[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Dmitry Sklyarov: geeks learn political activism. Last week, Dmitry Sklyarov, a PhD computer science student from Russia, came to the United States to share knowledge and information regarding serious security flaws in Adobe software (see last week's Front page) with fellow developers. He was promptly arrested.

This week, a broad-based gathering of individuals within the computer science/IT/security community came together to protest this arrest and the Digital Millenium Copyright Act (DMCA) under which he is being charged. For those of us within the United States, the basic freedoms we were brought up to believe in are being challenged: the Fair Use rights of the individual (the ability to use that which we have purchased), the pursuit of knowledge, even freedom of speech.

The software program that Dmitry helped develop performs a necessary step to allow the blind to read one of Adobe's eBooks: it takes a legally purchased eBook and translates the file into PDF format, which can then be processed by a speech generator. Once the file is in PDF format it could be illegally shared, making the program, even though it has legitimate uses, illegal under the DMCA. The Fair Rights lost in this case are the rights the disabled have to legally purchased copies which they cannot use unless modified.

Since the only action Dmitry performed within the United States was to give a talk describing the weaknesses in Adobe's security system, his arrest clearly signals that none of us can safely raise our voices about security issues. While the arrest may signal the beginning of unprecedented damage to our basic rights, it will also have a deleterious impact on research into computer security within the U.S., potentially forcing such research (and future associated revenues) outside the United States.

It is to these injustices that members of the free software community have begun to react. The individuals that comprise this community, both within the United States and internationally, don't often fit the standard profile for "political activist". Most are modestly private individuals, trying to do their job, to feed their families, and enjoy the creative feeling of developing software that gets used. Nonetheless, when faced with the clear injustice that touches so closely to their own expertise, they can and have spoken out.

Dmitry Sklyarov does not deserve to be jailed. Adobe Software touted its eBook Pro software as "virtually 100% burglarproof". They should be ashamed of attacking a researcher that exposed this claim to be false, that their software was not secure and, in fact, can easily be compromised by existing software tools. Such compromises do not require the use of the software developed by Dmitry Sklyarov (check this week's Security page for details).

The free software community organized quickly to protest Dmitry's arrest. The following protests were staged in the United States in Dmitry's support this week:

Austin, TXBoston, MassachusettsChicago, Illinois
Denver, COLos Angeles, CANew York City
Reno, NVSalt Lake City, UTSan Jose, CA (Adobe Headquarters)
Seattle, WASt Paul, MinnesotaWashington, D.C.

Add to that list an international protest held Wednesday, July 25th, in Moscow, Russia.

The protests had an impact on Adobe, who has withdrawn their complaint but stands still in support of the DMCA. Unfortunately, Dmitry is not the subject of a civil charge from Adobe, but a criminal charge from the US Justice Department. Adobe's letter is no guarantee that Dmitry will go free.

So the fight continues, with two goals: the first, to free Dmitry, and the second, to educate the citizens of the United States on the issues at stake, rousing support for the repeal or modification of the Digital Millenium Copyright Act.

In another form of protest this past week, Alan Cox resigned from the board of the ALS conference and encouraged non-US participants to boycott US conferences until the DMCA has been removed or modified enough to make attending such conferences safe for participants. His action was noticed by the major news media outlets, indicating that such a boycott may, indeed, draw needed attention to the issue. New Scientist reports that other scientific organizations are following suit. If you choose to boycott US events as a result of Dmitry's arrest, we only ask that you speak up loudly to make sure that people know you are choosing to boycott and why.

If you're moved by all this there are a number of things that can you do. First, check out the Community Declaration: Free Speech, Free Sklyarov and consider signing it. Then keep an eye on the Electronic Frontier Foundation's site. And subscribe to the Free Sklyarov Mailing List to get contacts for upcoming protests, letter campaigns, etc. It will take hard work to keep media - and legislative - attention on this issue.

Meanwhile, we do have a recent report on Dmitry's status. "As on today's morning (25 Jul 01) Dmitry is still in Las Vegas. He has spoken a few times to his wife via the lawyer. Dmitry is in a good health and spirit. He was also cheered up by the news coverage on TV and thanks everyone for the support".

In addition, the EFF has announced a scheduled meeting with the US Department of Justice to try to convince them to drop the charges against Dmitry.

Richard Stallman inaugurates FSF-India. Here's a press release from the Free Software Foundation; Richard Stallman is in India for the opening of the FSF's first Asian affiliate.

Is it immoral to use proprietary software? We recently received a letter (and included it on the July 4 Letters to the Editor page) which made the following claim:

As RMS once put it, using non-free software where there is no free alternative is no valid option for a member of the free software community. If it's not free it is of no use to us, whatever added value it may contain.

This sort of opinion is common among certain types of free software advocates, and it can be very forcefully expressed. When a long-time Linux kernel hacker has to step around the issue with a comment like:

P.S. I'm sure that the Church of the FSF will no doubt excommunicate me and declare me a heretic for daring to advocate the use of proprietary software, but if so, so be it. You heard it here first --- this Linux kernel developer has absolutely no problem paying money for at least some proprietary software.

it seems clear that a certain type of "political correctness" is in the air.

Let's leave aside the little fact that Richard Stallman and the GNU project developed much of its early code on proprietary Unix systems. Is it truly "no valid option" for a member of the free software community to use proprietary software? What, exactly, is the harm in doing so?

The biggest fear that is overtly expressed seems to be that use of proprietary software reduces the motivation to write a free equivalent. At its worst, proprietary code could somehow block the development of a free package entirely. Take, for example, Richard Stallman's level of discontent three years ago when Oracle finally announced its support for Linux. While many users saw Oracle's move as an important step in the wider recognition of Linux, Stallman complained that Oracle brought nothing to the free software community and that people should be working on free alternatives instead.

At that time there was really only one free relational database management system available: PostgreSQL. It was a solid system but it lacked some key features and was not that widely recognized. Many free software users based database solutions instead on MySQL, which while not free software does provide source.

Three years after Oracle's arrival, the free software community has two solid, thriving, free database management systems, both of which have proved themselves in demanding deployments. And that doesn't count InterBase, a recently freed system which is still establishing its development and user communities. It would be very difficult to make the claim that the presence of Oracle (and Informix, and Sybase, and DB2, ...) has impeded the development of PostgreSQL and MySQL. The world of free database systems has never looked better.

Looking back even before Oracle's arrival, GNU emacs competed for some years with multiple proprietary emacs editors. The GNU version emerged from that conflict in rather better shape than the proprietary variants.

Can one really argue that ApplixWare, WordPerfect, and StarOffice have discouraged the development of free office suites? Did Netscape's browser slow down the development of free alternatives? Has the development of Linux in general been hurt because some people use dual-boot systems?

The truth of the matter is that free software tends to quickly achieve the capabilities of its proprietary competitors and push them aside. LWN has frequently trumpeted the advantages of free software and the importance of freedom in this space; there is no need to repeat those arguments now.

Today's argument is different: free software is not threatened by the presence and use of proprietary software. There may be a strong moral purpose in an individual or corporate decision to use only free software, but there is no moral need or purpose in trying to prevent others from using the tools that work best for them. No member of the free software community should be made to feel an outsider just because the programs they need to get their work done now are not available under a free license. Free software will succeed because of the liberty and technical superiority it provides. Ostracizing those who use (or sell) proprietary software is neither appropriate nor helpful.

Inside this LWN.net weekly edition:

  • Security: NT-based Code Red worm, Adobe PDF security model, new vulnerabilities in procmail, BSD telnetd, Horde IMP, squid, and more.
  • Kernel: Finding single-use pages, what's that new process in 2.4.7?
  • Distributions: DeMuDi, MandrakeSoft's IPO, new distributions Tomukas and Sorcerer GNU Linux.
  • On the Desktop: More on Java, the GNOME Installation Guide, and open source tools for guitarists.
  • Development: Open Source Directory in XML, Linux guitar apps, Evolution 1.0b1, Choosing a database type, Python 2.1.1.
  • Commerce: O'Reilly Conference, HP and Sun; new president at LPI.
  • History: The future of the Linux community; rumors of IBM support; Ted Ts'o takes over (as kernel status list maintainer).
  • Letters: Adobe and the DMCA; failed applets; history; The GPL and Commercial Development, redux.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

July 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

NT-based Code Red Worm. Last week, an NT-based worm by the name of Code Red showed up on the Internet. We neglected to cover it at the time, because it does not exploit Linux computers. Of course, given the state of today's Internet and the normal model of a worm, that was an error. No matter what operating system your computers are running, they were likely impacted by this worm at some point.

On Thursday, July 19th, approximately one day after the worm was first sighted, reports started coming in of crashes on Cisco equipment, 3Com LANmodems, and HP JetDirect printers. This is because the worm did not try to determine the operating system of the machine it attacked first. Instead it immediately attempted to initiate the buffer overflow on port 80. Since many devices run services on port 80 to allow connections by administrators, they were impacted by the worm even though they were not vulnerable to the worm itself.

Note that the worm actually did skip multicast addresses, so it did not cause the same damage to multicast networks that have been seen with some previous (Linux-based) worms.

The purpose of the worm was to infect as many hosts as possible within a limited time span, then use those hosts to stage a denial-of-service attack on www.whitehouse.gov.

Infected hosts numbered, by several different counts, in the hundreds of thousands. It was called by some "the most successful Internet worm so far", though it failed to take down www.whitehouse.gov. Its lack of success, in the end, was in part due to the security community's successful detection and analysis of the worm, which allowed the administrators of the www.whitehouse.gov site to know that the attack was coming and to be able to find a flaw in the attack pattern. In this case, the attack was launched against the IP address of www.whitehouse.gov rather than against the domain name. By moving www.whitehouse.gov to an alternate IP address, the site was kept on-line without difficulty.

As with the Linux worms, Code Red used well-known vulnerabilities, for which patches have been available for some time. There were some kinks in the system, of course. Apparently the description of some of the patches did not make it clear that they also resolved security issues. As a result, even some security-conscious sites (including some Microsoft sites) had not applied all the required patches.

In the long-term, better solutions are required than to trust millions of individuals to track and apply myriad patches. As long as we are doing so, we can always count on hundreds of thousands of machines to be vulnerable to this type of attack and, as a result, for all of us to be impacted.

In the short-term, do what you can to make the Internet a better place: apply your own patches and help those less knowledgeable than you to improve their own security as well.

You may also find Bruce Schneier's essay on Code Red of interest (from the Red Rock Eater News Service). It also contains links to other, related reports.

Adobe eBook security model. So, what is the security model for Adobe's Ebook computer which was compromised by Russian software company ElcomSoft, thereby landing Russian PhD computer science student Dmitry Sklyarov in jail? (Check last week's Front Page and this week's Front Page for the story).

If you're interested, Dmitry's presentation, entitled eBooks security - theory and practice is available on-line. It would be better, of course, with the accompanying talk, but it does a good job of showing how thin the Adobe PDF security is, pretty appalling given marketing quotes like these:

"eBook Pro", the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee

"At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day) - Without The Danger Of Having Your Information Stolen And Resold By Others."

with the actual features of the eBook Pro compiler:

All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB

Compressed data are encrypted by XOR-ing each byte with every byte of the string "encrypted", which is the same as XOR with constant byte.

In addition to Dmitry's presentation, Bryan Guignard has written a whitepaper (from the Gallery of Adobe Remedies) that discusses Adobe's security as well. "Adobe make it clear that it 'expects' software developers to 'respect the intent' of its PDF security system. So as it is clearly seen from Adobe's own specification, PDF security is not based on sound technology, rather, it is based entirely on 'respect'".

He also mentions that ghostscript can similarly be used to bypass Adobe PDF security. Don't tell the Justice Department, or we'll end up losing access to that valuable tool as well!

The Black Hat Conference in Vegas (Linux Journal). The Black Hat Conference in Vegas completed last week and Linux Journal fills us in on the details. Bruce Schneier reported on his Senate testimony, attrition.org gave people an overview of what they do, who listens to them and who doesn't, and security experts in general ripped the media for poor reporting of security issues.

Security Reports

multiple procmail race conditions. Procmail uses several different signal handlers. Race conditions exist in some of these handlers which can be exploited locally to gain root privileges. Versions of procmail prior to 3.2.1 are vulnerable; an upgrade to procmail 3.2.1 will resolve the problem.

Multiple vendor telnetd vulnerability. Multiple vendors, including BSDi, FreeBSD, NetBSD, OpenBSD (prior to 2.9), and Linux distributions using Netkit telnetd (derived from BSD telnet) prior to version 0.14, are using a telnet daemon that contains a buffer overflow. This is reportedly being actively exploited on BSD systems.

  • Caldera, patch released for OpenLinux 2.3 and eServer 2.3 back in March. Patched systems and later versions are not affected.

Multiple Horde IMP vulnerabilities. The Horde team announced the availability of IMP 2.2.6, which fixes several security issues. It is strongly recommend that all sites running IMP 2.2.x upgrade to this version. Check also BugTraq IDs 3066, 3079, 3082, and 3083.

Squid httpd acceleration ACL vulnerability. A bug in squid's httpd_accel mode was reported by Paul Nasrat. Because squid does not properly use ACLs, squid can be used by an unprivileged account as a portscanner (similar to ftp bounce scanning). Squid 2.3STABLE4 is affected; earlier versions are not. Red Hat 7.0 is reported to be vulnerable, while earlier and later versions are not. Debian is reported not vulnerable. A patch to fix the problem is available.

Tcl/tk and expect unsafe library searching. Tcl/tk and expect, as installed on some Linux systems, will search the current working directory for certain libraries. As a result, a malicious library could be created that would be unwittingly invoked.

xman MANPATH environment variable overflow. xman is a component of XFree86, used for viewing man pages. A buffer overflow in xman can allow a local user to execute arbitrary code. If xman is installed with setuid or setgid privileges (it is setgid on some systems), then elevated privileges can be gained, possibly including root. Check BugTraq ID 3030 for more details. No patch or update has been provided so far.

FreeBSD exec() inherited signal handler vulnerability. FreeBSD issued an advisory on July 10th warning of a vulnerability in the FreeBSD signal handler in which an exec'd setuid program can inherit a user-supplied signal handlers set. This can be used locally to gain elevated (possibly root) privileges. An upgrade to 4.3-STABLE dated after July 9th, 2001, will resolve the problem. Check BugTraq ID 3007 for additional details.

NetBSD sendmsg kernel vulnerability. NetBSD has issued an advisory warning of a vulnerability in the 1.3 through 1.5 releases of the NetBSD kernel (including -current). "Due to insufficient length checking in the kernel, sendmsg(2) can be used by a local user to cause a kernel trap, or an 'out of space in kmem_map' panic". This can allow a local denial-of-service attack. An upgrade or patch to the kernel and a kernel rebuild and install is required to resolve the problem.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:


Please note that the dates listed after the updates below are the date of the LWN issue in which they were first listed, not the date of their actual release.

OpenSSL Pseudo-random number generator weakness. Check the July 12th LWN Security Summary for the original report or BugTraq ID 3004.

This week's updates:

Previous updates:

Tripwire temporary files. Check the July 12th LWN Security Summary for the initial report. This vulnerability can allow a local root compromise.

This week's updates:

Buffer overflow in xloadimage. Check the July 12th LWN Security Summary for the original report.

This week's updates:

Previous updates:

OpenSSH tmplink/cookie vulnerability. Check the June 7th LWN Security Summary for the initial report. This is also covered in BugTraq ID 2825.

This week's updates:

Previous updates:

BSD ptrace race condition vulnerability. Check the June 21st LWN Security Summary for the original report or BugTraq ID 2873.

This week's updates:

Previous updates:
  • OpenBSD, patches released (June 21st)
  • NetBSD, CVS tree patched (June 21st)

multiple imapd buffer overflows. Check the March 15th LWN Security Summary for the original report. This is also covered in BugTraq ID 2856.

This week's updates:

Previous updates:


Know Your Enemy: Statistics. The HoneyPot has released a new whitepaper entitled "Know Your Enemy: Statistics". Note that statistics aren't the enemy; they have collected statistics on the aggressiveness of current attacks and a proof of concept for predicting future attacks. "In an effort to predict trends, two members of the Honeynet Project took two different approaches. However, their findings were the similar, almost all attacks could be detected two to three days ahead of time".

Xprobe 0.0.1p1. Xprobe, written by Fyodor Yarochkin and Ofir Arkin, is a newly available fingerprinting tool based on Ofir's research in ICMP Protocol Usage in Scanning.

Snort signature for BSD/TESO telnetd exploit. Marty Roesch and Brian Caswell have made Snort signatures available for the Multiple Vendor Telnetd Buffer Overflow Vulnerability.


Upcoming Security Events.
Date Event Location
August 6 - 10, 2001CERT Conference 2001Omaha, NE, USA.
August 7, 2001CIBC World Markets First Annual Security & Privacy ConferenceNew York, NY, USA.
August 10 - 12, 2001Hackers at Large 2001(HAL2001)Enschede, Netherlands
August 13 - 17, 200110th USENIX Security Symposium 2001 ConferenceWashington, D.C.
September 11 - 13, 2001New Security Paradigms Workshop 2001(NSPW)Cloudcroft, New Mexico, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

July 26, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is 2.4.7. See the changelog for the list of fixes in this release. As of this writing, there are no 2.4.8 prepatches, 2.4.7 "ac" patches, or signs of 2.5.0 out there.

Linux Device Drivers, Second Edition, available online. The full text of the second edition of Linux Device Drivers by Alessandro Rubini and LWN editor Jonathan Corbet is now available online on the O'Reilly web site. The book is freely redistributable under the terms of the GNU Free Documentation License.

Finding single-use pages. Daniel Phillips has, for the moment, turned his attention away from directory indexes, and is working on ways to improve Linux's virtual memory performance. To that end, he has attacked the problem of single-use pages - pages in memory that will only be used once. Such pages are often, but not always, associated with file I/O. Single-use pages, clearly, should be the leading candidates to be thrown out when memory is tight; after all, they will not be used again.

The hard part, of course, is figuring out which pages are of the single-use variety. Daniel's approach involves, essentially, initializing a new file I/O page in the "inactive" state. Only on the second access will new pages go into the regular management scheme. With luck, single-use pages will never become truly active, and will get flushed out quickly.

As usual for Daniel's patches, there is an attached description which discusses what's going on far more clearly than we could do it; a reading is recommended for anybody who is interested in how VM works now, and how the change works. Linus really likes the patch, and is looking to integrate it quickly if it holds up in wider testing.

What's that new process in 2.4.7? Sharp-eyed users of 2.4.7 may have noticed one or more new entries in their ps listings that look like:

    3 ?        SWN    0:00 [ksoftirqd_CPU0]
    4 ?        SWN    0:00 [ksoftirqd_CPU1]
These processes are the only user-visible signs of a fairly significant change in the way the kernel performs event handling.

The Linux kernel, like many others, incorporates a "soft interrupt" (or "softirq") mechanism. A softirq is similar to a hardware interrupt, in that it can be delivered asynchronously and is intended to handle events which may not be related to whatever process is running at the time. A softirq, however, is set up by the software itself, and it is delivered at a time that is relatively convenient for the kernel code.

Softirqs exist to enable asynchronous processing that is too large to be handled during a hardware interrupt. An obvious example is the networking code. A hardware interrupt is generated when a packet arrives, but it would be highly inappropriate to perform all of the protocol handling at that time. Instead, the (hardware) interrupt handler performs the minimum possible work; things like acknowledging the interrupt, and, maybe, handing the packet over to the networking subsystem. Then a softirq is requested to actually do something with the packet. Many other device drivers (and other kernel subsystems) use softirqs for deferred processing, often in the form of tasklets and "bottom half" processors.

About a month ago, Andrea Arcangeli pointed out some problems with how softirqs are handled. Up through 2.4.6, there were two places where a softirq would generally be run: (1) immediately after the handling of a hardware interrupt, or (2) in the scheduler. Due to the way things were done, there could be a significant passage of time before a softirq would actually run. More seriously, softirqs could be invoked within softirqs, leading to stack overflows. It was also possible, in some situations, for softirqs to saturate a CPU, starving the rest of the system. For example, a high-bandwidth network stream could bury the system in networking softirqs, making the system unusable.

Andrea's fix was to create a separate kernel thread for the processing of softirqs. In this way, the softirqs are guaranteed to be serialized on each processor (since the thread handles one at a time), and they are unable to take over, since the 'ksoftirqd' process is scheduled like any other (albeit at a high priority). The patch, after some tweaks, seems to handle the problems well and was incorporated into 2.4.7pre5.

Not everybody is happy with the fix - some think that compute-intensive processing, such as network protocol handling, should be moved into its own thread rather than moving the entire softirq mechanism. But those arguments are moot, since the patch has been incorporated. Instead, the real debate now seems to be over how the process should be named: it seems that some people find ksoftirqd_CPU0 to be excessively ugly. Names like kirq0 are being proposed instead. This issue, however, does not look like the kind that reaches a simple, quick resolution...

Filesystem performance compared. Denis Lackovic and colleagues have posted a set of performance comparisons for six different filesystems. The results are surprising at times, and distressingly inclusive. You'll not know which filesystem to use after reading the results, though you'll have learned quite a bit. They were able to determine, however, that people who are concerned about performance should not be using VFAT.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet

July 26, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

DeMuDi GNU/Linux. DeMudi is a proposed new Debian-based GNU/Linux distribution focused on Multimedia work.

Multimedia, and specifically multimedia production, has only recently become well integrated into the Linux kernel. If one wants to use the power of Linux to do multimedia and artistic work, one has to fight through self-compiling the recent programs, with incompatibility of interfaces, availability of hardware drivers and several other related topics, lowering to a considerable amount artistic productivity.

DeMuDi is an effort to overcome this dilemma by providing a customized distribution specifically for this kind of user.

Comments from the Slashdot coverage show interest. For example, DeMuDi plans to include Ardour, a "a multichannel hard disk recorder (HDR), rapidly evolving into a Digital Audio Workstation (DAW). This is apparently difficult to install and setup properly, so having it pre-installed and configured would be appreciated.

DeMuDi is, as a result, a perfect example of why there will always be new Linux distributions. As long as there are sufficient people (sometimes it only takes one) with a common interest that do not feel their needs are met by any of the existing distributions, new distributions will come into being to address these needs.

Someday, of course, support for Multimedia may be widespread enough that a specialized distribution may not be required. On the other hand, if the community supporting it is large enough and the quality of the distribution is high enough, loyalty and common interest could keep this entry in our distributions list indefinitely.

Note that DeMuDi is at an initial phase, building a list of packages they want to include, but has no packages for download. The Computer Music Institute, in Firenze, Italy, and FSF Europe are listed as partners in the endeavour.

MandrakeSoft IPO. MandrakeSoft, creators and producers of the Linux-Mandrake distribution, proudly announced this past week that they have received formal approval from the COB (Commission des Operations en Bourse - the french regulatory organisation) to be listed on the Euronext european stock market "March Libre". The listing should start on the 3rd of August.

This is the first IPO for a Linux distributions company in over a year and also the first we know of outside of the USA stock markets. We wish them the best of luck.

Initial reports indicated that involvement in their IPO process would require French, or at least European, citizenship. That is apparently incorrect, though getting an account setup with one of the approved on-line brokers was required. Note, however, that the deadline for involvement is Friday, July 27th, on which date the opportunity to purchase fixed price shares will be ended. The fixed price is 6,2 euros per share (around $5.50 US).

Check also this CNN article on the IPO. It has some useful information, such as the total amount of money MandrakeSoft could raise, when they hope to be profitable, etc.

Slackware Sparc discontinued. Many people have written in to point out that Slackware announced last week that its Sparc port will be discontinued. A community-based version entitled Splack version appears to be taking the code base and making their own version. (Thanks to James A Morrison)

Correction to last week's edition. Last week, we listed AppuntiLinux as a new distribution. It is not, as several people pointed out to us. Simone Lazzaris commented, "AppuntiLinux is not a distribution, but a huge collection of documentatation about Linux, covering every aspect of installation, configuration, programming and daily working with our beloved penguin. AppuntiLinux, written by Daniele Giacomini, is one of the best source of information for every user, written in plain langage that can be read with ease even by a newbie; in fact, I've started my adventure with Linux reading AppuntiLinux".

Our apologies for the error. Due to time constraints, this editor failed to run the site by our Italian language resource, Jonathan Corbet. Many thanks to all of you who wrote in to correct us.

New Distributions

Tomukas mini-distribution. Tomukas is a Debian-compatible mini-distribution that can run on a 386 with as little as 4MB of memory. (Thanks to Fred Mobach).

Note that, although tiny, this is not a floppy-based distribution. It installs directly onto a partition on a hard drive. The author, Radovan Garabik, uses a Debian rescue disk and an existing MSDOS partition to get started.

Sorcerer GNU Linux. Sorcerer GNU Linux is a new entrant into the distributions list that is a source-based distribution. The distribution is created by downloading source tarballs that are then compiled and installed directly on the local machine. The initial release, 20010721, has only been out for a few days.

Distribution News

Red Hat News. For anyone interested in helping translate Red Hat Linux documents for non-English languages, this note from Trond Eivind Glomsrød covers new procedures for translators. It also provides some brief information on how to become a translator.

Debian News. The Debian Project issued a note voicing their opposition to the DMCA and urging people to read and sign (if they agree) the Community Declaration that calls for the release of Dmitry Skylarov.

The One Hundredth edition of the Kernel Cousin Debian Hurd was released on July 24th. It reports progress with PPP, F3 CDs that are "nearly" ready, the release of GRUB 0.90 and more.

Linux-Mandrake News. This week's Linux-Mandrake Community Newsletter indicates that the release candidate for Mandrake Linux PPC should be released soon.

It also talks about the Clara OCR project, which MandrakeSoft is sponsoring. "Clara OCR is a free (GPL) Optical Character Recognition program for Linux/Unix. It features a powerful GUI and a web interface for cooperative digitalization of printed materials. Clara OCR development started in 1999 and is approaching production level".

Coyote Linux News. A new Coyote Linux FAQ was published on July 17th.

DragonLinux News. The DragonLinux website has been freshly re-done and a new version, based on Slackware Linux 8.0, is promised "soon". DragonLinux is customized to install on top of Microsoft Windows or DOS and co-exist with that environment. " New in this version of DragonLinux is the Loopback file-system. This allows for installation on Windows and DOS partitions, while utilizing the Native Linux (ext2) file system with almost no performance loss."

Redmond Linux News. Redmond Linux is actively seeking channel partners for their distribution.

Minor Distribution updates

  • Astaro Security Linux 1.824, includes minor bug fixes. Astaro is a firewall solution.

  • Mindi Linux 0.33, has been tested with Linux 2.4.7 successfully and now handles NFS mountpoints more gracefully. Larger kernels will now work as well. Mindi creates a bootable CD from your existing distribution.

  • Timo's Rescue CD Set 0.7 was released on July 24th. It contains major feature enhancements, including elimination of the limitation on kernel and/or initrd size, Linux 2.4.6, DHCP support and more.

Distribution Reviews

SuSE Linux 7.2 Professional (Linux in Brazil). Although there is no Portuguese version of SuSE Linux 7.2 (the last version was for SuSE Linux 7.0), the quality of the distribution has made it of interest to Brazilian and other language-speaking Linux enthusiasts. As a result, Linux in Brazil has published this review of SuSE 7.2 (in Portuguese). A (very poor) translation into English can also be procured from Babelfish. Their overall impression seems very positive, despite the lack of up-to-date translations for the documentation.

Section Editor: Liz Coolbaugh

July 26, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

More Java  After last week's coverage of Java runtime environments for Linux, we got a couple of replies. The first comes from IBM's John Kacur, a member of the JIT Java compiler team in Toronto.

In your article you make the observation that Blackdown's Java implementation and IBM's appear to come from different code bases. This is indeed the case. IBM's jvm on Linux Intel is ported from our AIX jvm. Our AIX jvm was ported from Sun code, with IBM contributing many bug fixes and code back to Sun. Our JIT is entirely our own code. It was originally written by a team of IBMers in Tokyo on Windows, and this JIT was then ported to Linux.

He then goes on to say that the reported "floating stack" problem that affects Java on Red Hat 7.1 systems is already handled by the IBM JRE, something we reported (although we didn't state it quite that clearly). The workaround provided in the current releases that addresses this issue won't be necessary in future versions as IBM has a fix for the problem already working in the labs. One final note from Kacur:

The RPMs should be relocatable, so you aren't forced to install them in /opt. You can read the rpm man page for more information about installing relocatable RPMs.

Okay, we knew that one. Win a few, lose a few.

Sun's Java for Linux  The other note we received was from Sun, who felt a little left out of our review. In fact, they were left out, but not intentionally, so we'll include them this time around.

You can always find the most up-to-date information about Sun's releases at http://java.sun.com/j2se. That page has links to the 1.3.1 release as well as to the 1.4.0 release, which is now in beta.

Sun's Java Runtime Environment includes their own browser plug-in, making for a total of at least three alternatives (Blackdown, IBM, and Sun) to the builtin Java support in Netscape.

Choice is good.

Desktop Environments

GNOME Installation Guide 07/2001 published. The latest version of the very useful GNOME Installation Guide has been published. This guide provides a complete listing of libraries and applications associated with GNOME, how to build them and what they do. It's a good reference point if you can get past some of the funky colors (yellow letters on black background, for example - ouch!).

The Omnivore - KDE's flexible I/O architecture (C'T). C'T magazine has published an English translation of an IOSlave tutorial written by Carsten Pfeiffer and Stephan Kulow. "The KIO library itself is modular. Individual I/O modules are called 'kioslaves'. Each slave is responsible for at least one protocol. They do not just deal with network protocols either: they may also implement the reading and writing of compression formats such as tar or gzip, or may extract tracks from an audio CD. "

Proposed Timetable for KDE 3. In order to set some expectations for the post 2.2 release, Waldo Bastian posted a proposed schedule for KDE. The upshot: KDE 2.2.1 in September, KDE 3.0 in January 2002.

GNOME Summary for2001-07-09 to 2001-07-22. This week's GNOME Summary covers the release of Sun's GNOME usability report, the release of the first Evolution 1.0 beta releases, and information on using Galeon in a kiosk.

GNOME at LinuxTag 2001. From the much-too-late dept. at gnome.org comes this look at GNOME participation at LinuxTag 2001.

GNUStep Weekly Update. GNUStep's Weekly Update this week includes updates for MacOS-X interfaces.

Office Applications

KOffice API Reference Available. The API documentation for KOffice has been posted to the KOffice web site for developers to review.

AbiWord Weekly News. The 53rd edition of AbiWord Weekly News is now online. This week saw DocBook importer fixes, the addition of Galician speller files and stomping out of some long standing image cut and paste issues. GNOME Print was also improved, with better memory management and fixes to enable the print preview.

Gnumeric 0.68. A new release of Gnumeric is out, mostly to cover bug fixes but with a few new features, such as frozen panes.

Desktop Applications

WorldForge News: Acorn 0.4. The WorldForge team has released a new version of its second game, Acorn. This release includes a number of new features, including goal-motivated artificial intelligence and a richer collection of artwork, sound effects, and music.

Gimp-Print 4.1.99a2. A new version of Gimp-Print was released this past week. Updates include crash fixes for Epson and Lexmark printers, fixes for preview updates, and the stp driver has been qualified against GhostScript 6.51.

Rockin' in the Free Software World (O'Reilly). This article from O'Reilly examines the breadth of open source tools available to guitarists from tuning, to writing musing, to adding sound effects. "Instrument tuners come in two flavors: fixed-pitch tuners made for a specific instrument, such as a guitar or bass; and chromatic tuners which can tune any instrument. A chromatic tuner can come in handy, even for a guitarist, but we'll stay focused here on some of the better Linux guitar tuners."

And in other news...

GNOME Usability study released. The full report on the Sun's first GNOME Usability study is now available online. Calum Bensom reported that the report expands on his preliminary results presented at GUADEC2.

TheKompany's Shawn Gordon Responds In Full (Slashdot). Here's an interview with Shawn Gordon of TheKompany.com. "Shawn Gordon: When we started 2 years ago we had one product in mind and a very specific goal. Since that time our products have expanded dramatically and so have our goals. Basically we are trying to provide developer software and desktop software on Linux, specifically using KDE. The idea is that you can't have critical mass for users on the desktop without there being some core software available, and you can't necessarily attract developers for specialized software and vertical market applications without there being a critical mass of users. By addressing these two ends of the spectrum we hope to get people on the platform."

City of Largo Adopts KDE 2.1.1. The City of Largo, Florida has migrated to 400 thin client systems running KDE. "The City of Largo is a thin client/X shop. We have 400 thin client devices that support X, 800 total users, and run about 230 concurrently during the heaviest part of the day. For the last 7 years, we have always built one large 'desktop' system that everyone logs into and gets their desktop. ... Previously, this function was done by the IXI Desktop on SCO OpenServer... The Friday cutover was moving all of these users off of Unixware to RedHat Linux 7.1 and KDE 2.1.1 "

.comment: The Desktop? The Desktop! (LinuxPlanet). Here's a rambling LinuxPlanet article on various desktop topics. "KWord, zoomed to 150 percent and entering text in Serifa-12 with anti-aliasing on and a screen resolution of 1600x1200 is just about as pleasant an experience as I've had since my days of DeScribe under OS/2. I'm starting to really like it, and have the feeling that it will be my word processor of choice until further notice. I'll write more about it when I've dug deeper into it, but for now I think it's safe to say that KWord is just about there."

Linux "upgrade" unveiled for Palm III (LinuxDevices). A new embedded Linux distribution is available for Palm IIIx and IIIxe users, according to this LinuxDevices.com report. "Leung said Linux DA's graphical user interface (GUI) is home grown, so it is not based on any of the other available handheld computer Linux GUI and windowing environments, and there is no browser available in the demo version currently available for download."

Section Editor: Michael J. Hammel

July 26, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

Open Source Directory database released in XML format [OSD] The Open Source Directory, who's mission is "to provide a resource for users to find Open-Source applications that are stable," has announced via NewsForge that its directory database is now available for download in an XML-based format. It has been released under the GNU Free Documentation License.

The database consists of nearly 400 stable applications. The News Forge article quotes OSD co-founder Steve Mallett: "'We're following the dmoz model', says Mallett. 'Put the directory information out there for any and everyone to use; not just at OSD. The chances that people will try and use a stable, open-source application increases with the amount of people/websites presenting it.'"

If your application could use such a software list, now is a good time to incorporate the feature. The O'Reilly xml.com resource sites page lists a large number of tools for helping to get the job done.


Alsa 0.9.0 beta 6 released. A new beta version of the Alsa sound card driver and library has been released. There is not much information on what fixes and features are included in this version besides a mention of some compilation bug fixes, but then, it's only a beta release.

WaveSurfer 1.0.4 released. Version 1.0.4 of the WaveSurfer multi-platform soundfile editor has been released. This edition adds Ogg/Vorbis support, Transcription support, localization, and new functionality for HTK/MLF files.


Evolution 1.0 Beta 1 announcement. Ximian announced the release of Evolution 1.0 Beta 1. The Beta 1 preview release begins the countdown to the 1.0 release this fall. Check it out, and don't forget to send bugs to bugzilla.ximian.com!


Choosing a database management system (IBM developerWorks). Uchi Ogbuji looks at the issues involved in choosing a database in an IBM developerWorks article. "The study of databases is a battleground of ideas. The database community is one of the oldest in the computer world, and it is almost as famous as the application programming community for the diversity of its ideas and the sharpness of the debates between its gurus. Lately events have conspired to expose these concerns to a wider audience. For instance, the seemingly inexhaustible march of the Web revolution has exposed more and more developers to database issues because of the desire for ever more dynamic Web sites." The article provides a good overview of the current database technologies that are available, while avoiding discussion of specific databases.

Integrating database access into Linux applications (IBM developerWorks). Alex Roettler looks at the use of MySQL for a web based database application in an IBM developerWorks article. "This article describes MySQL, a useful tool for developing e-commerce and other complicated, dynamic Web sites that make use of third-party databases. MySQL is a fast, multi-threaded, and fully functional SQL server. In addition to describing the basic architecture of the MySQL system, this article offers simple examples in both Tcl and C++ that can start you down the path to developing database-aware Web applications."


SEUL/Edu Linux in education report #49. The July 23, 2001 edition of the Linux in Education Report is available. This issue covers a discussion on how Microsoft anti-piracy measures are boosting Linux acceptance in schools. A bunch of new open source educational software is also reviewed.


Latest Samba News. The latest Samba news includes the addition of Motonobu Takahashi to the Samba team as the local Japanese language expert. Samba 2.2.1 and 2.2.1a are also discussed.

Mail Software

Gypsy Mail 0.6.3 beta released. Version 0.6.3 beta of Gypsy Mail has been released. Gypsy Mail is: " A Python clone of the well-known cgiemail script, with added features and flexibility. This script allows you to set up an HTML form on your website, to collect information from your site's visitors, and send a very nicely formatted e-mail to yourself, or other e-mail addresses." This version adds a customizable success page.


The Open Source Operating System (MD Net Guide). MD Net Guide looks at Linux from a medical professional's point of view: "One problem with this philosophy comes immediately to mind: Just rewrite the code? Are you kidding? Who knows how to do that? While users with the technical know-how can certainly rewrite to their heart's content, most do not possess the necessary knowledge and abilities. Programmers all over the world, however, are constantly working on Linux software, creating a steady stream of updates. Users can also hire programmers to customize programs."


LSB-FHS2.2beta release. The Open Group has released beta 2.2 of the LSB-FHS test suite. The test suite exercises filesystem hierarchy aspects and is aligned with FHS version 2.2.

System Administration

Transitioning from Windows to Linux (IBM developerWorks). IBM has posted a 50 page technical FAQ on transitioning from Windows to Linux. The document is in PDF format and availble for free download.

Web-site Development

Midgard installfest on Aug 14th 2001. Nemein Solutions has organized a Midgard installfest for August 14th, starting at 17:00, in Finland.

Zope 2.4 released, and Digital Creations changes name. The company formerly known as Digital Creations has announced the release of Zope 2.4. Check out the announcement for the list of new features.

In keeping with its focus on Zope, Digital Creations has also announced that it has a new name: Zope Corporation.

Zope Weekly News for July 20, 2001. The July 20, 2001 edition of the Zope Weekly News is available. This issue covers a new CVS update, a new Zope Book, a Zope Developer's Guide beta release, and more.

Apache: Aid From APR (ZDNet). ZDNet examines the Apache Software Foundations library of C functions called APR (Apache Portable Runtime). "These programs will run equally well on Apache on any platform. CGIs written in C will run faster than scripts in languages such as Perl or Python because C programs are precompiled, while Perl and Python must be interpreted on the fly."


Sony survey for U.S. based PS2 Linux developers. Sony has posted a very short survey on their PS2/Linux site to gauge interest from U.S. developers.

Nemein names new board member. Nemein's, a Midgard solutions provider, has named Timo Syrjänen to their board of directors.

Section Editor: Forrest Cook

July 26, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Gnu CLISP 2.27 released. Version 2.27 of Gnu CLISP is available. "This version adds a SETFable EXT:GETENV, optional hostname resolution in EXT:SOCKET-STREAM-PEER and EXT:SOCKET-STREAM-LOCAL, new arguments to EXT:SOCKET-STATUS and more ANSI-compliant pathname handling. It also fixes some FFI and binary I/O bugs."

cCLan News for July 18, 2001. The July 18, 2001 edition of the cCLan News has been announced. This issue contains a list of new and updated packages and covers the effort to add cCLan support to OpenMCL.


PHP Weekly Summary for July 23, 2001. The July 23, 2001 edition of the PHP Weekly Summary is out. Topics include bug system changes, an SID/gzip bug, revisiting the autocasting bug, new XSLT extensions, an SRM beta, and a fix to the cURL extension.


Python 2.1.1. Guido van Rossum has announced the release of Python 2.1.1. This release fixes bugs from 2.1; it also features a GPL-compatible license.

PyWebLib 1.0.4 released. Version 1.0.4 of PyWebLib has been announced. This version features several bug fixes.

PyChecker 0.7.5 released. Another release of PyChecker, the Python language code checking program has been announced. This version adds the ability to suppress various warnings, has several new command line options, and fixes several bugs.

Last File Manager 0.4. A replacement for Midnight Commander in Python/curses has been released. LFM (Last File Manager) is usable but still under development.

Dr. Dobb's Python-URL! (Jul 25). This week the Python world covered discussions on using Python with XML (and WSDL), how Python fits in a .Net world, and issues with combining Python with C++. See Dr. Dobb's Python-URL! for more details.


Dr. Dobb's Tcl-URL!, July 23. The Dr. Dobb's Tcl-URL! for July 23, 2001 points readers to ActiveState's release of ActiveTcl, the TSIPP Workbench and back to LWN for Conectiva's security advisory on Tcl's default runtime library.


Combining Python and C++ (O'Reilly). Stephen Figgins looks at various tools for combining C++ and Python programs in an O'Reilly ONLamp.com article. "Python and C++ easily compliment each other. Python gives you rapid development and flexibility, C++ gives you speed and industrial strength tools. While there is no standard tool for extending Python with C++, there are many Python wrappers to C++ libraries, particularly GUI toolkits. The developers of these interfaces haven't just given us the wrappings, they have given us the wrappers as well, tools to give any C++ object a Python interface."

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Announcements from O'Reilly Convention. At this writing the O'Reilly Open Source Convention is in full swing. Now O'Reilly Con isn't one of those big commercial events like Comdex or LinuxWorld where you can see all the latest toys and snappy apps and the press releases swell this section to two or three times normal size. The O'Reilly conference is a place where developers go to talk about new technologies and open source projects. This year's conference, however, has been generating a buzz in the commercial world.

Perhaps it started with the debate between Red Hat CTO Michael Tiemann and Microsoft Senior Vice President Craig Mundie. The topic: "Shared Source vs. Open Source". Interesting, no doubt, but most developers have already made up their minds on the topic, and they are not likely to be swayed by any arguments given here. What is more exciting are the open source announcements from Hewlett Packard Company and Sun Microsystems.

HP Labs created cooltown, a developer's community with a "vision of a technology future where people, places, and things are first class citizens of the connected world, wired and wireless". The CoolBase open source project, launched at O'Reilly Con, provides the initial set of building blocks for researchers and advanced developers to create cooltown services and environments, and to participate in a community of like-minded experts. So CoolBase isn't really the sort of product usually covered here, but it may well be used to develop those future products that will drive the crowds at Comdex wild. LinuxDevices also has more information on CoolBase.

Sun Microsystems first introduced the Sun(TM) Grid Engine software in September 2000. The Sun Grid Engine is a resource management system. It makes systems more productive by putting idle resources to work. The program has always been freely available, but this week Sun announced the release of the source code for the Grid Engine. CollabNet will be helping Sun to manage the code which will be licensed under the Sun Industry Standards Source License.

LPI Announces New President And Director. The Linux Professional Institute (LPI) announced the appointment of Chuck Mead as President and of James Lacey to the LPI Board of Directors. Mead is LPI's second President, replacing Dan York who has held the position since the Institute's inception in 1998. Mead is a co-founder of LPI, the CEO of Moongroup Consulting and former CTO of LinuxMall.com. James Lacey has been involved with LPI since 1999 and is CEO of Bradford Learning, a company formed by the spinoff of Linuxcare University.

A new boss at SuSE. SuSE has announced that Johannes Nussbickel, previously chief financial officer at the company, will be taking the chief executive officer position. Former CEO Roland Dyroff is taking a seat on the board of directors.

Sleepycat Releases Berkeley DB version 3.3. Sleepycat Software, Inc. announced Berkeley DB version 3.3, which provides features for high availability and support for the Lineo Embedix embedded Linux operating system.

Sair Linux and GNU Newsletter #9. Here is the ninth Sair Linux and GNU Newsletter. Sair will once again be offering Linux certification at LinuxWorld; Sair self-study kits are available; and other topics are covered.

Linux Stock Index for July 19 to July 25, 2001.

LSI at closing on July 19, 2001 ... 28.08
LSI at closing on July 25, 2001 ... 28.09

The high for the week was 28.09
The low for the week was 28.01

Press Releases:

Open source products

Proprietary Products for Linux

Hardware with Linux installed

Products and Services Using Linux

Products With Linux Versions

Java Products


Investments and Acquisitions

Personnel & New Offices

Financial Results

Linux At Work


Section Editor: Rebecca Sobol.

July 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Open-source brouhaha: Missing the point (ZDNet). Collab.net founder Brian Behlendorf offers an commentary on how the meaning of open source may have been lost recently. "What the open-source community has proven is that individuals--and, by extension, companies--can work together on a much more discrete, iterative level...It may seem chaotic at times; for programmers, balancing the requirements of their employers with that of the other participants may be a constant challenge. But it can work."

mySQL vs. mySQL (VarLinux). Nicholas Petreley looks at the NuSphere/MySQL disagreement. "Now, if I -- as a fan of mySQL -- am tempted to replace mySQL with PostgreSQL, don't you think a lot of other folks are, too? Well, what do you think would send them packing for the PostgreSQL hills faster than Fear Uncertainty and Doubt? That is exactly what is produced by an ugly court battle and a contentious fork of the mySQL database."

DMCA and Dmitry Skylarov

Congress No Haven for Hackers. Wired is carrying a story on the DMCA which quotes the chief sponsor of the act as saying it was working as they'd hoped. "As far as I know there have been very few complaints from intellectual property holders," Coble, the chief sponsor of the DMCA, said in an interview Tuesday. "I am also encouraged by the Department of Justice's actions in this matter to enforce the law."

Computer scientists boycott US over digital copyright law (New Scientist). New Scientist reports on the Sklyarov affair, and, in particular, the concerns that many hackers may now have about going to the U.S. "[Alan] Cox is not alone in his concerns. The organizers of one conference that concentrates on testing the security of data protection systems, the International Information Hiding Workshop, have already decided to no longer hold the event in the US."

FBI Arrest of Russian Software Developer May Trigger Copyright Fight (law.com). Law.com is running an article about the arrest of Dmitry Sklyarov. "But the controversy has caught the attention of some in Congress. Rep. Rick Boucher, D-Va., has said he intends to introduce legislation to modify the [DMCA]. His office did not return phone calls seeking comment. But [EFF attorney Robin] Gross said Boucher has talked about making it legal to circumvent blocking devices when one owns the material that is being blocked."

Free Dmitry Sklyarov! (Linux Journal). Here's a look at the DMCA and how it has turned the life of Dmitry Sklyarov into a nightmare. "Let's say you're having a nightmare. You're living in a dictatorship, a police state. The Leader's younger brother runs a State-owned factory that makes nails and screws. However, the State's engineers have been unable to figure out how to make nuts and bolts that, as fasteners go, are technically superior. To protect his younger sibling from nuts-and-bolts competition, The Leader announces a new Law that makes nuts and bolts illegal. Of course, this is stupidity writ large, because The Nation's economy needs nuts and bolts. But The Leader and his sibling could care less. They're out to enrich themselves, not the people."

Boycott Adobe campaign launches (Register). The Register covers the Dmitry Sklyarov case. " The affidavit in the case states that Advanced eBook Processor would allow anyone to read an eBook on any computer without paying the fee to the bookseller. ElcomSoft denies it is involved in facilitating copyright piracy and said its program only increases a purchaser's control of legitimately purchased eBooks."

Hacker Arrest Stirs Protest (Wired). Wired looks at the protests following the arrest of Dmitry Sklyarov. "In San Francisco on Wednesday evening, campaigners met at the home of one outraged activist to plan strategy. Some cypherpunks have created BoycottAdobe.com, which blames Adobe for "abusing U.S. copyright law to protect their cash-flow," and others are hunting for San Francisco-area natives who can vouch for Sklyarov's character -- so he can be released on bail."


Nailing shut the cyber back door (News.com). C|Net's NewsMakers Q&A this week talks with Bastille Linux leader Jay Beale. "What the penetration testers will tell you is that as soon as any of them get a password, they immediately try them everywhere they see the person using machines. If I can steal the password from your toaster one day, I am going to try that on your top-secret machines at work."

Apache avoids most security woes (ZDNet). This eWeek analysis says that last serious remote vulnerability to Apache was reported in 1997, with lesser problems in 1998. Since then few serious security problems have been exposed, while IIS remains a constant problem. "Going over Apache's security advisories back to the server's Version 1.0 days shows that the secret-in addition to solid coding and scrutiny-lies in a minimalist design, careful attention to detail and a configuration process that makes it easy for administrators to know what's going on."

White House Web site moves to Linux (Register). To avoid effects of a DoS from the Code Red worm, administrators at the White House moved their server to a Linux box. "The move onto Linux is interesting but should be seen as the incidental consequence of moving the site so that it is hosted by a peering firm, not a ringing presidential endorsement of the open source operating system."

SSH hits the fan for Unix admins (Register). Problems in SSH Secure Shell 3.0.0 can allow remote root access to systems, according to this report from The Register. Note that this vulnerability only affects systems that have installed the proprietary SSH Secure Shell from SSH Communications. The Open Source OpenSSH program is not affected (and is shipped by default with most recent Linux distributions).

"Because of weak password authentication to the SSHD2 daemon it's been discovered that accounts with password fields consisting of two or fewer characters can be compromised using any password, including an empty password. Only Unix systems are affected by the vulnerability, which could be exploited by hackers to take control of servers."

Cool Toys

Building a Droid for the International Space Station (Science@Nasa). Now all we need is the lightsaber. "This 15.2 cm (6 in.) robot will fly autonomously around the shuttle or space station, floating effortlessly in orbital free fall and propelling itself with 6 small ducted fans." And yes, it runs Linux.

Meet Isamu, the humanoid robot (LinuxDevices). LinuxDevices.com looks at Isamu, the Japanese robot project. "The onboard computer, equipped with dual 750MHz PentiumIII processors running RTLinux, provides real-time servo and balance compensation, and coordinates the robot's 3D vision and motion-planning software modules."

An animated BusyBox mini-tutorial (LinuxDevices). LinuxDevices has a Flash-based animated tutorial on using BusyBox. "BusyBox includes the functions of many common UNIX utilities within a single small executable. It thereby provides a fairly complete command environment for small or embedded systems."


IBM wants Linux to get down to business (Reuters). Reuters has put out (via NewsAlert) an article covering IBM's new support for Linux on its mainstay iSeries servers, aimed at small and medium-sized businesses. "Including Linux on its eServer iSeries will likely further IBM's efforts to get more businesses using Linux, according to Salomon Smith Barney analyst John Jones. "It is the most prolific application machine," he said. Some 700,000 of the iSeries are already installed, according to IBM, which counts about 250,000 active customers for the iSeries".

Sun to back new open-source project (ZDNet). Sun intends to announce a new open source project at the upcoming O'Reilly open source conference. The project, known as the Grid Engine Project, will fall under the Sun Industry Standards Source License. "Tollefsrud said there were three main reasons for making the Grid Engine software open source. First, Sun believes the open-source model is the way to spur development of the evolving technology."

Major Caldera shareholders may sell (News.com). Caldera investors Tarantella and MTI Technology will soon be eligible to sell their shares, according to a recent SEC filing. "What this will allow is for them in an orderly way to sell their shares if they want and when they want in the future," Caldera Chief Financial Officer Bob Bench said in an interview. "That way we can work with them in placing those shares with institutions that like our space now."

New hires at Open Source Development Lab (News.com). The Open Source Development Lab has hired two prominent Linux programmers according to this brief News.com article.

SuSE Linux cuts jobs, hires new CEO (ZDNet). According to this ZDNet report, SuSE has cut 10% of its workforce while promoting its former CFO to CEO. The cuts appear to affect only the nontechnical sector of the company.

Lineo reduces workforce by 13 percent (LinuxDevices). Last week Lineo cut its staff by 42 people worldwide, leaving its workforce at 280 members. "Lineo is starting out the current quarter with greater than five times the contracted pipeline (backlog) as there was at the beginning of the last quarter." The layoff was due to the fact that Lineo "had hired based on higher growth projections, prior to the market downturn,"

French Linux company braves IPO waters (News.com). C|Net covers MandrakeSoft's IPO plans. ""When I look at the consolidation of the Linux market, I think MandrakeSoft is one of the few companies that will survive, even though Red Hat has become the de facto standard for enterprise," said Giga Information Group analyst Stacey Quandt. MandrakeSoft's Linux still is popular with programmers and others who are looking for desktop software rather than the types of products offered by the server-oriented Red Hat, she said."


Is a New Wave of Linux-Based Wireless Coming? (NewsFactor Network). This editorial says Linux on the PDA needs applications but its open nature is more suited to bringing those applications to market. "Now, with high-speed wireless data services about to hit the market, it is likely that if new Internet applications are developed for Linux first, the OS could gain an edge over its stodgy competitors. Rudy Price, chairman and chief executive of Linux technology company RidgeRun, said he believes that is exactly what will launch the success of Linux embedded on PDAs."

Gnome gets Mono (InfoWorld). Nick Petreley thinks Mono is designed to rein in GNOME developers gone wild. "De Icaza may assume the common-language run time will live up to his expectations, but to bet on it now sounds to me like the kind of compulsive decision-making that caused Gnome to be built on the haphazard architecture that created the problems Mono is supposed to solve."

Linux Takes On Big Jobs (ZDNet). Rubbermaid went from $6000 per month to manage its routers to a one time charge of $180 for SuSE's mainframe Linux distribution. "Rubbermaid previously outsourced the same function and paid $6,000 per month. Watkins said he spent about 200 hours getting the Linux system up and running, but that it's now "pretty much self-sustaining." Rubbermaid purchased mainframe Linux for $180 from SuSE."


Embedded Linux Newsletter for July 19, 2001. The Embedded Linux Newsletter for this week covers a new Palm-based Linux OS and editorials on the future of Linux/Java and the nature of MP3.


The Agenda VR3 PDA (Linux Journal). Linux Journal reviews the Linux-based Agenda VR3 personal digital assistant. "The VR3 comes with more applications than a standard Palm-based PDA, including the things that you would expect such as Contacts for an address book, Schedule for appointments, Notes for scribbling, Calculator and Expenses. Plus there are lots of games."

Review: a Linux Programming Book for Beginners (Linux Journal). Linux Journal reviews the Osborne McGraw-Hill published Richard Petersen text for beginning programming on Linux. "New comers to Linux programming will find the book suitable, with all the example code annotated and commentary that points to the particular technique illustrated. Besides, the book is targeted as a learning tool for teaching programming concepts."


Durham, N.C., Technology Executive Discusses 'Open Source' Programming (The News & Observer). The Raleigh, North Carolina, based News & Observer interviewed Michael Tiemann in anticipation of this week's planned debate between Michael and Microsoft's Craig Mundie. "From my perspective, the true way of evaluating what's best is evaluating what's best for the customer".

An interview with Lineo's COO, Matt Harris (LinuxDevices). Lineo's COO Matt Harris talks with LinuxDevices about philosophy and practice in the embedded Linux world. "With all of the FUD generated by Microsoft (the GPL is a "cancer") and Wind River, this issue has become more important. Our plan is to assemble a trade association of companies interested in supporting Linux, with the FSF an active organizer and participant. Through this association, our hope is to establish a compliance program to give companies the assurance they need that they have complied with the GNU GPL."

Open-source challenge to the musical status quo (News.com). Ogg Vorbis team leader Christopher Montgomery is interviewed by C|Net News.com about that project's goals to replace MP3. "People had been worried for years that MP3 looked free, but there were all these scary, looming patents. Unisys had lowered the boom on GIF a few years earlier. Suddenly, it stopped being academic when (Fraunhofer) did the same thing with MP3. Some hackers went looking for legal loopholes to keep working on the MP3 standard. I decided to just replace it."


Microsoft releases Windows CE code (News.com). Microsoft is releasing Windows CE as so-called "shared source", with all the legal implications that may have to those who use it. "There are strings attached to sampling the Windows CE source code, though. In addition to the prohibition on using or distributing modified versions of Windows CE for commercial purposes, people must sign up for Microsoft's Passport service before getting access."

Section Editor: Rebecca Sobol

July 26, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



freekde.org hits the net. A new news site called freekde.org is on the air. Not surprisingly, its coverage is oriented toward KDE development.

Tip Of The Week: strace Your Problems Down. "strace" traces the system calls a program makes, so you can see what a program is doing, even if you don't have the source available. LinuxLookup has more about strace in this week's TOTW.


Open Innovation Conference canceled. Open Country's Open Innovation Conference, previously scheduled for July 31 - August 1, 2001 has been canceled due to a lack of participation.

JabberCon 2001, a Jabber Users Conference. Jabber, Inc., developer of Jabber open software instant messaging (IM) and other applications, along with leaders of the Jabber open source project and the Jabber Foundation, announced JabberCon 2001, a conference dedicated to accelerating development of the Jabber community, products, services and standards. JabberCon 2001 will take place August 20 - 21, 2001 in Keystone, Colorado.

5th Annual Linux Showcase and Conference. ALS is coming to the Oakland Convention Center in Oakland, CA on November 5 - 10, 2001. A preliminary tutorial schedule has been announced.

TR100 to Celebrate Exceptional Innovation; Coveted Award and Gala Slated for May '02. Technology Review, MIT's magazine of innovation, announced that it will honor TR100 innovators on May 24, 2002 at the Massachusetts Institute of Technology. Nominations are open until October 1, 2001.

Events: July 26 - September 20, 2001.
Date Event Location
July 26 - 27, 2001O'Reilly Open Source Software ConventionSan Diego, California
July 26 - 28, 2001The Ottawa Linux Symposium 
July 28 - 29, 2001Rocky Mountain Software Symposium 2001(RMSS 2001)(FourPoints Sheraton in Cherry Creek)Denver, Colorado
August 2 - 4, 2001Yet Another Perl Conference Europe 2001(YAPC)(Hogeschool Holland)Amsterdam, Netherlands
August 4 - 5, 2001LinuxCertified Linux System Administration BootCampCupertino, California
August 13 - 18, 2001IPsec Interoperability Workshop (Bakeoff)Espoo, Finland
August 14 - 16, 2001Embedded Internet Conference 2001Santa Clara, CA
August 14 - 16, 2001LinuxWorld ChinaBeijing, China
August 19 - 22, 2001Forum 2001University of California at Santa Cruz, Calif.
August 20 - 24, 2001HP World 2001(McCormick Place)Chicago, IL, USA.
August 20 - 21, 2001JabberCon 2001Keystone, Colorado
August 23 - 25, 2001LinuxWorld Hong KongHong Kong
August 26 - 30, 2001LinuxWorld Conference & ExpoSan Francisco
September 2, 2001Erlang Workshop - FirenzeItaly
September 4 - 7, 2001Embedded Systems Conference(Hynes Convention Center)Boston, MA
September 6 - 7, 2001Open Source Health Care Alliance(OSHCA)(The Posthouse Hotel Kensington)London, UK
September 12 - 13, 2001Linux ExpoBirmingham, UK
September 17 - 20, 2001O'Reilly Peer-to-Peer Conference - Washington, DC. 
September 17 - 18, 2001Red Hat TechWorld(Brussels Expo)Brussels, Belgium
September 17, 2001XML Information DaysAmsterdam
September 18, 2001XML Information DaysBrussels
September 19, 2001XML Information DaysMunich
September 20, 2001XML Information DaysZurich

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

Es.Toolinux.com celebrates new partnerships. Es.TooLinux.com, the Spanish speaker's portal, announced two new partnerships with professional and amateur Linux Community members.

User Group News

LUG Events: July 26 - August 9, 2001.
Date Event Location
July 27, 2001The Nashua Chapter of the Greater New Hampshire LUG(GNHLUG)(Martha's Exchange)Nashua, NH.
July 28, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
July 28, 2001Central Ohio LUG(COLUG)Columbus, Ohio
July 31, 2001
August 7, 2001
Kalamazoo Linux Users Group(KLUG)(Western Michigan University)Kalamazoo, Michigan
August 1, 2001Silicon Valley LUG(SVLUG)San Jose, CA
August 1, 2001Southeastern Indiana LUG(SEILUG)(Madison/Jefferson County Public Library)Madison, IN
August 1, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
August 2, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
August 2, 2001Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
August 2, 2001UNIX/Linux Special Interest Group of the Dayton Microcomputer Association(DMA office at 119 Valley St)Dayton, OH, USA.
August 2, 2001SSLUG: Hyggemöte på Malmö HögskolaDenmark
August 4, 2001Twin Cities Linux Users Group(TCLUG)Minneapolis, MN
August 4, 2001Sheffield LUG(ShefLUG)(Sheffield Hallam University)Sheffield, UK.
August 4, 2001LEAP-CF InstallfestOrlando, FL.
August 6, 2001Haifa Linux Club(Technion CS dept. bldg.)Haifa, Israel
August 7, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
August 7, 2001Omaha Linux User Group(OLUG)Omaha, Nebraska
August 7, 2001Missouri Open Source LUG(MOSLUG)Kirkwood, Missouri
August 8, 2001Toledo Area Linux User's Group(TALUG)Toledo, OH
August 8, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
August 8, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
August 9, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
August 9, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.
August 9, 2001Kernel-Panic Linux User Group(KPLUG)San Diego, CA

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

Section Editor: Rebecca Sobol.

July 26, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Five years ago Red Hat released "... the world's most dangerous Linux distribution:" Red Hat Linux - 3.0.4 (Rembrandt) BETA.

Four years ago SuSE 5.0 was released.

[LT on Forbes] Three years ago (July 30, 1998) LWN wondered about the future of the Linux community as our favorite OS grew from its grassroots origin to an enterprise platform. Linux support from Oracle and Informix had been confirmed. There were rumors of IBM support and Linus Torvalds made the front cover of Forbes - an unheard-of level of recognition at that time.

A guy named Dave Whitinger announced the expansion of his "Three Point Linux News" service. A few more months later that service evolved into LinuxToday.

The development kernel was 2.1.112 - and alleged to be in deep feature freeze. The 2.0.36 stable kernel release was in the prepatch stage. The beer-drinking penguin logo in the development series came under criticism - some people thought it would cause Linux to be taken less seriously. It eventually came out.

This was also a big week for Linux distributors; "maXimum CDE/OS" was put out by Xi Graphics, Linux-Mandrake had its first release. Also SuSE 5.3, LinuxPPC Inc. announced PowerPC Linux Release 4, and Debian 2.0 included KDE.

Two years ago (July 29, 1999 LWN): The Netscape/Sun alliance backtracked and said that the Netscape Application Server would not be made available for Linux. Both IBM and VA Linux Systems announced plans to get into the Linux support business. Rumors went around that the (rumored) Transmeta processor would be used in the (rumored) new Amiga.

Speaking of rumors in 'Three years ago' (above) we noted rumors about IBM supporting Linux. By this time, those rumors had become fact. ZDNet reported IBM Falls Hard For Linux.

IBM has already announced it was offering contract support for Linux through its Global Services Unit. It will finish moving its DB2 relational database system to Linux at the end of July and will make the Lotus Notes Domino Web server available under Linux by year's end. With software and services in place, the last piece of the IBM's Linux strategy was hardware support.

IBM was still gearing up.

No kernel releases happened this week; the stable kernel remained at 2.2.10 and development at 2.3.11. Stephen Tweedie's raw I/O patch was accepted, however, providing a long-missing functionality to the system.

Both the SourceXchange and CoSource.com were ramping up their operations and Bruce Perens launched Technocrat.net. CoSource.com is still in business. SourceXchange developers CollabNet pulled the plug on that project. Though Techocrat.net has not been active for a while, archives are available on that site, along with a note announcing that a new Technocrat.net is "coming soon".

One year ago (July 27, 2000) LWN editors were in a mood to reminisce, looking back to the July 30, 1998 edition (see three years ago, top). In '98 we wondered how the Linux community would handle the transition into a mainstream OS. Our conclusion in 2000:

Will commercial pressures tear the development community apart? Or maybe the developers will take off looking for the next cool thing, now that Linux is mainstream. All of those things could yet happen, but, thus far, they have not. Things look good for Linux development.

The distributions page also remembered the many distribution announcements made this week in 1998 (see three years ago, above).

LWN editor Jon Corbet had just returned from the Ottawa Linux Symposium. His description:

With a program dominated by Linux developers, lots of time set aside for people to talk, access to good beer, and no exhibit floor it was truly a hacker's event.

The 2600 case (2600 Magazine was sued by the MPAA for having mirrored the DeCSS code) had just concluded testimony in New York. LiViD project leader Matt Pavlovich demonstrated a working open source Linux DVD player during the testimony.

SecurityPortal's Kurt Seifried released his Linux Distribution Security Report. This was, perhaps, the first serious attempt to track how various distributions responded to security announcements.

The current development kernel release was 2.4.0-test4. Alan Cox pulled out of 2.4 work. Linus called for a new status list maintainer, as Alan's departure meant that no one was doing that job. Ted Ts'o stepped in and is now the list maintainer.

Section Editor: Rebecca Sobol.

July 26, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

July 26, 2001

From:	 Alan Cox <alan@lxorguk.ukuu.org.uk>
To:	 alschair@usenix.org
Subject: Resignation from ALS, Skylarov affair...
Date:	 Fri, 20 Jul 2001 12:31:02 +0100 (BST)
Cc:	 editor@lwn.net, editors@newsforge.com, gnu@eff.org

I hereby tender my resignation to the Usenix ALS committee.

With the arrest of Dimitry Sklyarov it has become apparent that it is not
safe for non US software engineers to visit the United States. While he was
undoubtedly chosen for political reasons as a Russian is a good example for
the US public the risk extends arbitarily further.

Usenix by its choice of a US location is encouraging other programmers, many
from eastern european states hated by the US government to take the same
risks. That is something I cannot morally be part of. Who will be the next
conference speaker slammed into a US jail for years for committing no crime?
Are usenix prepared to take the chance it will be their speakers ?

Until the DMCA mess is resolved I would urge all non US citizens to boycott
conferences in the USA and all US conference bodies to hold their
conferences elsehere.

I appreciate that this problem is not of Usenix making, but it must be addressed

Alan Cox

From:	 "Jon 'maddog' Hall, Executive Director, Linux International" <maddog@li.org>
To:	 alan@lxorguk.ukuu.org.uk
Subject: Your very public message
Date:	 Fri, 20 Jul 2001 14:43:12 -0400
Cc:	 "Bryan C. Andregg" <bandregg@redhat.com>, maddog@linux.local,
	 ellie@usenix.org, editor@lwn.net, editors@newsforge.com, gnu@eff.org


Your decision to boycott the ALS event is certainly yours to make, and I
deeply regret the situation that caused you to make it.

However, to chose ALS as the focus of your first message on this I feel is
a little unfair, particularly with the recent steps that USENIX has taken to
working with the EFF to defend the rights of University professors to publish
their research works around DCMA.  These professors were threatened with suit
by various large companies, and through the efforts of EFF and USENIX, these
companies are now backing down from their suits.

Your wording around USENIX "choosing a US location" ignores the fact that
ALS has always been in the US, the same way that Linux TAG has always been
in Germany, and the Linux Kongress has (almost) always been in Germany, with
occasional visits to the Netherlands.  USENIX has co-sponsored in the past
and continues to co-sponsor non-US events.

Also I do object to your statements that the US Government "hates" eastern
european states.  I seem to remember much pressure from the US to
lower the Berlin wall, and to allow more freedoms for eastern european people.

I believe this to be a case where someone broke a US law from afar over
this global thing called the "Internet" and then tried to take advantage of a
US-based conference.  If this is the case, then it may be a mis-directed
legal system, but I doubt that it was fueled by "hate."  Your inference that
"hate" fueled this incident is distasteful.

As I said, your right to leave the ALS program committee, or even to urge
others to boycott US events is yours to make, and I support your right to make
it.  Your points about other developers (foreign or otherwise) who have
violated US laws in their coding is probably more than valid.

I do, however, ask that you direct your venom to those who deserve it.

Warmest regards and greatest respect,

Jon "maddog" Hall
Executive Director           Linux(R) International
email: maddog@li.org         80 Amherst St. 
Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
WWW: http://www.li.org

Board Member: Uniforum Association, USENIX Association

(R)Linux is a registered trademark of Linus Torvalds in several countries.

Jon "maddog" Hall
Executive Director           Linux(R) International
email: maddog@li.org         80 Amherst St. 
Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
WWW: http://www.li.org

Board Member: Uniforum Association, USENIX Association

(R)Linux is a registered trademark of Linus Torvalds in several countries.

From:	 Shane Kerr <shane@time-travellers.org>
To:	 letters@lwn.net
Subject: MySQL.com seems to have time to hack
Date:	 Thu, 19 Jul 2001 11:52:10 +0200

LWN Editors,

I work at a company that has a support contract from MySQL AB, and I've
had excellent support from them (far better than support from any
proprietary shops I've tried to get support from in the past, e.g.
Oracle, Sun, DEC).  In the midst of all of the MySQL.org fiasco I
discovered a problem with the handling of certain updates in MySQL, and
was sent a patch this morning to fix it.

I've never had any experience with NuSphere, but in my opinion the MySQL
AB folks are Stand Up Guys, and are certainly not too busy fighting
instead of hacking.

As always, of course, all opinions are my own

From:	 Lucy Brooks <lucy@brooks.fdns.net>
To:	 lwn@lwn.net
Subject: Adobe complaint answers itself
Date:	 Thu, 19 Jul 2001 17:16:50 +0800

One of the first things to strike the eye when reading Adobe's complaint 
against Dmitry Sklyarov is the tricky wording of the DMCA:

    Sec. 1201. (Circumvention of copyright protection systems)
        (a)(2) and (a)(2)(A):

    No person shall manufacture, import, offer to the public,
    provide or otherwise traffic in any technology, product,
    service, device, component, or part thereof that [...] is
    primarily designed or produced for the purpose of
    circumventing a technological protection measure that
    effectively controls access to a work protected under
    this title;

Even if one accepts that Dmitry's program by itself is able to circumvent `a 
technological protection measure' (which the FBI apparently do not), one has 
to wonder if `effectively controls' is a useful phrase, for two reasons.

Firstly, the display of a `protected' work is in itself a demonstration that 
the `technological protection measure' in question does not effectively 
control the work.

Secondly, does `controls access to' including controlling access BEYOND the 
controls offered by copyright? I would think that for free speech reasons 
alone the prevention of excerption would be unlawful, and certainly the 
prevention of much other `fair use' goes well beyond the copyright holder's 
mandate to protect their work. In other words, what the `technological 
protection measure' is ineffectively attempting to control includes acts 
which are not a violation of copyright rights. In other words, this 
`technological protection measure' represents an unlawful extension of 
copyright powers beyond those laid out in copyright legislation.

Even ignoring the basic stupidity of failing to distinguish fair use of their 
copyrighted work, the Affidavit shoots itself in the foot. It asserts that 
Tom Diaz, Senior Engineering Manager for Adobe's eBook Development Group, 
believes that `the Elcomsoft software program, coupled with the Elcomsoft 
unlocking key, circumvents protection'. But Dmitry Sklyarov DID NOT PROVIDE 
Daniel J O'Connell (the swearer of the Affidavit) with an `Elcomsoft 
unlocking key', and so did not provide him with the means of decrypting an 
eBook. In point of fact, as Adobe themselves helpfully point out (and supply 
a copy of the appropriate email), one Vladimir Katarov provided the `key'.

On top of this, although Dmitry is the copyright holder of `the Elcomsoft 
software program' there is no actual evidence that he wrote it and even if 
there were some way of proving this, it would have to be done IN THE UNITED 
STATES to be illegal, nor is there any evidence that Dmitry personally 
provided anything to anyone IN THE UNITED STATES.

All Dmitry has done IN THE UNITED STATES is to make a speech. Neither making 
a speech nor holding a copyright count as any of `manufacture, import, offer 
to the public, or otherwise traffic' in relation to circumventing protection. 
Adobe may be able to hammer Register Now or Elcomsoft, but they cannot touch 
Dmitry unless they are able to prove that he wrote some significant part of 
the `circumvention device' IN THE UNITED STATES.

There are other possible ways to `get' Dmitry but none of them relate to 
1201(b)(1)(A) and all of them are difficult to prove. As has been pointed out 
in detail in many places, the DMCA is a stupid piece of legislation wide open 
to abuse, only capable of protecting technical incompetence (and as I 
mentioned above, may not even protect that) and needs to be repealed.

Cheers; Leon
From:	 Igor Bukanov <boukanov@fi.uib.no>
To:	 letters@lwn.net
Subject: Why applets fail
Date:	 Thu, 19 Jul 2001 11:26:21 +0200

The problem with failed applets you mentioned when tested JRE plugins is 
caused by using JDK 1.1 compiler that generated code JRE 1.3 verifier 
did not like. And although the applets can be recompiled with JDK 1.3 
compiler or IBM's jikes to produce code that is OK for any JDK, the new 
code may not run with Microsoft JVM due to bugs in its JIT. And 
Microsoft JVM now days is used in 90% of cases to run applets.

Regards, Igor

From:	 <mschwarz@alienmystery.planetmercury.net>
To:	 letters@lwn.net
Subject: Java COULD be a good choice
Date:	 Fri, 20 Jul 2001 15:48:59 -0500 (CDT)

I'd like to respond breifly to Gerard Fernandes' letter in the last issue
of lwn.net.  I am presently a 100% Java programmer (with C++, C, perl,
Python, Pascal, and Assembly langauges back to the 8080 in my toolkit) and
I share his enthusiasm for the language.  It gets so much RIGHT.

I would, however, point out that it is the tight legal control that Sun
maintains on Java that holds it back.  Linux implementations of Java are
amongst the pporest performers (although this has seen dramatic
improvements in the last 12 months), and Sun's ongoing refusal to put Java
under a standards body has been the biggest impediment to its universal
adoption as the applications language of choice (IMHO).

Microsoft's .NET would die on the vine tomorrow if Sun would submit both
VM specification and the JDK (language spec and class libraries) to
IEEE and/or ANSI for standardization.  It would REALLY take off (again,
IMHO) if they would put the whole JDK under the GPL.

Perhaps I'm being obtude, but since they give the binraries for these
tools away, I'm not sure how their revenue would be changed if they gave
away the source code as well.

The fear of fragmentation is legitimate, but remote I think.  If they put
up all the infrstructure: Web site, CVS server, developer's forums, etc.,
there would be little incentive for competing versions of the product.  It
would also allow real innovation like http://www.jython.org to have an
easier time of it.

So, I agree about the strengths of Java as a language for many things, but
I disagree that it is a suitable platform for Free Software or Open Source
software, just because Sun could at any time redefine what Java is and
everyone everywhere would have to adapt or die.

Truth is, I can't see why anyone would choose a proprietary product when a
truly open alternative is available.  Java is almost there, but Sun has to
go all the way if they want this heart and mind to adopt Java as a
development standard for Open Source projects.

Michael A. Schwarz

From:	 Fred Mobach <fred@mobach.nl>
To:	 letters@lwn.net
Subject: This week in Linux history : July 19, 2001
Date:	 Thu, 19 Jul 2001 23:03:34 +0200


In "This week in Linux history" you wrote :

> Three years ago ...
> Linus made clear his position that 4MB machines would no longer be a development
> priority or interest for the 2.1.X development tree. Nowadays, finding a PC with only
> 4MB of memory might be difficult. Even projects such as TINY Linux, which is
> designed especially for old, recycled computers, requires at least 8MB (but still
> supports the i386 chip).

Surprise, that 4 MB barrier is still valid in at least one case : the
Tomukas distribution. It's a mini-distribution with X11, which happens
to run on a 386 with
4 MB RAM. See http://melkor.dnp.fmph.uniba.sk/~garabik/tomukas/.


Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976

The Free Transaction Processing Monitor project : http://www.ftpm.org/
From:	 Good Music Canada <goodmusic@canada.com>
To:	 letters@lwn.net
Subject: Cliq software
Date:	 Thu, 19 Jul 2001 09:43:27 -0500 (CDT)

After looking around for Cliq for a few days,
I found out that they changed their domain name 
to www.dr-quad.com and you can now buy their CD-ROM from Ebay.com
for less than downloading it from their site and buying a key.
I bought a copy from Ebay for $11.99 plus $4.00 shipping.

I just thought that someone may like to know this.


From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 lwn@lwn.net
Subject:  Snapgear, Wyse, the GPL, and you
Date:	 Tue, 24 Jul 2001 11:16:05 -0400

The GPL and Commercial Developement, redux

A week or so ago, Linux Weekly News announced that SnapGear would be
selling a line of Internet gateways which would include VPN capability.

VPN capability is, of course, becoming more and more popular -- both for
supporting travelling workers, and also for making remote network
support easier.

And it's not surprising that these boxes would include that, because
they're based on Lineo's SecureEdge product line, and, a year or so
back, Lineo bought an Australian firm called Moreton Bay... who
employed the primary developers of PoPToP, a GPL licensed and publicly
available implementation of Point To Point Tunnelling Protocol or PPTP,
which -- well, whaddya know? -- just happens to be embedded in Windows 98.

So, obviously, there ought to be a bit of interest in a freely
available implementation of this protocol, right?  There is, of course,
and therein lies a story.  (You knew there was, right?)

I've set up systems with PoPToP (which, for convenience, I will not
continue to StudlYCapitalisE) for the remainder of this article), and
the results have been uneven.  The documentation is a bit thin, but
that's not all that surprising for open source projects.  It *is* thick
enough to get the program set up, and while that sometimes takes a
kernel patch (to support the most recent version of PPP, which is
required), it's not all that hard.

It's just that it doesn't always *work* all that well.

I have a couple of clients for whom we've set the package up, and it's
worked acceptably.  It's occasionally a bit boggy, but so is SSH, and
PPTP is carrying a bit more overhead.

And then came The Big One.

Client already wasn't happy with us; there had been a bunch of
miscommunication and some personality differences between the client
execs and our guy (the tech guy got along with him just fine).
I went in (as I remember this :-) and saved it; got the architecture
nailed down, designed a network for their two major remote sites and 4
or 5 smaller planned ones, and -- with no particular reason to expect a
problem, I went forth to implement.

And got shot in the back.

It blew entirely to hell.  Wouldn't work worth a crap.  Ate $3000 worth
of unbillable labor and ended up being replaced by WinNT boxes -- which
worked perfectly on the same links (RoadRunner and DSL links).

Obviously, if all I had here was the rant, this wouldn't have sounded
interesting enough for Jon to run, so, where am I going with this?

Well, do the math.  Obviously, neither Snapgear, nor their parent
company Lineo, is going to ship a commercial embedded product with an
implementation this messy, so they have to have cleaned it up, right?

Right.  Unfortunately, they combined the cleanup work with the work
necessary to port the code to the Coldfire processor, which is their
target platform.  So, we are in the interesting situation that there is
a publicly available port that was released under the GPL, and works
sort of half-assedly (that is to say, not really well, sometimes), and
we have a bunch of patches on the website of the vendor who's sponsored
a bunch of clean up work... that don't apply to the last general

Some conversation with Miles Gillham from Snapgear by email (for which
he got extra points for replies that were written at 2300... until I
remembered that he's in Oz :-) clarified the point: a quick chat with
his lead programmer suggests that the patches that fixed the *problems*
aren't expected to conflict all that much with the earlier patches that
made the code portable to smaller, MMUless processors.

So we just have a scheduling and available manpower problem.

We've heard that before, right?

I pointed out to Miles that that "extra work" to do that part of the
job... is much smaller than the "extra work" that Lineo didn't have to
do to write the original code because the original authors wrote and
released it under the GPL.  We'll see what he says.  What he's said so
far amounts to it's more than his life is worth *not* to support the

So, does this violate the spirit of the GPL?

It obviously doesn't violate the letter, to the extent that they post
their patches. And I have no reason to believe that the coders have any
hidden agendas.

But <rant type="we're getting precisely what we've asked for"> having
hidden agendas is what we *pay* corporations, especially publicly
held corporations, to do.</rant>

Still, there will come a time when someone does a substiantial amount of
work to a GPL'd product, after porting it to a processor that "no one
uses".  This one boils down, I guess, to a moral question.  The intent
of the GPL was to make people's patch work available back to the
community, as repayment for the work they didn't have to do to write
the code in the first place.  Such a situation  makes it a *necessity*
that such a commercial vendor do actual real (non-)billable work to
backport for general release.  Will they?  Should they?

And in fact, something worse may have already happened. Wyse used Linux
in their (now discontinued, I believe) 5535 Winterm. It ran Xfree, and
a server for AT&T's neato-cool VNC protocol, glued together. That's a
piece of functionality I've wanted to see the VNC people and the Xfree
people get together on for a long time -- it gives the X Window version
of VNC the same useful "copilot" ability that the Windows server has.

But I've never found a location where the results of that merger of two
GPL'd packages by a commercial company can be found, and emails to Wyse
have gone unanswered.

In either event, I think it's probably well that we keep an eye on
what such corporations do with their use of and contributions to
GPL projects, be they as big as IBM, or as small as Moreton Bay
Development... and give some thought to what intermediate answers might
mean, and just what exactly "GPL compliance" *is*.

Yes, it's nice that the commercial computing industry has taken notice
of free software... but I used "free software" on purpose there, as
opposed to "open source" -- let's make sure that software *stays*
free, shall we?  We have Linux, no bones about it, because the GPL
existed to license people's work under.  It works.  But only if we make
it work.

Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds