks were running Microsoft Windows operating systems, but the victims could be any machine. From his experiences, he learned that major ISPs were simply unwilling to take action in response to this type of problem, that the US Federal government has too many problems to handle and will not look at "small" problems, such as the disablement of a single site, and that age does indeed shield youthful offenders within the US from prosecution.

To quote Steve, "We can not have a stable Internet economy while 13-year-old children are free to deny arbitrary Internet services with impunity".

Using a Cryptographic Hardware Token with Linux: the OpenSSL Project's New Engine (Linux Journal). Linux Journal's Paul Friburg takes a look at using OpenSSL's new engine to provide support for digitally-signed emails using a hardware token. "Hardware tokens are nearly tamper proof and assure that the data are originating from a given Linux PC provided that the token is plugged into it. ... Sadly, the token we were requested to integrate, the Chrysalis-ITS Luna2 PC card, was not on the list of the three tokens implemented in the engine. This forced us to go under the hood of the OpenSSL engine code. ".

Security Reports

sysklogd denial-of-service vulnerability. Immunix reports that the Linux kernel logging daemon klogd distributed with the sysklogd is vulnerable to a denial-of-service attack because it will shut down if it receives a null byte in a log message from the Linux kernel. A patch to fix the problem is available.

fetchmail buffer overflow. Wolfram Kleff reported a buffer overflow in all versions of fetchmail. This is remotely exploitable and could lead to root access if fetchmail is run by root. An upgrade to fetchmail 5.8.6 will resolve the problem.

rxvt buffer overflow. Samuel "Zorgon" Dralet reported a buffer overflow in rxvt which can be exploited to gain group utmp privileges on some systems, which could allow the utmp file to be modified. A patch is available to fix the problem.

man page source buffer overflow. zen-parse reported a buffer overflow in man that, when manual pages begin with a '.so' statement, may be exploited to execute arbitrary code under the 'man' group id. No patch or update for man has been posted so far. For more details, check BugTraq ID 2872.

MDBMS query display buffer overflow. teleh0r reported a buffer overflow in MDBMS, an SQL database server for Unix which provides source code and is free for non-commercial use. The buffer overflow can be exploited to execute arbitrary code. An updated version is available, containing a fix for the problem.

BSD ptrace race condition vulnerability. The version of ptrace shipped with NetBSD and OpenBSD has been reported to contain a race condition which can be exploited to allow an unprivileged user to attach to a privileged process, elevating the attacker's privileges. OpenBSD has released patches to their kernel to resolve the problem; NetBSD has fixed the problem in their CVS tree.

ghttp buffer overflow. The Gaztek HTTP daemon, ghttpd, is a GPL'd HTTP server with a small memory footprint that is capable of handling "thousands of simultaneous connections". A buffer overflow has been reported in version 1.4 that can be exploited by a remote attacker to run arbitrary code under the privileges of the ghttpd server. No fix for the problem has been reported so far.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

  • WatchGuard Firebox 2500 and 4500 boxes are reported to contain a vulnerability which makes it possible for an intruder to bypass SMTP checking using attachments encoded in base64. No vendor response has been reported so far.

  • ScreamingMedia SiteWare versions 2.501 and earlier and 3.1 and earlier contain a file disclosure vulnerability. An upgrade to 2.5.1 or 3.1.1 will apparently resolve the problem. BugTraq ID 2868.

  • cgiCentral's WebStore shopping cart software has been reported to contain two vulnerabilities which can be used together to allow an attacker to execute arbitrary commands on a system running Webstore. The two vulnerabilities are an administrator authentication bypass vulnerability and an arbitrary command execution vulnerability. A workaround for the command execution vulnerability has been posted, but no vendor response has been seen so far.

  • The Cisco Node Route Processor 2 card has been reported to allow unauthorized telnet access in its default configuration. An upgrade to Cisco 6400 NRP2 12.1DC will resolve the problem.

  • NetSQL, a light-weight SQL database server for Linux and Solaris, has been reported to contain a remotely exploitable buffer overflow which can give an remote attacker root access on the server. No vendor response has been seen so far.

  • Microburst uDirectory, a Perl CGI script, has been reported to contain an input validation error which can be exploited remotely to execute arbitrary commands on the host. No vendor response has been seen so far.


exim format string vulnerability. Check the June 14th LWN Security Summary for the original report.

This week's updates:

  • Red Hat [Note, one user reported problems with the Red Hat 7.0 packages in this update].
Previous updates:

xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging.

This week's updates:

xinetd default umask vulnerability. Check the June 7th LWN Security Summary for the original report. Fixing the problem simply requires that the default umask for xinetd be set to 022 instead of 000. This is also covered in BugTraq ID 2826.

This week's updates:

Previous updates:

OpenSSH tmplink vulnerability. Check the June 7th LWN Security Summary for the initial report. This is also covered in BugTraq ID 2825.

This week, OpenSSH 2.9.p2 was released with a fix for the problem.

ispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.

This week's updates:

Previous updates:
  • Red Hat (June 7th)
  • Debian, fixed in ispell-3.1.20-8, updated January 26, 2000. (June 14th)

Webmin environment variable inheritance vulnerability. Check the May 31st LWN Security Summary for the original report.

This week's updates:

Previous updates:
  • Caldera, disabling Webmin recommended, no updated packages available yet. (May 31st)
  • Caldera, updated packages now available (June 7th)

gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.

This week's updates:

Previous updates:

gnupg. gnupg 1.0.5 was released on April 29th. Check the May 3rd LWN Security Summary for details. An upgrade to 1.0.5 is recommended.

This week's updates:

Previous updates:

Denial-of-service vulnerability in FTP server implementations. Check the March 22nd LWN Security Summary for the original report. Affected FTP daemons include ProFTPd, NetBSD FTP, PureFTPd (to some variants of this attack), BeroFTPD, and FreeBSD FTP.

This week's updates:

Previous updates:

Apache directory listing error. Check the March 8th LWN Security Summary for the initial report. Apache 1.3.18 and earlier are vulnerable; Apache 1.3.19 contains a fix for the problem.

Previous reports:


Bastille Linux 1.2. The Bastille Linux development team announced the release of Bastille Linux 1.2, a hardening script for multiple Linux distributions.

CryptoMail 0.90. The first public release of CryptoMail, version 0.90, was announced this week. CryptoMail is an end-to-end secure email system. MySQL, Apache and Sendmail are required in order to run the server. More information is available at http://www.cryptomail.org.


Upcoming Security Events.
Date Event Location
June 21 - 22, 200113th Annual Computer Security Incident Handling Conference (FIRST 2001)Toulouse, France
June 21, 2001PKI Forum Members Meeting(Kempinski Hotel Airport Munchen)Munich, Germany
July 11 - 12, 2001Black Hat Briefings USA '01Las Vegas, Nevada, USA.
July 17, 2001The Open Group Security Forum briefingAustin, Texas
August 6 - 10, 2001CERT Conference 2001Omaha, NE, USA.
August 7, 2001CIBC World Markets First Annual Security & Privacy ConferenceNew York, NY, USA.
August 13 - 17, 200110th USENIX Security Symposium 2001 ConferenceWashington, D.C.
August 13 - 17, 2001HAL2001Enschede, The Netherlands

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

June 21, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.5; the 2.4.6pre4 prepatch came out just as LWN was going to "press"; it contains a set of fixes but nothing spectacular.

The same can not be said for Alan Cox, who has released several patches up to 2.4.5ac16. Alan has also released 2.2.20pre5 (though the last announced release was 2.2.20pre4) for those still working with the 2.2 kernel.

Some have asked why the current "ac" patches don't include the latest updates from the 2.4.6pre series. Alan's answer might make one a little nervous: "Because right now I don't consider the 2.4.6 page cache ext2 stuff safe enough to merge. I'm letting someone else be the sucide squad." There have not been a whole lot of complaints from 2.4.6pre users, however.

Andrea Arcangeli, too, has been issuing general kernel patches. 2.4.6pre3aa2 adds a number of fixes to the current Linus prepatch. There is also a 2.2.20pre5aa1 for the 2.2.20 prepatch.

The Linux kernel and gcc 3.0. Now that this major gcc release is out, people are naturally interested in using it to build kernels. Numerous fixes for gcc 3.0 are going in, but, at this point, using that compiler is still not recommended. It will take some time for both the compiler and the necessary kernel changes to stabilize before gcc 3.0 can be used with confidence.

The second edition of Linux Device Drivers is about to hit the shelves, at last. This edition, published by O'Reilly, is written by Alessandro Rubini and LWN editor Jonathan Corbet. It covers the 2.4 kernel through even most of the post-2.4.0 changes, and gives great attention to SMP and portability issues. It should hit the shelves around the end of the month - in the U.S., at least. More information can be found on the O'Reilly web site.

The really fun part, though, is the book will be released online under the GNU Free Documentation License. The exact date of the online release is unclear - some work has to be done to prepare the DocBook source for release. The hope, however, is to get it onto the net within a month of the bookstore release. At just over 550 pages, it should be a sizeable addition to the free documentation for the Linux kernel.

The FOLK project sent out an announcement of its existence on June 13. FOLK, or "Functionally Overloaded Linux Kernel," aims to combine as many interesting patches as possible into a single, integrated patch to make them all easier to try out. From the announcement:

The idea isn't to worry about quality, bloat, or any other "detail", but rather to give developers one additional way to showcase ideas and give interested users a way to try things out without having to spend a lifetime finding what's out there, another lifetime upgrading the patch to the current kernel and a third lifetime fixing all the rejected diffs.

In other words, it's probably not something you want to drop onto a production server, but the FOLK patch could be an interesting way of seeing what sort of work is being done out there.

As of this writing, the current patch is 2.4.5-folk1.4. It includes the full 2.4.5ac15 patch, the Bad Memory patch, the Linux Doors patch, the HP plugin scheduler patch, the socket registration patch (discussed in last week's LWN kernel page), IBM's POSIX threading patch, the real-time scheduler patch, JFS, and more. It should be fun to play with - but watch out for those "details."

The Linux kernel is getting too big? A recurring theme on the linux-kernel list is the complaint that the kernel tarballs have gotten too big, and that they contain far more stuff than anybody is going to use. Wouldn't it be better to split it apart, so that people could only download the code they actually need?

The answer has always been something along the lines of "feel free to set up a split kernel download site, but we're too busy." The conversation usually stops there. Now, however, Michael Bacarella has done something about it. He has set up a web page allowing a user to specify which kernel subsystems are of interest; then a tarball is created containing just the desired code.

The current setup is a bit rough - the choices on what to exclude are crude, and it's easy to request a kernel that will not build. But it's only intended to be a first step; future versions would probably hook into the CML2 configuration system and make much smarter choices on which code to include. Mr. Bacarella, of course, is looking for people who would like to help make a better system; drop him a note if you're interested.

Run Linux on your VAX. The Linux/VAX project project announced this week that it had succeeded in booting the system on a VAXStation 3100 and running a shell there. That is, of course, a crucial milestone, and the project is to be congratulated. Even if the resulting system does claim a whopping 5.4 BogoMIPs. Your editor is thinking about that old 11/780 he first learned Unix on...moving it into the basement would be a hard sell with the wife, however...

Making kernel configuration fun. Eric Raymond has evidently decided that there are not enough interfaces to the new kernel configuration system, so he has added another. This one, however, is different, being based on an ancient "interactive diagnostic" program interface:

Welcome to CML2 Adventure, version 1.6.1.
You are in a maze of twisty little Linux kernel options
menus, all different.

The main room.  A sign reads `Linux Kernel Configuration 
System'.  Passages lead off in all directions.

> n
The arch room.  A sign reads `Processor type'.
A passage leads upwards.

Choose your processor architecture.
A brass lantern is here.
There is a row of buttons on the wall of this room. They read:
The button marked X86 is pressed.

Perhaps this configuration mode should become the default for the Linux/VAX project?

Followup: the PCI suspend/resume interface change. Last week we looked at an incompatible API change that went into 2.4.6pre3, and which upset some developers. For those who are interested, here is Patrick Mochel's justification for the change. While there seems to be a consensus that the change makes sense technically, not everybody thinks it should have been now. Quoting Jeff Garzik:

Anyway I beg you -- please consider API changes more carefully in the future, even if Quick Draw Torvalds does not. The changes that occured here are immaterial: the principle of the stable series is what is at stake here.

Interestingly, Linus felt the need to deny that Mr. Mochel's employment at Transmeta had anything to do with the change being included - despite the fact that nobody had (publicly, at least) made any such allegation.

The real conclusion that should be drawn here, perhaps, is that it is past time for the 2.5 series to begin. 2.4 has not truly stabilized, but it is getting closer and a lot of the remaining problems (virtual memory being at the top of the list) are not those that can be addressed by most kernel hackers. Perhaps it is time to start the new development tree, and future API changes can go there.

Linux/PPC has a new maintainer. Cort Dougan has announced that he is stepping down as the maintainer of the PowerPC port of the Linux kernel. Mr. Dougan has filled this role for several years, and has been widely respected for his leadership with this port.

The new maintainer will be Paul Mackerras. He posted an acceptance speech of sorts; we wish him luck.

Other patches and updates released this week include:

  • Rick Lindsley has released a document describing the global spin locks used in the kernel and the conventions for their use. This is a crucial piece of documentation; as the number of locks grows, it is increasingly difficult to know which locks should be taken out where.

  • Andrea Arcangeli has posted a patch which is intended to make header files match up with some of the user-visible API changes in the 2.4 kernel.

  • Leon Breedt released a patch which enables a non-blinking cursor on the text console. Interestingly, some people strongly disagree with this patch.

  • IBM has released version 0.3.5 of its journaling filesystem.

  • Rusty Russell has posted a new hotplug CPU patch.

  • Anton Altaparmakov announced version 1.0.0 of the Linux NT filesystem. It still is not safe for write access, however.

  • devfs v181 has been released by Richard Gooch.

  • Stelian Pop has updated his Sony Vaio programmable I/O controller driver.

Section Editor: Jonathan Corbet

June 21, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Agenda-VR. The addition of Agenda-VR to our distributions list marked the perfect opportunity to split handheld distributions out of the general embedded distribution lists. Given the growing popularity of PDAs, the pace of the Linux development in this field and the likelihood that playing with the OS on your Linux PDA might be the primary reason you chose to purchase it, separating out Linux Distributions for PDAs seemed like the "right" thing to do.

Agenda-VR is the Linux distribution that runs on the Agenda VR3 PDA. They've got a nice, interactive tour on their site of the product from the website and provide information on both the old and new versions of their OS. Unfortunately, when we tried to download the software, the links were not working.

Other useful resources include Russell Stuart's Agenda Development Page, which gives tips on downloading and compiling code, and the SNOW compiler for the Agenda PDA. SNOW is an application binary interface for the MIPS CPU architecture developed initially by Jay Carlson and adapted for the Agenda by Shane Nay. It produces shared libraries that are loaded at a fixed location in memory, similar to some of the older Linux shared libraries, providing enhanced performance in exchange for the time involved in tracking library location and relinking programs when libraries are modified. [Thanks to Tony Audas].

Estimating the size of GNU/Linux. David Wheeler has released More Than a Gigabuck: Estimating GNU/Linux's Size, his second white-paper to address the size and development costs of Linux. It analyzes the source code from Red Hat 7.1 to draw a number of conclusions, including:

  1. It would cost over $1 billion (a Gigabuck) to develop this Linux distribution by conventional proprietary means in the U.S. (in year 2000 U.S. dollars).

  2. It includes over 30 million physical source lines of code (SLOC).

  3. It would have required about 8,000 person-years of development time.

  4. Red Hat Linux 7.1 represents over a 60% increase in size, effort, and traditional development costs over Red Hat Linux 6.2 (which was released about one year earlier).

  5. The predominant software license is the GNU GPL. Software packages using the copylefting licenses (the GPL and LGPL), at least in part or as an alternative, accounted for 63% of the code.
His original paper used Red Hat 6.2 as a reference platform. Some other distributions, such as Debian and SuSE, include much more code and would produce even larger numbers.

New Distributions

Sentry Firewall CD. Sentry Firewall CD is a Slackware-based (currently Slackware 7.1) distribution that fits on a single bootable CDROM and takes configuration information from either a floppy drive or a local hard drive. As the name suggests, it is tailored primarily to provide a basic firewall environment. In addition, it can also serve as an intrusion detection node. In both cases, the advantage of running off the CDROM is that, even if hacked, the base operating system cannot be modified. So a reboot with a backup configuration floppy, for example, should get a damaged firewall back up and running immediately. Running the configuration off a read-protect floppy, rather than the internal hard drive, decreases the vulnerability of the system one step further.

Sentry Firewall CD is also hosted on Sourceforge. Thanks to David A. Bandel for the reference.

Distribution News

Linux-Mandrake News. The second release of MandrakeFreq is now available. This is a snapshot of the still-in-development Linux-Mandrake 8.0 and is intended only for power-users that like to live life on the bleeding edge. It includes KDE2.2alpha2, Linux 2.4.5, XFree86 4.1, Evolution 0.10, Nautilus 1.03 and Mozilla 0.9.1.

This week's Linux-Mandrake Community Newsletter reports the opening of MandrakeBizcases.com, a new site where business users can share their experiences using Linux-Mandrake products. They also provide a Mini-FAQ about the PPC beta released last week, including what hardware it supports, where the files can be downloaded and how to start the installation.

We were also pleased this week to hear of the creation of the Mandrake Cooker Weekly News (this week's version is permanently archived at this address), a new weekly feature that will be following the bleeding development edge at Linux-Mandrake. It promises "concise, hot information" on what they are currently developing internally, what new packages are available, development policy issues being discussed, etc. It will be available either as an email newsletter or on the web.

Between these two new features and Mandrake Forum, the availability of information on Linux-Mandrake is starting to rival that of volunteer distributions like Debian, where almost all information is available on-line. It is a model we strongly encourage for all distributions or development projects, since such a news source can do a lot to bind a community together, as well as providing a valuable historic resource.

Red Hat News. XFree86 4.1 is in Rawhide. People using it should note, however, that Red Hat removed libXIE.so from XFree86 4.1 when they installed it because the XFree86 team deprecates the use of that library. Unfortunately, Mozilla 0.9.1 uses that library. As a result, libXIE.so will go back into the next Rawhide build. However, it will not be included in future official versions of Red Hat. Developers take note; use of that library will make your program incompatible with future releases of Red Hat and other distributions that follow the request of the XFree86 team.

SuSE News. SuSE users reported the same problem with Mozilla 0.9.1 and XFree86 4.1.0 as mentioned above. As a result, libXIE.tar.gz should now be available for download in the XFree86 4.1.0 directory at SuSE. Installing it should fix the problem.

Meanwhile, US-based SuSE users will be cheered to hear that deliveries of SuSE 7.2 in the US were reported starting on June 18th.

Slackware News. On Thursday, June 15th, the Intel Changelog indicated that current had been frozen in preparation for the upcoming release. That did not prevent, though, the addition of Gcc 3.0 on an "experimental" basis or an upgrade of Qt to version 2.3.1.

Several people commented that they have been using -current extensively and consider it to be highly stable. Meanwhile, Patrick Volkerding again stated that the official release of Slackware 8.0 will be "soon".

On the bug-fix side, a patch to lpr went in for a known problem and updates to fetchmail and rxvt went in to resolve security issues. Several ham packages were upgraded by Arno Verhoeven. A LILO configuration problem that was causing partition tables to be rewritten at boot was resolved. e2fsprogs was downgraded to 1.19.

No Changelog entries went in for the Alpha or Sparc platforms.

A new version of the Slackware Package Management System was released this week, version 0.1.3. It now supports one-step packaging, and "automagic" document copying in addition to cleanups to the code.

Caldera News. This past week, some members of the caldera-users mailing list began to speak openly of moving to alternate distributions, due to frustration with Caldera and the lack of recent releases. No specific links are provided, since members of such a list should have the right to vent a bit without becoming a media focus. Nonetheless, if Caldera is still interested in having a user community, we certainly hope they are reading their own mailing lists. These people liked OpenLinux and don't want to leave it, but felt they are reaching a point where they have no choice.

Only a day or so later, an unofficial comment was posted that OpenLinux Workstation 3.1 will be released on the 29th of June.

Debian News. The Kernel Cousin Debian Hurd shows a lot of active development over the past week. A problem with getsockopt() has been fixed.

Conflicts between packages using high port numbers for network connections became a topic of conversation this week. It was quickly agreed that Debian needed to produce a mechanism to prevent conflict between packages, even though all high numbered ports are "up for grab", as an expected part of the "integration process" that any distributor provides. The mechanism by which they will prevent conflicts has not yet been chosen. A separate port registry, additions to /etc/services, or using the IANA registration were mentioned as possibilities.

KRUD News. The next monthly release of KRUD 7.1 will contain all the library updates needed for installing gnucash 1.6.0. Sean Reifschneider reported that the libraries that needed updating all installed without problems. KRUD 7.1 is based on Red Hat 7.1, but comes as a subscription service with a new CD each month, bundled with all related security and bug fix updates, as well as additional software chosen by tummy.com.

Trustix Secure Linux 1.4.90 released. Trustix Secure Linux 1.4.90, the beta release of this distribution before 1.5 comes out, has been released. It contains a number of new features; it also has incompatibilities with the last stable release (1.2), so prospective users should proceed with care.

RTLinux News. FSMLabs announced this week that RTLinux now supports the Motorola PowerPC 860. It is currently available, along with the RTLinux Development Kit for several PowerPC 860 evaluation boards.

Coyote News. The Embedded Coyote Linux distribution is nearing a usable state. Automatically-updated ISO images are available for those that would like to check it out.

Minor Distribution updates

  • Kaladix 0.3, includes major feature enhancements, but is still an early development release.

  • Mindi Linux 0.22pre1, improved interoperability with Linux kernel 2.4.X.

  • PKlinux-mini 2.0, Linux kernel 2.4.5 upgrade, ppp and firewall support updated, glibc 2.2.3 and bash 2.0.5 added.

Distribution Reviews

The e-smith server and gateway (Linux Journal). The Linux Journal reviews the e-smith server and gateway distribution. "In some ways, having problems while doing a review is not such a bad thing. You get to call tech support which gives you a feel for how quickly your questions and concerns will be answered. I am happy to report that not only did I not have to wait in a queue, but the person I spoke with was knowledgeable, helpful and open to the suggestions I made regarding the whole installation process."

Review: Red Hat Linux 7.1 (Duke of URL). This review of Red Hat Linux 7.1 finds, once again, that the .1 release cleans up well after the .0 version. "They have overcome almost all of the issues with the premature release of gcc 2.96 in version 7.0. They have again provided gcc 2.96 but this time it works well and can compile to the standards for both C and C++. They have also increased their currency by allowing a properly configured KDE to be included with the distribution. Thus catering to both desktop environment crowds. The inclusion of XFree86 4.0.3 and the anti-aliased xft render extension by default is also a nice touch."

Thanks to contributors. We want to thank readers who have written in to nit-pick on the categorization of various distributions, contribute new distribution links and more. This does a great deal to improve the quality of our information and it is much appreciated. Particular thanks go this week to Daniel James.

Section Editor: Liz Coolbaugh

June 21, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

Netscape 6.1. Late last week, right after our Weekly edition was published, Netscape officially released another version of their popular browser. C|Net reviewed this new release, Netscape 6.1PR1, and gave it a positive, though cautious, mark.

Netscape 6.1PR1 is based on Mozilla 0.9.1
This version marks the third release, and first since early February, of the Mozilla based 6.x series. While only a preview release, which most people refer to as beta releases, the stability and speed of this new release are obvious and owe their improvements to the improved Mozilla 0.9.1 based NGLayout/Gecko rendering engine. The original 6.0 and 6.01 releases from Netscape were based on the much earlier and less polished Mozilla 0.6 code.

Some of the updated features and enhancements for 6.1PR1 include:

  • LDAP support in the e-mail program
  • Enhanced performance - faster page loading and web browsing.
  • Enhanced bookmark and history management-easier filing, sorting, deleting and editing.
  • Better searching -- easier navigation and the ability to search from an autocomplete URL dropdown.
  • Better security -- the Password Manager and the Cookie Manager give improved control over critical information.
  • Offline capability -- use Netscape Mail 6.1 to access all server-based mail accounts offline.
  • Easy account management -- centralized control and monitoring of all e-mail accounts.

Commentaries from various news sites have reported that the 6.1 release is just a bargaining chip for AOL in its current negotiations with Microsoft over cross-licensing deals. But Netscape President Jim Bankoff has been quoted as saying that in 6 months people won't think of Netscape as a browser company. Whether that means the company might be dropping the browser (which is unlikely) or simply relegating it to a lower priority (much more probable) remains to be seen. Most reports seem to think Bankoff's comments reflect Netscape's expected growth spurt, where they take the innards of the browser to make media tools for business.

Despite the advances, the PR1 release isn't quite ready for the masses. One of the known problems for Linux systems is that images are not displayed if they are either resized using the height or width attributes, or resized dynamically, from the actual image dimensions. Additionally, themes designed for the 6.0 release won't work with 6.1 due to changes in the XUL specification.

Wired reported that page loads were faster and entire pages loaded at once, meaning graphics and text displayed at the same time. This isn't exactly true - it depends on the site visited and connection speed, but image loading is definitely much faster. The same Wired story noted that the pull down menus at Sony.com didn't work at all, but LWN.net found that one set of menus worked and another didn't. A stock Mozilla 0.9.1 presented the same problem. Perhaps drop down menus can't be displayed over another drop down menu. What we did find was that Netscape 6.1PR1 is quite the resource hog, chewing up memory to the exclusion of all other applications on a Red Hat Linux 6.2 system, eventually forcing us to kill the application lest we lose our X session entirely.

Users interested in following the Mozilla/Netscape 6.x releases can find additional information from the NewZilla Web site, where tips on using Netscape 6 can also be found.

pilot-link redux. More information on the pilot-link project came to light this week. First, as soon as the new servers are moved across the US, the new pilot-link.org site will go live. This site is currently maintained at the gnu-designs web site. Additionally, a new bug database went live (at the current site) this week for reporting problems in the pilot-link package. Finally, and most importantly, a new release of pilot-link, version 0.9.5, has hit the streets.

Autoinstalling - Ximian Debian. The usefulness of Ximian's Red Carpet installer for Red Hat based systems was discussed in the May 24th, 2001 edition of On the Desktop. After that we received word that Ximian also provides a version of Red Carpet for Debian Woody and Debian Potato. In fact, there appears to be versions of Red Carpet for LinuxPPC, Mandrake, SuSE, and Turbolinux as well. (Thanks to Mark L. Kahnt)

Open-source music format ready to play (ZDNet). ZDNet looks at the upcoming 1.0 release of Ogg Vorbis, the open source music format. "The version set for release Sunday will officially be a "release candidate"--containing essentially everything that will be in the final version but still being checked by its users for last-minute flaws."

LWN.net Book Review: The New XFree86. LWN.net senior editor Michael J. Hammel reviews Prima Tech's The New XFree86, by Bill Ball. "The meat of XFree86 is in the libraries and X server and this text simply doesn't go into detail for either of these."

Desktop Environments

GNOME Summary for June 10 - June 16. The weekly summary of the GNOME world has been posted. Highlights this week include an update on the progress of 2.0, the XFree86 technical conference, and the rebirth of the eazel-hacking automated build system.

GNOME Board meeting 12 June 2001. The minutes of the latest GNOME Board meeting have been published. The most interesting note is that the X Technical Conference appears to have been revived for this years ALS conference.

People behind KDE: Kurt Granroth. Kurt Granroth, SuSE employee and KDE core developer in the US, is interviewed in another of this long running series from KDE.org. "SuSE has me on as a full-time KDE developer. They give me nearly complete freedom to work on what's necessary and pay well. All in all, it's as close to a perfect job as anybody could realistically expect."

Kernel Cousin KDE #14. This week's KDE kernel cousin covers discussions on a new keyboard shortcut scheme, design differences between the vector drawing tools Karbon and KIllustrator, and discussions on what the KDE League really is all about.

GNUStep Weekly Update. The latest GNUStep Weekly Update showed up late last week. The big news is the upgrades to gcc which will help alleviate the problems encountered which prevented using gcc to build GNUStep in the past.

Office Applications

OpenOffice releases new build candidate. The OpenOffice project (aka StarOffice) released the build 632 on Tuesday this week. The release notes say that the Berkeley DB is now included with the distribution, after they reached an agreement with the authors of that open source database.

Keeping up AbiWord. The latest edition of the AbiWord Weekly News #48 came out this week.

Focus on Infusion (KDE Dot News). KDE Dot News reviews the recently uncovered office application known as Infusion. "Infusion aspires to compete with the likes of Aethera, Magellan, Evolution, and yes, Microsoft Outlook+Exchange. Is Infusion there yet? Nope. But from what I've seen, I've certainly been impressed by Citadel/UX, and once I managed to get Infusion compiled, I was able to enjoy some neat functionality."

Desktop Applications

KDE PIM Roadmap. A project to help develop a roadmap for developers interested in working on KDE PIM, culminating in a PIM developer gathering in late 2001, has been proposed to the KDE PIM mailing list.

And in other news...

XFree86 4.1.0 (Duke of URL). The Duke of URL takes an indepth look at the recently released XFree86 4.1. "4.1.0 features support for not only new cards, but also strengthens the support for some cards. It also seems that a lot of time, the Alpha platform gets ignored along with the *BSDs, but this version changes that. With 4.1.0, Linux/PPC finally has DRI support, FreeBSD has i810/i815 support, and Alpha/Linux finally has jumped on the bandwagon with support for the ATI Radeon."

December 2001 Convergence (LinuxMedNews). LinuxMedNews creator Ignacio Valdez says that the Linux Desktop is close, but world domination won't be here till December. "My wife who is as non-technical as can be uses it also for school and documents using StarOffice 5.2. Then again, she has me to admin her machine. There are some end-user experience issues which keep Linux out of the reach of the masses: 1) Installation of video and sound as well as other installation difficulties remain an issue. 2) Anti-aliased fonts are not widely available through all the distributions. 3) A browser with the familiar Netscape name is not currently competitive. 4) Some application software is either a) not ready, b) not as good as applications such as MS-Office, or c) ready and superior to its Windows equilvalents (see my recent article on scanning) but requires more effort and knowledge on the part of the user to find and use."

If desktop Linux is viable, thank some unlikely spokespeople (ZDNet). Henry Kingman, Senior Producer of ZDNet's Linux Center, says that the only real problem for Linux is it needs a stronger mainstream media presence. "PR [from RMS, Eric Raymand and Bruce Perens] can only go so far. Without proponents among the ranks of media professionals, I wonder if desktop Linux has very much of a chance." His comments are meant to entice mainstream publishers to produce more Linux pieces, to open the publics awareness to the alternatives of open source.

My plan for getting Linux on the desktop (ZDNet). The same author that gave us 9 reasons why not to use Linux on the desktop last week, now continues with 10 issues to face to get Linux onto more desktops. "The only real way I see Linux becoming anything like a common desktop operating system would be for Microsoft to endorse it. Figure out the likelihood of this and you'll have a fairly precise measure of the chances Linux has of becoming a real desktop player."

Section Editor: Michael J. Hammel

June 21, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

Gnu Compiler Collection Version 3.0 [GCC]

Version 3.0 of GCC, the GNU Compiler Collection, has been announced. GCC, provides compilers for the languages C, C++, Objective C, Fortran, and now Java. GCC works on a wide variety of processor platforms. GCC is, of course, licensed under the GPL license.

The list of major new features in GCC 3.0 includes:

  • a Native-code Java compiler for faster run times and freedom from proprietary compilers.
  • Rewritten support for Intel and AMD 32 bit processors which provides faster run times on these common platforms.
  • Support for the Intel IA-64 (Itanium) Processor which will allow code to be ported to this new architecture.
  • Support for more CPU families including chips from Atmel, Motorola, Matsushita, Mitsubishi, Fujitsu, and Sun.
  • Improved C++ support with better ISO C++ standards compatibility and numerous bug fixes as well as a new Application Binary Interface (ABI) for C++.
  • Improved documentation including automated generation of man pages from Texinfo documentation.

For a complete and detailed list of the new features, see the official GCC 3.0 New Features document.

ZD Net is running an article about GCC 3.0 by Stephen Shankland which looks at some of the history behind GCC. The article points out that even Microsoft, despite its recent criticisms of the GPL, has a project known as Interix which features GCC as one of the key components.

No doubt, it will take a while for GCC 3.0 to show up in the major Linux distributions. Recompiling all of the code that makes up an entire distribution will, no doubt, take some time and will reveal new bugs in the compiler and the source code. Progress marches on.

For those of you who want to get started playing with GCC 3.0, downloads are available here.


Ogg Vorbis decode RC 1. Release candidate 1 of the Ogg Vorbis decoder library has been released. "This release is a 100% feature complete implementation of the Ogg Vorbis decoder libraries." Ogg Vorbis is an open source audio compression scheme with capabilities similar to the popular MP3 format. Work is also progressing on the accompanying encoding tools.

Ecawave 0.4.0 released. Version 0.4.0 of the Ecawave graphical sound editing tool has been released. This is considered to be a stable release. This version features bug fixes, and no more dependency on Qt.


Types of JOINs (O'Reilly OnLamp). John Paul Ashenfelter discusses the details of database JOINs in an O'Reilly OnLamp article. "One of the fundamental challenges in understanding SQL is becoming comfortable with thinking about data in terms of mathematical sets and relational algebra. This is similar to the challenge procedural programmers face when making the transition to object-oriented languages -- things are just simply different and the old rules simply don't apply. Joins force you to think in a set-oriented way."


LDP Weekly News. The Linux Documentation Project had a busy week, with 19 updated documents, including an updated Linux Installation HOWTO from Eric Raymond. Three new documents are also available, the GNU/Linux Post-Installation Checklist, the Home Electrical Device mini HOWTO, and the Linux Loadable Kernel Module HOWTO.

Embedded Systems

Embedded Linux Newsletter for June 14th, 2001. The Embedded Linux Newsletter this week mentioned formation of an industry group to standardize embedded Linux for set top boxes. The formation of the new group, known as the TV Linux Alliance, is summarized along with many other stories in the weekly Embedded Linux Newsletter.


Wine Weekly News issue 22. Issue 22 of the Wine Weekly News has been published. Included is a discussion of getting ActiveX working with Konqueror, talk of building a Wine kernel module, and information on the applicability of the Stanford kernel checker to other projects, among other things.

Network Management

OpenNMS Update for June 20, 2001. The June 20, 2001 issue of the OpenNMS Update covers the announced delay of 0.7.6 due to bugs uncovered during the beta test of that release. Other project status information is also included.

Printing Systems

Omni Printer Driver version 0.3 released. Version 0.3 of the Omni Printer Driver has been released. This version features a number of new features that are documented in the Changelog.


Stallman: Science must `push copyright aside' (nature). Nature.com is running an article by Richard Stallman in which he discusses copyright issues and dissemination of scientific literature. "The modern technology for scientific publishing, however, is the World Wide Web. What rules would best ensure the maximum dissemination of scientific articles, and knowledge, on the Web? Articles should be distributed in non-proprietary formats, with open access for all. And everyone should have the right to `mirror' articles; that is, to republish them verbatim with proper attribution."

Web-site Development

Zope Weekly News for June 17, 2001. The Zope Weekly News for June 17th, 2001 is available. This edition covers the upcoming EuroZope conference, a new Zope Developer's Guide, and Zope-cmf.

Midgard Weekly Summary. This week's Midgard Weekly Summary includes a note on case study plans and the new Nadmin Studio 1.4 interface.

New ZODB release. Andrew Kuchling has announced a new release of the Zope Object Database. The ZODB release contains just the object data store, without the rest of the Zope structure; it can be a most useful tool for people wanting to write Python applications with persistent objects, but who are not interested in the Zope web application framework.

mod_lisp 2.0 released. A completely rewritten version of mod_lisp, the Apache web server plug-in has been released. Mod_lisp is released under a FreeBSD style license and the code is considered to be beta level.

Window Systems

GTK+ 1.3.6 released. A new release of the GTK+ libraries is now available to developers. This release makes the set of four libraries included in the pre-2.0 line a single distribution which can be built with a single configure/make/make install sequence. Libraries included in this package include GLib, Pango (the new text rendering library), Atk (a new accessibility library) and GTK. Note that the API is mostly frozen at this point and no major API changes are expected before the 2.0 release.


IBM iSCSI and Itanium projects (IBM). IBM has published updated information for two development projects. The iSCSI project site provides CVS access to kernel updates and information on the SCSI-over-IP project.

The AlphaWorks site contains information on an updated Developer Kit for the Itanium processor with support for glibc 2.2 on Red Hat Linux 7.1 and Turbolinux..

Section Editor: Forrest Cook

June 21, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


cURL 7.8 available. A new release of cURL has been announced. "Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, http proxy tunneling and a busload of other useful tricks." A new version of the Python extension to the cURL library, pycURL, is also available.


Caml Weekly News for June 12 through 19, 2001. The June 12 through 19, 2001 issue of the Caml Weekl News is available. Topics include interfacing C threads with O'caml, ocamlweb 1.0, and several new English language introductions to O'Caml.


Glasgow Haskell Compiler 5.00.2 released. Version 5.00.2 of the Glasgow Haskell Compiler (GHC) has been announced. This release contains a number of bug fixes. Also, version 1.06 of the York Haskell Compiler (nhc98) has been released with its own set of bug fixes and some new features.


Take command of your client/server apps (IBM developerWorks). Barry A. Fiegenbaum discusses Java client/server programming in an IBM developerWorks article. "The Java language, with its easy access to TCP/IP-based sockets and its ability to stream objects over them, makes it easy to exchange command messages between clients and their associated servers".


cCLan News debut. The first edition of the Comprehensive Common Lisp Archive Network (cCLan) News has been announced. The cCLan site is just coming together, expect to see more as time passes.


New XML-RPC suite for Perl: RPC::XML (use Perl). The first full release of the Perl XML-RPC package has been announced. "The module includes a client class, a basic server class (that uses your choice of HTTP::Daemon or Net::Server as a transport layer) and a subclass of the basic server that hooks in as a mod_perl content handler."


PHP and Java (O'Reilly's onLamp). W J Gilmore looks at the Java extension for PHP in an O'Reilly onLamp article. "Do PHP developers ever sleep? I'm starting to wonder what these caffeine-entranced insomniacs are going to think of next. I'm asking this question because I can't seem to understand how PHP always seems to have just the right extension to accomplish the task at-hand."


Dr. Dobb's Python-URL! for June 18, 2001. The June 18, 2001 issue of the Python-URL! has been published by Dr. Dobb's. Topics include version 0.3 of the Quixote Web development toolkit, a new ZODB and ZEO package, PyClimate 1.1 for looking at atmospheric and oceanic data, a post from Guido about GPL issues that have been fixed since Python 1.61, and a new tutorial on floating point.

Python 2.0.1c1 released. Guido van Rossum has announced Python 2.0.1c1. While this is mostly a bugfix release, the major news is that this version is now fully compatible with the GPL license. A plan to make a GPL compatible version of Python 2.1.1 was also mentioned. That release should show up within a month.

QuantLib-Python 0.1.9 released. Version 0.1.9 of QuantLib-Python has been announced. "QuantLib-Python is the SWIG Python wrap of QuantLib. QuantLib (http://quantlib.org) is a C++ open source library for quantitative finance."


debut of the Ruby Garden news portal. A news portal for the Ruby language has been set up. Check out Ruby Garden for the latest happenings in the world of Ruby.


Squeak News e-zine. Squeak News, a new interactive online e-zine that is dedicated to the use of the open source Squeak smalltalk compiler, has been announced.


Dr. Dobb's Tcl-URL! for June 18, 2001. This week's edition of the Dr. Dobb's Tcl-URL! is now available. Topics include availability of papers from the second European Tcl/Tk users meeting, Tcl install shell version 1.2, and a Tcl implementation of a Turing Machine simulation language.


3 myths of XML (O'Reilly xml.com). Kendall Grant Clark looks at some XML myths in an O'Reilly xml.com article:

  • "The first myth rests on a confusion about the meanings of words like "free" and "open" when they are applied to XML-encoded information.
  • The second myth is that XML is magical, that it has some unique properties that makes impossible things possible.
  • The third is that technology, including XML, is more determinative of social relations and institutions than they are of it."


Unix's lessons for component architectures (IBM developerWorks). Peter Seebach discusses component architecture and code reuse in this IBM developerWorks article.
"Unix provides a beautiful example of an architecture that achieves many of the goals of component architecture, including portability and code reuse. Some of the key benefits include:

  • Shell scripts are broadly portable among Unix systems. Programs in C or Perl are generally fairly portable, too.
  • No other system has ever had a component used as broadly as grep.
  • Code reuse is actually practical in a Unix environment.
  • Ad hoc and scripting capabilities available for Unix support rapid prototyping and testing.
  • Time is spent focused on solving problems, not filling out checklists of API features."

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Compaq Announces New Linux Initiatives. Compaq is not usually perceived as a 'Linux company'. They do, after all, sell lots of PCs with 'Microsoft inside'. Compaq also sells more Linux-based servers than any other computer maker worldwide. Compaq has been a supporter of Linux and open source since the early 90s when they provided computers for Linus to work on. They are a driving force behind Handhelds.org and are a pioneer in clustering technology. They have been there, they've just been quiet.

This week Compaq made some noise, announcing six strategic initiatives "to meet global customer demand for commercially viable Linux enterprise solutions". The initiatives cover:

  • Beowulf Clustering on Industry-Standard ProLiant Servers.
  • Making server clusters more manageable through open source SSI.
  • Enhancing Development of Robust Enterprise Linux Solutions.
  • Linux and UNIX Interoperability and Portability.
  • A Linux Accreditation Program.
  • A developer's contest to promote new Linux applications for handheld devices.
More information on Compaq's Linux strategy can be found at www.compaq.com/linux.

IBM and Trustix launch 'Goldbox'. IBM and Trustix launched a new product called Goldbox. Goldbox is a Linux solution for small to medium sized businesses with software products from IBM and Trustix.

The Goldbox solution is comprised of three IBM xSeries (Netfinity) servers, the IBM Small Business Suite for Linux, and Linux Systems Management SW (XPloy) and Firewall Security SW (XSentry) from Trustix. In addition Goldbox includes technology for managing and maintaining Linux applications running on the platform. Everything is pre-installed, pre-configured, and delivered through the IBM and Trustix distribution channel.

See this white paper on Goldbox for further details.

GNU Compiler Collection Version 3.0 Is Released. The Free Software Foundation has announced the 3.0 release of the GNU Compiler Collection (GCC). This version of GCC fully incorporates a native-code compiler for the Java programming language. It also includes support for the Intel IA-64 processor. GCC compliers are widely used, as can be seen from this ZDNet article. "Indeed, GCC has spread as far as Microsoft, which ships the compiler as part of its Interix software, which enables Unix software to run on Windows computers."

Ask Jeeves Selects Sleepycat's Berkeley DB. Sleepycat Software, Inc. announced that Ask Jeeves, Inc. has selected Sleepycat's Berkeley DB embedded database for question answering data management.

Linux Stock Index for June 14 to June 20, 2001.

LSI at closing on June 14, 2001 ... 30.12
LSI at closing on June 20, 2001 ... 29.33

The high for the week was 30.12
The low for the week was 28.55

Press Releases:

Open source products

Distributions and bundled products

Proprietary Products for Linux

Hardware and bundled products

Products and Services Using Linux

Products With Linux Versions

Books & Training


Investments and Acquisitions

Personnel & New Offices

Financial Results

Linux At Work


Section Editor: Rebecca Sobol.

June 21, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Linux laps up more of the server software market (USA Today). The mainstream press looks at Linux. USA Today summarizes much of what has been happening lately with respect to market shares and Microsoft attacks. "Inconsequential 3 years ago, the crash-resistant Linux today accounts for 10% to 27% of server software shipments, surveys show. Researcher IDC pegs Linux as the fastest-growing server software 2 years running, complicating Microsoft's hope to dominate servers as it does PC operating systems."

Beware of wolves in agnostic's clothing (AnchorDeskUK). Bruce Perens responds to a recent pro-Microsoft, anti-Linux AnchorDesk editorial. "The concept of a commons has always been an essential feature of capitalism, especially for infrastructure like public roads. Open source puts software in the commons, a natural place for infrastructure, but Jack doesn't think that will work."

License to FUD (ZDNet). Evan Leibovitch examines the real and perceived differences in licenses, most notably the GPL and BSD licenses. "The BSD philosophy seems to hold that creating and giving away code, then seeing it used by others, is victory and reward enough. But most of the GPL supporters disapproved of allowing "others" to close off source code and hide enhancements."

Whitepaper: Linux's Future in the Embedded Market (LinuxDevices). LinuxDevices.com has a white paper on the future of Linux in the embedded market. "The overall embedded market is undergoing a major transformation both in design and functionality. Networking technologies are becoming increasingly more important for embedded developers. Driven by the proliferation of the Internet and the increasing ubiquity of embedded computer systems, devices that can communicate with other devices are becoming dominant in the embedded market."

Embedded Linux set for European push (ZDNet). The ELC plans to extend its reach in Europe, including the addition of a new European Ambassador to help market embedded Linux in that marketplace. "ELC-Europe is a new body whose purpose is to "accelerate the ELC's European presence via promotion, marketing and standardization-related activities". The ELC plans to open an office in Belgium, Holland or Luxembourg soon."

Embedded Linux: strong growth, European chapter. According to a LinuxDevices report, Venture Development Capital expects strong growth for the embedded Linux marketplace over the next 4 years. Additionally, LinuxDevices reports on a new European chapter of the Embedded Linux Consortium.

Microsoft vs Linux

Gates wades into open-source debate (News.com). Bill Gates is interviewed by C|Net and talks about how Microsoft uses open source software and how the company feels about the GPL. "The GPL, he continued, 'breaks that cycle--that is, it makes it impossible for a commercial company to use any of that work or build on any of that work. So what you saw with TCP/IP or Sendmail or the browser could never happen.'"

GPL Pacman will eat your business, warns Gates (Register). Here's The Register's take on the latest wisdom from Bill Gates. "Think hard about that one - it's a little thing that runs around gobbling up everything it comes across, like alternative GUIs for Dos, disk compression, independent TCP/IP stacks, the browser market, email clients, instant messaging, digital audio and CD burning... No wait, that's something else entirely. What Bill really means is that the GPL is the Borg/bodysnatcher de nos jours, tainting everything it comes into contact with and assimilating it to The Hive." (Thanks to David Killick).

Microsoft Uses Open-Source Code (Wall Street Journal). The Wall Street Journal reports that FreeBSD developers have verified that Microsoft is not only still using FreeBSD over at Hotmail, but also within the Redmond giant's own operating systems. "Software connected with the FreeBSD open-source operating system is used in several places deep inside several versions of Microsoft's Windows software, such as in the "TCP/IP" section that arranges all connections to the Internet."

Why Microsoft is wary of open source (News.com). More fallout from the Microsoft attacks on Linux, including more market numbers, for what ever they might be worth. At least this time they're from IDC, which sees Linux as having gained a larger piece of the pie. "While Linux hasn't displaced Windows, it has made serious inroads. Linux accounted for 27 percent of new worldwide operating-system licenses in 2000, and Microsoft captured 41 percent of new licenses, according to IDC. Overall, Gartner estimates Linux runs on nearly 9 percent of U.S. servers, with worldwide projected sales of nearly $2.5 billion, reaching about $9 billion in 2005."

Opening closed minds to open source (ZDNet). This ZDNet article by Richard French, senior vice president and general manager of the Open Source Development Network, rebuts some Microsoft FUD. "Let's be clear. It's Microsoft that diagnosed Linux as a supposed "cancer" and polarized the debate to begin with. So I'm here to offer a second opinion: Contrary to Dr. Ballmer's misinformed prognosis, the weight of evidence shows that Linux, and open source software in general, can in fact co-exist with proprietary software."

Microsoft before the earthquake (LinuxUser). A recent document from Microsoft describing their perceived dangers of the GPL (in .doc format) has started to rile the masses once more. This time, LinuxUser presents an analysis and rebuttal to this latest bit of Microsoft FUD. "Of course, including a few lines of Microsoft source code in your commercial product would have a dramatic effect on your legal obligations, too: you'd soon be looking at a Microsoft lawsuit for trade secret misappropriation and copyright infringement. We almost always let you do things they absolutely prohibit. That's why we must be wrong."

The campaign against Linux is uphill battle for Microsoft (Wall St. Journal/MSNBC). Recent attacks on Linux may be backfiring for Microsoft, according to this Wall Street Journal piece. "Many of the nation's biggest companies, including International Business Machines Corp. and Oracle Corp., regularly release proprietary programs that work with Linux, and TiVo Inc. built its TiVo digital video recorder on top of Linux. What's more, some other open-source software, such as FreeBSD and Apache, are distributed under an entirely different license than Linux, and have virtually no restrictions on them at all."

Microsoft is not the enemy (ZDNet). Here's a ZDNet article that cautions Linux advocates against lashing out at Microsoft. "While a lot of Linux and free software creators are probably just motivated to write good code, I think others really hope to free the computing industry and all computer users from the kind of bullying and domination that Microsoft has exemplified. They seek to do this not by turning the tables on Microsoft and themselves dominating the industry and the users. That's absurd--you can't dominate anything by letting people take stuff for free. Rather, they seek to provide for those who can't afford or just don't want to buy from a domineering company."


Red Hat to play in Oracle's arena (News.com). Red Hat announced plans to roll out a new database product next week to continue their moves into the enterprise market. "Szulik said the product will continue Red Hat's support for open-source software--code developed collaboratively by programmers who freely share the underlying source code, without many of the restrictions of proprietary software such as that from Microsoft or Oracle. The database also will fit into Red Hat's plan for selling subscriptions to the company's software management services."

IBM Banks on Austin, Texas, Center to Build Customer Base for Linux System. IBM's Linux Technology Center and other Austin, TX based open source companies are profiled in this story from the Austin American Statesman. "One Austin startup that's hoping to get in on the application side is Gnumatic Inc., which is developing desktop financial management software. Founder and Chief Executive Linas Vesptas anticipates eventually selling the product, Gnucash, on a CD-ROM, accompanied by the proper documentation -- just like its Windows equivalents, programs such as Quicken and Microsoft Money."

Winnebago Running Linux Mail on Mainframe (TechWeb). TechWeb looks at Winnebago's use of Linux on an IBM mainframe. "Winnebago installed Linux on the mainframe in the fall. The company uses the Linux installation for Web serving, an intranet, Samba for file serving and printing, DNS and ftp serving. The advantage to running Linux on the mainframe is that Winnebago already had the mainframe; the company did not need to bring in and maintain another server."

End of an affair? (Salon). Salon reports on the strong relationship between hackers and TiVo and how Andrew Tridgell's unreleased ethernet hacks for the device spurred alternative projects, and then wonders if the relationship hackers have had with the company will end now that the Napster-like hack for the TV recorder is making the rounds. "The Alviso, Calif., company has worked extremely hard to cultivate the geek community. So hard, in fact, that previous to the release of ExtractStream, another hacker who had created his own version of the software declined to release his hack to the general public after discussing it with TiVo. Why? Simply put, says open-source-software programmer Andrew Tridgell, "because TiVo is doing a damn good job." (Thanks to Paul R Hewitt)

Compaq adds stability to Linux armor (News.com). Compaq has announced clustering software for Linux that was previously available for their Tru64 version of Unix and Caldera International's UnixWare. "Compaq's clustering technology will be released under a license similar to the General Public License that covers Linux, said Gary Campbell, president and chief technology officer of Compaq's Enterprise Server group. The company is working with Linux sellers--including Red Hat, SuSE and Turbolinux--to encourage adoption of the software."

Compaq ramps up enterprise Linux efforts (ZDNet). Compaq is said to be irritated that IBM is being portrayed as the leader in big business support for open source software, according to this ZDNet report. "[Compaq's executive vice president in charge of its global business units Mike] Winkler countered that Compaq has invested in the open-source community for 10 years and was among the earliest proponents of Linux."

Netscape Denies Browser Escape (Wired). Wired test drives Netscape 6 and finds it better, but not great, and the company has more to lose by shipping a buggy version than a late one. "Page loads are notably faster, and the page comes up all at once, as opposed to Netscape 4.x or Internet Explorer 5.5, which tend to load the page in pieces -- first the HTML, then small graphics, then the fatter content. With Netscape 6.1, the whole page pops up at once, and often very quickly."

Networks promise unfettered file swapping (News.com). According to this C|Net News.com report, FreeNet has hired one of their own to finish a new release. "The largely volunteer effort has hired a paid staffer, Swedish student Oskar Sandberg, who will get $2500 for two months of work, using funds from an online donation pool. Developers hope that allowing one of their members to work full time on the project will help the completion of a new release, the first in almost a year, that finally will make Freenet faster and easier to use."


Which OS is Fastest for High-Performance Network Applications? (SysAdminMag). SysAdmin magazine is running this article comparing Linux, Solaris (for Intel), FreeBSD, and Windows 2000 to determine which operating system (OS) runs high-performance network applications the fastest. "We found that the software application's architecture determines speed results much more than the operating system on which it runs. Our benchmarks demonstrate a 12x performance difference between process-based and asynchronous task architectures. Significantly, we found up to a 75% overall performance difference between OSes when using the most efficient asynchronous architecture. We found Linux to be the best performing operating system based on our metrics, performing 35% better than Solaris, which came in second, followed by Windows, and finally, FreeBSD." (Thanks to Michael Greminger)

Smart coding pays off big (ZDNet). Red Hat + Apache 2 years ago provided 1,842 requests per second. Fast forward today and, with tuned upgrades of both packages, Red Hat + Apache reaches 4,602 Web requests per second. "Despite having a tougher workload and fewer overall CPU megahertz available, Apache on Linux showed a huge 2.5 factor speedup in just two years of development time. Some of these performance changes were in Apache, but many were in the Linux kernel itself."


Tux: Built for speed (ZDNet). ZDNet reviews Red Hat Inc.'s Tux 2.0 Web server. "The fact that Tux 2.0 was also significantly faster than Windows 2000's Internet Information Server 5.0 Web server (5,137 requests per second) clearly shows the advantages of Tux's new design over that of a well-established Web server. The next version of IIS (which ships with Microsoft Corp.'s Whistler project) uses several ideas introduced by Tux, including the kernel-space design."


A talk with Paul Leroux (FreeOS.com). This interview with Paul Leroux examines the philosophy and people behind QNX, the reason the project went open source and compares QNX with Linux. "While they share programming interfaces, QNX is inherently realtime, whereas Linux is a general-purpose OS. QNX has a microkernel architecture (i.e. drivers, protocols, and file systems are dynamically upgradable, memory-protected processes), whereas Linux follows a far more traditional "monolithic" kernel architecture."


Applications over Freenet: a Decentralized, Anonymous Gaming API? (Linux Journal). Linux Journal is carrying an article on writing a simple gaming API over Freenet. "There are four different APIs exposed via XML-RPC in the Freenet reference implementation. The Util API supplies utility methods for determining the version of your node and other sundry items that don't concern us. The Simple API provides a one-line method call to insert and request files but is not designed to handle big files. The Chunked API allows for chunked retrieval of large files. The Streaming API allows for efficient streaming retrieval of data."

Section Editor: Forrest Cook

June 21, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



Linux Buyer's Guide #11. The 11th edition of the Linux Buyer's Guide is out. "New chipets emerged from everyone from VIA to Intel, and even included a newcomer to the motherboard chipset scene, NVIDIA. VIA pushed DDR on the Pentium 4, Intel flexed its muscles with its new i860, and NVIDIA rolled out their new AMD-only chipset, the Crush, along with an obligation to fully support it under Linux."

Tip Of The Week: locate What You're Looking For. LinuxLookup.com helps locate data or a program with the Linux locate command.


Linux@Work report. Aschwin Marsman was kind enough to send us a report from Linux@Work in Amsterdam, with pictures.

Sponsorship for the 5th LyX Developers Meeting. The LyX team announced the sponsership of the next LyX Developers Meeting (to be held in Bozen in northern Italy between the 21st and the 26th of June, 2001) by the CCP2000 Organizing Committee. CCP2000 is a conference on Computational Physics, which took place in December 2000 in Australia.

Events: June 21 - August 16, 2001.
Date Event Location
June 21, 2001Linuxdays 2001St. Pölten, Austria
June 21, 2001Seminar on RepligardEspoo, Finland
June 21 - 26, 2001LyX Developers MeetingBozen, Italy
June 25 - 30, 2001USENIX Annual Technical ConferenceBoston, Massachusetts
June 25 - 27, 2001NCSA Linux users' and system administrators' conference(University of Illinois)Urbana, IL
June 29 - July 1, 2001Linux 2001 Developers'' ConferenceManchester, UK
July 2 - 5, 2001Debian One ConferenceBordeaux, France
July 3 - 5, 2001Enterprise Linux Institute ConferenceOlympia, London
July 4 - 9, 2001Libre Software MeetingBordeaux, France
July 4 - 5, 2001Linux Expo ExhibitionOlympia, London
July 5 - 8, 2001LinuxTag 2001 - Stuttgart,Germany
July 9 - 12, 2001Embedded Systems Conference(Navy Pier Festival Hall)Chicago, Ill.
July 9 - 13, 2001SAGE - AU 2001(Grosvenor Vista Hotel)South Australia
July 14 - 15, 2001LinuxCertified Linux System Administration BootCampCupertino, California
July 14, 2001LinuxfestGalax, Virginia
July 16 - 21, 2001The Open Group Quarterly ConferenceAustin, Texas
July 16 - 20, 2001The Open Group Real-time and Embedded Systems ForumAustin, Texas
July 16 - 21, 2001The IEEE PASC (POSIX) System Services Working Group meetingAustin, Texas
July 19 - 25, 2001Networking Event 2000(ne2000)Nuenen, the Netherlands, South
July 23 - 27, 2001O'Reilly Open Source Software ConventionSan Diego, California
July 23 - 27, 20011st annual PHP ConferenceSan Diego, CA
July 25 - 28, 2001The Ottawa Linux Symposium 
July 28 - 29, 2001Rocky Mountain Software Symposium 2001(RMSS 2001)(FourPoints Sheraton in Cherry Creek)Denver, Colorado
August 2 - 4, 2001Yet Another Perl Conference Europe 2001(YAPC)(Hogeschool Holland)Amsterdam, Netherlands
August 10 - 12, 2001Hackers at Large 2001(HAL2001)Enschede, Netherlands
August 14 - 16, 2001Embedded Internet Conference 2001 -Santa Clara, CA
August 14 - 16, 2001LinuxWorld ChinaBeijing, China

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

"Linux in Brazil" URL changes. The Linux in Brazil site has moved to a new URL. Look for it at www.linux.matrix.com.br. The change was motivated by a general upgrade (the web server was moved to a new datacenter). All the crew remains the same, as well as the service provider.

User Group News

New email address for LUG news. LWN now has a new email address for LUG news. Please send all your LUG news to lwn-lug@lwn.net in a plain text format. News sent to this address will be reported in this space each week.

Linux Surviving in the Wild. The Ottawa Canada Linux Users Group (OCLUG) is planning an outdoor meeting for the month of July. The theme is "Linux Surviving in the Wild". BBQ/picnic food, drinks, and network connectivity will be available, as well as the usual technical talks. The event is scheduled for the evening (6pm) of Thursday July 5th 2001 in Strathcona Park (weather permitting). Everyone is welcome!

July events for the Linux Users Group of Davis. The next regular meeting of LUGOD will be held July 3 at Z-World in Davis, California. The topic will be Regular Expressions presented by Henry House.

On July 21 LUGOD will hold a Linux Demonstration at the Davis Food Co-Op.

LUG Events: June 21 - July 5, 2001.
Date Event Location
June 21, 2001St. Louis LUG(SLLUG)(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
June 21, 2001Omaha Linux User Group(OLUG)Omaha, Nebraska
June 21, 2001Linux User Support Team, Taegu(LUST-T)Taegu, Korea
June 21, 2001South Mississippi LUG(SMLUG)(Barnes & Noble)Gulfport, Mississippi
June 21, 2001
July 5, 2001
Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
June 21, 2001SSLUG: Installations arrangementDenmark
June 23, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
June 23, 2001Greater London Linux User Group(GLLUG)London, England.
June 23, 2001Eugene Unix and GNU/Linux User Group(EUGLUG)Eugene, Oregon
June 23, 2001Linux Demo DayEugene, OR, USA.
June 26, 2001Hazelwood Linux User Group(HLUG)(Prairie Commons Branch Library)Hazelwood, Missouri
June 26, 2001Kalamazoo Linux Users Group(KLUG)(Western Michigan University)Kalamazoo, Michigan
June 27, 2001Linux User Group in AssenNetherlands
June 27, 2001Central Ohio LUG(COLUG)Columbus, Ohio
June 28, 2001Phoenix Linux Users Group(PLUG)(Glendale Community College)Glendale, AZ
June 30, 2001
July 2, 2001
Baton Rouge Linux User Group(BRLUG)Baton Rouge, LA.
July 3, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
July 3, 2001Missouri Open Source LUG(MOSLUG)Kirkwood, Missouri
July 3, 2001ESLUG: HyggemødeDenmark
July 4, 2001Silicon Valley LUG(SVLUG)San Jose, CA
July 4, 2001Southeastern Indiana LUG(SEILUG)(Madison/Jefferson County Public Library)Madison, IN
July 4, 2001KLUG partyKalamazoo, Michigan
July 5, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
July 5, 2001UNIX/Linux Special Interest Group of the Dayton Microcomputer Association(DMA office at 119 Valley St)Dayton, OH, USA.
July 5, 2001Linux Surviving in the Wild - OCLUGOttawa, Canada

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

June 21, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Three years ago (June 25, 1998 LWN): Alan Cox had a few words to say on U.S. patent laws:

There are probably now in excess of a million so called 'software patents' cripping US industry. Because the US patent system basically runs without any checking of any kind US companies file patents on anything that so much as compiles in the hope they can use it to monopolise a field and drive competitors bankrupt.

Software patent problems are not limited the United States. Later in this page we will see an attempt to battle them and a specific example.

ZDNet's Jesse Berst wrote:

Would you like to see the rug pulled out from under Microsoft? Here's how it could happen. IBM ships and supports Linux. Oracle does Linux versions of all its products. A consortium of top vendors picks a standard Linux interface and creates a compatibility logo.

When IBM announced plans to bundle and support Apache during the same week, it seemed like the corners of the rug had been tugged. These days Linux has IBM support and Oracle support. If you allow for a choice of two desktops as a standard interface then Linux has that too. And the compatibility logo? One should certainly be part of the imminent Linux Standard Base 1.0 release...

Debian 2.0 went into beta.

Two years ago (June 24, 1999 LWN): SuSE's financial results through March 31, 1999 showed revenues just under $10 million with 130 employees. In comparison, Red Hat's recent SEC filing reported just under $11 million and 127 employees. The common perception that Red Hat was the biggest distributor was shattered. SuSE was just as big. Unfortunately, SuSE does not release its numbers, so there is no easy way to determine the relative sizes of the two companies now.

Eric Raymond spoke at Microsoft.

Matt Michie wrote an editorial titled "Microsoft and the Art of War." It's tries to predict how Microsoft might respond to Linux and free software in general.

Just when Microsoft thought that Unix was finally dead and buried, all these free *NIX clones spring into popularity over the Internet. Standard MS stratagems are enacted and FUD (Fear Uncertainty Doubt) was spread through their standard trade press channels....

Microsoft then moved on to the next phase. We're all now familiar with the so called Mindcraft Fiasco. ...

Microsoft seems to be moving backwards in that they are once again attempting to spread FUD. Are more benchmark tests coming?

Ten European industry leaders, including Linus Torvalds, raised concerns about software patents.

The GNU COBOL project was born after Rildo Pragana released the source code for an old COBOL compiler he had created for MSDOS. The project, now TinyCOBOL, is still working.

Bob Metcalfe predicted the death of Linux and "The Open Sores Movement".

Why do I think Linux won't kill Windows? Two reasons. The Open Source Movement's ideology is utopian balderdash. And Linux is 30-year-old technology. The Open Source Movement reminds me of communism. Richard Stallman's Marx rants about the evils of the profit motive and multinational corporations. Linus Torvalds' Lenin laughs about world domination.

This UserFriendly cartoon for June 10, 2001 proves that a good quote never dies.

One year ago (June 22, 2000 LWN):
Compaq's Jim Gettys announced the creation of Handhelds.org. Compaq continues to support the development of handheld devices. See this week's Commerce page. [Handheld]

The kernel hackers were busily trying to fix the 2.4 virtual memory subsystem. A year later...they're still trying...

The Direct Access File System (DAFS) was announced this week. DAFS Collaborative web site. The DAFS Collaborative just demonstrated its first prototype this week.

LynuxWorks released BlueCat Linux 2.0. Also released were OpenBSD 2.7, Immunix 6.2, and SuSE 7.1 beta 1.

Red Hat's first quarter results showed revenues of $16 million with a $2.5 million loss. One year later, revenue is up substantially, and the loss is gone.

Jesse Berst wrote:

Penguins throw down your arms. The Linux battle for the desktop is a fruitless waste of time....

Message to the Linux counterculture: Expecting consumers to abandon the de facto Windows standard to go to Linux is like asking them to return to DOS. It's not going to happen. But Linux can succeed if it does two things successfully: gets big (becomes a popular choice for large enterprises) and gets small (becomes embedded OS of choice for small devices).

These days Linux is a popular choice for large enterprises and popular in the embedded space too. The "battle for the desktop" doesn't seem quite so "fruitless" anymore either. It's no wonder Microsoft is nervous.

British Telecom claimed to own a patent on hyperlinks.

GnuCash 1.4 was released. Complaints about library dependencies were relatively rare that time around.

June 21, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

June 21, 2001

From:	 "nathan r. hruby" <nhruby@arches.uga.edu>
To:	 letters@lwn.net
Subject: Error About trove
Date:	 Thu, 14 Jun 2001 10:22:41 -0400 (EDT)

In the June 14th edition of LWN, on the "Linux History" page
(http://www.lwn.net/2001/0614/history.php3) you say:

> Trove has not caught on in the way Eric might have liked, with one big
> exception: SourceForge uses it. 

FreshmeatII now uses Trove as well for categorizing its entries.  

nathan hruby - nhruby@arches.uga.edu
computer support specialist
department of drama and theatre

From:	 "Robert A. Knop Jr." <rknop@pobox.com>
To:	 <letters@lwn.net>
Subject: GnuCash 1.6 & library dependencies
Date:	 Thu, 14 Jun 2001 06:59:35 -0700 (PDT)

I understand the frusturation that you must feel trying to get GnuCash
1.6.0 to work.  Fortunately for me, 1.4 serves my needs quite well, so I
will stick with that for the forseeable future-- which is almost certainly
when the next major revision of the distribution I use comes out.

I had a similar but smaller-scale problem several months ago when I was
trying to install lilypond on a mostly RH6.2-based system.  Lilypond
required a newer version of the guile library-- which was fine, except
that the dependencies in the RPMs were such that a couple of the *other*
programs on the system would *not* work with the new guile packages.  In
order to get the newer guile on my system, I ended up having to rebuild a
number of other RPMs from source RPMs, and keep my rebuilt ones around to
overwrite updates which I was automatically grabbing using scripts I'd
written myself.  I hate to think what would have happened if I was using
just a pre-canned update service, unless it had a way of letting me mark
which things were *not* to be updated.

When I upgraded to RedHat 7.1.  Then, at that point, installing lilypond
1.4 became simple.  (I think I did have to rebuild it from the SRPM, but I
didn't have to rebuild anything else, and the libraries with RH7.1 were

There are a couple of lessons in this.  The first is, if you wait a little
while, the major distributions will "catch up" with the newer libraries,
and things will settle down and start working.  The second is, when the
applications get "ahead" of the library installation for your system,
most users who don't want to spend the trouble should just stick with the
old version until their distribution catches up.

It would be nice if applications only depended on "longstanding"
versions of libraries (e.g. only Gnome 1.2, not Gnome 1.4).  However, free
software is chaotic, and that's one of its advantages.  There is nobody
keeping everything synchronized, and free software developers are
perfectly free to build things that depend on development versions of
libraries.  Most major applications tend to have *some* version packaged
to work immediately with major distributions, either by the maker of the
distribution, or by the writers of the application.  If a package for your
distribution isn't available from the application writers, often you find
it in the distribution itself, or in some add-on collection (such as
RedHat's Rawhide).  It may not be the latest and greatest version of the
application.  As long as we can wait the six months or so it takes a
distribution to move forward, and don't need to run the latest version of
(say) GnuCash within weeks of its release, things are not quite so dire as
all of that.

This might sound like fodder for Microsoftesque free-software bashing:
"You can't even run the latest version of applications without being a
system developer and capable of updating the libraries yourself!"  On the
other hand, compare the rate of release of typical free software packages
to the rate of release of typical closed-source commerical packages.  Free
software keeps pace very well in terms of users really being able to
use new version of things... it is just that the new version gets aired to
the public a whole lot sooner, as opposed to closed-source commercial
software where R&D departments sit on things waiting for the next release
of Windows.

-Rob Knop

From:	 Patrick Spinler <spinler.patrick@mayo.edu>
To:	 letters@lwn.net
Subject: An upcoming solution to Gnucash 1.6 dependancies
Date:	 Thu, 14 Jun 2001 10:03:55 -0500

If you don't want to wait until the next vendor release from your
distribution; The Gnucash core team plans a release of Gnucash 1.6 on CD
that will install all it's needed libraries into a private area, thus
allowing use of the new software without destroying your existing

No date has yet been set for this release, however we are told to expect
it "soon".

-- Pat

      This message does not represent the policies or positions
	     of the Mayo Foundation or its subsidiaries.
  Patrick Spinler			email:	Spinler.Patrick@Mayo.EDU
  Mayo Foundation			phone:	507/284-9485
From:	 "Tom Cato Amundsen" <tca@gnu.org>
To:	 letters@lwn.net
Subject: gnucash 1.6
Date:	 Thu, 14 Jun 2001 17:38:38 +0200

Gnucash is only hard to install if you run the wrong OS.
On debian unstable, I did

apt-get install gnucash

today, and all the correct libs are installed.
Tom Cato Amundsen <tca@gnu.org>
GNU Solfege - free eartraining, http://www.gnu.org/software/solfege/
From:	 John Goerzen <jgoerzen@complete.org>
To:	 letters@lwn.net
Subject: Gnucash 1.6.0 is here
Date:	 14 Jun 2001 10:32:18 -0500


Thank you for your article on Gnucash.  I maintain the package for
Debian, and wanted to let you know that Debian's sid distribution does
currently have all requisite packages for a Gnucash installation, and
Gnucash 1.6.0 .debs already have been uploaded to Debian and should be
installed in the archive soon.  People looking for an advance copy may
find them here:


You should be able to install that on any current sid machine and just
have it work.

John Goerzen <jgoerzen@complete.org>                       www.complete.org
Sr. Software Developer, Progeny Linux Systems, Inc.    www.progenylinux.com
#include <std_disclaimer.h>                     <jgoerzen@progenylinux.com>
From:	 Herbert Thoma <tma@iis.fhg.de>
To:	 letters@lwn.net, GnuCash <gnucash-devel@gnucash.org>
Subject: LWN gnucash article
Date:	 Thu, 14 Jun 2001 17:27:55 +0200


in your last front page you claim:
"As of this writing, there is probably not a single distribution which, out of
the box, provides that environment."

SuSE 7.2 comes with everything that is required for GnuCash 1.6.

(OK, I admit, SuSE 7.2 is out for no longer than 1 week ...)

I'm a (not too active) GnuCash developer. And in spite of your
article I still like LWN very much. But I do agree with the mail
Bill Gribble sent to Jonathan Corbet.

Herbert Thoma
FhG-IIS A, Studio Department
Am Weichselgarten 3, 91058 Erlangen, Germany
Phone: +49-9131-776-323
Fax:   +49-9131-776-399
email: tma@iis.fhg.de
www: http://www.iis.fhg.de/
From:	 dave mallery <dmallery@cia-g.com>
To:	 <letters@lwn.net>
Subject: dependency hell
Date:	 Thu, 14 Jun 2001 12:25:15 -0600 (MDT)


i have been using linux daily since about 1997 and saw my first computer
in about 1965.

the feature on gnucash fingers a really major problem.  a working linux
desktop is a beautiful thing, but the near impossibility of installing
anything major kills it neatly.

i just spent a week trying to get Corel Office  2000 to run on my r/h 7.1
machine.  the initial problem is that it needs glibc2.1 or 2.0, not the
2.2 that ships.  a backward compatibility problem.  just installing the
compatability rpm did not solve it.  the install script shipped with the
product does not work in this environment.  only a well hidden script
pointed to by an e-mail (many day latency) from support would work.
further problems showed up requiring another upgrade for libaps via an rpm
from their site.  at this point, it will 'run' but is highly unstable and
there are no more hints available.

i had come to rely on their wordperfect 8 for a few years.  too bad.  the
reason i don't just go to one of the free apps is that the fonts are few
and they won't read my many hundred wp8 files.  (i have not checked star

the big fear in the back of my mind is that as i make changes to my 7.1
install, i will either screw something up or unwittingly fork, making my
system 'un-upgradable'! i have the same fear with a system on which i
installed ximian.  once you diverge from the r/h installation (i subscribe
to krud), you may find yourself in un-charted seas.

i am a reasonably experienced user facing a wall of complexity.  this
could rapidly become an insurmountable problem and needs some clever
fixing at the system level.  i'd love to use gnucash.....



Dave Mallery
Ramah Cafe
3270 Hiway 53
PO Box 520
Ramah,  NM  87321

no gates
  no windows...

running GNU/Linux
free at last!

Linux is a trademark of Linus Torvalds

From:	 Joe Van Andel <vanandel@atd.ucar.edu>
To:	 letters@lwn.net
Subject: shared library hell and library version numbers
Date:	 Fri, 15 Jun 2001 12:01:03 -0600

The "gnucash 1.6 and the dependency nightmare" article didn't explain
that some library developers are contributing to the problem by *not*
changing the version number of libraries when incompatable changes are
made.  In theory, if application X uses shared library Y.1.2, it should
work with *any* version of library 1.1.2.  In practice, I find that two
different releases of Redhat (for example) may contain shared libraries
with the same version number, but incompatible contents.   

Clearly, if library developers "played by the rules", I could continue
to use application X with shared library Y.1.2 while using application
'Z' with shared library Y.1.3 .  That is, I wouldn't need to worry (as
much) about breaking existing applications when I upgrade shared
libraries if all library developers would consistently change the
library version suffix when incompatible changes were made.

There is some irony in the fact that Microsoft has been plagued by the
same issue with Dynamically Linked Libraries (DLLs).  One source of
instabililty in Microsoft Windows applications is that installing one
application can break existing applications, because the "new"
application installs its own version of DLLs that aren't compatible with
the DLLs needed by an existing application.  Microsoft's solution for
Windows 2000 is (so-called) "enhanced sharing" of DLLs.  Rather than
applications being allowed to over-write the system DLLs provided by
Microsoft, each application must install its own "private" copies of
DLLs, which are stored with the application, rather than in the
"shared", system directories.  As a result, at runtime, your system
might have 3 different verions of XYZ.dll loaded into memory.

As much as I dislike statically linking applications, unless library
developers do a more consistent job with shared library version
numbering, static linking may be necessary to improve application

Joe VanAndel  	          
National Center for Atmospheric Research
Internet: vanandel@ucar.edu
From:	 Ketil Malde <ketil@ii.uib.no>
To:	 letters@lwn.net
Subject: Executable stack and security
Date:	 14 Jun 2001 09:00:30 +0200

While one may argue that disabling execution of the stack doesn't
really fix the problem, I don't agree with labelling it "security
through obscurity".

STO is about maintaining security by hoping nobody finds out about
your weaknesses.   Non-exec stack makes exploits more difficult, it's 
making the weakness a bit less weak.

Calling this patch STO is, IMHO, a political statement, though
from LWN it's probably unintentional.  The real argument against it, I
think, is that those lazy, worthless bastards[*] maintaining libc and
other code may not bother to fix their buffer overruns any more. 


PS: Yeah, and cut the Desktop page some slack, will you?  LWN *needs*
desktop coverage, and I think it will sort itself out.  I guess
(looking at the survey) we're a bunch of dweebs who'd like more of the
hard tech stuff -- personally, I like the way the kernel page is done;
first the current news, then a more in-depth look at some technical
details.  How about some technical stuff about KParts, CORBA, XFree86
4, etc?

[*] Actually, I'm being ironic.  I think they'll continue to fix bugs,
regardless of stack executability.
If I haven't seen further, it is by standing in the footprints of giants
From:	 Eric Smith <eric@brouhaha.com>
To:	 letters@lwn.net
Subject: Non-executable segments are NOT an obscurity defense
Date:	 14 Jun 2001 21:39:41 -0000


In your 14-Jun-2001 issue, you write "non-executable segments is
arguably an obscurity defense, because attacks exploiting overflow
vulnerabilities that are stopped by non-executable segments can always
be re-worked to be "return into libc" style attacks that bypass the
non-executable segment by pointing directly at code in the code segment."

That's like saying that putting a lock on my front door is an "obscurity
defense" because an attacker can still pick the lock.  The failure to
solve 100% of the problem and eliminate related attacks does not make
it an "obscurity defense".

If I put a lock on my front door, but the lock was designed to open
without a key if someone whistles nearby, that *might* qualify as an 
"obscurity defense."

Note that obscurity isn't inherently bad.  It is *depending* on
obscurity of widely-distributed information that is bad, because you
can't expect that the attacker doesn't have the necessary obscure

Some amount of obscurity is almost always necessary for security.  For
instance, having a password is an "obscurity defense," because you're
counting on the attacker not knowing this obscure knowledge.  However,
a password is a very small bit of knowledge that is ideally only known
to one person.

On the other hand, if a password system in a widely distributed piece of
software had a fixed "back door" password coded into it, and we expected
no one to find that, it would be a blatant case of "obscurity defense",
because the knowledge could be (somewhat) easily obtained by anyone.

Eric Smith
From:	 Christian Hellon <xian@lisardcage.fsnet.co.uk>
To:	 letters@lwn.net
Subject: On the Desktop just hit the mark
Date:	 Thu, 14 Jun 2001 12:40:20 +0100 (GMT+01:00)

I've watched the furore over the On the Desktop section for the last few
weeks, and privately agreed with those who felt that the style wasn't really
in keeping with the rest of LWN. However, I decided to wait and see; it's
natural that an established author, accustomed to writing and achieving
success in his own style, would take a while to find the "groove" that
successfully combined that with the house style of the magazine he's just

It looks like I was right to wait a while before passing judgement. This
week's column is spot on, continuing the trend of the last couple of weeks. A
belated welcome to the team, Mr Hammel, and I look forward to reading On the
Desktop for a good few years to come.

the desk lisard is at reply@lisardcage.fsnet.co.uk

"i don't know why i'm crying, am i suspended in gaffa?"

Freeserve - get your free ISP service including web-mail at:

From:	 "Alex Bennee" <Alex_Bennee@hotmail.com>
To:	 lwn@lwn.net
Subject: On having plug in protocol stacks in the Linux Kernel
Date:	 Fri, 15 Jun 2001 10:38:42 +0100

Dear LWN,

I thought I would just point out why having this pluggable interface structure
would be useful. I'm in the process of trying to convince my development area
(we do embedded comms) to move from our existing RTOS's (where we suffer badly
from vendor lock-in) to a linux kernel. However as is common in the comms world
we do use 3rd party stacks to bring our time to market down. While the eventual
hope would be to move away from such expensive 3rd party stacks pragmatism must
be the order of the day. By the way the stacks we use are about 50/50 split
between pure source or binary only.

Of course anybody could "fork" the kernel or provide a patch for the standard
kernel to add in such a feature but it would be a bit more of a pain to manage.
Most proprietary OS's provide standard interfaces for 3rd party stacks to
plug-in.  I think the kernel will suffer in the embedded world if such
interfaces can't be kept in an open central way. I prefer a more pragmatic
approach which allows for proprietary plugins but is not dogmatic about avoiding
the possibility of non "free" software working with the kernel. Also I think
"crippling" a generic patch to only work with source-level linking is a rather
pointless exercise.



From:	 "Robert A. Knop Jr." <rknop@panisse.lbl.gov>
To:	 <letters@lwn.net>
Subject: FUD "forking" resopnse
Date:	 Fri, 15 Jun 2001 14:00:07 -0700 (PDT)

A common piece of FUD about Linux and free software is that because it's
not controlled by any one central authority, it may (and will and indeed
been known in the past to) fork, causing confusion and balkanization for
its users.  The plethora of Linux distributions available is often cited
as an example; it is difficult for anybody to support Linux, the argument
goes, because you don't know exactly which flavor of Linux your users are

One might make the analogy to news sources.  Go to the supermarket and
look around.  You are likely to find a number of different mainstream news
sources: Time, Newsweek, the local newspaper, etc.  You will also find the
National Enquirer, the Weekly World News, and other, er, less mainstream
sources of news.  Freedom of the Press means that anybody who wants to and
can afford to can put out a newspaper.  But, horrors!  Without a central
authority controlling the news that gets to individuals, how are we to
know which news source to listen to?  How are we to make heads or tails
out of the reports in certain "news" sources that seem to contradict
everything in other news sources?

Obviously, this isn't a problem; indeed most people in the USA recognize
that freedom of the press is one of the most important foundations of our
society.  Some people believe the Weekly World News, but most people
recognize it as a source of entertainment.  Based on track record, we
learn which news sources to trust.  What's more, each individual can
figure out for himself which news source is the one that is best for him.
The plethora of distributions, the "forking" of news sources isn't a
problem, it's an opportunity.  And, of course, the only way to "cure" this
"forking" would be to elimiate freedom of the press.

The analogies to free software are clear.  There are lots of
distributions; there are only a few major distributions.  People will pick
the ones that work best for them.  If code forks, people at large will
figure out, and the information will get out, as to which branch(es) of
the code are the ones to trust, and are the ones to pay attention to.
It's just not a problem, any more than having lots of fun newspapers in
the checkout line at the supermarket is a problem.

-Rob Knop

From:	 "Richard Corfield" <rjc1008@hotmail.com>
To:	 letters@lwn.net
Subject: MS documents about Linux
Date:	 Mon, 18 Jun 2001 10:51:53 -0000

I must admit, as a cancer patient, that I see nothing in common between 
Linux and cancer.

I remember one thing I was told in my graduate training for a well known 
large computer company. You should never blatantly attack the competition as 
Microsoft are doing now. You can sell the benefits of your product, but to 
just insult the competition is seen as highly unprofessional and just gives 
a bad image. Hopefuly people are seeing through Microsoft's "in the 
interests of America" approach and seeing these attacks for what they are.

The text of the "Linux in retail" document is laughable. Here it resulted in 
explosions of giggles. I wonder sometimes if someone could write a similar 
document about Microsoft, but the argument about "being professional" comes 
in, so perhaps better not. I imagine also that Microsoft's laywers would 
have a field day with it.

Microsoft are sounding like the baby throwing the rattle out of the pram 
because it can't get what it wants. Lets hope that is how the computing 
public will see these blind attacks and think about discovering for 
themselves the real differences between Microsoft and Linux.

- Richard

If Linux is cancer, then I suppose Windows is like chemotherapy. I'm finding 
that chemo has the nastier side-effects. Now who wants chemo for something 
non-malignant like Linux?

From:	 Anders Holtsberg <anders.holtsberg@decuma.com>
To:	 lwn@lwn.net
Subject: About your article.
Date:	 Wed, 20 Jun 2001 12:53:34 +0200

In the article  
you cite a Microsoft document:

  Imagine how confusing it would be if Microsoft
  released 188 versions of Windows and multiple
  versions of the GUI, each with a slightly different
  functionality? Wouldn't that be confusing? Wouldn't
  it be extremely difficult to run an enterprise solution
  with confidence about your future and return on
  investment in Microsoft products? That is the exact
  scenario that Linux is presently in by having so
  many distributions. 

Your answer was:

  You read it here: choice is bad. 

I have another answer: What about Microsoft's number of versions?
We run a network where we develop stuff for the chinese market.
We have for example one machine with chinese Win2000. Does it
work? No. Our company standard swedish MS-Word won't even run
on it because it generates internal temporary file names with
swedish characters in them and the chinese Win2000 refuses to 
accept it. Result: Microsoft Win2000 programs don't work on
Microsoft Win2000 operating system. If Microsoft claims they 
cause no problems since they don't produce a bewildering number
of different operating system versions, then they are lying. 

Anders Holtsberg

ps. by the way: in the project I am heading we use Linux, Bash,
Noweb, GCC, Icon, Gawk and Octave as core tools as well as 
Windows and Visual C++.

   Anders Holtsberg                  Decuma AB
   tel +46 709 596305                Ideon Växthuset
   anders.holtsberg@decuma.se        S-223 70 Lund, Sweden
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds