[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

A challenge for the free software community. One frequently-heard criticism of free software is that it lacks innovation. According to this claim, the free software development process can do well at reimplementing others' good ideas, but is not able to produce those good ideas itself. Free software advocates dismiss that criticism with plenty of counterexamples. But it still hurts a bit sometimes. There is currently an opportunity, however, for the community to show what it can do. A challenge which should be accepted if we want to remain in control of our computing future.

That challenge, of course, is Microsoft's ".NET" initiative, and the HailStorm component in particular. HailStorm is Microsoft's bid to be the intermediary in authentication and business transactions across the net. If the company has its way, everybody will have a Microsoft "Passport," which will be required to be visible on the net. The protocols behind this system will be "open" (based on standards like XML and SOAP), but Microsoft will hold the copyrights and decide what is acceptable.

It is interesting to note that these protocols have been explicitly designed to be independent of little details like which operating system you're running. Microsoft is saying, essentially, that, at this level of play, who owns the desktop is no longer important. Linux could yet conquer the desktop, but lose the net.

Scattered responses have been seen across the community, including .NET implementations, talk of a free C# compiler, or a "dotGNU" framework. But these are catching-up actions. There is little new there; it is more an effort to keep up with what Microsoft is doing. That approach should be seen as a serious mistake. It is time for the free software community to take the lead.

Doing so will require the presentation of an alternative proposal. What is needed is a compelling vision of how we will deal with each other on the net of the future. The community needs to design a framework which handles tasks like authentication and transactions, but which meets a number of goals that may not be high on Microsoft's agenda:

  • The full set of protocols which implement this framework must be open, with an open development and extension process.

  • No one company or institution should be indispensable to the operation of the framework. No company or institution should be able to dictate the terms under which anybody may participate in life on the net.

  • Security and privacy must be central to the framework's design. All security protocols must be open and heavily reviewed.

  • The framework must bring the net toward its potential as the ultimate communication channel between people worldwide, and it must allow the creation of amazing new services and resources that we can not yet imagine.

The success of the Internet is due to a great many things, but one aspect, in particular, was crucial: nobody's permission is required to place a new service or protocol in service on the net. Where would we be now if Tim Berners-Lee had been required to clear the World-Wide Web through a Microsoft-controlled standards process - and let Microsoft copyright the protocols too? Any vision of the net of the future must include the same openness to be acceptable.

The free software community could generate that vision, but it is going to have to set itself to the task in a hurry. It is also, for better or for worse, going to need some serious corporate involvement. Companies are needed to help fund the development of a new set of network standards, make sure they meet corporate needs, and, frankly, to insure that it is all taken seriously. There should be no shortage of companies with an interest in a net that is nobody's proprietary platform. It is time for them to step up and help with the creation of a better alternative.

The community needs to act here. Playing a catch-up role in the design of the net of the future is no way to assure freedom, or even a whole lot of fun. Large-scale architectural design is hard to do in the free development mode, but we need to figure out how to do it well. Either that, or accept the criticism that we can't really innovate.

The Linux Standard Base, version 1.0, is out. The release happened with surprisingly little fanfare (none, actually) on June 29. We have since gotten an announcement of sorts from the Free Standards Group's Scott McNeil, but the group was clearly more focused on the work itself than publicity.

This is, regardless, an important moment. The Linux Standard Base project was conceived in early 1998, with the proposal and call for participation coming out of a Linux Expo BOF at the end of May. Some of the conceptual roots, however, had some out a little earlier when Bruce Perens proposed a new Linux distribution which shared a number of goals with the LSB - in particular, an open, non-commercial reference implementation of the system known as Linux.

The LSB was endorsed at the May 30, 1998 Linux International meeting. Its goals included:

Rather than require uniformity among distributions, it will define only what is required to boot a system and run an application. The goal will be to build a reference platform quickly, within a two month time-frame, that will be open-source and available to the community. After that, work will begin on a paper standard, estimated to take approximately two years.

Those were optimistic times, of course; in reality, things didn't happen so quickly. Under Bruce Perens' leadership the project got off to a bit of a rocky start, with some serious differences of opinion over priorities - not everybody agreed with Bruce's desire to start with a reference implementation. Bruce's tenure as the leader of the LSB was relatively short, but the project seemed to languish for much longer. It is only in the last year that it appears to have gotten serious and finished out the task.

Appearances do not tell the entire story, however. The LSB is a complicated specification, and much of the necessary background work was not immediately visible to outsiders. Other parts of the LSB, such as the Filesystem Hierarchy Standard (FHS), have been available for a long time and have already influenced the development of most distributions. The LSB may have taken longer than desired, unlike most other software projects, but the delays do not indicate a lack of effort or interest.

The real purpose of the LSB was, and is, this: to allow the packaging of an application such that it would be installable on any compliant distribution. The vast number of Linux distributions is a great wealth for the user community, but it does present challenges for application vendors. The LSB should make it possible for vendors to support all compliant distributions with a single package. Application vendors like that sort of thing.

To achieve this goal, the LSB describes many facilities which must be provided by compliant systems. These include specific library versions and commands, as well as filesystem layouts. In places, it has been necessary to work around entrenched differences between distributions. Thus, for example, there is no defined location for system initialization scripts; instead, a command install_initd which will put a script in the right place must be available.

The LSB also envisions a larger role for the Linux Assigned Names and Numbers Authority (LANANA); until now, LANANA has essentially been H. Peter Anvin's work maintaining the device number list. The makeup and governance of LANANA is not clearly laid out. If it is going to take on other tasks (such as registering names of init scripts), its operation should probably be clarified before it has to take on a contentious decision.

The key to the success of the LSB, of course, is the degree to which the distributors move their products into compliance. The signs here are good; much of the effort behind the LSB has been put in by the distributors in the first place. Most distributions are not all that far away from compliance, mainly thanks to the longer-term effect of the FHS. LSB-compliant distributions should be available in the near future.

There has been a bit of grumbling from some Debian developers, mostly over the fact that the LSB specifies the RPM package format as the standard for application distribution. Debian, of course, does not use RPM. Complaints, however, are both late and unfounded. The decision to go with RPM was made back at the beginning, over three years ago. It does not require compliant systems to use RPM as their native package format; it is sufficient that RPM-packaged, LSB-compliant applications be installable. And, in this context, "RPM" does not mean the moving target that is Red Hat's current format; it is, instead, specified as a subset of the older, version 3 format as documented in Maximum RPM. The Debian alien tool should be more than up to the task.

The full, formal rollout will happen at LinuxWorld this August. Between now and then, the LSB crew will be working to get the test suite and sample implementation in shape. No doubt there will be press conferences and photo opportunities as the commercial Linux world shows its unity behind this important standard. But the standard itself is available now. Strong congratulations are in order for all who have worked on the LSB for the last three years.

This LWN.net weekly edition is one day early and, perhaps, a bit thin in spots due to the July 4 holiday in the U.S. and staff vacations. We'll be back to our regular publishing schedule next week.

Inside this LWN.net weekly edition:

  • Security: Linux security module status; PHP traps.
  • Kernel: Silencing boot-time messages; JFS 1.0; concerns about ACPI.
  • Distributions: BlueLinux, Linux from Spain, and Slackware turns 8 (point 0).
  • On the Desktop: Spell checker dictionaries, front and backends, and multiple units.
  • Development: Cross-language development, Alsa 0.9.0b5, omniORB, Powertweak 0.99.1, Perl CGI, Scheme FAQ.
  • Commerce: Linux Applications Increase More Than 30 Percent; Toshiba Picks Hard Hat Linux.
  • History: Red Hat ships ApplixWare; 2nd ALS announced; Packet Storm taken off-line.
  • Letters: Caldera's licensing; MP3 can't carry viruses?
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

July 4, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

Report from the USENIX security module BOF. The Linux Security Module project got its start at the Kernel Hackers' Summit back in March; there, Linus Torvalds said that he wanted to see a single, well-defined interface for the addition of enhanced security mechanisms to the Linux kernel. Numerous security hackers have been working on this interface since then; a fair amount of real code has been produced.

The security module group met in person, perhaps for the first time, at a BOF session at the USENIX technical conference in Boston. Thanks to Emily Ratliff, we have a summary of what happened there. It is an interesting view into the future of enhanced Linux security.

For example: should security-related modules be allowed to implement policy that is more permissive than what the system would do normally? The conclusion at the BOF seems to have been that security modules should only have veto power. This decision restricts the scope of the security policies that can be implemented, but it also makes it easier to have confidence in the security of the resulting system. When security modules can open new doors, they can also open new holes; disallowing this capability for now will make it easier to get a secure framework in place soon.

There still hasn't been a decision on whether the Linux capability mechanism should be split out and implemented as a security module. Capabilities are currently wired deeply into the kernel and would take some work to extract. Implementing them as a security module would increase flexibility, however, and provide a heavily-used demonstration of the security module interface.

Should security decisions relative to files be made based on the pathname of the file, or on its inode? Different projects have made different decisions in this regard, and the security module structure currently supports both modes. Some fear that this implementation may be seen as an excessive duplication of functionality.

Finally, should the security module implementation be submitted for inclusion in 2.5, once that series opens up? Probably not, as it turns out. There's a number of issues still needing to be worked out, including basic things like the locking requirements for security hooks. It would be a good idea, however, to get this patch into 2.5 relatively early. It will need a great deal of testing and review before it is ready for a stable release.

A study in scarlet. Shaun Clowes has posted the text of a presentation of his entitled A Study In Scarlet; it covers a long list of security traps in the PHP programming language. PHP provides a great deal of functionality and makes life easy for the programmer, but it also makes it easy to open up security holes on the system. Anybody who writes PHP code for the net should probably have a look at this text, followed by a long look at the code.

Another IPFilter license change. The difficulties with the licensing of the BSD IPFilter package were covered in the May 24 LWN weekly edition. Now, according to the OpenBSD Journal, the license has changed again. The new license allows modification and redistribution, and thus appears to be a free software license. It resembles the BSD license, with one exception: it explicitly disallows placing the code under the GPL.

Security Reports

User input validation error in GNATS. Joost Pol found a problem in the GNATS bug tracking system; a properly-constructed URL passed to the help system can result in the reading of any (accessible to GNATS) file on the system. See this advisory for details and upgrade information.

PHP 4.0.5 vulnerabilities. Joost Pol has reported a couple of vulnerabilities in PHP 4.0.5. Both of them require that the attacker be able to load PHP scripts on the target machine. The first involves a new argument to the mail() function, which can be used to execute commands on the server. The second is a violation of the "safe mode" policy which can expose unwanted files to the net. No fix is available at this time.

web scripts. The following web scripts were reported to contain vulnerabilities:

  • Shaun Clowes has reported remote command execution vulnerabilities in a number of PHP-based tools: phpMyAdmin through 2.1.0 (and, by extension, phpPgAdmin up to 2.3); phpSecurePages through 2.4beta; and SquirrelMail prior to 1.0.5.


Samba buffer overflow See the June 28 LWN security page for the initial report on the Samba macro vulnerability.

Previous updates:

scotty (ntping) buffer overflow See the June 28 LWN security page for the initial report of this buffer overflow problem with scotty.

xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging. Since then, more extensive problems have been found in string handling in xinetd, and the current round of updates addresses them.

This week's updates:

Previous updates:

Zope Zclass security update. Check the May 3rd LWN Security Summary for the original report. Sites running Zope should upgrade as soon as possible.

This week's updates:

Previous updates:


Upcoming Security Events.
Date Event Location
July 11 - 12, 2001Black Hat Briefings USA '01Las Vegas, Nevada, USA.
July 17, 2001The Open Group Security Forum briefingAustin, Texas
August 6 - 10, 2001CERT Conference 2001Omaha, NE, USA.
August 7, 2001CIBC World Markets First Annual Security & Privacy ConferenceNew York, NY, USA.
August 13 - 17, 200110th USENIX Security Symposium 2001 ConferenceWashington, D.C.
August 13 - 17, 2001HAL2001Enschede, The Netherlands

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet

July 4, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is 2.4.6, which came out just as this page was going to "press." The changelog shows no additions after 2.4.6pre9, which appears to have been stable for most, if not all users.

Alan Cox, meanwhile, is up to 2.4.5ac24.

Now that 2.4.6 is out, 2.5.0 release in the near future would not be all that surprising.

Quieting the kernel. It all started with a small patch to the journaling flash filesystem (JFFS) code which caused the following to be printed at system boot:

    Portions (C) 2000, 2001 Red Hat, Inc.
Also included was a rather pointed comment directed at a competing company which, it is alleged, had taken liberties with the code in the past. Linus, as is occasionally his wont, decided that it was time to draw a line; he turned down the patch saying that he doesn't like printed copyright messages.

You're allowed to remove offensive printk's, that's not a copyright notice in Linux, that's just a big ugly bother. The copyright notice is that big comment at the top of the file.

Later he took the argument further, saying that these sorts of messages should be removed from the kernel:

So let's simply disallow versions, author information, and "good status" messages, ok? For stuff that is useful for debugging (but that the driver doesn't _know_ is needed), use KERN_DEBUG, so that it doesn't actually end up printed on the screen normally.

Authors willing to start sending me patches?

At that point the developers got into a full discussion on the utility of these sorts of messages. Those who want them removed, Linus in particular, cite the following arguments:

  • There is no useful information content in these messages; instead, they are a distraction when something goes wrong and real information is needed.

  • Excessive boot-time messages inspire distributors to turn off messages entirely, including ones that really are needed to debug problems.

  • Large numbers of printk() calls bloat the kernel to no useful end.
Quite a few people want to retain the messages however, even though they do acknowledge that they sometimes go overboard. Their reasoning is:
  • Routine boot-time messages are a useful debugging tool. Developers who are trying to track down problems routinely ask for a copy of the output from dmesg, or, for more severe problems, "the last thing it prints before it dies."

  • Having one's name in a boot-time message is a form of advertising that is an important compensation for free software development work.

  • Some argue that a printed message is a legal copyright notice that can not be removed without infringing that copyright.

Just to show that things don't always go Linus's way: he actually backed down, mostly in the face of the debugging argument. So the messages probably will not go away entirely, but they may well become harder to see. The most likely outcome is that driver success messages will be dropped to the KERN_DEBUG logging level, meaning that they will not normally be visible on the console or in the log files. (There is also talk of a separate logging level for these messages, but that seems unnecessary). When the messages are needed, they can be recovered with dmesg, or, for boot failures, by booting with the "debug" option.

JFS 1.0 released. IBM has announced the 1.0 release of its Journaled File System (JFS). JFS provides the obligatory journaling capability, of course; it also includes a number of scalability features. The extent-based allocation scheme is set up for the efficient handling of large files, and the data structures are "designed to scale beyond practical limit."

Another important feature of JFS is that it requires no changes to the rest of the kernel to install. In this regard, it differs from SGI's XFS, which requires patches to the mainline kernel code. As a result, JFS stands a better chance of being integrated into the 2.4 kernel series than XFS. In the 2.5 series, however, all journaling filesystems are likely to see large changes as the result of memory management changes and the possible implementation of a more general journaling layer.

(See also: Steve Best's overview of JFS on the IBM developerWorks site).

Concerns about ACPI. The Advanced Configuration and Power Interface is the industry's current answer to power management. It is supposed to fix all of the problems with the older APM specification, and provide a great many new features as well. And, in fact, ACPI does promise some nice things. Kernel hackers have always been a bit concerned about ACPI, however, and the level of that concern seems to be rising as the implementation (led by Intel's Andy Grover) increases in functionality.

The concern arises from the complexity of both the ACPI specification and its implementation. There is no doubt that the specification is intense - it is available from the ACPI web site as a 450-page PDF file. The real problem, however, is not the size of the specification itself, but in the way it expects to handle device control.

The ACPI specification defines a language called AML ("ACPI Machine Language"), and an (allegedly) human-readable version called ASL ("ACPI Source Language"). An example from the specification:

Device(EC0) {
    Method(_REG,2) {
        If (Lequal(Arg0, 3)) {
            Store(Arg1, REGC)
    Method(ECAV,0) {
        If (Lequal(REGC,Ones)) {
            If (LgreaterEqual(_REV,2)) {
            Else {

Think of it as a sort of verbose C++ subset with lots of capital letters and no semicolons and that's probably all you really need to know.

BIOS writers are supposed to provide AML code (with the motherboard BIOS or the device itself) which helps each device implement parts of the ACPI specification. Systems implementing ACPI are required to run this code in a privileged mode when required. In other words, to implement ACPI, the Linux kernel must:

  • Run arbitrary, binary-only code from outsiders...
  • ...which implements a huge, complex specification...
  • ...in kernel mode...
  • ...with a bulky interpreter (built into the kernel)...
  • ...hoping that there are no bugs or misfeatures in this code...
  • ...even though BIOS code has been the source of endless headaches for years.
Once you look at it that way, it's not too surprising that people are wondering about the whole thing. As Alan Cox put it:

The fact that it takes more code to parse and interpret ACPI than it does to route traffic on the internet backbones should be a hint something is badly wrong either in ACPI the spec, ACPI the implementation or both

Beyond standard-variety bugs, ACPI code could be a point of entry for surveillance software, "content management" code, and no end of other, malign functions. And it all runs in kernel mode with full access to the system. People don't trust it, and with good reason.

Given all that, one could find it tempting to do without ACPI altogether, and that is what most Linux systems do now. Systems are starting to appear, however, which do not implement the old APM standard, meaning that ACPI must be used for power management tasks. And power management is important; anybody running a large server farm in California would certainly be pleased with better control over power consumption.

More importantly, however, ACPI is also becoming the means for hardware discovery and configuration in general. There will likely come a time, before too long, when an understanding of ACPI will be necessary simply to get a system up and running, even if power management is of no concern. Itanium systems, already, can not run without ACPI. Ignoring ACPI is not an option.

All of this has led some hackers to propose a new approach to ACPI. Instead of implementing the whole specification, interpreter and all, why not put together a minimal subsystem which extracts the needed information from the ACPI tables and ignores the rest? There would be some work involved in this approach; there would certainly be AML control routines which would have to be disassembled and reimplemented. But the result could be a simpler, smaller system that does not need to run external, binary code in order to function.

Of course, the ACPI team, which has put years of effort into the current implementation, sees things a little differently. To them, the full ACPI interpreter is the proper way to deal with changes in the hardware industry, and the concerns being raised are overblown. ACPI detractors should, they say, at least demonstrate some real problems before throwing away that much work.

It may take years to resolve how Linux will deal with ACPI in any definitive way. The possibility of a dual implementation, where both the minimal and the complete ACPI subsystems are available, is real.

Other patches and updates released this week include:

  • Patrick Mochel has posted a document describing how the new PCI power management interface works.

  • The Linux Test Project has announced a new release which includes quite a few new tests.

  • Jeff Merkey has asked Alan Cox to take over the Netware filesystem code. In a very Merkey-like message, he describes the dissolution of the Timpanogas Research Group and the threats he feels he is facing.

  • Ben LaHaise has released a patch implementing 64-bit block sizes. Included is a demonstration of a 7TB filesystem running with this code.

  • Daniel Phillips has a new early flush patch (see last week's kernel page) which adds continuous bandwidth estimation to the mix.

  • A new hotplug CPU patch has been posted by Rusty Russell.

  • ALSA 0.9.0beta5 is out. This release includes a fair amount of new functionality. The final 0.9.0 release will happen sometime in July "if nothing happens."

Section Editor: Jonathan Corbet

July 4, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Slackware 8.0. The latest edition of Slackware, Slackware 8.0, has been officially released. This is a major upgrade, affecting almost all the packages in the distribution. It includes KDE 2.1.2 (with Qt 2.3.1), GNOME 1.4, ReiserFS, kernel support for XFree86 4.1.0 DRI, Linux kernels 2.2.19 and 2.4.5, glibc 2.2.3, and all the usual utilities. Additions include ProFTPD, OpenSSH and OpenSSL, mod_ssl and mod_php, and full support for the 2.4 kernel series.

The Slackware team also opened a new online store.

Playstation 2 Linux kit based on Kondara MNU/Linux. As reported in last week's Distributions page, the PS2 Linux Kit is being based on Kondara MNU/Linux. We now have word that a web site has gone up for this kit, but the site is in Japanese currently. The only English text says that the kit is targeted for the Japanese market only with no plans for overseas distribution at this time. For the hardcore types, a dump of dmesg from a boot of this system is also available. (Thanks to t-nakata)

New Distributions

New secure distribution in planning stages: Blue Linux. A call for participation in a new secure Linux distribution was sent to LWN.net this week. The new distribution appears to be called Blue Linux.

Linux Esware. A distribution coming out of Spain, Linux Esware arrived on the Linux scene this past week. Offerings include both server and workstation versions, a 2.4.3 kernel, and an option for XFree86 4.0.2 (3.3.6 comes standard).

Mindi Linux. A Mindi Linux update to version 0.26 showed up on Freshmeat this past week. Mindi Linux is a utility to build a distribution from your existing system. New to this release are the ability to generate 2.88MB El Torito bootable floppy images and CD-R(W) images, as well as the usual 1.72MB floppy disk sets. Distribution specific name and kernel versions are also now included in Mindi's boot-up message.

MSC.Linux May 2001. The initial release of MSC.Linux was made to Freshmeat this past week. This new distribution appears targeted at high performance desktops. According to the announcement, MSC.Linux is "a lean distribution delivering all the required pieces to support extreme performance computing. This delivery includes Linux kernel and extensions, office productivity tools, engineering tools, Beowulf tools, and engineering desktop. These components will support the common desktop environments, based on the open source desktops, such as KDE or GNOME. Technical support is also available.

Distribution News

SuSE Linux. SuSE Linux announced a their new SuSE Linux Firewall on CD. "Instead of being installed on the hard disk, SuSE Linux Firewall is so-called a live system that enables the operating system to be booted directly from a read-only CD-ROM. Since it is impossible to manipulate the firewall software on CD-ROM, the live system constitutes a security gain. The configuration files for the firewall, such as the ipchains packet filter settings, are placed on a write-protected configuration floppy."

At about the same time, the company posted their 7.2 distribution to their FTP and mirror sites for download.

Linux Online interviewed SuSE Vice President for Marketing Heiner Maasjost. "Home and small business users will find everything they'd expect in a desktop system - without having to pay the big license fees. You get software such as Netscape Navigator for Web-browsing; Acrobat Reader for reading and printing .pdf files; StarOffice for word processing and other familiar office tasks; the sophisticated computer graphics program GIMP; and e-mail and organizer tools."

Debian. The Debian project announced this week that the official freeze on the Woody branch has begun. The freeze will be comprised of a four part process, starting with a freeze to policy, followed by freezes to the base system, standard installs, and finally the remainder of the Debian packages.

The upcoming week will also be a busy one for the Debian Project, with four exhibitions and conferences taking place in France, the United Kingdom, Germany and Mexico. Look for the Debian Project at Debian One (France), UK Linux Expo 2001, LinuxTag 2001 (Germany) and CompuVenta 2001 Mexico.

In their Weekly News summary the Debian project noted discussion on a Debian-BSD project has picked up yet again. This project has never gotten past the chat stage in the past, however. A pointer to using GCC3.0 with Debian was also provided.

Mandrake. The latest issue of Mandrake Cooker Weekly News was posted on Monday. Discussions included a new tool for Mandrake Control Center called logdrake, the new XFCE 3.8.3, and a look at NetHack, one of the oldest games available for Linux.

Also in the news this week for Mandrake was the announcement that the new Mozilla 0.9.2 release was available in RPM format from the Cooker mirrors.

Trustix Secure Linux 1.5 release candidate. Trustix has posted news of the first release candidate for the Trustix Secure Linux 1.5 distribution.

Minor Distribution updates

ROCK Linux. The ROCK Linux team announced that they will be at the upcoming LinuxTag conference, July 5-8, 2001 in Stuttgart, Germany. The team will be demonstrating ROCK Linux running on a Compaq AlphaServer DS20, thanks to the assistance of Compaq Germany.

Redmond Linux build 35. A new build of Redmond Linux was released this past week. Updates include a new Linux kernel (2.4.5-ac13), Mozilla 0.9.1, XFree86 4.1.0 and updated Glide libraries.

Vine Linux. Version 2.0 for the PowerPC of the Vine Linux distribution was announced this past week. The Japanese site provides more detailed information.

Distribution Reviews

Review: Trustix XSentry Firewall 1.5 (Duke of URL). The Duke of URL reviewed the Trustix XSentry Firewall distribution this past week. "I have to give kudos to Trustix for including excellent documentation. They have gone to great lengths to make sure you can easily configure your system and have everything you need at your finger tips. The documentation resides on the CD in a PDF file, which I had open in Acrobat Reader on the client system."

Section Editor: Liz Coolbaugh

July 4, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

Spell Checkers and Dictionaries
Gaspell - GNOME interface to aspell
(Click for larger image)
Last week we looked at a list of office suites available for Linux both in open source and proprietary formats. We required a word processor to be included (along with a spreadsheet) in order to include a product as an office suite. While each word processor has its own spell checking and thesaurus features (or perhaps not), not all Linux users prefer the safe confines of GUI-based editing. Many of us prefer the less glamorous and visually abominable terminal-based editing tools such as Emacs and vi. For those people who work primarily in text based editing, the need to spell check is just as important.

Spell checking on Linux is always tied to a dictionary of one form or another. The dictionaries are provided either locally or across the network at remote servers. Many spell checkers are actually back end tools that communicate with dictionary databases, often using high level GUI-based front ends or simple command line interfaces.


dict. This natural language client/server dictionary protocol specification, also known as RFC2229, has been implemented in a variety of programming languages, ranging from C to Rebol, and on a number of platforms. Servers provide dictionary look up mechanisms while client tools (either as backends or directly from front ends) make requests.

A complete list of freely available databases (see middle to bottom of link page) is available, with some already converted to dict format. The list includes Webster's Revised Unabridged 1913 Dictionary, Eric Raymond's The Jargon File, the Dictionary of Technical Terms for Aerospace Use, and The U.S. Gazetteer (1990) census bureau information.

Internet Dictionary Project. One of the projects that supports the dict protocol is the Internet Dictionary Project. This is a royalty-free language translation project.


ispell. The grand daddy of spell checkers for Unix systems was known simply as spell. This was a useful tool for English speakers but lacked international support. Ispell, which also began life as spell but was changed in 1974 (or possibly 1978), supports multiple language dictionaries. Ispell contains direct support for files formatted using LaTeX, nroff and troff. Since neither spell nor ispell is particularly user friendly they tend to be used with simple front end tools such as the popular ispell.el Emacs module. Unfortunately, documentation on using ispell under emacs is rather limited, unless you like reading source code.

Note that the generic spell command found on Linux systems today is actually a wrapper around the GNU ispell command using the -l command line option.

aspell. Aspell is the expected replacement for ispell, providing both multiple language support and better word replacement algorithms. There are a large number of language-specific dictionaries available for use with aspell. While aspell provides better replacement suggestions, it doesn't support editing nroff formatted files. Like ispell, aspell itself isn't particularly user friendly. In fact, Aspell isn't intended to be used directly, even as an API. The developers of this spell checker recommend the use of pspell as the API instead.

pspell. Intended as a generic interface to spell checkers, pspell is now used in some of the more popular editing packages available for Linux, including Balsa, Lyx, Mozilla, and AbiWord. This package is not an end user tool, however. It is a library of functions linked into other programs. Those other programs provide the front ends to the spell checking system. Think of pspell as one of the only middlemen in the spell checking market.

KSpell. Another programming interface, KSpell provides functions for accessing a backend dictionary. The default backend for KSpell is ispell. KSpell is already in use in a number of base KDE applications including KMail, KEdit, and KWrite.


GDict - GNOME interface to dict
(Click for larger image)
gaspell. GNOME has a couple of dictionary front ends including this one, gaspell. Based on GTK+, this is an easy to use interface that displays the document under inspection and allows you to navigate at will to select words to examine. Because it is built upon pspell/aspell, it can provide suggestions to unknown words and do dictionary lookups on those suggestions. Gaspell also supports local dictionaries for commonly used local terms.

gidic. This GTK+ based tool provides a front end to the Internet Dictionary database.

Ding. Ding is a Tk based front end to multiple dictionaries, including both dict and ispell dictionaries. It provides English to German to English translations and even includes a thesaurus lookup utility.

KDict. Possibly the most sophisticated of the spell checker tools is KDict. The interface supports Unicode displays for language translations of words and selection of multiple databases for lookups. Unfortunately the provided Red Hat 7 RPMs don't seem to work, but the source seems to build easily enough.

WordInspector. Another GTK+ entry, this one uses a dict backend dictionary for its lookups. Features are limited to searching for the word entered in a dialog box or having the program use the highlighted text from the X Clipboard.

Emacs/XEmacs. This is a slightly more powerful Emacs front end than ispell.el or flyspell.el. It connects to a dict-based backend dictionary. The module provides hypertext lookups on text within a previous lookup which makes nested searches fairly straightforward. It also provides for backwards navigation of the nested searches. Even better - this package provides some real documentation on how to use it (though you still need to be familiar with Emacs before you attempt it).

gdict. (Web site may not work) Gdict is the GNOME interface, written in C using the GTK+ widget set, to the MIT dictionary server. It simply contacts the server with the request and returns the definition. Originally included with GNOME 1.2, you can now download it with the larger gnome-utils package.

flyspell.el. Like its ispell.el cousin, flyspell.el is an Emacs front end to the ispell spell checker. Flyspell works on the fly, however, providing recommendations to misspelled and unknown words as you type. The ispell.el version, on the other hand, requires a manual pass over the document to search for and update spelling problems.


QTrans. This tool is a translator based on KDE and the Windows-based (and commercial) Babylon dictionaries. You need to download the dictionaries before you can use the software, of course, but the dictionaries can currently be downloaded for free.

User choice

The trick to finding a spell checker (or dictionary tool) is to decide whether you need a simple dictionary lookup used manually or if you need some form of dictionary and spell check feature added to your application. A number of these tools can be launched from a script and use the highlighted text from the X clipboard (for example, highlighting text in Netscape). Others are more interactive in nature, such as gaspell. Like most things in Linux, its a matter of user choice, and needs.

It might interest readers to note that LWN.net uses emacs together with flyspell and ispell modes to edit the weekly pages. Unfortunately, in a world dominated by acronyms and creative code names, we still manage to let a few bad spellings slip by.

KIllustrator author fined by Adobe (Heise Online). Adobe has set lawyers in Germany against the author of KIllustrator (German language news). According to the Babelfish translation (which is exceptionally poor) it appears that Adobe never contacted the author about changing the name of the program prior to sending lawyers after him and the University of Magdeburg. The official word posted by KIllustrator author Kai-Uwe Sattler to the KOffice Developers mailing list was more to the point: "I have just received a dissuasion from an Adobe lawyer the name "KIllustrator" would violate Adobe's trademark and I should pay 2500 euro." The KIllustrator web site is currently down pending resolution of this issue. (Thanks to Thomas Meinders)

The thread which followed the announcement in the KOffice Developer list was interesting in that at least one person felt compelled to denegrate trademarks. Remember that trademark law is what prevented William R. Della Croce, Jr and a Korean company (and others) from usurping "Linux" in countries outside the US for something other than our beloved OS. While patents are arguably a problem, copyrights and trademarks can serve a useful purpose.

That said, Adobe has some serious issues to resolve here. The first is the fair use of the term "Illustrator". In essence they have to prove that Illustrator (in capitilized form) is more protected than, say, Word or Draw. Second, the student who is being sued isn't the copyright holder of the application. The "KOffice Team" is. Adobe has to show that the individual holds the responsibility for the application name in some way. Guilt by association probably won't be enough in this case. The student simply managed the web site on his University's computers. And if Adobe can't attack the individual, they'll have to step into deeper waters - how do you sue an unofficial (re: not officially organized by law) group for compensation?

The truth is, Adobe could have just asked for a name change, but they didn't. Instead they went for monetary compensation. It's possible such tactics are required in order to show claim to existing trademarks, but we're not lawyers here at LWN.net. And the actual outcome of this action may lay a foundation for future encounters between existing products and open source alternatives. So how should the community react? It shouldn't - it should be proactive. Many projects start life with an intended goal of replacing an existing commercial application. It is easy to name a project something that won't, even to the most thorough examiner, be misconstrued to be taken from the original product's name. Common sense rules here. If your project has taken its name based on a commercial product with matching features or target use, then change it.

And speaking of conversion... One of the most overlooked tools on Linux has got to be units, one of the many GNU provided utilities. This package allows the user to specify a measurement in one format and have it converted to another. For example, to convert from feet to meters you could try this command:

You have: 10 feet
You want: meters
        * 3.048
        / 0.32808399
The number of supported unit types is long. Running the program with the -V option will tell you where the configuration file is located. You can view this file with any editor to find a measurement of interest. Other fun conversions you can try:
mjhammel(tty8)$ units -v
2112 units, 59 prefixes

You have: 1 mile
You want: nauticalmile
        1 mile = 0.86897624 nauticalmile
        1 mile = (1 / 1.1507794) nauticalmile
You have: 1 homestead
You want: acre
        1 homestead = 160 acre
        1 homestead = (1 / 0.00625) acre
You have: 5 gallon
You want: hogshead
        5 gallon = 0.079365079 hogshead
        5 gallon = (1 / 12.6) hogshead
You have: 1 egg
You want: pound
        1 egg = 0.11023113 pound
        1 egg = (1 / 9.0718474) pound
Unfortunately, it won't tell us how many eggs are in a hogshead or will fill a homestead. At least not without complaining.

Desktop Environments

KDE moved to LXR. The entire KDE source tree has been moved to LXR. According to Kurt Granroth, this is a major improvement in cross referencing. "If I go to the KConfig class in LXR, though, I see that all objects and methods in the file are hyperlinks. If I click on KConfig, I get a list of where it is defined, where it is declared as a forward declaration, and where it is referenced (in 939 files!). I can click on any of those links to go directly to where it is used."

Kernel Cousin KDE #15. Despite the recent departure of Mosfet, the status of his code was not the most talked about thing on the KDE mailing lists this past week, according to Kernel Cousin KDE. The more pressing topics included compiling KDE with the new GCC3 compiler and multithreading issues.

KDE 2.x Systems. How many systems does KDE 2.x run on? The Dot counts, "... three BSDs, eight Linuxes and four other Unices, ... "

GNOME Board Meeting, 26 June 2001. The summary of the weekly GNOME Board meeting has been posted.

GNOME 1.4 programming book(in Japanese). A new text on programming with GNOME 1.4 has been published in Japan, according to this report from the GNOME News web site.

Office Applications

The StartX Files: An AbiWord to the Wise (LinuxPlanet). The first of what is promised as a series on word processor reviews has been posted over at LinuxPlanet. The first review examines the GNOME Office entry - AbiWord. "Since the whole thing's built with GTK, then of course there is no anti-aliasing in sight, so on-screen fonts in AbiWord are the usual Linux fun-fest of jagged edges. If I seem embittered about this, you'd be correct. The lack of anti-alias support in this area of open source development is just one more glaring example that proprietary developers can point too and say 'See? They can't even manage that.'"

AbiWord Weekly News #50. The AbiWord Weekly News #50 has been released. Printing on UNIX has been improved, bugs have been squashed, and much more.

KWord 1.1beta3 review. KDE Dot News noted the beginnings of a review of KOffice 1.1 Beta 3. The review currently only covers KWord (over 5 pages - be sure not to miss the link at the bottom of each page to navigate to subsequent pages). "After I finished entering my bogus financial information, I moved the mouse cursor out of the KSpread frame, and clicked on the KWord document. Then I created the border by selecting the KSpread frame. This is different from selecting the KSpread object and editing it. The way KWord works is to place the KSpread object in a frame, which gave me the flexibility to resize, add borders, and layer other frames on top of it." Eventually, the reviewer expects to cover all the major applications in KOffice.

1st release of GnomeMeeting. The first public release of GnomeMeeting, an H.323 compatible video conference client, has been announced over at Gnotices, the GNOME News site.

Desktop Applications

GIMP 1.2.2-pre3. The GIMP development team has released another release candidate for the 1.2.2 version. Release 1.2.2-pre3 is available from the official GIMP FTP site and its mirrors.

And in other news...

Ford looks to open source (Silicon.com). Ford Motor Company's European division is looking to replace up to 33,000 desktop systems with open source systems running either KDE or GNOME, according to this story from Silicon.com. "Asked if he would consider a Linux desktop, he said `I think ultimately we will look for an open source desktop. I think that's eventually where the industry will go.`"

Programming Linux Games (NoStarch). No Starch Press and Loki Software today announced a new text for developing games for Linux. Programming Linux Games: Learn To Write The Games Linux People Play, which covers development tools and gaming APIs, including the Simple DirectMedia Layer (SDL), is produced by Loki Software.

Section Editor: Michael J. Hammel

July 4, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

Cross-Language development An article on the use Perl site notes the creation of a new mailing list for language developers. The list is meant to include developers of Perl, Python, Tcl, and Ruby developers and has been set up to discuss common problems in language development including Unicode, threads, and numeric conversion.

This list represents the kind of collaboration that is only likely to occur in an open-source software environment where everybody is free to share their ideas as well as their source code. Normally, developers of those three languages work in a friendly competition mode, it is heartening to see that they are also trying to work together for the gain of all.

Developers of other languages should also consider the idea of this type of cross-pollination effort. The idea could also be tried with other open-source projects that involve parallel work on similar projects. Areas that seem likely to gain from such a collaboration include KDE, Gnome, and other window environments, database projects, CAD/CAM projects, game developers, and audio editor packages, just to name a few possibilities.

It will be interesting to see if the mailing list proves to be beneficial to its members.


Alsa 0.9.0 beta 5 released. A new beta release of the Alsa sound driver has been announced. This release features uniform support for multichannel cards and raw IEC958 (S/PDIF) audio interfaces.


omniORB 4.0 and omniORBpy 1.4 available. AT&T has released a preview version of omniORB, a CORBA2 ORB and omniORBpy, a CORBA to Python mapping. The current stable version of omniORB is 3.0.4. The omniORB project is being released under a GPL license, the libraries are being released under the LGPL license.

Embedded Systems

Honey, I shrunk the Linux system! (LinuxDevices.com). LinuxDevices.com looks at the movement towards SBC's (single board computers) running embedded Linux, in this case using the CerfCube as an example implementation.


New Wine Snapshot. The was announced on June 29, 2001. The new version contains better font metrics support in the PostScript driver, an in-progress major window manager redesign, 64 bit file size support, and several bug fixes.


Review: Free Practice Management (Linux Med News). Ignacio Valdez from Linux Med News reviews FreePM, an open-source medical practice management system. "This is the first review of an open source medical software project that LinuxMedNews has done. That this review is possible is a milestone in and of itself as only recently has open source medical software come far enough for a useful review. What is more astonishing however, is that FreePM has reached its current beta 3 state of development in only 1.5 years. According to the company, it is ready for comparison to its closed-source competitors that cost far more." FreePM has a GPL license and is based on Zope and Python.

System Administration

Powertweak 0.99.1. A new version of the powertweak tool has been released. Powertweak allows users to configure CPU, network and other low level hardware options using a graphical or curses based interface. (Thanks to Lenz Grimmer)

Web-site Development

Zope Weekly News. The July 1, 2001 issue of the Zope Weekly News is out. This issue looks at the EuroZope Conference, Zope sales, and the Zope 2.4 beta 2 release.

Zope 2.4.0 beta 2 released. Version 2.4.0 beta 2 of Zope has been released. This version supports and requires Python 2.1, and includes improved WebDAV support, product refresh without restart, and more.

Analog version 5.02 released. Version 5.02 of the Analog web log analyzer is available. This release features improved support for non-English languages.

Window Systems

New releaes of Gtk-Perl. A new release of the Gtk-Perl bindings (version 0.8008) has been released. It can be retrieved from the CPAN archives or from the Gtk-Perl web site.

Section Editor: Forrest Cook

July 4, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Caml Weekly News. The June 27 through July 3, 2001 edition of the Caml Weekly News is out. Topics include an ocaml-ldap binding, a Functional Constraint Library over integer finite domain, and A preliminary Caml/Java interface.


g95 Progress. Work continues on the g95 Fortran 95 compiler project. The developers have been making steady progress towards the goal of a running compiler.


Janos Virtual Machine v0.5.0 released. Version 0.5.0 of the Janos Virtual Machine has been released. "The Janos Virtual Machine (JanosVM) is an Open Source virtual machine for executing Java bytecodes. Unlike any available virtual machine, the JanosVM supports multiple, separate process-like entities (called 'teams' in the JanosVM) within a single VM, without reliance on any underlying OS or hardware support for such separation."

JSP Security for Limiting Access to Application-Internal URLs (O'Reilly). Jamie Jaworski writes about securing Java based web applications in an O'Reilly OnJava article. "A Web application that is accessible via several URLs is susceptible to URL-probing attacks. You may intend that your users access the individual application URLs in a way that makes sense for your application. However, some users (and most hackers) may not comply. Instead, they'll jump straight to the middle of your application and request URLs that are carefully calculated to circumvent your application's security features."


Lisa 0.9.3 Beta released. A new beta release of LISA has been released. LISA version 0.9.3 Beta contains a number of building and portability updates.

ECLS 0.2 released. Version 0.2 of ECLS, the Embeddable Common Lisp "Spain" has been released. This version features rewritten error system, an included ANSI test suite, and bug fixes in the bytecode compiler.


Perl Leads Sun Web Client Survey (use Perl). A informal survey of Web languages, first noted at use Perl, shows that developers appear to use Perl more than PHP, C or JSP for Web development. The original survey can be found on Sun's Solaris Developer Connection.

Perl.com gets revamped. O'Reilly has revamped the perl.com site. It looks more like an O'Reilly site now and has a slight problem with page width. The site carries some new articles, including one which explores the question of converting Perl code to C.

YAPC::America 2001 Reports. Reports from the recently concluded YAPC::NA 2001 event have been placed online.

Object technologies and HTML templates in CGI programming (IBM developerWorks). Eugene Logvinov illustrates the use of object oriented Perl applied to cgi scripting in an IBM developerWorks article. "Object-oriented implementation in CGI-scripting is unpopular, as I discovered while trying to find a good guestbook script. I wanted a script that I could easily modify by changing the design, adding new features, etc., and that I could use to build a forum. Of the thirty free guestbook scripts on the Web, none was suitable for me. So I turned to object technology as a solution for reusable Web applications based on HTML templates."

For more background on Perl cgi programming, the same author also looks at the Perl CGI.pm module in another article. (Thanks to Kelli Wiginton.)

Perl 5 Porters for July 2, 2001. The July 2, 2001 edition of the Perl 5 Porters is out. Topics include freestanding modules, testing mechanisms, and more.

This Fortnight in Perl 6 (17 - 30 June 2001). The Perl 6 Porters for the most recent fortnight is out. Topics include a comparison of Perl to Java, Multiple classifications, the internal string API, and more.


PHP Weekly Summary for July 2, 2001. The July 2, 2001 edition of the PHP Weekly Summary has been published. Topics include dealing with out of memory conditions, issues with upgrading DOMXML, the Zend Engine 2 roadmap, the pcntl extension, the MetaL - XML Meta Language compiler, and more.


Functional programming in Python, Part 3 (IBM developerWorks). In this next installment of a series on Python programming, author David Mertz examines higher order functions of the Xoltar Toolkit.

SOAP.py 0.9.7 released. Version 0.9.7 of SOAPpy, a SOAP implementation in written in Python, has been announced. This version features several bug fixes and the ability to specify an http_proxy.


New Scheme FAQ available. The Scheme Language FAQ has been rewritten and is available online. Scheme is a derivative of Lisp.


Dr. Dobb's Tcl-URL! for July 2, 2001. The July 2, 2001 issue of the Dr. Dobb's Tcl-URL! includes discussions ranging from compiling Tcl with the free Borland C++ 5.5 compiler, to a Tcl binding for FLTK, to the desktop publishing package Impress.


Electronic Publishing with XML (O'Reilly). John McKeown and Benjamin Jung look at the process used to generate the XML Europe 2001 conference proceedings. The proceedings were written in XML, of course. "In the past, the proceedings for XML Europe have been available in both paper and electronic formats. For various reasons, the conference organizers, GCA, discarded the paper version this year and opted for an electronic publication only. This was distributed on CD-ROM to each of the conference delegates. Additionally, the GCA used this publication as the basis for an online version on their web site. XML technologies were used throughout the creation process."

XML on the Cheap (O'Reilly). Ed Dumbill looks at several free XML tools and resources in an O'Reilly XML.com article. "If you're new to XML, or simply want a starting point to play around with it a little, there are plenty of resources on the Web you can use for free, many without even installing software on your computer.

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Linux Applications Increase More Than 30 Percent. Still hearing that tired old line, "Not enough applications run under Linux." ? This press release from IBM, announcing a 30 percent growth in the number of enterprise-level applications for Linux in the last six months, counters that argument. IBM claims there are now more than 2,300 Linux applications available from IBM and the industry's top independent software vendors (ISVs). IBM is working with ISVs like SAP (e-business software solutions); QAD (collaborative commerce applications); SAS (business intelligence, e-commerce and customer relationship management solutions); and many others, to provide a wide range of applications running under Linux on Intel platforms and IBM mainframes.

IBM and the Open Source Community Deliver New Enterprise Capabilities to Linux. IBM announced a series of Linux technologies developed in conjunction with the open source community to enhance the enterprise capabilities of Linux. These include a Journaled File System (JFS) for Linux (covered in this week's Kernel page, Version 1.0 of Next Generation POSIX Threading (NGPT), and the Linux Test Project, "a project for the discussion, development and posting of open source test suites".

YesSoftware Releases 15 Open Source Web Applications. YesSoftware announced the launch of www.GotoCode.com, a new community website with open source applications in PHP, Perl, JSP, ColdFusion, ASP and ASP.NET/C#, generated using CodeCharge, the company's new code generator. In addition to source code, the site provides examples, tips and tutorials and provides a discussion forum for the developers and users of CodeCharge.

Toshiba Picks Hard Hat Linux for Embedded Processors. MontaVista Software Inc. announced a deal with Toshiba Corporation to develop embedded products for the printer, set top box and digital television markets. MontaVista's Hard Hat Linux will initially be ported to Toshiba's TX39 and TX49 embedded processor families.

Court overturns Microsoft remedies. We don't really want to cover MS, but for those who are interested, the ruling can be found at the USCourts site.

Linux Stock Index for June 28 to July 03, 2001.

LSI at closing on June 28, 2001 ... 29.51
LSI at closing on July 03, 2001 ... 29.85

The high for the week was 30.03
The low for the week was 29.47

Press Releases:

Open source products

Distributions and bundled products

Proprietary Products for Linux

Products and Services Using Linux

Products With Linux Versions

Books & Training

Investments and Acquisitions

Linux At Work


Section Editor: Rebecca Sobol.

July 4, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Linux standard eases programming (News.com). C|Net looks at the impact of the newly released LSB (Linux Standard Base). "Further standardizing Linux is a key part of making it easier for companies to make software that works on Linux. But [executive director for the nonprofit Free Standards Group Scott] McNeil doesn't believe it will remove the need for companies to certify their software as working with a particular version of Linux."

Linux: At a Turning Point? (IEEE Computer Society). This article from the IEEE Computer Society discusses some of the perceived problems with Linux and shows, in most cases (though not all), that the problem is mostly in the perception and not the implementation. "The LSB has already released the Filesystem Hierarchy Standard, which SuSE and other companies are using. FHS aims to standardize file and directory locations within Linux systems, which would make it easier for the different distributions to run and compile applications without developers having to write multiple versions of their programs. The LSB expects to complete version 1.0 of its overall standard this summer."

Jargon File 4.3.1. Eric Raymond released a minor update to the Jargon File today with few new entries but lots of minor corrections.

Why is Microsoft Attacking the GPL? (Linux Journal). An editorial from Linux Journal uses historical context to examine some of the possible reasons Microsoft has accelerated its attacks on Linux. "Business history teaches the following lesson: When a market-dominating firm engages in a FUD campaign of this magnitude, it's not merely because they're scared of competition from a new market entrant. Often, it's because the new market entrant is seen to challenge the business model that has enabled the market-dominant firm to make huge gobs of money."

Is BSD the tortoise? (ZDNet). The BSD world is to Linux as the tortoise is to the hare, or so this ZDNet article says. And even Apple would do best to let them continue unabated. "If Apple didn't have to allocate engineers to maintaining Apple-only variants, it could spend more time improving and innovating its OS. Hiring Jordan Hubbard will hopefully add considerable momentum to the improvement of this situation. Such improvement would benefit Apple and its customers, but would also provide ample benefit to the FreeBSD community in the long run as well."

Hoax virus alert targets MP3 (Register). The Register reports on a hoax warning to MP3 users about a virus in downloaded music files. "Jack Clark, European product manager at Network Associates, said that it was impossible to spread malicious code through MP3 files, which are data files that cannot execute by themselves." Others consider the possibility of an MP3 virus to be a real threat, see this week's LWN letters section for more on the topic.

Linux On Steroids (TechWeb). TechWeb looks briefly at the Sandia National Labs Linux-based supercomputer cluster software known as Cplant.


IBM prods Linux toward bigger servers (News.com). IBM releases several new software components to help make Linux perform better on high end computing systems. "IBM's JFS isn't the only journaling file system in development. Others include ext3, ReiserFS and XFS, version 1.0 of which SGI released in May."

Caldera looks to make money from Linux (IT-Director). IT-Director thinks Caldera's per-seat license makes reasonable business sense if Linux is to penetrate further into the IT world. "It points out in its press release that this is aimed at commercial users who should not be too concerned at the $59 price tag. At the same time Caldera will be enhancing the credibility of its own business as well as the overall view of the Linux marketplace without taking too much away from any individuals."

Solaris blueprints still open to viewing (News.com). Sun has reversed its decision to end the program allowing users to view, but not change, the Solaris source.

VA Linux Scaling Back (Wired). Wired News reports on the changes at VA Linux. "In a press release issued Wednesday afternoon, VA Linux CEO Larry M. Augustin called the shift in strategy a logical move. 'Our differentiating strength has always been our software expertise,' Augustin said."

VA Linux quits hardware ahead of PC bloodbath (Register). Here is The Register's take on VA's change in direction. "VA says it expects its revenues to decline steeply - with its burn rate cut to $8 million a quarter. On that reckoning, its $70 million cash pile expires by early next year, and it remains to be seen if VA will by then be attractive enough to be acquired by one of the more Linux-clueless commodity box shifters such as Dell, or as an in-house development team for one of the big five consultancies."

VA Linux Gives Up The Hard Stuff (Forbes). Forbes says that VA's statement that the shedding of its hardware business is a shift in strategic focus is like saying a leg amputation is a minor abrasion. "The market sure didn't like the news. By midday, shares of VA Linux fell more than 20% to about $2.50. That compares quite poorly to the company's record-breaking IPO back in December 1999, when shares of VA Linux soared 733% to a close of $250."

VA Linux to slice 150 jobs (San Francisco Chronicle). The SF Chronicle chimes in on VA Linux System's decision to get out of the hardware business. There's some introductory information about Linux in there too. "What has come to be known as the Linux operating system is actually a hybrid computer backbone based on the GNU operating system developed by free software advocates beginning in the early '80s. Linus Torvalds, a Finnish programmer, developed a groundbreaking core, or "kernel," for the system, which then took on a derivative of his name in computer speak."

VA Linux quits hardware ahead of PC bloodbath (Register). Further examination of the VA turnabout, this time from The Register. "We've bored you all silly before by praising the genuinely subversive potential of plug-in file and print or NAS appliances based on free software. Despite employing both SAMBA project leads, VA has neglected to exploit its expertise. The margins on this kind of business - just ask NAI or Sun's Cobalt team - are wafer thin. But equally it lends itself to a high-volume OEM model - and no one's really tried that either."


India to Compute on the Cheap (Wired). Wired covers the Simputer project. "The Simputer looks and feels like a bulkier Palm. It uses three AAA batteries and an Intel strong-arm chip. It has 32MB of RAM and 16MB of Flash memory and runs on the free Linux operating system. It also features a gif-image touch screen, e-mail and Net access when connected to a working telephone line. And most importantly, it has a smartcard reader that enables the machine to be used on a shared basis."

Pentium 4 Gone Budget? (DukeOfURL). The DukeOfURL reviews Pogo's Pentium 4 Verona running Linux. "What does this all have to do with Pogo's latest revision of their new famous Verona? That's simple. Most of the major media outlets were predicting the Pentium 4 to be in that upper-bracket of pricing, that is, the $2500 range. Pogo has recently come along and shattered some of those early predictions with one much lower than that -- try $999."


Red Hat guns for MS database space (Register). Red Hat European VP Colin Tenwick is interviewed by IT-Analysis.com about his company's upcoming database launch. The interview was posted on The Register. "Certainly we will be operating in a very similar space to Microsoft yes. But that isn't our target market just yet. We have a product that is perfect for departmental use, anything less than 100 seats essentially, and we will be looking for wins in this space. The first people that we will be targeting will be the existing Linux and open source users."

SuSE Interview (Linux Online). Linux Online interviews SuSE Vice President for Marketing Heiner Maasjost. "Home and small business users will find everything they'd expect in a desktop system - without having to pay the big license fees. You get software such as Netscape Navigator for Web-browsing; Acrobat Reader for reading and printing .pdf files; StarOffice for word processing and other familiar office tasks; the sophisticated computer graphics program GIMP; and e-mail and organizer tools."

Section Editor: Forrest Cook

July 4, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



Another Linux hidden gem (ZDNet). Evan Leibovitch looks at the uses of apt-get, it's not just for Debian anymore. "The unavailability of apt-get for RPM was solved recently by an unexpected benefactor, the Brazilian Linux distributor Connectiva. A few months ago, Connectiva shipped its Linux 6.0 release to very positive reviews. To me, the distribution was OK, but one feature stood out. Connectiva had adapted apt-get for use with RPM, giving the company's distribution the combination of the popular RPM file format and apt-get?s powerful features and ease of use."

Tips for convenient CGI scripting (IBM developerWorks). CGI.pm, the Perl module used to generate dynamic HTML, is examined in detail in this article from IBM's developerWorks site. "The CGI module itself is a complex, even extreme, application that includes numerous features from Perl. Not surprisingly, some experts claim that if you understand the GGI.pm module, you'll understand Perl! CGI.pm, written by Lincoln Stein, is the module most developers use to build Web applications with Perl. You can retrieve the module from CPAN, and see current documentation at the CGI.pm page."


Linux@work 2001 tour attracted more than 2,500 IT-Professionals. LogOn Technology Transfer recently concluded a successful pan European Linux@work series that stopped in 9 cities and attracted more than 2,500 participants. Read more here.

Meeting report: eHealth in Developing Countries. Open source concepts have proved useful in fields outside of software development, as shown by this meeting report from Bud P. Bruegger.

free software/shared source debate (SiliconValley). Bruce Perens and Craig Mundie are participating in an online forum discussing software licensing issues over at SiliconValley.com.

Libre Software Meeting. Here's a last minute reminder about LSM. LSM 2001 will be held from July 4th to July 9th 2001 at ENSEIRB, on Bordeaux I University's campus.

EuroLinux Seminar on Software Patents. The EuroLinux Seminar on Software Patents will be held on July 5 in Stuttgart as part of LinuxTag 2001. Engineers, lawyers, politicians, and others will discuss software and business model patents in Europe. There is also a French version of the announcement available.

Grassroots Linux rebirth (Troubleshooters.com). The latest issue of Troubleshooters.com covers three regional Linux shows - LEAP-CF at Orlando CTS, SLUG at Clearwater CTS, and JaxLUG at Jacksonville ITEC - including pictures and determines that grassroots efforts are still the force behind Linux. "But sharpen your eyes and look beyond big press, and you'll see the retreating tide of big business and big press has revealed a healthy and grassroots Linux movement. The same grassroots that put Linux on the map in the first place. A grassroots press publishing "how I switched to Linux" articles. A grassroots LUG movement that produced three successful Central and North Florida Linux exhibits in two months, allowing Central and North Floridians to mingle with Robin "Roblimo" Miller, Jon "maddog" Hall, and Jeremy Allison. A grassroots LUG movement scheduling another show for Central Florida in October."

Events: July 4 - August 30, 2001.
Date Event Location
July 4 - 9, 2001Libre Software MeetingBordeaux, France
July 4 - 5, 2001Enterprise Linux Institute ConferenceOlympia, London
July 4 - 5, 2001Linux Expo ExhibitionOlympia, London
July 4 - 5, 2001Debian One ConferenceBordeaux, France
July 5 - 8, 2001LinuxTag 2001 - Stuttgart,Germany
July 9 - 12, 2001Embedded Systems Conference(Navy Pier Festival Hall)Chicago, Ill.
July 9 - 13, 2001SAGE - AU 2001(Grosvenor Vista Hotel)South Australia
July 14 - 15, 2001LinuxCertified Linux System Administration BootCampCupertino, California
July 14, 2001LinuxfestGalax, Virginia
July 16 - 21, 2001The Open Group Quarterly ConferenceAustin, Texas
July 16 - 20, 2001The Open Group Real-time and Embedded Systems ForumAustin, Texas
July 16 - 21, 2001The IEEE PASC (POSIX) System Services Working Group meetingAustin, Texas
July 19 - 25, 2001Networking Event 2000(ne2000)Nuenen, the Netherlands, South
July 23 - 27, 2001O'Reilly Open Source Software ConventionSan Diego, California
July 25 - 28, 2001The Ottawa Linux Symposium 
July 28 - 29, 2001Rocky Mountain Software Symposium 2001(RMSS 2001)(FourPoints Sheraton in Cherry Creek)Denver, Colorado
August 2 - 4, 2001Yet Another Perl Conference Europe 2001(YAPC)(Hogeschool Holland)Amsterdam, Netherlands
August 10 - 12, 2001Hackers at Large 2001(HAL2001)Enschede, Netherlands
August 13 - 18, 2001IPsec Interoperability Workshop (Bakeoff)Espoo, Finland
August 14 - 16, 2001Embedded Internet Conference 2001Santa Clara, CA
August 14 - 16, 2001LinuxWorld ChinaBeijing, China
August 20 - 24, 2001HP World 2001(McCormick Place)Chicago, IL, USA.
August 23 - 25, 2001LinuxWorld Hong KongHong Kong
August 26 - 30, 2001LinuxWorld Conference & ExpoSan Francisco

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

User Group News

LUG events in the St. Louis, Missouri area. The St. Louis Area Computer Club will hold a Linux PC Configuration workshop on July 5, 2001.

The St. Louis Unix Users Group will hold their monthly tutorial and presentation on July 11, 2001. The tutorial portion looks at Startup Scripts with Christine Wanta and the presentation will be about Analyzing Genomes with Open Source by Robert Citek, Washington University.

The St. Louis LUG meets July 19, 2001 featuring Mike "808" King on Web Servers.

Hazelwood LUG, dedicated to helping the new Linux user, meets July 24, 2001.

LUG Events: July 4 - July 19, 2001.
Date Event Location
July 4, 2001Silicon Valley LUG(SVLUG)San Jose, CA
July 4, 2001Southeastern Indiana LUG(SEILUG)(Madison/Jefferson County Public Library)Madison, IN
July 4, 2001KLUG partyKalamazoo, Michigan
July 5, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
July 5, 2001St. Louis Area Computer Club Linux workshopSt. Louis, MO
July 5, 2001
July 19, 2001
Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
July 5, 2001UNIX/Linux Special Interest Group of the Dayton Microcomputer Association(DMA office at 119 Valley St)Dayton, OH, USA.
July 5, 2001Linux Surviving in the Wild - OCLUGOttawa, Canada
July 7, 2001Twin Cities Linux Users Group(TCLUG)Minneapolis, MN
July 7, 2001Sheffield LUG(ShefLUG)(University of Sheffield)Sheffield, UK.
July 10, 2001Victoria LUG(VLUG)(University of Victoria)Victoria, British Columbia
July 10, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale, NY
July 10, 2001
July 17, 2001
Kalamazoo Linux Users Group(KLUG)(Western Michigan University)Kalamazoo, Michigan
July 10, 2001SSLUG: Hyggemøde hos DKUUG/SymbionDenmark
July 11, 2001Toledo Area Linux User's Group(TALUG)Toledo, OH
July 11, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
July 11, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
July 11, 2001St. Louis Unix Users Group(SLUUG)St. Louis, Missouri
July 12, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
July 12, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.
July 12, 2001Kernel-Panic Linux User Group(KPLUG)San Diego, CA
July 14, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
July 14, 2001Route 66 LUGLa Verne, CA
July 14, 2001GalLUG Installfest(Connecting Point Computers)Gallup, New Mexico
July 14, 2001KPLUG Installfest(National City Adult Center)San Diego, CA
July 15, 2001Beachside LUGConway, South Carolina
July 15, 2001Mesilla Valley Linux User Group(MVLUG)(Village Inn on El Paseo Rd.)Las Cruces, New Mexico
July 16, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
July 17, 2001Bay Area Linux User Group(BALUG)(Four Seas Restaurant, Chinatown)San Francisco, CA
July 17, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
July 17, 2001Linux Stammtisch(Bandersnatch Brew Pub)Tempe, AZ
July 18, 2001Central Iowa Linux Users Group(CIALUG)West Des Moines, IA
July 18, 2001Arizona State University LUG(ASULUG)Tempe, AZ
July 18, 2001Washington D.C. Linux User Group(DCLUG)(National Institute of Health)Bethesda, Maryland
July 19, 2001St. Louis LUG(SLLUG)(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
July 19, 2001Omaha Linux User Group(OLUG)Omaha, Nebraska
July 19, 2001Linux User Support Team, Taegu(LUST-T)Taegu, Korea
July 19, 2001South Mississippi LUG(SMLUG)(Barnes & Noble)Gulfport, Mississippi
July 19, 2001SSLUG: Hyggemøde på Niels Bohr InstituteDenmark

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

July 4, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

It seems this is a traditionally slow week in the Linux community, perhaps due to the U.S. holiday. Of course, the real issue could be that LWN staff, rather than Linux developers, take vacations at this time...

Five years ago Red Hat began the last phase of its experiments with proprietary software when it started shipping ApplixWare for its distribution.

Four years ago Bruce Perens posted the first version of the Debian Social Contract, making the goals of the project explicit. The Debian 1.3.1 minor release was also announced.

Three years ago (July 9, 1998 LWN): Registration for the 2nd Annual Atlanta Linux Showcase was announced. This event is alive and well, but this year the event has moved to Oakland, California and is now called the Annual Linux Showcase.

Red Hat announced its Sparc 5.1 release.

Jon "maddog" Hall, employed at Compaq then, was advocating Alpha support within Compaq. Compaq recently announced that it was phasing out Alpha support in favor of Intel's Itanium processor.

The voting for comp.lang.perl.moderated ended with an overwhelming yes vote. Today the site is still alive. It has less flames than comp.lang.perl, but also tends not to get the best material. These days our developement editor monitors websites like Use Perl instead.

Linux was written by the aliens? An alternate version of the origin of Linux was presented in this "X-Files" episode.

Two years ago (July 8, 1999 LWN): The "Packet Storm" security web site was taken offline by Harvard University. Rik van Riel started a movement to find pieces of the site downloaded by various people and pieced the site back together. Harvard did eventually return the data, but the site remained homeless for a while. Packet Storm can now be found at packetstorm.securify.com

Stormix Technologies released the first alpha of Storm Linux.

A company called Hard Data Ltd. contested MontaVista Software's use of the name Hard Hat Linux. Today, MontaVista uses the name Hard Hat Linux. Hard Data Ltd. manufactures built-to-order, high performance Linux and UNIX Workstations, Servers and Beowulf Clusters.

PC World called Linux the 'Most promising software newcomer'.

One year ago (July 6, 2000 LWN): The German Government voiced support for Open Source.

There were three brand new bleeding edge Linux kernel 2.4.0 prepatches out.

Trustix secure Linux 1.1 was released.

AbriaSoft announced Abria MySQL Lite, a commercial packaging of popular open source tools, including Apache, PHP, and the MySQL database.

Section Editor: Rebecca Sobol.

July 4, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

July 4, 2001

From:	 Lutz Horn <lh@lutz-horn.de>
To:	 letters@lwn.net
Subject: Caldera's new licensing scheme
Date:	 Thu, 28 Jun 2001 20:18:25 +0200

Dear folks at LWN,

I guess you'll receive some amount of mail concerning Caldera's move to
a per seat license and another opinion may not be needed. But let me
share my .02 Euro with you.

In your leading leading article you tell readers that you'll be
considerung Caldera's move from two angles: 1) "why Caldera is taking
this path" and 2) "whether members of the free software community are
right to criticize the company". I'll not talk about 1) here but of
course about 2).

The free software community should be concerned about freedom, freedom
of software and freedom for it's users. It should not bother about one
company making money from free software or not. Let the open source
people give themselves headaches poundering this question.

Your interpretation of freedom includes the right of the users to vote
against Caldera and switch to an different distribution. This is an
important freedom but of course not one of the four freedoms free
software is all about (for reference let me point you to "What is Free
Software?" at http://www.gnu.org/philosophy/free-sw.html).

Another interpretation you give of freedom is that by including non-free
software into it's distribution Caldera is "demonstrating a way of
exercising the freedoms that come with free software". This of course is
not freedom as understood by the Free Software Foundation and anybody
calling himself a member of the free software community. Being a member
of this community means strifing for _more_ free software, not less. By
including non-free software Caldera, and other distributors, of course,
have found a, as you put it, "way to add value to Linux that suits its
customers" to it's distribution. At the same time they are reducing the
amount of freedom their distribution includes by making it

As RMS once put it, using non-free software where there is no free
alternative is no valid option for a member of the free software
community. If it's not free it is of no use to us, whatever added value
it may contain.

Lutz Horn <lh@lutz-horn.de>
For PGP information see header.

From:	 Joe Klemmer <klemmerj@webtrek.com>
To:	 <letters@lwn.net>
Subject: On Caldera
Date:	 Thu, 28 Jun 2001 13:18:27 -0400 (EDT)

Hash: SHA1

	I'm pretty sure that this will be one of a gazillion letters on
the subject.

	However, I have to say that I think the move that Caldera is
making is really a good thing.  If it succeeds, and I think it could, it
will put Linux on more systems and give it even more exposure.

	I can understand why the "rank'n'file" in the community might be a
tad hyper about the move.  However, there's more to Linux than just the
religion of the One True Way.  As mentioned in the article, the per system
licensing does not violate any of the open source licenses.  The move will
help get Linux on more boxes by giving it a more normal "appearance" to
the business world.  This is a win-win situation for Linux.  Let's try and
support Caldera and all the other Linux companies who are trying to get
Linux out there on the corporate systems.

	If I had the energy I'd go off and rant about the license wars and
distro wars and pick-your-desktop-environment wars and such but that's to
much work.  Let's just all do what we can to help Linux/*BSD/open source
[all licenses] and not help the "enemy" do it's work for them.


- ---
"It's a damn poor mind that can only think of one way to spell a word."
                -- Andrew Jackson
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


From:	 "Matt.Wilkie" <Matt.Wilkie@gov.yk.ca>
To:	 lwn@lwn.net
Subject: comment on passwords and security
Date:	 Thu, 28 Jun 2001 17:57:16 -0700

I'd just like to make a general comment on the 'Responsibilty of
the individual [...to...] "Use different passwords at Websites and
on every machine you use."

Yeah, right. Sure.

Bob Cringely (http://www.pbs.org/cringely/oldhat.html)
wrote a really good essay on the problem with this advice but I 
can't find the link so here is my mangled version.

On average I use 3 machines a day with at least four separate 
accounts on each of those (regular user, power user, administrator, 
web admin, db admin, etc.). Add to that the half a dozen password 
enabled (or demanded) websites I visit regularily, plus the dozen
or so more I see from time to time and I have a real password 
management problem. Oh, don't forget that effective passwords need
to be changed often. And the bank machines. and the security door
at work. and...

I used to have different passwords for different machines and
different tasks that I changed regularily and often. Then I had to 
restore a year old password-protected backup tape.... 
Need I say it never happened?

As I see it there a three  possible solutions:

-Pick a small number of passwords according to general task (admin,
general use, finance, internet) and use them everywhere.

-Be responsible, use different often changing passwords for 
everything, And:
  + write it all down in a convenient little text file buried in $home
  + post-it notes in the top desk drawer

-Invent a personal algorithm based on the name of the service, say 
reverse the letter order, number-substitute and then add them up and
subtract the the year and month. (All the while hoping to God the 
name doesn't get changed)

securely yours,


Matt Wilkie * Yukon Renewable Resources GIS
From:	 jimd@starshine.org (Jim Dennis)
To:	 lwn@lwn.net
Subject: Virus Hoax in MP3s
Date:	 Mon,  2 Jul 2001 07:28:56 -0700 (PDT)

 Regarding Jack Clark's comment about the impossibility of
 spreading malicious code via MP3s (or other data files).

 In a certain narrow sense, he's correct.  The MP3 file
 format doesn't provide any code hooks (that I know of).

 However, in a broader view people should realize that the
 integrity of their systems depends on the robustness of any
 code that they run on "foreign" or "untrusted" files.  It is
 concievable that degenerate data in an MP3 (or any other sort
 of file) could exploit bugs (buffer overflows, parsing errors,
 or other problems) in some of the programs that are used to 
 play, view or otherwise work with these files.

 We used to hear that viruses couldn't be spread via e-mail.  This
 was the first order response to the famous "Good Times" hoax.
 However, since then we've seen far too many cases where viruses
 and other malware have been spread by *specific* e-mail clients
 (using bugs in those MUAs, of course).  
 While we, in the Linux and UNIX communities, like to smugly 
 attribute that problem to MS Windows, Exchange, Outlook, and IE; 
 the fact is that similar bugs can (and have) appeared in UNIX MUAs 
 and browsers.  (Obviously they don't spread as far, nor as fast,
 by virtue of the "bio/cyber-diversity" that we see in UNIX/Linux
 mail user agents, editors, and browsers.

 I stress these points to call attention to the problem.  

 Any code which interacts across security contexts (such as our
 browsers, mailers, MP3 players, and graphics file viewers) must 
 be written to be robust.  If it core dumps or segfaults, it AIN'T

 It's not just SUID programs and root/daemons that can be exploited
 by crackers; it's anything we trust.  I want to raise the bar for
 all programming under Linux and UNIX by raising awareness of this
 issue.  Until every programming student is taught this principle
 from the outset, we will be vulnerable.

Jim Dennis,
"The (Linux Gazette) Answer Guy"

From:	 Dan Stromberg <strombrg@nis.acs.uci.edu>
To:	 letters@lwn.net
Subject: Re: Hoax virus alert targets MP3
Date:	 Mon, 2 Jul 2001 12:11:32 -0700

>"Jack Clark, European product manager at Network Associates, said that
>it was impossible to spread malicious code through MP3 files, which
>are data files that cannot execute by themselves."

Where do people get this stuff?  I can't believe someone who works at
a virus company could say something so incredibly untrue.

All it would take is a common MP3 player that doesn't check for buffer
overruns in its mp3 input - then an MP3 file could be used to spread
hostile code.  Is this guy really willing to certify that all MP3
player authors know what they're doing as far as security goes?

This is the same nonsense people used to say about viruses spreading
through e-mail - there used to be tons of claims that was impossible
too.  You'd think folks would've learned.

That's not to say this particular bit isn't a hoax.  But clearing up a
hoax by saying the attack is impossible when it isn't, is a pretty
poor idea.

Dan Stromberg                                               UCI/NACS/DCS

From:	 Dylan Thurston <dpt@math.harvard.edu>
To:	 lwn@lwn.net
Subject: Desktop Suite review
Date:	 Thu, 28 Jun 2001 09:54:03 -0400

Dear Linux Weekly News,

I found your review of desktop suites quite useful.  But I was very
disturbed that you failed to mention what is (to me) the most
important attribute of a piece of software: whether or not it is
free.  How is someone who has heard of neither to now that Siag Office
is free software (GPL), while Hancom Office costs $45 (and does not
include source)?

I find this oversight really inexcusable.  Usually you are good about
distinguishing free software from hoarded software.

	Dylan Thurston
From:	 "Bryan Feeney" <b_feeney@vistech.ie>
To:	 <lwn@lwn.net>
Subject: Re: KOffice in the office round-up
Date:	 Thu, 28 Jun 2001 10:21:01 +0100

You left quite a lot of components out from your review. If you look at the
front page of the site (http://www.koffice.org) you'll see that

1. KOffice 1.1Beta3 is the recommended version, 1.0 users are advised to
upgrade and that

2. 1.1Beta contains the following components

Word Processor: Yes (KWord)
Spreadsheet Yes (KSpread)
Email: KDE Kmail/Infusion
Scheduling: KDE KOrganiser
Database management: KDE KMySQL
Project Management: KDE Infusion?
Graphics: Yes (Krayon / Kivio / KIllustrator [/ KChart])
Presentation: Yes (KPresenter)
Web Browsing: KDE Konqueror

The latter two in the graphics category are extremely important. Kivio is
of *far* better use in an office environment than Krayon or KIllustrator.
Krayon is really for big kids.

Also I think that Kmail / Konqueror / KMySQL should have been included in
the List, maybe not as a definite "Yes", but rather as "KDE" like above.
KOffice excludes them as they're not integrated, however they'd have more in
common than, e.g., the Gnome equivalents. I'm not on a KDE/Gnome rampage
here, but the table you gave did seem a bit misleading.

Finally, I don't think anyone would normally include Email, web browsing or
Image manipulation as office apps. Even Microsoft haven't made that stretch
yet! Groupware tools (e.g. Outlook 2000 (not Express) and  Lotus Notes) and
possibly web-design would have a place alright, but not the above three. A
standard office worker would not use them for productivity. Yes I know
they'd use email, but they wouldn't really be creating any documents with
it. I'd view an office suite as a group of programs involved in the creation
of documents by typical office workers. Looking at lwn.net is what they
usually do *instead* of working ;-)

Just my two cents
Bryan Feeney - http://www.bfeeney.uklinux.net/
"If at first you don't succeed, try a smaller bungee..."

From:	 ischindl@univ-tlse1.fr
To:	 letters@lwn.net
Subject: desktop solution omission
Date:	 28 Jun 2001 19:13:29 +0200

I would have included lyx in the "Other Tools" section of your Desktop
Solutions page.  Lots of people in the scientific community use Scientific
Word because they don't know about lyx.

Otherwise it was a nice read.

From:	 Oliver White <ojw@unite.com.au>
To:	 letters@lwn.net
Subject: Games On The Desktop
Date:	 Fri, 29 Jun 2001 12:16:07 +1000

I'd have to agree with my fellow readers, OTD has improved measurably
over the last couple of weeks. Well done! One thing that is sorely
lacking, however, is coverage of the most important application for the
desktop computer: Games! Oh yeah, word processors are really important,
and (yaaaaawwwwn, scuse me!) interesting too, but games have been an
integral application of the desktop computer since they first appeared.

Naturally, the WorldForge team will keep the editors well informed as to
our persuit of the ultimate massively multiplayer online roleplaying

Oliver White
STAGE Janitor
From:	 "Hurley, Kevin Joseph (Kevin)" <khurley@lucent.com>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: Gnucash and apt-get as the solution
Date:	 Fri, 29 Jun 2001 09:20:46 +0100


I have followed with interest the discussion here concerning library
dependencies and application installations. The letter from Zooko this week,
in particular, raised some alarm bells. 40 new packages and 11.3MB of
downloads to install one application: I think this solution is acceptable
only for the most "bandwidth-blessed" among us, and certainly not for the 'I
just want it to work' brigade. 

I am a big fan of Debian and think apt is the best thing since sliced bread
- I use it myself and reckon its the smoothest installation tool around. But
I can well imagine that for an inexperienced user coming to Linux from Some
Other Operating System, the notion of being required to install 40 new
packages to get just one new application working would seem bizarre. And
11.3MB does not take "only a few minutes" to download when you're connected
with a 64k modem.  

When questions like these, of usability and simplicity come up, I always
think of my Dad on his PC at home. He doesn't have Linux installed, but if
he did, I'd tell him to wait until the next release of Debian becomes
available on CD before he moves to gnucash 1.6. 



"The Good Samaritan would make a Bad Economist"
 - Dickens, Hard Times
From:	 Richard Atterer <ofijqa@atterer.net>
To:	 lwn@lwn.net
Subject: Linux in Possible Crisis; IBM, NEC, Two Others to Form Promotion Group (AsiaBizTech)
Date:	 Thu, 28 Jun 2001 22:19:33 +0200


in today's LWN edition you included a link to this article on
AsiaBizTech and called it FUD. Based on the snippet about the

  "casual attitude of Torvald [sic], which doesn't meet the needs of
  the market and minds of investors",

I went over to have a good laugh. However, instead I found the article
very interesting, not because of the facts it talks about (it's mostly
speculation anyway), but interesting because of the _point_of_view_
from which the article is written.

Why is it interesting to analyse this point of view? Because the
top-level managers of IBM, Sun etc. might be thinking in the same way! 
To them, Linux is just another market. It is naive to think that they
have suddenly been converted to the "true path of Free Software" - no,
they support Linux simply because they might make a profit and because
"my enemy's enemy is my friend", i.e. it is the most promising way of
hurting Microsoft.

In the course of becoming a player in the Linux market, the managers
must put up with those irrational techie types full of their strange
ideals. In the past years, this did not work too well, but by now they
have learned to speak in a way that pleases us. There is a wonderful
German expression "Honig um's Maul schmieren" to describe this -
sadly, this is not translatable; literally, it means "smear honey
around the [techie's] mouth".

Clearly, the author does not live in the "techie" world, but in the
"manager" world. I have found that real-world travels are infinitely
more easy than "thinking-world" travels - but if we undertook this
travel and tried to understand the suits, we could make use of the
knowledge to promote Linux to businesses in a way that _they_
understand, which would certainly be a positive thing for both them
and us.



  __   _
  |_) /|  Richard Atterer
  | \/¯|  http://atterer.net
  ¯ ´` ¯
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds