Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

One company with an interest in this question is Lineo, which ships an RTAI-derived system. In February Lineo told us: "Lineo questions the validity of the patent, especially in the spirit of the open source community." Lineo might still wonder about the patent internally, but a press release entitled Lineo and FSMLabs Collaborate on Real-Time Embedded Solutions makes it clear what Lineo has decided to do: the company has paid up and licensed the patent.

Thus, Lineo is paying one company for the right to distribute a free software product developed by a different group - and, it must be said, some proprietary goodies as well. Why did the company give in? According to chief operating officer Matt Harris,

It made sense to license it, given the concerns customers were expressing about potential patent litigation. We thought that, in the end, it would be better for Linux and better for the open source community to take this route.

Many in the free software community have worried about just this sort of thing for years. Software patents are a minefield of potential problems for any company or group which is trying to work with free software. It will be increasingly hard to develop free software in any arena without encountering companies demanding licensing fees for patents they own.

Thus, for example, there are fears that the Mono project will run into patents owned by Microsoft as it sets out to create a free implementation of some .NET components.

It will also be interesting to see what actions will come from the recently awarded patent owned by McAfee. This one covers "...delivery and automatic execution of security, management, or optimization software over an Internet connection to a user computer responsive to a user request entered via a web browser on the user computer." Certainly, a number of free software update services could fall under an umbrella that broad. Will Linux-based update services have to avoid the use of web browsers in order to avoid a licensing demand from McAfee? (See this week's Security page for more on this patent).

Many free software companies remain strongly opposed to software patents. Few companies, however, can turn a deaf ear to the worries of their customers and hope to survive. As long as the U.S. software patent regime remains in place, we should expect to see more companies having to pay license fees to stay in business.

Dmitry Sklyarov is out of jail - for now. He was released at a bail hearing on August 6 on a $50,000 bond put up by Elcomsoft. He will be restricted to northern California, and must follow no end of other pre-trial rules. But, at least, he is out of jail after what must have been three very long weeks. The next legal step is a pre-trial hearing on August 23.

See this bulletin from the EFF for details.

While the immediate result is good, this story is far from over. It is always possible that, at the pre-trial hearing, the government will come to its senses and decide not to actually file any charges. There seems to be some determination within the U.S. Attorney's office to pursue this case, however, so one can not really hope for that outcome. More likely, we will be in for a long fight.

It could be a very interesting fight. This case will certainly bring out important free speech and fair use issues; it could be the beginning of the end for the DMCA. Or it could be a judicial farce that ends with an innocent young Russian programmer back in jail. As nice as it would be to open another front on the fight against the DMCA, for the sake of Dmitry and his family we have to hope that the government chooses not to file charges.

(See also: the EFF's letter-writing campaign to get the charges dropped).

Speaking of fair use and electronic texts, have a look at this page on the MetaText site and weep. MetaText specializes in college textbooks; they see some great advantages in electronic texts:

In addition to saving all the costs of printing, shipping and warehousing that a print edition incurs, the adoption of MetaText editions reduces sales of used books. With a MetaText edition, there is nothing to sell back and every student must purchase their own copy in order to participate in online assignments and communications.

Copyright law, of course, makes no provisions for this kind of restriction on copyrighted materials. Instead, under the "first sale" doctrine, those who purchase copyrighted material get to make their own choices - within limits - on what they do with that material thereafter. Thus, for example, many of us still have our college texts on our shelves, and still even refer to them occasionally. Others chose to sell their texts and get some of their money back. That is fair use, and that is what MetaText would deny to you.

It's fun to dig through their catalog; one can get, for example, All's Well That Ends Well by Shakespeare. For 180 days. Oh, yes, they got it from Project Gutenberg. At least the price is right for your 180 days.

All's well that ends well indeed. It is not clear that the copyright and fair use rights are going to end all that well, however.

Matthew Pavlovich to stand trial in California. Dmitry may be the hot topic at the moment, but the DVD case is far from over. The latest development is that a California appeals court has ruled that LiViD developer Matthew Pavlovich may be forced to stand trial in California for his role in publishing the DeCSS code. Never mind that none of his alleged illegal acts were done in California. The fact that the Internet reaches into California is sufficient to allow California law to reach beyond California's borders.

This, of course, is a scary idea. Taken literally, this ruling says that acts carried out on the Internet are simultaneously subject to laws in every place the net goes. This reasoning is not new; it's essentially the same pattern of thought that got Dmitry Sklyarov arrested. The world does not lack for bad laws, but a world where all laws are global greatly magnifies the effect of those laws. Since free software hackers are increasingly running afoul of such laws, we would appear to have some very interesting times ahead.

On the astroturfing of Linux Today. For the last few weeks, LWN has been under considerable pressure, from a number of sources, to cover the whole Linux Today "astroturfing" issue. The accusations have been flying for a while that executive editor Keven Reichard has been posting talkbacks to Linux Today articles under the name "George Tirebiter," and perhaps others. There are other complaints as well; see Paul Ferris's article on the Linux Journal site if you want the whole catalog.

The "astroturfing" allegations were confirmed on August 8 when Mr. Reichard posted an acknowledgement and apology on the site. One would hope that this little affair would end here, but it's not clear that will be the case. Quite a few people are highly upset and, seemingly, out for blood.

It is interesting to ponder why that might be. Any site that allows the posting of comments tends to get quite a bit of "interesting" material posted under clearly pseudonymous, if not completely anonymous names. All such postings should be taken with a substantial grain of salt, and one would hope that most readers would know that by now. The fact that a Linux Today editor felt the need to stuff the comment area is sad and unfortunate, but, in the end, it's just comments. The news reported by Linux Today remains separate from those comments.

So, when Wired News reports that:

But today penguins are hanging their heads in shame: One of their own stands accused of breaking the unwritten code of conduct, of attacking fellow Linux community members under the cover of anonymity.

One might be forgiven for thinking that things have gone too far. LWN has encountered very few "penguins" hanging their heads in shame over the actions of one internet.com editor.

So what's the real issue? Certainly numerous people are not happy with the direction Linux Today has taken since its acquisition by internet.com. Some think that a site which was once seen as deeply rooted in the Linux community has moved out of that community. People who post Linux Today talkbacks may feel that their own credibility has been undermined by this event. It's hard to say, but the feelings appear to run strong.

We sincerely hope that LWN will have no further words to say on this matter. It is not for us to involve ourselves in how another site relates with its readers. It does seem, though, that nobody is likely to benefit from more public accusations or stories of ashamed penguins.

Inside this LWN.net weekly edition:

• Security: Silly (McAfee) patents, flawed 802.11, and executables in PDFs.
• Kernel: Buried in VMAs; the VM battle continues; synchronous directory operations.
• Distributions: Linux for IBM eServer iSeries, Roswell from Red Hat, ELinOS from SYSGO.
• On the Desktop: Calendaring on Linux, Dell vs. Dell, and the Evolution draws closer.
• Development: OpenML 1.0 spec, BusyBox 0.60.0, State of Midgard, Roundup issue tracker, DBI abstraction layer in C.
• Commerce: Partnerships: Lineo and MP3, MontaVista and Concurrent, IBM and U.K. Computing and Data Grid.
• History: TurboLinux 1.0; OSI; Journaling Flash Filesystem in 2.4 kernel.
• Letters: LinuxToday, ssh, Dmitry, active responses to attacks.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

McAfee patent for Internet based security services. The war of silly patents continues, this time invading the realm of security. McAfee has received a patent that covers securing, managing or optimizing a personal computer, a fairly broad sounding description with far reaching implications if it can actually hold up to challenges. The patent does, in fact, seem to cover any sort of automated system upgrade facilities such as those found in Ximian's Red Carpet or the Red Hat Network.

The summary of the patent includes the following blurb:

The user directs the Internet browser to a Internet clinical services provider web site computer and logs in to the site using an identifier and a secure password and optionally makes a selection of the type of servicing desired, wherein an automatically-executing software package encapsulated within a markup language communication unit deliverable across the Internet is delivered, to the user computer, the automatically-executing software package being adapted to perform security, management, or optimization functions on the user computer.

As might be expected, The Register took issue with this patent. ZDNet offered comments from both partners and competitors of McAfee, including one rather arrogant quote from the patent holder. "In an interview with the Associated Press, a McAfee representative indicated that any company that is seen as 'willfully flaunting the technology' may face legal action."

While the patent may be another shot in the ongoing feud between long time rivals McAfee and Symantec, the impact of the patent could affect how personal computers are maintained in the future. The future of remote service provision, including such environments as .NET, may be at stake. Fortunately, while prior art may be the saving grace once again, one detailed step of the patent may prove even more open ended:

[The] transmitting [of] an electronic message in an e-mail format from the server computer to the remotely located computer indicating that a new product or a new application is available for download.

Neither Ximian nor Red Hat nor even Debian requires sending of email messages for notification of new software. Even further, the patent explicity calls for the payment of services which means at a minimum Debian should be in the clear. And finally, the really silly part here, the patent explicitly calls for the use of a "web browser," a term which leaves open the interpretation of methods for accessing any service on the Internet.

So while McAfee has its shiny new patent, its footing remains unstable. Automated security updates instigated by the user using standard web protocols may still be protected. We just have to wait for challenges to begin.

Flaws found in key wireless protocol (ZDNet). Two researchers in Israel, including one of the original RSA designers - Adi Shamir, and another from Cisco have found a serious flaw in the cipher used to protect messages on 802.11 wireless lans. The flaw, reported in a ZDNet article, can expose the key in less than 15 minutes. What's worse, the problem doesn't get more complex with longer keys.

By default, WEP uses a static 40-bit key, and although that is often augmented in WLAN implementations, experts say the attack would work nearly as quickly on longer keys because the complexity of the attack grows linearly instead of exponentially in relation to the key length.

In a separate incident reported in the same article, researchers at AT&T used an inexpensive wireless card and a Linux system to break the same cipher in WEP. Things are looking bleak for secure wireless networking right now.

Code Redder. SecurityFocus posted a warning that a new version of Code Red was on the loose this week. This version, which gained access just as the original, was noted to be leaving backdoors in systems.

Sklyarov updates. News of Dmitry Sklyarov's release on bail was covered on the Front Page this week. The news kept many news sources busy and, in the interest of complete coverage, we'll summarize what we've seen.

• Russian programmer Sklyarov freed on $50,000 bail (SiliconValley.com)  SiliconValley.com appeared to be the first to carry the news that Dmitry Sklyarov has been released on $50,000 bail.

• Sklyarov: A Huge Sigh of Release (Wired)  Here's a Wired News article on the release of Dmitry Sklyarov. "Paradoxically, however, if the case against Sklyarov is dropped, the chances for a constitutional challenge to the DMCA could perhaps be hampered, some observers said. Sklyarov is thought to be the first criminal defendant charged under the law, and many who oppose it see his plight as a kind of Kafkaesque example of why the law needs to be changed."

• Free Dmitry! (Salon)  Salon has come up with new ways of applying pressure to get Dmitry Sklyarov out of jail. "2) Threaten to unleash a virus even more successful than Sircam, and with a payload so devastating as to threaten civilization itself: The 'Free Dmitry' virus will force any infected computer to play an unending loop of Richard Stallman's rendition of the 'Free Software Song.'"

• Dimitry Sklyarov: Enemy or friend? (ZDNet)  Bruce Perens writes about Dmitry Sklyarov on ZDNet. "While publishers fret over the potential of illegal copies of their books, Sklyarov's presentation reveals that they could be ripped off in an unexpected way: by producers of astonishingly inept cryptography software. Sklyarov is in jail for revealing that secret."

Security Reports

Caldera update for Tomcat. Caldera issued a security advisory for Jakarta/Tomcat in their OpenLinux Server 3.1 distributions this week. The updates doesn't appear to address vulnerabilities reported on external security lists but rather closes an internally reported problem.

Zope security alert. A new Zope security alert has come out. There is, apparently, a problem in the permission checking code that would allow a suitably clueful attacker to access objects which should not be accessible. Zope versions 2.3.3 and the 2.4.0 alpha and beta releases are all vulnerable. A fix is available from Zope Corp; we have not yet seen any vendor updates.

SuSE advisory for xmcd. SuSE has posted a security advisory targeting xmcd, the GUI-based CD player system. The problem stems from a lower level command line utility called Cda, which xmcd calls, having buffer overflow problems.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Adobe PDF files were reported as being vulnerable to carrying a computer virus. However, according to one virus writer and a follow-up posting, the trick still requires PDF readers to actually open the embedded objects. The standard Acrobat reader doesn't do that. Interestingly, one post to the BugTraq list asked if virus scanners have to reach into PDF files now, what do they do if the PDF file is encrypted?

• Macromedia began warning users of ColdFusion Server that example applications left on ColdFusion servers can open those servers to attacks. The advisory posted from ISS listed multiple platforms as being vulnerable.

Updates

Squid httpd acceleration ACL vulnerability. Check the July 26th Security Summary for details. Squid 2.3STABLE4 is affected; earlier versions are not. Red Hat 7.0 is reported to be vulnerable, while earlier and later versions are not. Debian is reported not vulnerable. A patch to fix the problem is available.

This week's updates:

• Caldera

Previous updates:

• Linux-Mandrake
• Immunix
• Trustix
• Red Hat

Vulnerability in telnetd. Check the July 26th Security Summary for details. This problem is actively being exploited on BSD systems.

This week's updates:

• Caldera (official advisory)

Resources

A Net Unprotected (ZDNet). ZDNet talks to a few experts who fear the worst is yet to come when dealing with polymorphic worms like Code Red. "A polymorphic buffer overflow morphs part of its code every time it propagates. So any system designed to stop it can never identify it, yet the initial buffer overflow attack code remains intact."

Events

Upcoming Security Events.

Date	Event	Location
August 9 - 10, 2001	CERT Conference 2001	Omaha, NE, USA.
August 10 - 12, 2001	Hackers at Large 2001(HAL2001)	Enschede, Netherlands
August 13 - 17, 2001	10th USENIX Security Symposium 2001 Conference	Washington, D.C.
September 11 - 13, 2001	New Security Paradigms Workshop 2001(NSPW)	Cloudcroft, New Mexico, USA
September 28 - 30, 2001	Canadian Association for Security and Intelligence Studies(CASIS 2001)	(Dalhousie University)Halifax, Nova Scotia, Canada.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Michael Hammel

LWN Resources


Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Alan Cox's latest is 2.4.7ac10. It contains a vast number of fixes and updates, but the most interesting part may be the merging of the ext3 journaling filesystem, which happened in 2.4.7ac4. While ext3 will likely not find its way into Linus's kernel for some time yet, its presence in the "ac" series is a firm step in that direction.

On synchronous directory operations. If an application renames (or makes a link to) a file, how can it know when that operation has found its way to the physical device and will not disappear if the system crashes? Most applications are not too concerned about such issues, as long as their operations make it to persistent storage eventually. But there are exceptions. In particular, a number of mail transfer agents (MTAs), such as Postfix and qmail, depend heavily on link and rename operations for reliable delivery of mail. They need to know when these operations have completed.

Many Unix-like systems, it seems, implement directory operations like link() in a synchronous manner. When link() returns, the operation has completed and will not disappear. Or, at least, any event that could cause it to disappear will be sufficiently severe that reliable mail delivery will be fairly low on the list of concerns. Linux (and the ext2 filesystem, in particular), however, performs directory operations asynchronously; they are buffered like most other filesystem operations. The result is better performance, at the cost of an increase in hair-pulling and grumbling from MTA authors.

Said authors, who tend not to be quiet or reserved people, have been fairly clear on how they feel about Linux's directory operation semantics. There have been claims that the Single Unix Standard requires synchronous directory operations, but that appears to be an issue upon which reasonable people can differ.

The answer from the Linux developers has been that, if an application needs a directory operation to be synchronous, it needs to ask for those semantics explicitly. That can be done in several ways. One could simply mount the filesystem with the sync option, but that is so painfully slow that nobody is much interested in it. Another is to request synchronous operations on the directory in question with the ext2 chatter +S option. It works, but MTA authors seem to not like it, perhaps because it makes all operations synchronous, even those which do not need to be. Finally, an application can open the directory in question and use fsync() to explicitly synchronize any outstanding operations there.

The fsync() option seems like the best, since it lets the application say when the synchronization must happen. But MTA authors grumble again and some, at least, refuse to do it. The complaint is that it's a special, nonportable coding requirement imposed only by Linux.

What people would like to see, it seems, is one or both of the following:

• An fsync() operation on a file also synchronizes directory entries belonging to that file. These semantics are difficult to implement in the general sense - file names are distinct from the files themselves, and a file can have more than one of them. Linus has pointed out a possible solution, however, that could work in this particular situation.

• A new mount option, called something like dirsync, that would cause directory operations to be synchronous. Nobody has posted a patch to do this yet, but one may well be forthcoming.

Who maintains the Linux sound drivers? While people toss in a patch occasionally, it turns out that nobody is currently taking the role of the maintainer of the Linux sound drivers, and the Open Sound System (OSS) drivers in particular. Not much has changed with those drivers in some time, and all of the serious sound hackers have been off bashing on ALSA for some time now.

ALSA is expected to replace OSS in the 2.5 development kernel. As a result, one can detect a certain "why bother?" attitude in the air when OSS maintenance is discussed. The fact remains, however, that OSS will remain the standard sound driver in the 2.4 kernel; swapping in ALSA would be too big a change for a stable kernel series. Even the 2.4 series. So somebody really should be keeping an eye on it for a little while yet...

Chasing the virtual memory problems. Virtual memory performance in 2.4.x is still widely considered to be poor; it is, perhaps, the single largest outstanding problem with the 2.4 series. The effort to improve VM performance got some new energy this week when Ben LaHaise took a look at the problem. While Ben didn't actually nail down any VM bugs himself, his work was crucial in directing the attention of some of the other VM hackers - and Linus - to the right place. While Linux may not be out of the VM woods yet, some real problems have been found and fixed in the recent prepatches.

Ben's investigation showed that there were problems in how the kernel throttles write requests. There was some code in place which attempted to keep disk writes from overwhelming the system, but it did not work quite as intended. Instead, it had the effect of allowing the write queue(s) to grow to great lengths while, simultaneously, allowing an aggressive writer to keep other processes from submitting I/O requests for long periods of time. The long queues take up a lot of memory, of course. They also could reach a length where even a very fast drive could not perform all of the queued operations within, in some cases, multiple seconds. An interactive process could thus find itself unable to queue a request for some time, then waiting, again, for an operation that ended up at the wrong end of a very long queue.

The solution involves a couple of separate tweaks:

• The old throttling code is simply removed, since it created fairness problems without actually solving the problems.

• The maximum length of an I/O request queue is drastically reduced. This reduces the maximum latency that any individual request should experience, while, perhaps, reducing the effectiveness of the elevator algorithm slightly. This change also moves write throttling to the request allocation stage, which, it is hoped, should solve that problem in a more fair and resource-efficient manner.

There are also, as it turns out, some problems with how the 2.4 kernel accounts for memory. Marcelo Tosatti has put in some patches to fix how the amount of free memory in each zone is calculated. And Linus found a bug in how the kernel decided how much memory it could use for I/O buffers. These problems, too, could allow the system to be overwhelmed by write operations that really should have been throttled.

Many of these fixes have gone into 2.4.8pre4 and subsequent releases; Alan Cox seems to be holding off on putting them into his series at this point. There are some good initial reports, but more testing (and more work) will certainly be required.

Rik van Riel, meanwhile, has posted a patch which should make 2.4.8 much friendlier to systems without large amounts of swap space. The current kernel, remember, keeps a page in swap even after it has been paged back into main memory. There are certain performance benefits to doing so, but systems with small swap areas can run out of swap space easily. And a system that has run out of swap is not a friendly place to work. Hopefully that problem is now a thing of the past.

Buried in VMAs. The Linux kernel makes use of "virtual memory areas" (VMAs) to keep track of the larger chunks of memory in use by any process. One VMA is associated with one range of memory all using the same source or backing store and the same access permissions. Thus, for example, loading a shareable library will generally create at least two VMAs: one for the library code, and one for its associated data area.

For a relatively simple example of how VMAs are set up, type:

  cat /proc/self/maps

There are reasons for wanting to keep the number of VMAs under control. Each VMA requires a data structure in the kernel, so large numbers of VMAs will take up a significant amount of kernel memory. It is also often necessary to be able to find a specific VMA in a hurry. For example, when a page fault occurs, the kernel must locate the VMA describing the faulting address so that the fault can be resolved. The VMA lookup routine is reasonably efficient, but performance will still suffer if VMAs grow without bound. Normally there is no problem here; the emacs process being used to type this text - which is not a small process - has 53 virtual memory areas in use, which is a reasonable number. Netscape uses 64 VMAs.

Recently, however, Chris Wedgewood noticed that Mozilla was running rather sluggishly. Yes, lots of Mozilla users notice that, but this was a more severe than usual case. A quick look, via the handy /proc interface, showed that the process had over 5,000 VMAs currently mapped. That is more than enough to affect the performance of the Mozilla process, and the system as a whole. Other GNOME applications, such as evolution, show similar patterns.

Your editor runs Galeon, which, as everybody knows, is a much lighter program. And, in fact, it is, as of this writing, running within a svelte 1474 VMAs. Better, but still far too many. But the real problem, as has been discussed on the kernel list, can be seen if you look at the actual VMA mappings. Here is an excerpt:

  40c52000-40c5a000 rw-p 000bd000 00:00 0
  40c5a000-40c61000 rw-p 000c5000 00:00 0
  40c61000-40c69000 rw-p 000cc000 00:00 0
  40c69000-40c71000 rw-p 000d4000 00:00 0
  40c71000-40c74000 rw-p 000dc000 00:00 0

The Linux kernel makes an attempt to merge contiguous VMAs when it is relatively easy to do. But the more comprehensive merging code that 2.2 had has been abandoned, with the reasoning that (1) it is only useful in very rare cases, and (2) it is extremely difficult to get right. There is very little enthusiasm for thrashing up the VMA merging code again without compelling evidence that it is really necessary. Which means there is a need for an understanding of just what is going on to cause this kind of behavior.

To this end, Mr. Wedgewood performed a detailed analysis of the system call pattern that brings about the explosion of VMAs. The problem, it seems, is with the malloc() implementation in the C library, which plays some tricky and complicated games with memory allocation. In particular, it does a lot of memory mapping, followed by partial unmapping for alignment purposes, and, crucially, changes to memory protection as segments of memory are parceled out.

The C library plays with protections, presumably, in an attempt to catch overruns of allocated memory. But, if you change the protection on a subsection of a VMA, that VMA must be split into two, independently protected VMAs. When the kernel does this split, it could attempt to merge the newly protected VMA with those next to it, but currently does not. The result is, for certain memory allocation patterns, lots of VMAs.

It's possible that a patch will emerge which makes mprotect() perform VMA merging. But there appears to also be a certain inclination among the kernel hackers to blame the problem on the C library and forget about it. Relations across the kernel-glibc divide are not always the best, and it is precisely this sort of issue that can create disagreements. But, until one side or the other makes a change, some applications are going to run sluggishly under 2.4.

Other patches and updates released this week include:

• Alexander Viro decided he was tired of waiting and submitted a patch fixing a race condition in devfs. Richard Gooch didn't like the fix. What followed started at the name-calling level, but then evolved into a productive technical discussion. One result is new devfs and devfsd releases from Richard; expect more in the near future.

• The first release of the 2.5 kernel build system has been announced by Keith Owens. See the announcement for a detailed description of this release.

• Also from Keith: a proposal to change the way /proc/ksyms works on the IA64 architecture (and, presumably, others that use function descriptors).

• Richard Gooch has a new version of his patch which allows the 2.4 kernel (with devfs) to support up to 2144 SCSI devices.

• Matthew Macleod has posted a version of the international crypto patch for 2.4.7. Jari Ruusu, meanwhile, has released loop-AES-v1.3d, which is just the file encryption part of the international crypto patch.

• A new Compaq Hotplug PCI driver was released by Greg Kroah-Hartman.

• IBM has released version 1.0.2 of its journaling filesystem.

• Etienne Lorrain has announced version 0.4 of his "Gujin" bootloader.

• Alexander Viro has implemented a general parser for mount options which, he hopes, will help to generalize and clean up the option handling in the various filesystems supported by Linux.

• Mike Kravetz and associates have posted a scalable scheduler patch which addresses some of the scheduling problems seen on larger systems (see our OLS coverage for details). Linus didn't like the patch, but his objections had more to do with coding style than the actual changes made. A new version should be forthcoming soon.

• A new security module patch has been posted by Greg Kroah-Hartman.

• Andreas Gruenbacher has released version 0.7.15 of the access control list (ACL) patch.

• HP has released version 0.8 of the HP OfficeJet driver.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost

BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Two new versions of Linux for IBM eServer iSeries - SuSE and Turbolinux. IBM once announced that Linux would be supported on all of its hardware. Since then, there has been a steady flow of announcements as various Linux vendors have released versions for a particular IBM platform. This week it was the eServer iSeries, a high-performance server for small to mid-sized enterprises, that received support from two Linux vendors.

Turbolinux released Turbolinux 6.5 (TL 6.5), a complete Linux server distribution that provides Linux's firewall and Web server, and Windows-compatible file, print and email services for the IBM eServer iSeries and pSeries.

SuSE Linux announced the SuSE Linux Developer Edition for the IBM eServer iSeries. SuSE's announcement also tells us that IBM ships the eServer iSeries with a new version of its OS/400 operating system, which now enables the use of several operating systems at the same time. "For example, on one iSeries server, a firewall or Internet services such as WWW, FTP, proxy, and e-mail can be operated in a separate Linux partition, while company applications such as payroll and human resources programs can simultaneously be processed under OS/400."

The latest Red Hat beta. Red Hat released the Roswell beta with an air of mystery. "Reports cite that this supposed ROSWELL beta included 4 CDs of software, with such things as a 2.4.6 Linux kernel, XFree86 4.1.0, KDE 2.2pre, GNOME 1.4, and journaling file system support, and included support for both x86 and ia64. Were any such Red Hat Linux beta release to exist, it would not be recommended for use on mission-critical hardware, and any casualties due to data loss, mutation, swamp gas, radiation, or strange glowing lights with such a release would be scoffed at."

Roswell is real, but very much a beta release. Casualties due to data loss, etc. are still likely to be scoffed at. Let's be careful out there.

Germany's top-selling Embedded Linux Distribution now available in English. SYSGO Real-Time Solutions (GmbH), located in Mainz, Germany, announced that ELinOS, an embedded distribution and development environment, is now available in English. ELinOS v2.0 is based on Linux Kernel 2.4 and has been equipped with the kernel extension RTAI, allowing the use of Linux in the context of hard realtime tasks. ELinOS is available for X86 processors, as well as the PowerPC and ARM.

More on Devil-Linux. Last week we introduced Devil-Linux, a specialized distribution intended for the creation of firewall and router systems. . We said it runs from CDROM, but project leader Heiko Zuerker tells us that " it's just booting from it and holds all the programs in a ramdisk. I started a voting about this and most of the people want to have everything on the ramdisk (because of the speed)."

Mexican Schools Embrace Windows (Wired). Wired News reported on the failure of the ScholarNet (later Red Escolar) project to achieve its goal of installing Linux in many thousands of Mexican public schools. "[Arturo] Espinosa said a chronic scarcity of personnel familiar with GNU/Linux, a lack of compatible hardware, and little political support killed off the idea. It was easier to go with Windows."

New Distributions

Thanks to Fred Mobach we added two more distributions to our list. PsiLinux (formerly Linux7k or linux-7110) is for the Psion platform. It's currently a work in progress but they have a booting kernel now.

J-LINUX is an Italian distribution. It's Mandrake based with a number of add-ons like support for the Italian language, Kernel 2.4.x, Desktop KDE 2.1. Version 1.0.0 (nickname "Nemesis") is available via the web. Note: This page doesn't seem to load correctly with all browsers.

2-Disk Xwindow Linux System. The 2-Disk Xwindow Linux System is an alpha quality small distribution with kernel 2.4.6/libc-2.1, busybox, tinylogin, e3, X 4.1 vesa, ppp, fvwm2(CDE/win95 themes), fvwmscript, chimera, xpaint, xedit, some daemons, umsdos/ext2/initrd and network support.

Distribution News

Debian News. The Woody code freeze is in the first phase. Here is a list of things remaining before moving to the next phase.

The Kernel Cousin Debian Hurd #102 for 7 August is available.

Mandrake News. Here's the Mandrake Linux Community Newsletter issue #7 (in French).

The Mandrake Cooker Weekly News for August 6th, 2001 talks about journaling file systems, gcc 3.0 and other topics.

Sorcerer GNU Linux. Sorcerer GNU Linux is a source-based ix86 Linux distribution designed for advanced Linux adminstration. Aside from a bzipped bootable ISO9660 installation CDROM image, no binaries are downloaded. Several recent updates appear on the web site, including a recently redesigned xfree86 build script.

Redmond Linux. Redmond Linux announced problems with build 36. If you want to use your keyboard during the installation, either use an older version, or wait for build 37.

A firm September 21st ship date has been set for Redmond Linux Personal, Amethyst release. The Redmond Linux web site now includes a counter showing the number of days, hours, and minutes until release.

Minor Distribution updates

ttylinux. ttylinux is at version 1.9 as of August 7, 2001. This is a minimalistic Linux distribution that can fit in 2.88 MB of disk space.

Distribution Reviews

Review: Slackware Linux 8.0 (Duke of URL). Slackware Linux 8.0 is is reviewed by the Duke of URL. "Even with most current OSes moving to a more automated method of installation and maintenance, Slackware has always maintained its simple, hands-on approach... This is quite possibly the reason Slackware has lasted so long."

Section Editor: Rebecca Sobol

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith

Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

Calendaring: fables and truths.

The ical program is the grand daddy of all calendaring tools for Linux users

Desktop users come with three kinds of scheduling needs: those with personal schedules to track, those with corporate schedules to share, and those with mobile schedules to, well, keep mobile. On Linux, all three are supported. The question isn't, as many suggest, when the tools will arrive. The question is what tools are you interested in running.

On the personal level, a desktop user who has no need of sharing of calendar information has a number of options. The grand daddy of all open source calendaring tools is probably ical, a Tcl based application. The interface is reasonably easy to use, if not quite as slick as any GTK+ and Qt based tools. Still, it's very stable, simple to use, and full featured enough to be able to keep tabs of the day to day activities for years on end. It will import other users ical calendars so you can, at a primitive level, share calendars. It also offers simple alarms and event repeat features.

The drawback is that ical isn't really supported anymore. In fact, you're lucky if you can find a web site that even carries it. Fortunately, most modern Linux desktop distributions include it with their base packages so you shouldn't have to go looking for it.

KOrganizer, on the other hand, is very actively supported, if just a little crude in allowing users to migrate from ical. The KDE based KOrganizer offers much stronger feature set including search and email options. It can import ical data (almost) and color code events. It also offers the ability to attach an attendee list to events, something ical does not, as well as specify status levels for individual events.

A minor bug in KOrganizer 2.1 prevented seamless import of our ical data. Fortunately a primitive ical-to-vcal script is provided that will convert old ical calendars to vcal format. This script had to be run manually but it worked. Since the script is primitive, you have to read it to know that you are required to provide the input and output filenames and you must name the output file with a ".vcs" extension or KOrganizer will crash when it merges in (as opposed to imports) the new calendar. Once you get past all this, though, the program works quite well. The display is fairly clean and the individual entries are easy to find. There is potential here, but room for improvement as well. Compared to the primitive ical you'll find a richer feature set, partially as a benefit of being part of the overall KDE environment.

For groupware support we needed to talk to an expert in the field of calendaring - David Sifry, ex-Linuxcare honcho and now a leader in the open source calendaring arena. David currently manages two projects, GCTP, the Group Calendaring Transport Protocol that describes a non-proprietary method of scheduling multiple calendars, and OpenFlock, a reference implementation of a GCTP server. Sifry says that users really have multiple options. "First," he says, "you have to start by understanding that there is an ical program and an ical standard. The iCalendar standard is an extensive and complex protocol from the IETF that specifies the format for calendar data and its handling." While ical, the program, uses its own format for saved calendars, most modern calendar programs use the iCalendar standard format and/or the vCal and VCard formats. [Ed. Note: if you're really interested in the technical aspect of this arena, you can check out the IETF's Calendaring and Scheduling Working Group.]

"The one open source application that is making the most splash here is Evolution," adds Sifry. "It's quite good for individual calendaring." Sifry says that Evolution is completely iCalendar based. "It works a lot like Outlook in features, but not in security. You can, for example, click and drag along the calendar to specify a set of dates you want to look at. It shows schedules in a sort of Gant chart format so you can look at your day in blocks of time," much like KOrganizer does. According to Sifry, Evolution does include rudimentary group calendaring using a sort of peer-to-peer system. Users send email with encapsulated appointments to other users to inform them of the schedule, says Sifry, "but there is no way of querying a centralized server or database to know if the recipient has read it or they happen to be on vacation or whatever." You can also export calendars as ical objects. "It's a reasonable solution for now if everyone is using Evolution in a small office."

Another option which may be even more mature comes in StarOffice. Says Sifry, "StarOffice also has a calendaring tool that can sync to the Pilot. The problem here is that the calendaring feature is going away in OpenOffice, much to the chagrin of users." OpenOffice is the next planned release for StarOffice, with the open source version going under the name OpenOffice and Sun's version going under the name StarOffice 6. Sifry also noted that the commercial versions of StarOffice also have a calendaring server so you could run a small office using just StarOffice. He points out that in StarOffice 5 the server was a little buggy and since it was a licensed tool Sun was wary of carrying it over into the new release. Currently they seem to be looking for alternatives for calendaring in version 6 and for OpenOffice.

Sifry says that calendaring isn't a new problem, that it has been around for years. "A number of proprietary solutions have come into existence but are based on their own networks. These can run on Linux, like Domino. You could run a Lotus Notes solution on Linux using a Domino server and Notes clients on any desktop [Windows or Mac, that is]." But Sifry was turned off on proprietary clients for some time, having waited impatiently for Linux clients to become available (no Notes client is yet available for Linux, much to our surprise).

"Outlook works great under VMWare," says Sifry, who actually uses it that way currently. "As long as you're not using Outlook for email," he says, laughing, "it's a pretty good program." He also recommends GroupWise from Novell, if you're planning on looking for VMWare based solutions. "Win4Lin can also run Outlook, at least in the Express version."

Mobility is less of a problem for Linux users. JPilot, for example, actually has a nice calendar of its own embedded in it. Also, if you have a Palm Pilot, you can use www.palm.com, which offers Web based calendaring. This means that you can log into your palm.com account from your Linux box, make changes and the next time you log in to your wireless Palm the changes will show up. But this isn't really Linux specific, it just happens to be easily accessible from Linux. And, of course, both KDE (kpilot) and GNOME (gnome-pilot) offer Pilot integration with some calendaring.

One last project Sifry wanted to plug was ReefKnot. It's a groupware calendaring server, a web based platform for doing calendaring. It's being put together by a group that includes Dan York, former LPI and e-Smith wonderboy. The project is Perl based and includes the Net::Ical module. It allows you to parse and interpret ical objects. Sifry says the project has a strong development group behind it and is worth keeping an eye on.

Dell and the Desktop. Dell announced this week their intention to stop shipping Desktop Linux preinstalled on their computer systems. According to Dell representatives, the demand isn't there.

Customers who want to buy 50 or more PCs can have them installed with Linux if they go through a custom ordering process that is separate from Dell's online store and catalogs, [company spokesperson Sarah] Lavender says.

But not everyone at Dell plays by the same rules. The Australian branch of the Austin, Texas based company sees things a little differently, and it doesn't plan to drop the Linux desktop from its set of preinstalled systems.

The Australian office, however, has decided to hold off on plans to remove Linux as an option in the pre-installation stage. Rob Small, corporate communications director at Dell Computer Australia, explained the US move was merely a result of customer demand.

Dell will continue to preinstall Linux server systems both in the U.S. and Australia. The company's move to drop U.S. desktop preinstallations comes, not surprisingly, as Microsoft tries to rush its XP shipments out the door ahead of further legal anti-trust action. One wonders if Michael or Bill is actually in charge down in Austin...

Desktop Environments

KDE 2.2 Tagged, KDE 3.0 Branch Opened. KDE 2.2 has been tagged in the source tree in preparation for it's final release on August 13th.

GNOME release and summaries. The first beta of GNOME 1.4.1 was released this week. For those curious individuals with too little time to investigate on their own, a list of changes from 1.4.0 to 1.4.1 has been posted.

Along with the new beta, two new summaries from the GNOME project were posted as well. The GNOME Summary for August 4 covers the upcoming 1.0 releases of AbiWord, Evolution, and Mozilla; the 2.0 library freeze, the GNOME Usability Project, and more.

A somewhat delayed GNOME summary for July 22 - July 28 was also released this past week. It covers the API freeze, Martin stepping down as Release Co-ordinator and some interesting development applications.

Office Applications

AbiWord Weekly News. The 55th edition of AbiWord Weekly News is now online. Updates to the application this past week included language updates, updates for both BeOS and Mac, and fixes for printing images.

On a related note, it looks like we may have missed issue 54 last week. Check it out if you missed it too.

Sun's rising star enters Microsoft space (computing). Sun's StarOffice is replacing Microsoft's products at the Central Scotland Police facilities, as well as many other high profile locations. "Ian Meakin, product marketing manger at Sun, said the company firmly believes software should be free, which is why it offers users the opportunity to download Star Office free of charge. 'Why have the blue screen of death when you can have Linux on your laptop?' he said."

Evolution 1.0 Beta 2 is out!. A new release of the Evolution 1.0 Beta cycle hit the ether earlier this week. As usual, this one carries numerous bug fixes, as all Beta releases tend to.

Additionally, Ettore Perazzoli posted a notice titled Evolution Wants You! to the GNOME Hackers mailing list. The Outlook-killer project is aiming for a 1.0 release at the beginning of October but it needs a much wider range of testers if it is to get there on time. Of course, if you can fix bugs too, well that would be even better...

Desktop Applications

AOL releases new Netscape beta (Yahoo/C|Net). AOL has released a preview release of Netscape 6.1. The new version is said to include mostly configuration option updates with little core code changes though its stability is considered to be significantly improved over 6.0 - there must have been just a few core changes, we're guessing. Netscape 4.x users can grab this version directly from Netscape's download area.

Sondra, The Next Level in MP3 Appreciation?. KDE Dot News reports on a new MP3 front end, called, Sondra, which allows you to rank songs in your playlists. "Sondra has a KDE-interface, a command-line interface, and the backend is implemented as a library, so anyone can use it with maximum flexibility."

And in other news...

Matthias Ettrich On Universal Components. A RealVideo version of Matthias Ettrich's talk on Universal Components at LinuxForum is now available online.

The Chopping Block for August. The WorldForge Project has released The Chopping Block for August, its monthly newsletter that, they say, will become truly monthly again. Articles this month include a discussion of artificial intelligence in games, a report from LinuxTag 2001, reports from several WorldForge subprojects, and more.

cal3d 0.6. Developed originally for WorldForge and released early this week, cal3D is a 3D character animation engine. Features in this release include progressive meshes for LOD, unified exporter framework, flexible material handling, user-data fields and a much nicer rendering API.

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

"The primary goal of the Khronos Group is to develop a cross-platform standard programming environment for capturing, transporting, processing, displaying, and synchronizing digital media. We call this media-rich programming environment OpenML."

The project is intended to solve a fairly difficult problem, integrating and synchronizing 2D and 3D graphics, audio, video, I/O, and networking applications via a single API on multiple platforms. A wide range of platforms, from embedded and palmtop devices to high end workstations, will be supported. Existing standards will be utilized wherever possible. Sample implementations and testing will also be part of the project. This unified platform will provide software developers with an easy framework to code within.

The OpenML white paper is available in pdf format. The position on dealing with Linux is fairly clearly stated:

...the founders of the Khronos Group recognized the need for an open, cross-platform framework for the creation and playback of digital media content. The Khronos Group SIG was formed to develop a specification that would address this need.

The rapid expansion of the Open Source model and the Linux operating system has amplified this need. A major issue in the Linux environment is the lack of cross-platform standards for multi-media application development. OpenGL is the only truly open, cross platform standard in this area. For this reason, OpenGL is a key component of the OpenML specification.

Interested parties need to license the OpenML 1.0 spec in order to participate in its evolution, fortunately, the license is royalty free. Commercial implementations are expected to be released on Linux, Windows, Irix, and Solaris this year.

A BOF session is scheduled for discussing OpenML at the upcoming SIGGRAPH 2001 meeting in Los Angeles, California on August 12, 2001. The press release seems to be geared towards corporate participation, hopefully the group will welcome open-source development efforts into the fold.

Education

Linux in Education Report #50. The August 6 edition of the Seul/EDU report is available. Topics this week include the creation of a new educational software listing database, Linux in Italian schools, an open-source conference registration system, and a discussion of techniques for promoting the use of Linux in schools.

Embedded Systems

BusyBox 0.60.0 released. A new version of the BusyBox embedded toolkit has been released. The changelog file lists all that is new with this release. The BusyBox 0.60.X series is considered to be a stable release that is intended for production systems. Several bugs have been fixed and new utilities include traceroute, modprobe, and pidof.

Embedded Linux Newsletter, August 2, 2001 (LinuxDevices). This week's Embedded Linux Newsletter includes a white paper on embedding Linux, a study on the growth of embedded linux development, and NASA's personal digital assistant.

Small Linux Resource List (LinuxDevices). In response to reader queries, LinuxDevices has started a list of devices suitable for Linux-based projects.

Interoperability

New Wine Snapshot for July 31, 2001. The WineHQ site lists a new Wine snapshot for July 31, 2001. Not much information has been made available about this release, the diffs file sheds some light on what files have been changed.

Science

The database of BioInformatics Software tools (bioinformatics). The bioinformatics site looks at BISR, the database of BioInformatics software tools. "The database will hold and distribute source code for software tools which may be used to solve problems in bioinformatics and computational biology. Test data and documentation will also be included if available."

Web-site Development

Mod_Python 2.7.6 released. A new version of mod_python is available. The documentation on the web site and in the .tgz file has not been updated to reflect the changes in this version. Those wishing to have the latest bug fixes should probably check this version out.

The State of Midgard - August 2001. Not much news has come from the Midgard project lately, Developer Henri Bergius has just sent out a State of Midgard letter to buck that trend. For starters, the project could use some help in the documentation area.

SkunkWeb 3.0beta1 released. The first public release of the SkunkWeb Web Application Server has been announced. SkunkWeb is written in Python and is designed to be easily extensible with C/C++.

Miscellaneous

lfm 0.5 released. Version 0.5 of lfm, the "Last File Manager", has been released. Lfm is a Python based clone of Midnight Commander and is being released under a GPL license.

Roundup issue tracker version 0.2.6 released. Version 0.2.6 of the Roundup issue tracking system has been released. Should you have any issues to deal with, this tool offers the ability to track them with web, command line, and email interfaces. Database backends are also under development.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

C

DBI abstraction layer in C. A new C library - libdbi - has been released which abstracts database access in the same way the DBI/DBD layer does in Perl. Currently the library supports MySQL and PostregSQL, with a plug-in architecture that allows the adding of other database interfaces.

Caml

Caml Weekly News for August 7, 2001. The latest edition of the Caml Weekly News is out. Topics include the release of Ocaml 3.02, CamlIDL 1.0.1, and Ensemble 1.10.

Lisp

SBCL 0.6.13 released. Version 0.6.13 of SBCL, Steel Bank Common Lisp, has been released. The main new feature is a port to the Compaq/DEC Alpha CPU. The release also features improved output from DISASSEMBLE and DESCRIBE, better ANSI compliance, and bug fixes.

Perl

Perl 5 Porters for August 1, 2001. The August 1, 2001 edition of the Perl 5 Porters digest is out, a few days late. Topics include hash clamping, asynchronous callbacks, the Perl 5 Porters meeting at TPC, and other Perl stuff.

Several new Date:: modules (use Perl). The use Perl site takes a look at several new Date:: modules. Now it is possible to calculate dates for Passover, find out the animal year from the Chinese calendar, and get the golden number of a given year, among other things.

Using the Perl Debugger (Dr. Dobb's). Brian d Foy investigates the Perl Debugger in an article on Dr. Dobbs. "Perl comes with a built-in debugger. Although you could use third-party debuggers such as perltkdb and ActiveState's Komodo, which provide a graphical interface, you already have everything you need if you have Perl. In this article, I show you how to use the Perl debugger to execute arbitrary Perl statements, create and examine variables, and step through and set breakpoints in programs so that you can start using the Perl debugger right away. As you get comfortable with the basics, you can start to explore its other features."

PHP

PHP Weekly Summary for August 6, 2001. The August 6, 2001 issue of the PHP Weekly Summary is out. Topics include generating random numbers with rand and mt_rand, naming tests, case-sensitive constants, data de-serialization, new math functions, and more.

PHPGTK 0.1 released. The fourth version of PHPGTK 0.1, "the void which binds" release, is available for download. The changelog file details the changes which include a number of bug fixes and new features. "Too often PHP is thought of as only an HTML-embedded web scripting language. However, it is also a very full-featured general purpose language that can be used for much more. One of the goals behind this project was to prove that PHP can be used to write client-side GUI applications."

Python

Dr. Dobb's Python-URL!. The August 6, 2001 Python-URL! from Dr. Dobb's carries word that the SpecTcl GUI builder has been revived from a three year hiatus. Also, a discussion of language use and evolution is presented.

Also out is the Python-URL for August 2, 2001 with discussions on dynamic typing, PyUnit, Python on the Palm, and a quick start guide to CORBA use.

Python-dev. Andrew Kuchling has put out the latest Python-dev summary; covering development discussion through July 15. It's main topic is the inclusion of XML-RPC into the Python standard library.

O'Reilly Open Source Convention Editor's Dispatch: Python Track (O'Reilly). O'Reilly's Laura Lewin summarizes the Python activity at the recent O'Reilly Open Source Convention. "What continues to surprise me as I follow the Python scene is that Python seems to offer satisfying solutions to non-programmers, artists, and hardcore, number-crunching Numerical Python scientists alike."

PyUnit 1.4.0 released. A new version of PyUnit, the Python standard unit testing framework has been released. This release is described as: "the much-delayed stand-alone release of the PyUnit version bundled with Python 2.1".

Ruby

The latest from the Ruby Garden. The latest postings from the Ruby Garden include discussions on unparsed string literals, adding RubyUnit to the base distribution, a step method for Range, static vs. dynamic typing, and more.

Smalltalk

Kats 0.1a - a Smalltalk transaction service. Stephen Pair has released Kats 0.1a. Kats is a transaction service written in Smalltalk and licensed under the LGPL.

Tcl/Tk

Dr. Dobb's Tcl-URL!. From Dr. Dobb's this week, the Tcl-URL! points readers to news of the release of TclXML 2.1 as well as Pinebrush Technologies' use of Tcl for high speed raster processing.

XML

Using XLink to simplify the representation of data (IBM developerWorks). Kevin Williams looks at the use of the XLink specification to break XML documents into distinct elements which are more optimized for a variety of uses.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Partnerships: Lineo and MP3, MontaVista and Concurrent, IBM and U.K Computing and Data Grid. Embedded Linux vendor Lineo has been selected by MP3.com to manufacture the Business Music Media Server (BMMS), a next-generation MP3 player. The BMMS is based on Lineo's SecureEdge Internet appliance platform, which runs Lineo's implementation of the uClinux operating system.

Concurrent Computer Corporation announced an agreement with MontaVista Software to enhance and distribute MontaVista's Hard Hat Linux(R) operating system in support of Concurrent's real-time application solutions. Concurrent is a leading provider of real-time and Video-On-Demand products.

IBM announced that it was selected to partner with several centers in the U.K. National Grid to provide key technologies and infrastructure for the project. Computing Grids allow geographically distributed organizations to share applications, data and computing resources. A new model of computing, Grids are clusters of servers joined together over the Internet, using protocols provided by the Globus open source community (Globus.org) and other open technologies, including Linux.

European Union OSS and European Commission Patent update. The EU has added a number of items to their list of funded open source projects including a project to "strengthen the use of open source security protocols."

In October of 2000 the European Commission launched consultations via the Internet on the patentability of computer-implemented inventions. A total of nearly 1450 responses were received before the closing date. These have been analysed by an independent contractor and summarised in a report which has been made available to the public in PDF format. Over 90% of the respondents are against software patents.

LEF/DEF Open Source Governing Board Formed. Silicon Integration Initiative Inc. ("Si2"), an open-source EDA standards consortium, announced the formation of the LEF/DEF (Library Exchange Format/Design Exchange Format) Governing Board, charged with responsibility for product change management in this OpenEDA.org open source community. The governing board has the responsibility of reviewing and approving all future releases to LEF/DEF. The board is now accepting submissions from the open source community.

Training: Red Hat Database Curriculum, LPI Level 2 exams. The Linux Professional Institute has announced the completion of the examinations for its second level of certification. Those interested in pursuing level 2 certification might want to take the exams during the beta period, when a special, less-than-half-price deal is in effect.

Red Hat has announced the first course in a planned series of courses on the PostgreSQL based Red Hat Database. The first course in the curriculum, Red Hat Database Essentials, is a four-day course covering areas such as installation, SQL fundamentals, transactions and stored procedures.

IBM WebSphere trial version available. IBM has made available a trial, six-month version of its "WebSphere Application Server Advanced Single Server Edition, V4.0" for Red Hat Linux. Registration is required.

Linux Stock Index for August 02 to August 08, 2001.

LSI at closing on August 02, 2001 ... 29.41
LSI at closing on August 08, 2001 ... 28.27

The high for the week was 29.41
The low for the week was 28.27

Press Releases:

Open source products

• On2 Technologies (NEW YORK): On2 Technologies to Open Source VP3.2 Video Compression Technology.

Proprietary Products for Linux

• ACCPAC International, Inc. (PLEASANTON, Calif.): ACCPAC Advantage Series Enterprise Edition will run with IBM's DB2 on Linux.

• CDW (Boulder, CO): Media Alert: CDW offers free VXA media to Linux users.

• Emulex Corporation (COSTA MESA, Calif.): Emulex Fibre Channel Host Bus Adapters Selected by HP to Provide Connectivity in Linux Environments.

• Wincor Nixdorf Inc. (AUSTIN, Texas): Wincor Nixdorf to Deliver Linux as a Solution Platform for Migrating Retail Point-of-Sale (POS) Systems.

Products and Services Using Linux

• ArialSoft (CODY, Wyo.): ArialSoft Launches Its High-Speed MailMerge Server -- a Robust Hardware/Software Solution for Delivering High-Volume Personalized, Data-Driven e-Mail.

• Wireless Networks (WALTHAM, Mass.): Wireless Networks Picks NetSilicon to Connect Wireless Bluetooth Devices to LANs.

Products With Linux Versions

• Bynari (DALLAS): Bynari Announces a Major Enhancement to Popular Insight Messaging and Collaboration Software.

• California Software (IRVINE, Calif): California Software Extends Unibol 400 to the Web.

• DALi (LOS ANGELES): DALi Announces Global Success of DALiWorld Artificial Life Download.

• Data Connection Limited (LONDON): Data Connection Announces DC-OSPF and a Suite of Carrier-Class IP Routing Protocol Software.

• Dataram Corporation (PRINCETON, N.J.): Dataram First to Market With Memory for Hewlett-Packard Itanium-based Servers and Workstations.

• Exluna (BERKELEY, Calif.): Exluna to Unveil Breakthrough 3D Rendering Software; Demo of Industry's Most Powerful Rendering System Set for SIGGRAPH.

• Pixami (PLEASANTON, Calif.): Pixami Launches Next Generation Online Digital Imaging Products.

• SigmaTel Inc. (AUSTIN, Texas): SigmaTel Introduces C-Major and D-Major Digital Audio Solutions for Audio Codec and Audio Decoder Signal Processing.

• Sochrys.com Inc. (OTTAWA): Sochrys Announces Its Unique Peer-to-Peer Communication Technology.

• The Khronos Group (SUNNYVALE, Calif.): Khronos Group Releases OpenML 1.0 Specification; Specification now publicly available for royalty-free licensing.

• WebTrends Products (SAN JOSE, Calif.): NetIQ Expands Web Analytics Reporting Offerings with WebTrends Reporting Center.

Java Products

• ArsDigita Corporation (CAMBRIDGE, Mass.): ArsDigita Announces Availability of ACS 4.6 Java; ACS 4.6 Java Release Includes New J2EE Compliant Application Framework and Content Management System.

• Entervoice (NEW YORK): Entervoice Ships New Voice Appliction Server; Entervoice's Flagship Product qIVR Delivers the First Robust Java Interface to VoiceXML for Creating Voice Applications.

• Entraspan Inc. (SAN DIEGO): Entraspan Releases OrgTraks Version 3.0; Next Generation, Intranet-Based Organizational Charting And Corporate Directory Software Now Available.

• eVision (): eVision releases Linux version of eVe Visual Search Java Toolkit & Coding Contest.

Books & Training

• MontaVista Software Inc. (SUNNYVALE, Calif.): MontaVista sets new training dates for Hard Hat Linux embedded developers.

Partnerships

• Lutris Technologies Inc. & esavio (SANTA CRUZ, Calif.): Lutris Technologies and esavio Announce Technology and Services Alliance; Partnership Between HP, Lutris and esavio Delivers End-to-End Solution.

• Penguin Computing (SAN FRANCISCO & SUNNYVALE, Calif.): Penguin Computing and Ensim Partner to Deliver Hosting Providers Turn-Key, Web-Serving Solution.

Personnel & New Offices

• Open Source Development Lab (SAN FRANCISCO): Covalent Technologies Founder and CTO Randy Terbush Named to the Open Source Development Lab Board of Directors.

Linux At Work

• IBM (ARMONK, N.Y.): IBM Selected To Provide Key Technologies For Massive U.K. Computing and Data Grid; New Computing Model Will Enable Unprecedented Scientific Collaboration.

• Infoseek Japan & 3R Soft (TOKYO & SAN JOSE, Calif.): Infoseek Japan to Partner With 3R Soft; Infoseek, Leading Asian Portal to Integrate Award Winning Email and Collaboration Server Software MailStudio.

• Quintalinux (HONG KONG): Quintalinux, Limited Secures US $2.7 Million Construction Contract.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Court Orders DVD-Copying Defendant To Trial In California. A California appeals court has ruled that DeCSS defendant and LiViD developer Matthew Pavlovich must stand trial in California. C|Net reports that this ruling means that California has jurisdiction over anyone on the Internet who violates California law, even if they don't live in California. "Because of the ruling, others involved in the case living outside California will remain under the state's jurisdiction. The ruling could show that the Internet is not immune to California's long-arm statutes even when the publisher of the site is located outside the state."

Data Underdogs (ZDNet). Open source databases have some catching up to do, according to this Interactive Week article. ``Open source database vendors concede that they have some work to do on these fronts. The online backup feature of NuSphere's $299 MySQL Advantage "is not quite as transparent as it needs to be," [NuSphere chief technology officer Britt] Johnston says. What he means is that a database user sees a pause in the system when it performs a backup operation, a shortcoming that will be eliminated "in the next month or so," he says.''

Hidden Pitfalls in .Net Open Source? (ZDNet). ZDNet says many open source advocates are skeptical that Mono won't include hidden patent limitations. "... as part of the transfer protocol, it is a potential dependency for all developers who have to mimic the Windows file system and seek to interoperate with it. For example, successful interoperation with Samba might make the Samba project subject to Microsoft demands for patent licenses and royalties."

Microsoft's bait and switch. Here is the second half of Nicholas Petreley's critique of Mono, in InfoWorld. "Unless some entrepreneur creates a company to kill off Passport with a cheaper, better service, Mono will be a covenant with death. If Ximian encourages open-source developers to write e-commerce applications that access Passport, it actually hands Microsoft the key to killing off open-source e-commerce once and for all."

Civil Rights or Copyrights? (SFGate). Here's a strongly-written piece about Dmitry Sklyarov on the SFGate site. "At best, the United States must look fairly foolish to the international community. At worst, our detainment of a foreign national under a dubious commercial code must seem a reprehensible violation of civil liberties and a thumbing of our noses at international law."

The Other Open Source Conference of July 2001 (O'Reilly). Andy Oram covers the Ottawa Linux Symposium on the O'Reilly web site. "Four hundred and fifty people crammed into a basement of the Ottawa Congress Center makes for a high-pressure atmosphere. You certainly wouldn't be able to fit a single dancer in a penguin suit. I found the setting claustrophobic after a couple hours, but there's no doubt that the restricted setting facilitated intense personal interaction."

Companies

Cooltown tour shows HP's commitment to Linux (LinuxWorld). The revamped LinuxWorld site covers HP's new Cooltown project. "The hardware portion of Cooltown consists of the taggy, the beacon, and a Linux powered computing device called a baseboard. The design and reference documents for all three are GPL'd, so anyone wanting to build the devices is able to do so."

Update: The hardware for the baseboard is an EBX form-factor embedded-PC, a proprietary product manufactured by Jumptec-Adastra. (Thanks to Rick Lehrbaum.)

Linux slips off Dell's PCs (News.com). C|Net is reporting that Dell has stopped shipping desktop Linux pre-installed on their systems, but will continue to pre-install Red Hat 7.1 server systems. " Despite an initial splash last year, and efforts by groups such as Gnome to build graphical user interfaces to run on top of Linux, it has been difficult for the operating system to get a foot in the door of the desktop market, said RedHat spokesperson Melissa London."

Deal Boosts IBM's Grid Computing Push (TechWeb). IBM will provide hardware and software to the British government according to this TechWeb article. It's part of "a $50 million effort to link high-powered computers used in scientific research to a national British computing grid that will act as a single virtual supercomputer. At the same time, IBM is aggressively looking for ways to push grid technology for use in business computing environments."

LynuxWorks cuts headcount 15 percent (LinuxDevices). LinuxDevices covers the layoffs at embedded Linux seller LynuxWorks. ``LynuxWorks has experienced much more of a decline in services income than in product revenue this year. "Customers have been moving to in-house development and away from outside services due to the economic slowdown," said [LynuxWorks Chairman Inder] Singh.''

On2's video codec to go open-source (News.com). C|Net reports on the open source release of On2's video codec VP3.2. "On2 is betting that the open-source version of its code will be a way for the company to market its technologies and appeal to developers, especially because the main alternatives, including RealNetworks and Microsoft's codec, still remain proprietary."

Heads Still High at Red Hat Software Company (News & Observer). The Raleigh "News & Observer" reports on Red Hat's most recent stock holders' meeting. "Right now, [Chief Marketing Officer James J.] Neiser's focus is recruiting more software vendors to make versions of their programs -- customer-relationship management, retail systems, financial programs and the like -- to run on Linux."

Resources

Lineo launches 'anti-FUD' campaign with license ID tool (LinuxDevices). LinuxDevices carries Lineo's announcement of a tool to check licenses on open source software. "Lineo has developed the Lineo Embedix SDK GPL Compliance Toolset that helps developers identify and comply with open source and proprietary licenses while decreasing overall development time. When initiated against the developer's software project, this toolset identifies source code pulled from more than 40 common licenses, such as GPL, LGPL, BSD, Artistic, and Lineo..."

Introducing the Mac Open Source Software Directory (OReilly). O'Reilly has integrated the Mac Open Source Software Directory into their own Mac DevCenter. The site now contains over 100 entries of open source software for Mac systems.

Reviews

The Ultimate Cluster (TechWeb). TechWeb reviews the The Ultimate Cluster, Scalant Systems Inc. S600 series: "four distinct hot-swappable servers inside a 1U chassis, each with its own power, processor, drives and network interfaces.

Each server in the S600 is preloaded with Red Hat Linux 7.1, along with the usual crowd of open-source server utilities and applications provided by Red Hat, including the Apache Web server."

Miscellaneous

Revenge of the Nerds' Stereotype (Linux Journal). Linux Journal takes a look at how geek culture has evolved, now that grandma can use instant messaging. "More horrifying to me is, when relieved in a social setting of a barrage of computer-related topics and questions, a loose acquaintance actually expresses surprise that I'm talking about something other than computers. This must surely relate a gross breakdown of my ability to break out of my IT stereotype. It seems that if I manage a new introduction without mention of my profession, I can happily avoid the topic of computers indefinitely, without lack of conversational material."

Section Editor: Forrest Cook

See also: last week's Announcements page.

Announcements

Resources

Update to Embedded Linux Guide (LinuxDevices). LinuxDevices.com has updated its Embedded Linux Overview Quick Reference Guide. The guide provides a comprehensive and up-to-date resource for anyone wanting to learn about using Linux in embedded systems and smart devices.

Tip Of The Week: Won't you "join" me?. In the database world, combining two tables based on an attribute common to both of them is called a "join". Linux has a similar concept for matching fields in two files on a common item. Appropriately enough, it uses the "join" command.

Events

Linux 10th anniversary celebration. The "Linux10" Linux 10th anniversary picnic and BBQ will be held on Saturday, August 25 from 11AM to 6PM at Sunnyvale Baylands Park in Sunnyvale, California. Linux10 will gladly link to other Linux 10th anniversary events, so let them know the URLs for those events.

Several Danish LUGs are having anniversary parties as well.

HAL2001 ramping up. The Hackers At Large (HAL) conference has sent out a release describing the ramp-up to this year's event, which begins on the 10th. Speakers will include Emmanuel Goldstein, Phil Zimmermann, and John Gilmore. There's networking to every tent, and they claim to have 1.5 MW of generator power available to keep the laptops going. We know Pentiums run a bit warm, even laptop versions, but hopefully they really meant 1.5 KW.

Caldera Previews Forum 2001. Caldera International Inc. announced keynote speakers for Forum 2001. Speakers from Borland, Compaq, Computer Associates, Intel and Oracle will address Forum participants August 20 - 22, 2001 at the University of California at Santa Cruz.

Canceled Events: Linux Expo UK postponed, Red Hat TechWorld Brussels, ApacheCon Europe 2001. Three European conferences have been canceled or postponed. Registration has been poor for these events. Apparently, the economic downturn is affecting corporate spending and travel budgets.

Linux Expo Birmingham, originally scheduled for September 12 - 13, 2001 in Birmingham, UK has been postponed until next year. No dates have been given as yet.

Red Hat TechWorld conference scheduled for September 17 - 18, 2001 in the (Brussels Expo) Brussels, Belgium has been canceled.

ApacheCon Europe 2001 scheduled for October 15 - 17, 2001 in Dublin, Ireland has also been canceled.

Events: August 9 - October 4, 2001.

Date	Event	Location
August 13 - 18, 2001	IPsec Interoperability Workshop (Bakeoff)	Espoo, Finland
August 14 - 16, 2001	Embedded Internet Conference 2001	Santa Clara, CA
August 14 - 16, 2001	LinuxWorld China	Beijing, China
August 14 - 16, 2001	IBM Technical Developer Conference	(The Moscone Center)San Francisco, CA
August 20 - 24, 2001	HP World 2001	(McCormick Place)Chicago, IL, USA.
August 20 - 21, 2001	JabberCon 2001	Keystone, Colorado
August 20 - 22, 2001	Forum 2001	University of California at Santa Cruz, Calif.
August 23 - 25, 2001	LinuxWorld Hong Kong	Hong Kong
August 25 - September 1, 2001	The Linuxbierwanderung (Linux Beer Hike) 2001	Bouillon, Belgium
August 25, 2001	"Linux10" - Linux 10th anniversary picnic	Sunnyvale, California
August 26 - 30, 2001	LinuxWorld Conference & Expo	San Francisco
August 26 - 31, 2001	COMDEX Sucesu-SP Brazil 2001	Sao Paulo, Brazil
September 1 - 2, 2001	LinuxCertified.com Linux System Administration Bootcamp	Cupertino, California
September 2, 2001	Erlang Workshop - Firenze	Italy
September 4 - 7, 2001	Embedded Systems Conference	(Hynes Convention Center)Boston, MA
September 6 - 7, 2001	Open Source Health Care Alliance(OSHCA)	(The Posthouse Hotel Kensington)London, UK
September 17, 2001	XML Information Days	Amsterdam
September 18 - 21, 2001	O'Reilly Peer-to-Peer Conference	Washington, DC.
September 18, 2001	XML Information Days	Brussels
September 19, 2001	XML Information Days	Munich
September 20, 2001	XML Information Days	Zurich
September 21, 2001	XML Information Days	Milan
September 24, 2001	XML Information Days	Paris
September 25, 2001	XML Information Days	Copenhagen
September 26, 2001	XML Information Days	Oslo
September 26 - 28, 2001	Australian Unix User Group's Annual Conference(AUUG 2001)	Sydney, Australia
September 27, 2001	XML Information Days	Stockholm
September 28, 2001	XML Information Days	Helsinki
September 30 - October 4, 2001	XML One	San Jose, California
October 1, 2001	XML Information Days	Budapest
October 2 - 5, 2001	Federal Open Source Conference	(Ronald Reagan Building)Washington DC

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

LUG Events: August 9 - August 23, 2001.

Date	Event	Location
August 9, 2001	Boulder Linux Users Group(BLUG)	(Nist Radio Building)Boulder, CO
August 9, 2001	Phoenix Linux Users Group(PLUG)	(Sequoia Charter School)Mesa, AZ.
August 9, 2001	Kernel-Panic Linux User Group(KPLUG)	San Diego, CA
August 11, 2001	Consortium of All Bay Area Linux(CABAL)	Menlo Park, CA
August 11, 2001	Route 66 LUG	La Verne, CA
August 11, 2001	GalLUG Installfest	(Connecting Point Computers)Gallup, New Mexico
August 11, 2001	KPLUG Installfest	(National City Adult Center)San Diego, CA
August 14, 2001	Victoria Linux Users Group(VLUG)	(University of Victoria)Victoria, British Columbia
August 14, 2001	Long Island LUG(LILUG)	(SUNY Farmingdale)Farmingdale, NY
August 14, 2001 August 21, 2001	Kalamazoo Linux Users Group(KLUG)	(Western Michigan University)Kalamazoo, Michigan
August 14, 2001	SSLUG: Hyggemøde hos DKUUG/Symbion	Denmark
August 15, 2001	Central Iowa Linux Users Group(CIALUG)	West Des Moines, IA
August 15, 2001	Linux User Group in Groningen	The Netherlands
August 15, 2001	Washington D.C. Linux User Group(DCLUG)	(National Institute of Health)Bethesda, Maryland
August 15, 2001	New York Linux User's Group(NYLUG)	(IBM Building)New York, NY
August 16, 2001	St. Louis LUG(SLLUG)	(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
August 16, 2001	South Mississippi LUG(SMLUG)	(Barnes & Noble)Gulfport, Mississippi
August 16, 2001	Gallup Linux Users Group(GalLUG)	(Coyote Bookstore)Gallup, New Mexico
August 16, 2001	Linux Enthusiasts And Professionals of Central Florida(LEAP-CF)	(DeVry Institute)Orlando, FL.
August 16, 2001	New Orleans Linux Users' Group(NOLUG)	(University of New Orleans (UNO) Mathematics Building)New Orleans, Louisiana
August 16, 2001	SSLUG: Hyggemøde på Niels Bohr Institutet	Denmark
August 17, 2001	Rock River Linux User Group(RRLUG)	(Rockford College)Rockford, Illinois
August 18, 2001	SVLUG Installfest	Silicon Valley, CA
August 19, 2001	Beachside LUG	Conway, South Carolina
August 19, 2001	Mesilla Valley Linux User Group(MVLUG)	(Village Inn on El Paseo Rd.)Las Cruces, New Mexico
August 20, 2001	Linux User Group of Davis(LUGOD)	(Z-World)Davis, CA
August 21, 2001	Bay Area Linux User Group(BALUG)	(Four Seas Restaurant, Chinatown)San Francisco, CA
August 21, 2001	Hazelwood Linux User Group(HLUG)	(Prairie Commons Branch Library)Hazelwood, Missouri
August 21, 2001	Phoenix Linux Users Group(PLUG)	(Glendale Community College)Glendale, AZ
August 21, 2001	KCLUG Installfest	Kansas City, MO.
August 21, 2001	Linux Stammtisch	(Bandersnatch Brew Pub)Tempe, AZ
August 21, 2001	AaLUG: Ekstraordinær generalforsamling	Denmark
August 23, 2001	Omaha Linux User Group(OLUG)	Omaha, Nebraska

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

Section Editor: Rebecca Sobol.

Software Announcements

The Alphabetical List and Sorted by license

Our software announcements are provided courtesy of FreshMeat

See also: last week's Linux History page.

This week in Linux history

Three years ago (August 13, 1998 LWN): Bruce Perens, Eric Raymond, Ian Murdock, and Tim Sailor announced the formation of the Open Source Initiative. The OSI's job was to police the use of the "Open Source" trademark and to promote open source in general. Since then Mr. Perens left in anger, the trademark application was denied, and the OSI seems to be dormant (the "what's new page" on the OSI web site was last updated in July, 1999). In fact, we're told that the OSI is more active than it appears, but there isn't much going on there that reaches the public eye.

The formation of the OSI was greeted with a great deal of criticism and anger, and there are certainly many who do not lament its fall from prominence. But the OSI did play a useful role in advocating open source, and in keeping early adopters of the term honest. An article in Upside that week explained it well:

But to a large extent the new visibility of open source is due to a clever marketing strategy on the part of Torvalds and his compadres--and a new willingness to talk the language of the corporation. These days, open source advocates talk less about freedom than about reliability--pointing out that when source code is opened up to the masses, the masses tend to locate and eliminate bugs very quickly.

The OSI was the embodiment of that marketing strategy.

Richard Stallman called for free documentation to accompany free software.

Please spread the word about this issue. We continue to lose manuals to proprietary publishing. If we spread the word that proprietary manuals are not sufficient, perhaps the next person who wants to help GNU by writing documentation will realize, before it is too late, that he must above all make it free.

Since then, the amount of free documentation available has expanded greatly - even if it still is not enough. Publishers no longer panic at the idea of making manual content free. Progress has been made.

The development kernel release was 2.1.115; Linus announced a hard code freeze with this release. This freeze proved less than firm, however, and the 2.2 stable release turned out to be more than five months away. The stable kernel release, meanwhile, remained at 2.0.36.

Two years ago (August 12, 1999 LWN): The second LinuxWorld Conference and Expo was held this week; see LWN's coverage of the event if you are curious.

But the big news, of course, was the successful completion of Red Hat's initial public offering of stock. The actual event caused yet another round of trouble for those participating in the community offering, since a last-minute raise in the IPO price required a reconfirmation of interest. Many of the participants, who were at the conference, had a hard time doing that, though just about everybody got in before it was done.

The stock shot up to a (split-adjusted) price of $26, which seemed amazingly high at the time. The real significance of the IPO was to mark Linux as a truly interesting business phenomenon. Two years later, with the Linux stock frenzy behind us, Linux remains more vital and interesting than ever. Even if the same can not be said for Red Hat's stock.

Andover.Net announced the acquisition of FreshMeat this week. Andover.net (and Freshmeat) were later acquired by VA Linux.

The development kernel was 2.3.13; the long-awaited 2.2.11 stable kernel release also came out this week.

Red Flag Linux, a high-profile Chinese distribution, was announced this week. The newly-renamed Lineo announced its Embedix distribution.

Dell announced they would start selling Linux desktop boxes. Two years later, of course, Dell has just announced that it has had enough of desktop Linux for now.

One year ago (August 10, 2000 LWN): IBM announced a Linux-powered wristwatch, which commanded a great deal of attention. The world loves a cool gadget, and this one certainly did qualify. Click on the image to the right for a picture.

DefCon attracted over 5000 people. Forbes noted the heightened presence of members of the CIA, Department of Defense and the NSA. Their mission ... to hire hackers. That seems a far better reason for law enforcement to be at DefCon. (This year's DefCon was where the arrest of Dimitry Sklyarov happened.)

The 2.4.0-test3 release of the Linux kernel included the surprising addition of the Journaling Flash Filesystem (JFFS), which was not slated to go into the kernel until later. It seems Linus merged it by mistake. Once in, JFFS did not cause any problems so it was left in.

The Linux Test Project is one year old.

LinuxWorld seems to be moving forward as the years go by. While the 1999 LinuxWorld was held this week (see above), the 2000 LinuxWorld was still a week away, and the 2001 LinuxWorld is still over two weeks away. Even though LinuxWorld was still a week away, the commerce page was already swelling with announcements about all the cool products that would be on display.

Stormix launched Storm Linux 2000. One year later...oh well...

Those were the good old days, when VA Linux still sold hardware. ZDNet wrote:

Do you need a workstation? And we mean, an honest-to-goodness, take-no-prisoners, kick-butt Unix workstation? Then you should be looking at VA Linux Systems' tiger shark of a system: the VA Linux 420.

Section Editor: Rebecca Sobol.

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

See also: last week's Letters page.

Letters to the editor

From:	 Joe 'Zonker' Brockmeier <jbrockmeier@earthlink.net>
To:	 lwn@lwn.net
Subject: Are you kidding?
Date:	 Wed, 8 Aug 2001 13:09:41 -0600 (MDT)

Hey guys,

I think you blew it, saying that the Linux Today incident should be
left behind so easily. Reichard only responded to the astroturfing
accusation, saying nothing about the accusations that he refused to
link to other sites, or that he was actively disparaging other Linux
news sources. It also doesn't address the accusation that he's actively
struck down other people's postings. I'm not saying that he has actually
done all these things, though I have experienced LinuxToday holding 
news submissions appearing on other sites for upwards of three to four
days, while other news submissions were posted immediately. But, he should
have addressed all of these issues. 

Frankly, LinuxToday has sank farther and farther downhill since 
Internet.com has taken it over - and irresponsible people like Reichard
do not deserve to be let off the hook so lightly. It's fine for him
to have an opinion, but he should have the cojones to own up to his
opinion under his own name. If he can't do that, he doesn't belong in
the business. 

His apology does not go far enough. If this were a print publication, he'd
be out on the street. I find it disheartening that anyone would feel that
this should be dismissed so easily.

Take care,

Zonker
--
Joe 'Zonker' Brockmeier -=- jbrockmeier@earthlink.net
http://www.DissociatedPress.net/
Free Dmitry Skylarov! http://www.freeskylarov.org/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"I'll sleep when I'm dead." -- Warren Zevon

From:	 Theo de Raadt <deraadt@cvs.openbsd.org>
To:	 jake@iki.fi
Subject: RE: Usage of SSH
Date:	 Wed, 01 Aug 2001 23:27:44 -0600
Cc:	 letters@lwn.net

> I've just been wondering why every time there is a problem with Secure
> Shell from SSH Communications Security Corp (which, believe me, is really
> rare), it is so clearly stated that the problem is only in the commercial
> product, but when the problem is in an open source implementation of the
> protocol, quite a few sites don't bother making the point of specifying
> the product. They just talk about SSH.

That might be because (according to measurements we have been doing
for about a year) OpenSSH is fast becoming the most popular SSH
Protocol server on the net, especially for Protocol 2.  As well,
especially in the Open Source community, OpenSSH is very nearly the
exclusive choice, since it is included in the OS distributions.

See http://www.openssh.com/usage for our graphs.  (They are currently
being moved from elsewhere, so if you cannot get at them, try again
later).

Secondly, I think your sense of history is somewhat clouded.  The
deattack bug hit pretty much everyone's servers and clients, and it
was very clear who fixed it first.  We posted far and wide about the
issue, pretty much saying we had screwed up.  ssh.com took quite a
while to fix it.  Maybe people noticed?  Or maybe not.

> Don't get me wrong, I'm all for open source, but looks like open source
> folks are quite good at FUD too.

But probably not intentionally.

Apparently you live in Finland, a fairly small country where ssh.com
is located; if you attribute the situation stated above to malice on
our part instead of an informed decision of the masses, are we to
assume the same of you?  No, let's just stop right there. 

ps. I can't believe I just used the phrase "informed masses".

From:	 Mace Moneta <mmoneta@optonline.net>
To:	 letters@lwn.net
Subject: Regarding Dmitry Sklyarov
Date:	 Thu, 02 Aug 2001 08:07:17 -0400

Regarding Dmitry Sklyarov, I was wondering why the U.S. Attorney's 
Office has not arrested the researchers at IBM and AT&T Labs responsible 
for Quantum Computing and Quantum Factoring algorithms.  Clearly, their 
primary function is the circumvention of existing encryption methods. 
 In fact, there have been several papers explaining the weakness of 
commonly used encyption when confronted by a "quantum attack".  

These circumvention devices can render the encryption methods, which are 
used to protect not only copyrighted material but secret material as 
well, worthless -- a blatant and flagrant violation of the DMCA as far 
as I can tell.

In fact, this development appears to be part of a broad conspiracy. 
 There are "hacker communities" passing the "mathematics" and "physics" 
(terms commonly used by these hackers) to new generations.  These 
"teachers" are the equivalent of drug dealers, giving our youth the 
taste of illegal knowledge needed to progress the battle against decent 
and law abiding copyright holders.

I hope that our Attorney General steps in and declares war on these 
menaces to society.  

Sickening, isn't it?

Mace Moneta
mace@monetafamily.org

From:	 Joe Klemmer <klemmerj@webtrek.com>
To:	 <letters@lwn.net>
Subject: A minor clarification on the Dmitry Sklyarov situation
Date:	 Thu, 2 Aug 2001 13:02:00 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


	While I, like any other US citizen with at least two brain cells,
deplore the incarceration of Dmitry Sklyarov and the whole foundation of
the DMCA there's one thing that might be good to point out.  I've seen
many people outraged over the fact that he is being held without a bond or
parole hearing.  As Mr. Sklyarov is not a US citizen he is not entitled to
the same rights as the rest of us.  Unfortunately the "government" can
virtually hold him indefinitely.

	No I don't like it any more than you do but it's the way it works.

- ---
The most exciting phrase to hear in science, the one that heralds new
discoveries, is not "Eureka!" (I found it!) but "That's funny ..."
                -- Isaac Asimov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7aYePHeWRPx8OIHARAn3FAKCaVN8nTu8i5U57lgPBtQH6DHqJbACfeOgx
Yi3VeaSlArpNJYEoXAZRUGA=
=Bz+e
-----END PGP SIGNATURE-----

From:	 Leon Brooks <leon@cyberknights.com.au>
To:	 letters@lwn.net
Subject: To vigilant, or not to vigilant - that is the question
Date:	 Tue, 7 Aug 2001 10:27:29 +0800

By now we all know about CodeRedII and SirCam. We also know that 
hosting menaces like these is an almost exclusive property of 
Microsoft software. The question has been raised: do we have the 
right to, uh, proactively defend ourselves from the infected servers? 
And if so, how much defending should we do?

In my case, as I write, each of the single-IP servers here is taking 
a hit about every three minutes. At about 460 bytes a hit, that's 8k 
per hour per server. Not something to get flustered about. OTOH, 
other places are reporting a hundred times the rate, and web service 
in general appears to be a bit dodgy at the moment.

While any one server is not doing much damage, many raindrops make a 
flood. This flood is impacting my ability to use the Internet (my 
livelihood) and sooner or later the effect of exponents is going to 
result in something like a tidal bore.

This morning, I contacted a software supplier for the client I am 
working for now, to find out why an update hadn't arrived. It turned 
out that over the weekend, SirCam had buried their Exchange servers 
in jokes, porn, proposals and service reports.

Today, their intranet webserver was down for repairs after being 
CodeRedded, oh, and by the way their proxy server apparently had a 
web server up on it too, so all they have left is the 'phones and 
snail mail. Snail mail would take three or four days to get here from 
Queensland, and I'm going home tomorrow.

So both directly and indirectly, CodeRedII and SirCam have damaged my 
business, and the businesses of those I contract to. At law, I have 
certain rights of self-defense.

One of the side effects of SirCam is that it tells you that the 
originator is running binary emails. One of the side effects of 
CodeRedII is installing a public shell. Each machine has come to my 
client or server and told me how to get back to it and do what I 
please with it.

The opportunities are obvious. What should I do with them? I wrote a 
one-pager PHP script that I call CodeRed2 Explorer, for 
point-and-click navigation of and experimentation with compromised 
hosts. But what next?

The obvious first step would be to contact the originators and 
complain. This has several disadvantages, including that the the 
machine or mailbox might not be attended, the recipient might not 
understand or believe my message, and the recipient might not be able 
to do anything about it.

So, am I within my rights to respond by deleting the offending 
program (Outlook or IIS) and/or shutting down the attacking machine? 
I'm pretty sure that uploading a Linux installer to the offending 
machine and running it is going too far, but I wonder how many others 
would agree, and how many would regard that as a final solution for 
the problem?

From:	 Matthew.Ramsay@lineo.com
To:	 letters@lwn.net
Subject: Reply to Jay R. Ashworth on PoPToP and SnapGear
Date:	 Thu, 2 Aug 2001 20:05:39 -0600


I'd like to make some things clear about where PoPToP comes from, Jay
Ashworth's comments and where SnapGear is taking PoPToP.

I wrote PoPToP back in February 1999 for MoretonBay's NETtel platform (now
called SecureEdge). Around April that year I made some changes for it to
work on x86 platforms and released PoPToP to the GPL community. There was
no existing PPTP server for Linux back then so the idea was to give back to
the community I enjoyed being a part of by providing something that hadn't
been written yet.

In May 2000, Lineo purchased Moreton Bay and continued funding work on
PoPToP on the Coldfire platform (of which the NETtel -- renamed SecureEdge
-- used). At all times though we kept the PoPToP source code for the
Coldfire platform (and x86 platform) available. I focused my efforts on the
Coldfire and occasionally applied patches from various people to the x86
platform and released new versions. As I've got busier over the last year
the x86 tree became more difficult for me to maintain. However, I'd be more
than happy to help someone (perhaps Jay?) to fold Coldfire patches and
other patches into the x86 platform and let them contribute back into the
community.

Also, SnapGear was recently spun-off from Lineo to target the SOHO VPN
market and includes PoPToP as one of its VPN solutions. Again, SnapGear's
focus is on the Coldfire platform. Both Lineo and SnapGear together have
thousands of people and companies already using the Coldfire port of PoPToP
as their VPN solution and it works great. In this environment it needs to
work well.. and we've worked hard to make it so.

Finally, of all the developers I've worked with and even the companies I
have worked with (Moreton Bay, Lineo and SnapGear) they have all actively
contributed to the GPL community and are continuing to do so. It is a great
thing to see and be a part of.


Cheers,
Matt.

From:	 cpb@log2.net
To:	 letters@lwn.net
Subject: Woody by Christmas?
Date:	 2 Aug 2001 14:20:29 -0000

On the Distributions page of the LWN issue of 2001-08-02, you suggest that
a release of Debian Woody is expected by Christmas. However, your reference
(Debian Weekly News for July 31) says that Woody will be released by Christmas
"if everything goes BETTER than planned" (emphasis mine). Anyone who expects
Woody by Christmas is a...uh...optimist. But as Mr. Stallman says, "it will
be done sooner if you help!"       - Chris Bopp

From:	 "Schaefer, Peter" <peter.schaefer@gmx.de>
To:	 "'lwn@lwn.net'" <lwn@lwn.net>
Subject: "Open source databases have some catching up to do" - not quite
Date:	 8 Aug 2001 10:41:38 +0200

Dear LWN editors,

this news article on your daily updates page
finally triggered a response by me, because 
there is - since the beginning of the year -
a full featured, 24/7 capable database system
available as full GPL'd , LGPL'd open-source:
SAP-DB.

It's maybe not widely known outside of germany,
but the SAP guys in Berlin do a tremendous good
job. SAP-DB is used as the data center for many
SAP/R3 installations worldwide, has nearby full SQL92 
compliancy and can even be switched to other SQL-dialects 
like Oracle or AdabasD. Stored procedures, triggers and 
relational constraints are available, additionally several 
log backup strategies are possible without the need to 
pause the database, making 24/7 operation possible.

Client libraries include JDBC, ODBC and a C-Precompiler;
full source available, LGPL'd.

Conclusion: There is at least one open-source DB which
doesn't need to catch-up, i think ;).

Link: http://www.sap.com/solutions/technology/sapdb/

Best Regards, 

  Peter
-- 
peter.schaefer@gmx.de

From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 torvalds@transmeta.com
Subject: Happy 10th Anniversary
Date:	 Tue, 7 Aug 2001 10:53:44 -0400
Cc:	 letters@lwn.net

What a long, strange trip it's been.  Thanks, man; you gave me
something to do for a decade.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 804 5015

                    Linux: the Choice of a GNU Generation