[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 On the Desktop
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

A new, proprietary web? Back in mid-August, the World Wide Web Consortium (W3C) put out a draft policy on the incorporation of patented technology into web standards. The W3C, evidently, did not feel much need to publicize this draft, and it came dangerously near to ending its comment period with almost nobody realizing what was in it. That would have been an unfortunate development. Fortunately, Adam Warner was paying attention and issued a detailed call for action telling the community what was up.

So, what is up, exactly? The draft policy would allow the W3C to incorporate patented technology into web standards as long as the patent holder agreed to license the technology in a "reasonable and non-discriminatory" manner. This policy, called RAND, makes it possible for vendors of proprietary products to know that they can use the given technology.

The problem, of course, is that it is not generally possible for free software to use patented algorithms. If an implementation of an algorithm can not be distributed without the payment of royalties, the code obviously can not be put up for download on the net. And the GPL, of course, does not allow the inclusion of code with such restrictions.

Imagine a future web whose standards include patented technology. That is a web that can only be accessed with proprietary software - a very different web than the one we have now. It is, conceivably, a web without Apache, Mozilla, Konqueror, and many other tools we depend on. It's a web that would make certain vendors very happy, since it would eliminate the free software threat.

This is a real scenario, and one that could happen quickly. Consider the "Scalable Vector Graphics" (SVG) standard, adopted by the W3C on September 4. This standard, in fact, includes patented technology (of the worst, stupid software patent variety) from Apple, which will be available under RAND terms. In other words, the W3C is already behaving as if the new policy were in force, which casts some doubt on its public comment policy. SVG is not only proprietary, but the licensing terms are not publicly available. SVG, in other words, is inaccessible to free software. See Daniel Phillips's well-researched comments for more information on SVG.

There is a possible alternative scenario, of course to the proprietary web: the W3C, by endorsing proprietary standards, finds itself left behind by a web that does not want to go that way. The Open Group's attempt to take X11 proprietary has been put forward as an example of how this could happen. That time, however, we had the XFree86 project, which was already the real heart of X11 development. It is not clear that there is a body that is well positioned to supersede the W3C in this manner. It may not be so easy this time.

If necessary, however, that is what we will have to do.

In response to the last-minute outcry, the W3C has extended the comment period, but only to October 11. Now is the time to send in polite, well-reasoned arguments on why this policy should not be adopted. The people attempting to push through this policy know very well what they are doing, but they may still respond to a determined show of opposition. There may still be time to make a difference here. Perhaps we can avoid a corporate takeover of the web.

(See also: the patent policy comment list, which contains the comments posted so far. Included therein are comments from Alan Cox, Andrew Tridgell, Bruce Perens, Chuck Mead, Dan York, Eben Moglen (on behalf of the Free Software Foundation), Ian Clarke, Jeremy Allison, Joe "Zonker" Brockmeier, John Gilmore, Richard Stallman, Russell Nelson, Theo de Raadt, Tim O'Reilly, and many, many others).

Opportunities in migration services? Last week, the Gartner Group suggested that businesses should consider moving away from IIS toward other, more secure web servers. The latest Netcraft survey suggests that a number of businesses are doing exactly that - tens of thousands of IIS-based web sites have disappeared from the net recently. Corporate IT operations will stay with a given course through inertia for a long time, but, with a sufficient push, they will start looking at alternatives. Microsoft's more recent licensing and upgrade policies are giving more businesses reasons to look around as well.

It seems there should be an opportunity here. After being told for years that superior alternatives exist in the form of free software, some businesses are starting to look at them. But if all those businesses encounter is a pointer to a download site and a collection of HOWTOs, they may not look for very long. Now is the time for enterprising free software businesses to step forward with well-designed, targeted migration services.

Starnix has been quick to see the opportunity here: the Toronto-based company has announced a new service to help companies migrate away from IIS. The package includes a version of Apache hosted on a secured Linux system, consulting, and support services. Here is an offering that should be successful; it is a narrowly-targeted service which meets a pressing business need.

There should be other such opportunities in the free software world. Linux is increasingly ready to take on a wider role in corporate computing, and that will create opportunities for companies that can help. Those seeking to profit off such opportunities should proceed carefully, however; there are several prerequisites that must be met:

  • There must be a real motivation for companies to change. For many, Apache's advantages have been insufficient until the recent set of IIS security problems started causing real pain. The blue screen of death does not appear to be enough to make many desktop users look elsewhere. The pressure to adopt a new solution has to be strong before most people will think seriously about it.

  • Companies offering migration services must host substantial expertise on both the old and new systems. Linux expertise alone is insufficient; you must know all about the system you intend to replace as well. As Larry Augustin pointed out a few weeks ago, many people who are pushing a Linux desktop have failed to understand what Microsoft power users are really doing with their systems. Approaching the market with only half the necessary knowledge is a recipe for failure.

  • There must be convincing support options available. Nobody likes the fear that they could be stuck trying to solve problems on their own.

  • The free software alternative must be truly superior. For most users, the fact that a particular program is free is not enough; it must be demonstrably better at solving their problems. The free office suites, despite their amazing progress, have probably not yet reached that point for many users.

Free software support offerings probably need another look as well. These offerings look much like support services for proprietary software. The software in question becomes a black box, and the support provider takes charge of making it work. But one of the advantages of free software is that it is not a black box. "We'll take charge" services can deprive their customers of some of the advantages of free software. True free software support services should bring their customers into the free software community.

Helping customers migrate from proprietary products may not be the most exciting business to be in. And it certainly will not be an easy business. But it could well prove to be a workable business model for those working with free software, even in these difficult times.

Inside this LWN.net weekly edition:

  • Security: The top 20 Internet security vulnerabilities; more trouble with PHP.
  • Kernel: Maintaining 0.01; security module licensing; handling high network loads.
  • Distributions: Buy a Box Set or Download?; Mandrake Linux 8.1; SuSE Linux 7.3. MaxOS and BearOps Linux.
  • On the Desktop: The gamers way - playing games on Linux, Sun releases StarOffice 6.0 beta and Ximian adds channels.
  • Development: Dedicated Systems, measuring cluster performance, LPRng 3.7.8, Midgard 1.4.2, Python 2.2a4.
  • Commerce: SuSE closes funding round; C|Net sells LinuxDevices.com; Alta Terra Ventures Corp.
  • History: What will happen to the Linux VARs?; Linux Myths; Corel/Microsoft alliance.
  • Letters: Audio editors; patented web standards; non-free security modules.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

October 4, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

The top 20 Internet security vulnerabilities. SANS has posted a list of the 20 most critical security vulnerabilities on the net. The list makes good reading for anybody concerned about the security of their systems, though it is far from a comprehensive list of problems.

The list is broken down into three large sections. The first concerns itself with general, system-independent problems. These include:

  • Default installations of operating systems. Many OS installations leave vulnerabilities, and install more software than is needed.

  • Accounts with nonexistent or weak passwords. Some things haven't changed in decades.

  • Bad backups. This, of course, is a general systems administration problem. If a site's backups have not been checked recently for completeness and restorability, there are probably problems.

  • Large numbers of open ports. Many systems run services they do not need.

  • Lack of address filtering on networks. A properly configured network needs to be sure that both incoming and outgoing packets carry reasonable addresses.

  • Insufficient logging. Without complete and secure logs, detection and analysis of intrusions is impossible.

  • Vulnerable CGI programs. The net probably has not yet begun to see the degree of mayhem that bad CGI programming can cause.

The middle section lists Windows-specific vulnerabilities; readers interested in those are encouraged to go to the SANS page. The final section goes into Unix-specific problems:

  • Buffer overflows in rpc services.

  • Sendmail vulnerabilities. After a relatively quiet period, sendmail seems to be turning up more problems again - see below.

  • Bind vulnerabilities.

  • The rsh, rlogin, and rcp commands, which send passwords in clear text and which enable users to set up uncontrolled webs of trust.

  • Vulnerabilities in the lpd subsystem.

  • Sadmind and mountd. The former is Solaris-specific, but all systems supporting NFS have mountd.

  • Bad SNMP passwords.
A quick look at this list reveals that many of the problems are old, and very few of them are difficult to address. Network security is hard, but, in many cases, even the easy things have not been done.

A survey of PHP vulnerabilities. "Yet Another Hacker Team" has performed an automated audit of a number of PHP-based packages, and has posted the results. The conclusion: much PHP code is vulnerable to remote exploits. Two PHP features are the source of the problems: (1) PHP allows global variables to be set from an HTTP request, and (2) file operations handle URLs transparently. The combination of the two allows a remote attacker to run arbitrary PHP code on the server; this, in turn, gives that attacker shell access.

The survey makes this claim:

PHP is not insecure by default, but makes insecure programming very easy.

Reasonable people could differ on that point. PHP could be far more secure by simply isolating user-supplied information in a special "request" variable. PHP is great stuff (LWN uses a lot of it), but some aspects of the environment are, indeed, insecure by default.

CRYPTO-GRAM special issue. Bruce Schneier has released a special issue of his CRYPTO-GRAM Newsletter devoted to the events of September 11. "People are willing to give up liberties for vague promises of security because they think they have no choice. What they're not being told is that they can have both. It would require people to say no to the FBI's power grab. It would require us to discard the easy answers in favor of thoughtful answers." Worth a read.

Conectiva cuts off 4.x. Conectiva has served notice that the 4.x versions of its distribution are no longer supported, and no further updates will be available. Conectiva customers running ancient versions of the distribution are encouraged to upgrade to something more recent.

Security Reports

OpenSSH 2.9.9 released. OpenSSH 2.9.9 has been released; it includes a security fix that will be important for people using source-based access control.

A new set of sendmail vulnerabilities. Michal Zalewski has found a new set of vulnerabilities in sendmail; they may be used by a local attacker to obtain unauthorized access to the mail system. Versions of sendmail through 8.12 are vulnerable; 8.12.1 has been released and contains fixes for all of the problems. We'll pass on distributor updates as we see them.

Zope DTML scripting security update. There is a new Zope security update out there, fixing a vulnerability in DTML scripting. A suitably clueful user could use the vulnerability to obtain unauthorized access. A fix has been provided by Zope Corp.; expect updates shortly from the distributors that ship Zope as well.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

  • The Cisco PIX firewall has a vulnerability in its mailguard facility; the restrictions on SMTP commands can be bypassed by an attacker.


Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001).

The stable release of Debian is not vulnerable.

New updates:

Previous updates:

SQL injection vulnerabilities in Apache authentication modules. Several Apache authentication modules have vulnerabilities that could allow an attacker to feed arbitrary SQL code to the underlying database, resulting in a compromise of database integrity and unauthorized access to the server. See the September 6 security page for more information.

New updates:

Previous updates:


Linux Security Week from LinuxSecurity.com is available in its October 1 edition. Also available is Linux Advisory Watch for September 28.

CERT has a new PGP key, following the expiration of its previous key at the end of September. See the announcement for the new CERT key information.


The International Cryptography Institute 2001 will be held November 29 and 30 in Washington, DC. Speakers include Dorothy Denning, Whitfield Diffie, Bruce Sterling, and Phil Zimmermann. See the announcement for details.

Upcoming Security Events.
Date Event Location
October 10 - 12, 2001Fourth International Symposium on Recent Advances in Intrusion Detection(RAID 2001)Davis, CA
November 5 - 8, 20018th ACM Conference on Computer and Communication Security(CCS-8)Philadelphia, PA, USA
November 13 - 15, 2001International Conference on Information and Communications Security(ICICS 2001)Xian, China
November 19 - 22, 2001Black Hat BriefingsAmsterdam
November 21 - 23, 2001International Information Warfare SymposiumAAL, Lucerne, Swizerland.
November 24 - 30, 2001Computer Security MexicoMexico City
November 29 - 30, 2001International Cryptography InstituteWashington, DC
December 2 - 7, 2001Lisa 2001 15th Systems Administration ConferenceSan Diego, CA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet

October 4, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is 2.4.10. The latest prepatch from Linus is 2.4.11-pre2, released on October 1. It includes a number of tweaks, including the unpleasant oops that afflicted some -pre1 users, and a bunch of merging from the "ac" series. Among other things, the new license tags (see the September 6 kernel page) are going into the standard kernel.

The latest prepatch from Alan Cox is 2.4.10-ac4. It includes most of the 2.4.10 changes, but has explicitly left out the massive virtual memory changes and other "seriously unsafe stuff." As Alan says: "I actually use the trees I release and I want to keep my machines working."

For those who find current kernels to be a bit too much on the bleeding edge, Mikulas Patocka has released a patch to the 0.01 kernel fixing a bug in the disk request sorting algorithm. Linus responded by offering to make Mikulas the official maintainer of the 0.01 series. Time to plug that 386 back in and help out...

On the licensing of security modules. A compromise wording has been worked out for the Linux Security Module interface; the include file will now carry this statement:

This file is GPL. See the Linux Kernel's COPYING file for details. There is controversy over whether this permits you to write a module that #includes this file without placing your module under the GPL. Consult your lawyer for advice.

Meanwhile, it appears that the EXPORT_SYMBOL macro, which makes kernel functions and data structures available to modules, will be augmented with a new EXPORT_SYMBOL_GPL variant. The new tag, clearly, will make a symbol available only to GPL-licensed code; the new license tags should make it possible to enforce that restriction automatically. Once EXPORT_SYMBOL_GPL is in place, the security module code may switch over to using it. Maybe.

There is, however, no plan to switch any existing symbols over to a GPL-only mode. Alan says:

Linus has made it absolutely (as in he'll send out the killer penguin with chainsaw if need be) clear that existing symbols wont mysteriously turn GPL only.

So authors of existing, proprietary modules need not worry that they will lose access to kernel symbols in the future.

Dealing with high network loads. The 2.4 networking stack works quite well, for the most part. It does have one issue, however: dealing with extremely high load. When very large numbers of packets are coming into a system, interrupt processing tends to push all other work aside. In the best case, no user-space work gets done. High loads can also bring a 2.4.10 system down entirely.

Ingo Molnar decided to address this problem, and some related ones having to do with the processing of software interrupts. His patch implements a technique called "soft mitigation." Essentially, if the hardware interrupt rate exceeds a given threshold, the kernel simply disables that interrupt for a timer tick interval (10ms on most systems). The system thus gets a break in which it can catch up.

There are, however, some problems with this approach. The constant threshold can not be set in a way that works for all situations; the maximum tolerable interrupt rate depends on a great many things, including the CPU speed, the cost of servicing the interrupt, and what else is happening on the system. Simply disabling the offending interrupt is easy (no cooperation from the driver or hardware is required), but it is hard on the performance of any other device that may be sharing the same interrupt line. Simply shutting down interrupts on a network interface for 10ms can cause it to start dropping packets in a big way, creating serious network performance problems.

The biggest problem, however, may be that another solution exists and has been in testing for some time. The NAPI ("New API") code, developed by Jamal Hadi Salim, Robert Olsson, and Alexey Kuznetsov, deals with interrupt load problems and much more. The NAPI work is based on the techniques discussed at the Kernel Summit last March, but the work has progressed since then. It has not, perhaps, received the degree of attention that it should have, though this discussion has raised its profile somewhat. Now, if only the project had a proper web site, it might become truly widely known...

NAPI works with modern network adaptors which implement a "ring" of DMA buffers; each packet, as it is received, is placed into the next buffer in the ring. Normally, the processor is interrupted for each packet, and the system is expected to empty the packet from the ring. The NAPI patch responds to the first interrupt by telling the adaptor to stop interrupting; it will then check the ring occasionally as it processes packets and pull new ones without the need for further interrupts.

People who have been on the net for a long time might appreciate this analogy: back in the 1980's, many of us had our systems configured to beep (interrupt) at us ever time an email message arrived. In 2001, beeping mail notifiers are far less common. There's almost always new mail, there's no need for the system to be obnoxious about it. Similarly, on a loaded system, there will always be new packets to process, so there is no need for all those interrupts.

When the networking code checks an interface and finds that no more packets have arrived, interrupts are reenabled and polling stops.

NAPI takes things a little farther by eliminating the packet backlog queue currently maintained in the 2.4 network stack. Instead, the adaptor's DMA ring becomes that queue. In this way, system memory is conserved, packets are less likely to be reordered, and, if the load requires that packets be dropped, they will be disposed of before ever being copied into the kernel.

NAPI requires some changes to the network driver interface, of course. The changes have been designed to be incremental, though. Drivers which have not been converted will continue to function as always (well, at least, as in 2.4.x), but the higher performance enabled by NAPI will require modifications.

Linus likes the NAPI approach, but has said nothing about when it might be merged. One would normally expect it to go into 2.5, with a possible backport to 2.4 later. In the modern world, though, one never knows... It is also possible that parts of Ingo's patch may end up being used as a last-resort, "save the system" response.

Those interested in NAPI can download the USENIX paper describing the techniques used. The actual code is available from Robert Olsson's FTP site.

Other patches and updates released this week include:

  • Jaroslav Kysela has released version 0.9.0beta8 of the ALSA sound driver system.

  • kdb v1.9 has been released by Keith Owens.

  • Also from Keith is modutils 2.4.10.

  • Robert Love has posted a new version of his patch which enables network devices to contribute to the random entropy pool.

  • Version 1.0.6 of IBM's Journaling Filesystem was announced by Steve Best.

  • Dave Jones has released Powertweak 0.99.4, a tuning and hardware configuration tool.

  • A new single-copy pipe implementation was posted by Manfred Spraul.

  • Jeremy Elson has announced the first public release of the "Framework for User-Space Devices," which allows a user-space daemon to handle operations to device files.

  • A preemptible kernel patch was released by Robert Love.

  • The third release candidate of LVM 1.0.1 was announced by Heinz Mauelshagen.

  • Loop-AES-v1.4e, a file and swap encryption module, was released by Jari Ruusu.

Section Editor: Jonathan Corbet

October 4, 2001

For other kernel news, see:

Other resources:


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Distributions page.

Lists of Distributions
Woven Goods

Embedded Distributions:

BluePoint Embedded
Compact Linux
Embedded Debian
Hard Hat Linux
OnCore Systems
RedBlue Linux
Royal Linux
White Dwarf Linux

Familiar (iPAQ)
Intimate (iPAQ)
Linux DA

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux

Coyote Linux
Fd Linux
Fli4l (Floppy ISDN/DSL)
Linux in a Pillbox (LIAP)
Linux Router Project
Small Linux

BBLCD Toolkit
Crash Recovery Kit
innominate Bootable Business Card
Linuxcare Bootable Business Card
Sentry Firewall
Timo's Rescue CD
Virtual Linux

Zip disk-based

Small Disk
--> Peanut Linux
Relax Linux

Bambi Linux
Flying Linux

ARM Linux
Scyld Beowulf
Think Blue Linux
(Oracle's NIC)
NIC Linux
Black Lab Linux
Yellow Dog
(Older Intel)
Monkey Linux

DOS/Windows install
Armed Linux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Buy a Box Set or Download?. There seems to be a new trend among the major Linux companies to not let people download a new version of its distribution until the box sets are ready to go. It will usually take several weeks between the time that a version is finalized until the box sets are manufactured and ready for sale, and many Linux users would like to be checking out the new version during that time. Only a few years ago most major Linux companies would make the distribution available for ftp as soon as it was finalized, well in advance of the box sets. Now most of them require downloaders and buyers to wait.

There is a fairly simple economic reason, of course. The company makes some money on a box set and none on a download. That's why they try to make box sets more attractive by adding extra programs and utilities that are not part of the basic Linux distribution. Generally users could get all the extras, but it does take extra time to download and configure them. The box puts it all together and makes it simple to install.

Some users appreciate the convenience of a box set. They like getting the OS and extras, and they have a backup right there in the box. Others would rather download what they want and put together the "perfect combination" of OS and extras for themselves. If the distribution is available before the boxes, some might download the distribution first, just to see how they like, and then buy the box later to get all extras. For the most part, though, people who prefer the convenience of a box set will wait for the box set, and those who prefer the more hands on approach will download whether the box set is available yet or not. In short, making a distribution available for ftp before the boxes is a courtesy to the users and will generally have little impact on a company's profit (or lack thereof). That's why we applaud MandrakeSoft's release of Mandrake Linux 8.1 for ftp, even though the box sets are still a month away. If you do download, consider making a donation to MandrakeSoft to show your support.

Mandrake Linux 8.1 and beyond. Here is the announcement for Mandrake Linux 8.1. As we mentioned above, it can be downloaded now, or you can pre-order a box set. New features, include the "MandrakeOnline" update service, improved configuration tools, and several journaling filesystems.

The MandrakeForum is full of news about Mandrake Linux 8.1, including some errata, and series of reviews by "tom", starting with Installation, then Desktop, and Mandrake Tools, so far.

The Mandrake Linux Community News, issue 15, provides discussion on the use of devfs in Mandrake 8.1, funny math over at Yahoo when computing Mandrake stock prices, and using Squid to block the Nimda worm.

SuSE Linux 7.3. SuSE Linux 7.3 is coming soon. One announcement says October 12 while another says October 18. Either way, it will be out soon, and it looks good. SuSE Linux 7.3 offers new features, improved security and stability, the SuSE YOU (YaST Online Update) makes sure that your system stays up-to-date and, of course, several journaling filesystems are available. SuSE Linux 7.3 will be available in two box sets, Personal and Professional.

New Distributions

MaxOS and BearOps. The MaxOS Linux distribution rated an LWN feature article in March 2000. At that time a beta version was expected the following May. MaxOS was released, and then frozen September 1, 2000. Since then Alta Terra Ventures, Inc., the parent company of MaxOS, has announced a new line of products, based around BearOps Linux. The BearOps Linux Desktop OS was the first product available, and the Handheld Linx for Linux was recently launched. Other products, such as a server package and firewall package are still in the works.

ZDNet gives a brief overview of the BearOps Handheld Linx for Linux. "Alta Terra says that BearOps Handheld Linx for Linux has been tested on Mandrake 8.0 and Red Hat 7.1, as well as the company's own BearOps Linux Desktop OS distribution. It comes with three desktop applications, jpilot, kpilot, and gpilot, as well as 100 games, utilities and applications for the Palm OS."

A quick check of the BearOps web site finds pointers to a full FTP download for their packages. The Palm/Handspring support appears to come from the standard pilot-link package and tools which use it.

Distribution News

Debian Weekly News. The Debian Weekly News for October 3 is out. Topics covered include new languages on the Debian web site, boot floppy work, a possible Debian package of the NSA's Security Enhanced Linux, and several others.

Wajig is a simplified command line interface to many of the typical Debian administration tasks, including package management and configuration, and daemon control. It is not an official package, but some Debian users might like to give it a try and see if it's useful.

Minor Distribution updates

2-Disk Xwindow System. The 2-Disk Xwindow System is a very small Linux/xwindows distribution, that provides net browsing in a lush GUI. The source tree is compiled on debian and the /lib/ files taken directly from the debian2.2.3 distribution. Several versions have been released in the last week, providing minor feature enhancements and bug fixes. Version 1.0rc034 was released on September 30, 2001.

floppyfw. If you are looking for a small Linux firewall that fits on a single floppy disk, floppyfw may be just what you are looking for. floppyfw-1.9.9 was released September 29, 2001, now with kernel 2.4.10 and Math emulation removed. See the Changelog for details.

muLinux. Here's another tiny implementation of Linux, which can reside on a single floppy. muLinux is now at version 12r2. See the Changelog for details.

NSA Security Enhanced Linux. NSA Security Enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control architecture into the major subsystems of the kernel. Version 200109261436 was released on September 28, 2001, with bug fixes and minor feature enhancements.

ttylinux. This seems to be a good week for tiny distributions. In the spirit of frequent releases ttylinux has jumped from version 1.10 to version 1.13 in the past week. This is a minimalistic Linux distribution that can run in as little as 2.88 megabytes of space.

Distribution Reviews

Caldera OpenLinux Workstation 3.1 (Duke of URL). The Duke of URL presents a detailed review of Caldera OpenLinux Workstation 3.1. "This latest release is built around KDE 2.1, and as such, contains a good many KDE development tools and the accompanying documentation. Some of the benefits being touted by Caldera include: software integration, default configurations, self hosting, secure software, system testing, and even OEM testing. Essentially this means that Caldera has tested each piece of software included in their distribution to make sure there are no software conflicts. Every piece has been tested for proper functionality and that any OEM that bundles OpenLinux has been tested for hardware compatibility."

Mandrake revamps Linux distro (Register). This review of Mandrake 8 is not as detailed, but it does give a good overview. "Things we liked about version 8.0 of Mandrake were its choice of ReiserFS as the default file system - yum - and the Software Manager, which makes the business of installing new software look pretty straightforward."

French Linux marketing mirrors Red Hat (ZDNet). ZDNet looks at Mandrake's latest offering now available with MandrakeOnline, a subscription service that gives members notification of security patches and other software updates, discounted technical support and an e-mail account. "Mandrake version 8.1 includes several new features. Among them is the new version 2.2.1 of the KDE desktop interface, released Sept. 19. KDE 3.0 is scheduled to be released in beta version in December and in final form in February. "

SuSE grabs Best-Business-Linux gong (Register). The Register looks the recent report by DH Brown Associates, beginning with SuSE's position at the top of the list. "SuSE wins in the scalability, the system management and the directory/security services categories."

SuSE Linux 7.2 Professional (Duke of URL). SuSE 7.3 is almost here. In the meantime here's a review of SuSE Linux 7.2 Professional. "In the world of commercial Linux distributions, SuSE is a leader and is certainly the preference of many European users. They have also maintained many ties with the open source world and have contributed greatly to projects such as KDE, XFree86 and ReiserFS. They have been and will likely always be a culture of engineers. This is part of what makes SuSE fun to work with. If anything, SuSE Linux is very much a product of solid engineering."

Section Editor: Rebecca Sobol

October 4, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Caldera OpenLinux
Debian GNU/Linux
Red Hat

Also well-known
Best Linux
Conectiva Linux

Rock Linux

Non-technical desktop
Icepack Linux
Redmond Linux

Boston University
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
Complete Linux
Console Linux
Corel Linux
Darkstar Linux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
HA Linux
Halloween Linux
ix86 Linux
Lanthan Linux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
Linux Pro Plus
LNX System
Lute Linux

NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
Project Ballantain
Rabid Squirrel
Root Linux
Serial Terminal
TimeSys Linux/RT
Tom Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WinLinux 2000

GNU/Linux Ututo
Definite Linux
Red Flag
Linux Esware
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
MCC Interim Linux
Storm Linux


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
iceSculptor (*)
Maxwell Word Processor
Mediascape Artstream (*)

Web Browsers
Netscape (*)
Opera (*)

Handheld Tools
Palm Pilot Resources
Pilot Link

On The Desktop

The gamers way.  Not long ago we received a simple request from a reader. A long time Windows user, he decided the switch to XP was not conducive to maintaining his personal privacy, so he wanted to migrate to Linux. His main computing requirement: games. Which distribution, he asked, would be best for playing games?

The answer is that just about any major distribution should work just fine, a fact that might be surprising to new users but not to long time Unix diehards. There have always been games for Unix systems, including the original console based Adventure, the flight simulator ACM and the venerable Netrek. Yet it is only recently that professional quality, off-the-shelf games have been mass marketed for Linux users. Loki was the first company to bring a selection of existing titles to Linux (while id actually ported Doom on their own sometime previous to that). Loki still offers the vast majority of available titles, but they aren't the only one these days, says Michael Vance of LinuxGames.com. Vance also works for Treyarch, LLC, a company that has a close working relationship with game maker Activision.

"Hyperion has two games (Shogo, Sin), Tribsoft has one (Jagged Alliance 2), Vicarious Visions has one (Terminus), and Loki has 19." Vance, who worked as a lead programmer on various Linux ports at Loki between June 1999 and January 2001, says that other companies did some of their own porting work to Linux, then handed the projects over to Loki. "Companies like id and Vicarious Visions have done work internally," he said. "id later handed that work off to Loki, then that contract expired. Companies like Epic used Linux as a testing ground for their [PlayStation 2] development, then handed maintenance to Loki," but that contract has also expired he said. Other companies porting games to Linux include Introversion, and Illwinter.

Proprietary games on Linux primarily run natively either as OpenGL or SDL based applications. Some games like Unreal Tournament use SDL to access OpenGL directly. Using OpenGL allows games to make use of 3D hardware acceleration, providing better game play through faster graphics. This hardware acceleration is a new thing for the Linux world, having become readily available only within the past year or so from both the XFree86 project and commercially through Xi Graphics.

Alternatively, players can try their hand by running games under WineX, a DirectX-enhanced implementation of the WINE environment. While WINE already supports DirectX, WineX aims to improve on that support. Unfortunately, success along this route is less than stellar. One of the editors from evil3D, who prefers to be called Avatar to maintain a separate identity from his day job, says he's had little luck working with WineX. "I can hardly get Solitaire to run under WineX. And I'm happy to leave it at that." He adds that despite his own failures, the WineX project developers seem to be having a lot of luck with DirectX support. The other major Windows-under-Linux solutions don't fare any better. VMWare reports that they provide limited support for DirectX (and thus games) while Win4Lin doesn't handle DirectX at all.

Native ports vs DirectX issues aside, the choice of a Linux distribution isn't a serious problem. Vance says only cutting edge distributions might pose obstacles, but even that isn't likely. "Ancient distributions had a hard time with games because of glibc 2.0 and a few other older libraries. Bleeding edge distributions, such as Debian's "unstable" branch, have also proven difficult at times." He suggests using a distribution that has been available in a stable release for a couple of months. A current Red Hat, SuSE or Mandrake-Linux, for example, should work with most games. That's because most games, though not all, are delivered with all the libraries on which they are dependent. Says Vance, "It depends on the game, and usually whether it is a commercial product or not. Almost all commercial games come with every library they require. To my knowledge, none (other than the old Quake 1 and 2 rebundles) come in RPM or .deb formats. Most install using Setup, a nice GUI installer that Loki developed."

Though most of the major distributions should work, you may still find a few "gotchas" for particular games. The biggest problem comes from getting a video card with the right kind of X server support. Vance notes that it depends on the card in question, and the version of XFree86 you're using. "Pre-XFree86 4.x support for the 3Dfx cards was fairly decent, and post-XFree86 4.x support for the ATI and Matrox cards has been pretty good." He says that to his knowledge most 3D gaming on Linux today happens using the NVIDIA and ATI Radeon cards. "NVIDIA has a binary-only driver that is exceptionally fast and robust," he added. Support for joysticks is good but there is little, if any, support for force-feedback devices.

Sound under Linux is sufficient for most games. Hardware environmental effects such as those found in the SB Live! adapters and in the EAX library which supports such hardware is still lacking, though the OpenAL project has been slowly moving towards that direction.

With all those commercial games running under Linux you might wonder if open source alternatives can compete. Evil3D posted an interview of TribSoft founder Mathieu Pinard, who said he doesn't think so.

If you would see the amount of code that the games done in the last few years, I don't think we could imagine the Open Source community putting out 5-10 complete quality games per year. Of course, feel free to prove me wrong, and I hope nobody will take this as an insult. It's just no longer possible to make games in your garage that will compete against the latest closed source games.

Vance agrees, but says there are some nice alternatives. "Open source games are usually cheap remakes of old arcade games. Within that arena, the best is probably FreeCiv, a very nice reimplementation of Civilization II. I'll also plug gltron for Andreas Umbach, an acquaintance of mine. But nothing out there is going to rival even five year old commercial games. A friend of mine maintains that Nethack is the only high-quality open source game available. I think Nethack is a bit of a stretch for modern gamers, though. Chromium BSU is also a nice little arcade game."

The problem with open source games is abandonment. The Linux Game Tome has started posting games that are listed as missing in action, noting game developers and/or their web sites that seem to have disappeared. Open source games don't get the dedication from their developers necessary to reach professional quality (this isn't suprising at the application level in open source, and is really not reflective of the lower level kernel world). Vance says it takes a lot of people working together to reach that point. "Only in very rare exceptions, such as with FreeCiv, can a large group of people come together and collaboratively build a game. Game programmers aren't usually the most friendly and sociable sort, and the splintering and fragmenting of numerous little game projects is of little surprise." He goes on to say that the art requirements for games are much higher than for traditional open source projects. Producing art is not the forte of open source developers, and even solid GUI design is, at times, a stretch.

"Linux lacks a continually refreshing pool of interesting games," he adds. "Companies like Loki have done a pretty good job in the past but it remains to be seen, given their present financial hardships, whether that will continue. The market is small, thus there is little incentive to make/port games. Because of this, the market is slow to grow. The problem is a hard one."

Most sales of commercial games are web based at places like TuxGames and ebGames . However, the latter is exiting the Linux business because they say there is no market there. They've been selling off their stock of Linux games, most of which are Loki titles but also a few others, for less than $10 each.

But this really shouldn't suprise anyone familiar with the general gaming market. Linux sales shouldn't be compared with Windows, says Vance. "I don't know if you've looked at PC sales figures lately, but it's very hard to be profitable in the PC games business. Companies like Activision have seen their profitability increase enormously transitioning their business to the [game] console arena. The market is much larger. Thus Linux has to not only overcome Windows gaming, but a stagnating, almost exclusively hit-driven PC game market. Not an easy task."

Loki is currently in Chapter 11, attempting to get their finances in order. Word is they've paid off what was owed to programmers, but haven't addressed all their other debts yet. For now, the company is stable enough to continue. It's hard to tell if contracts lost recently from id Software and others have dealt them a fatal blow. Only time will tell.

For now, however, games are an integral part of the Linux desktop. Despite commercial failures, the porting of games is one of the true Linux success stories.

Recent Commercial Game Releases

GPL Games

Other sites of note

New Breed Software has 13 or so GPL games for the Linux platform and has recently started working on games for the Agenda VR3 PDA.

Linux Game Tome
DRI based 3D video card support

StarOffice 6.0 Beta hits the streets. Sun delivered the official announcement on the StarOffice 6.0 beta this week. This is the first release of the much anticpated version without the extra desktop features built in.

We downloaded the huge binary to give it a quick test. The installation is very clean, it even noticed that we'd forgotten to grab the extra Adabas package. Installation takes about 5 minutes and requires only limited configuration information from the user. Red Hat users may find the option to install a Sun blessed Java installation refreshing. Or maybe not. To each his own.

While this new release is very welcome, it didn't take long to crash it. Interested in the one feature we've seen next to no support for under Linux - text along a curve - we opened up the FontWorks tool under the Drawing tool. Text along a curve is very simple to use, but in an attempt to find a way to rotate the bounding box of the rounded text (while incorrectly using the selection handles) we managed to bring StarOffice to a halt, hung in mid move while we searched for a command line to kill the session.

Despite this early problem, most other features seemed to be very stable, though we hardly gave it a thorough test. Performance was modestly improved and the interface feels more like users will expect from their office applications. Most interesting of all is the apparent support for XP format files, from Word to Excel to PowerPoint. LWN.net doesn't use Microsoft products so we couldn't test that support, but it's obvious that Sun sees a distinct need for file format compatibility between office applications.

Users of Ximian's GNOME desktop will find some solace in knowing that this beta installs in a user defined directory quite nicely, thereby avoiding the 5.2 installation provided through Ximian's Red Carpet. That said, you have to manually configure the GNOME desktop's menus to access the new version. StarOffice only seems to update the KDE menus during the beta installation.

Earlier in the week, The Register covered the StarOffice 6.0 release, prior to our testing. "The new version does away with the much-hated integrated desktop, saves files as XML, and has improved language support."

Linux-based GUIs: a perspective (ZDNet). A Gartner study posted to ZDNet does a detailed analysis of the Linux desktop space, comparing KDE and GNOME to the traditional Unix desktop provided by CDE. "For more widespread desktop use, Linux faces hurdles. A new, albeit intuitive, user interface may be among the least of these. Even ordinary users can assimilate the differences between a Macintosh desktop and Windows desktop, and Microsoft itself is introducing changes with Windows XP. Distribution, support, availability of peripherals and application readiness is a greater challenge." Despite referring to the ORB component in GNOME as "Bonomo", the report is one of the better analyses we've seen on the Linux desktop.

Desktop Environments

Ximian Setup Tools, Control Center updates  Ximian has released new versions of their Ximian Setup Tools (aka XST) and Control Center.

Ximian adds new channels, but stays away from Linux distributions  If you haven't been paying attention, Ximian's Red Carpet is showing signs of how that company might be making money in the future: by adding software management for third parties. In the past couple of weeks Red Carpet has added channels for StarOffice, Loki, VMWare and CodeWeavers. The StarOffice channel currently supports the 5.2 release but expect to see it bumped to 6.0 once that version becomes solid. VMWare and Loki are offering versions which need license keys (VMWare) or just come in demo form (Loki). CodeWeavers is providing their own version of WINE, the Windows under Linux environment. This is probably a first step in later providing their newly announced Crossover plugin which, it is said, will provide support to Netscape for Shockwave and QuickTime under Linux.

Despite channel support for particular distributions, Ximian has said on many occasions that it isn't interested in getting into developing and shipping their own Linux distribution. That doesn't mean, however, that clever souls won't figure out a way to do it for the company, even if the work doesn't have an official blessing from Ximian. The Unofficial Unsupported Ximianized ISO Images project aims to provide ISO images (i.e. something you can burn to a CD for installation) of various Linux distributions with Ximian's GNOME added. So far they only support Red Hat 7.1, but work is underway on Debian with Mandrake planned for the future.

GNOME 2 technology preview release. The first technology preview release of GNOME 2 is now available. Many changes are expected for GNOME 2, however this release is not intended for end users, especially since it cannot be installed parallel to existing stable GNOME environments.

Two New DCOP Tutorials (KDE Dot News). KDE Dot News reports that two new tutorials on programming with DCOP have been made available on the KDE Developer site. The first one, titled Creating a DCOP Interface, covers the API for instantiating a simple DCOP application. The second article, titled Automation of KDE2, discusses the use of scripting to access an applications DCOP interface.

Office Applications

Linux Magazine names Evolution best Email Client. Ximian announced this past week that their Evolution package was named the Best Graphical Email Client by Linux Magazine.

AbiWord Weekly News and a new release. The big news this week for the AbiWord project is the announcement of a new release: version 0.9.4. Some of the key updates in this release include a highly improved spell checker, better XHTML export support and various Styles updates.

Also from the AbiWord front: After publishing 2 issues last week, Jesper Skov has been busy once again, producing 3 new issues of the AbiWord Weekly News. All three new issues, Issue 60, Issue 61, and Issue 62 are pre-0.4.9 and carry information leading up to that release.

Desktop Applications

Sodipodi 0.24. A new release of the GNOME vector art tool Sodipodi has been released. This version includes improved linear gradients, many stability and internal bug fixes, and the start of an XInput caligraphic pen tool. It also support SVG better, including Illustrator exported SVG files.

pim.kde.org back online. News went out this week that the KDE PIM web site went back online. Most of the changes will revolve around developer updates, with the section on PIM-apps staying static for a while.

And in other news...

Qt3.0 Beta 6. TrollTech has released another beta of the Qt3.0 widget set. This release has had the QCom module removed after feedback showed the API to be less compact and intuitive than the rest of Qt.

Linuxlookup.com speaks with KDE Chairman. LinuxLookup.com interviews the Chairman of the KDE League, Andreas Pour. "This revolutionary approach to development permits individuals from all around the globe to coordinate and cooperate in design and development, with decisions reached purely on the quality of the code being contributed. Unlike many other projects, KDE does not have a "charismatic leader" or a company behind the project. Instead, development decisions are made on development lists, in view of the world, and development sponsorship comes from a broad coalition of individual companies."

Section Editor: Michael J. Hammel

October 4, 2001

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments

Window Managers (WM's)

Minimalist Environments

Widget Sets

Desktop Graphics
CorelDRAW (*)(w)
Photogenics (*)

Windows on Linux

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

Linux and Dedicated Systems Embedded Linux has been receiving a lot of press lately. While Linux is well suited for embedded applications, it also makes an excellent platform for developing and running dedicated systems. A Dedicated system can be defined as a standard PC that is running one or more dedicated tasks.

Examples of dedicated systems include home automation controllers, factory automation controllers, routers, web cams, web weather stations, and even office servers.

The differences between a dedicated system and an embedded system include:

  • It is built from generic, off the shelf PC hardware.
  • It makes use of an Internal hard disk.
  • A standard Linux distribution is typically installed.
  • It is more suitable for small numbers of systems, embedded systems are better for mass-produced devices.
  • It is useful as a prototyping and concept testing platform for a product that may ultimately evolve into a diskless embedded system.

Here are some reasons why Linux is a good choice for a dedicated system:

  • Linux has proven reliability and security.
  • Linux requires no licensing fees.
  • A very rapid concept to working system cycle.
  • Linux comes with a wide selection of free compilers and debuggers.
  • Large software components such as databases and web servers are freely available.
  • A standard linux distribution is a software tool box full of tools that usually work well together.
  • The target system can be its own development system.
  • Remote development is possible through ssh and X forwarding.
  • Most of the work is already done, solutions can be built with small amounts of custom code.
  • Web servers allow multi-platform browser machines to be used as user interfaces to the system.

As an example, your editor has been helping out the local public radio station and discovered an area where a Linux based dedicated system could be used. The station has been receiving its daily news broadcasts from a satellite downlink system. The old system involves manually loading reel-to-reel tapes, recording on the command of a mechanical timer, and shuffling tapes into the broadcast studio. Many things can go wrong with this process, mostly in the area of manually handling tapes.

The replacement system was specified as follows:

  • Audio recording is to be performed during the duration of a relay closure from the satellite receiver.
  • The relay signal should be fed to a printer port input pin.
  • Audio files should be recorded in a standard file format such as WAV.
  • The recorded files should be served to the network on a web page.
  • An existing Windows machine in the air studio should be able to play the audio files.
  • The system should do data management, automatically purging older audio files.
  • The system should be usable by people who don't know have a clue about Linux.
  • The system should be expandable to allow for multiple audio feeds.

To perform this task with a Linux box, it was necessary to find an unused PC (Pentium 200) with an Ethernet card and a sound card. A standard Red Hat operating system was installed on the machine. Two pieces of custom software needed to be written, a C program that monitors the switch closure and runs the recorder program, and a Python program that creates and manages the web page. Both programs ended up being about two pages long, and the rest of the system was done with existing packages.

The program sound-recorder was used to do the audio recording, Apache was used for the web server. It was possible to assemble the hardware and software, write the glue software, and create a working system in just a few evenings worth of time.

While dedicated systems are really nothing new, with the common office server being a specialized case, it may be useful to give that old PC a closer look in the light of what it can do as a dedicated system.


Beowulf clusters: Measuring and implementing multiple parallel CPUs (IBM developerWorks). Andrew Blais looks at Beowulf clusters on IBM's developerWorks. The author gives an overview of cluster systems, looks at a number of existing clusters and discusses the required software components. "In 1994, Thomas Sterling and Donald Becker built the first computer to employ the Beowulf strategy. Curiously, they didn't name their machine "Beowulf". They called it "Wiglaf" -- the mythic Beowulf's friend (see Resources). Wiglaf had 16 nodes, and each node supported a 100 MHz Intel DX4 processor (at first, these were 66 Mhz 486 chips), 16 MBytes of DRAM, 540 to 1 gigabyte drive, and a pair of 10 Mbps Ethernet cards. Every hardware component was a COTS -- Commodity Off The Shelf. At the end of the day, Wiglaf was capable of about 74 megaflops. Its price was less than $50,000."


Happy Birthday Linux For Kids. The Linux For Kids site is celebrating its second birthday. In that time, the site has reviewed over 100 applications. The new KDE Edutainment Project is looked at this week, along with a review of the game Kugel.

SEUL/Edu report for October 1, 2001. Issue 54 of the SEUL/Edu Linux in Education report is out. The SEUL folks look at the KDE Edutainment project, cover the Digikata open source school server appliance, look at the Free Computing Curriculum Project, and review several new Java projects.


New Icarus Verilog Compiler. The gEDA site lists a new version of the Icarus Verilog electronic simulation language compiler dated September 30, 2001. This release features support for Mac OS X and Cygwin, work on the FPGA section, and bug fixes.

Embedded Systems

Embedded Linux Newsletter (LinuxDevices). The weekly Embedded Linux Newsletter has been posted from LinuxDevices.com. This issue includes summaries of running Linux on the Sega Dreamcast, a device profile on the Empower Palm III-clone, and a new streaming multimedia solution for Linux.


Wine Weekly News. The latest Wine Weekly News is out. Topics include documentation inside of the Wine code, coping with installShield 6, and Installing IE 5.01 under Wine.

Printing Systems

LPRng 3.7.8 released. After a long hiatus, there have been four recent releases of the LPRng printing system in the last month. LPRng 3.7.8 was released this week and fixes a few bugs and documentation typos.


New OIO delivers Image management, XML-based Multi-Lingual Support (Linux Med News). Andrew P. Ho examines the latest version of OIO, the Open Infrastructure for Outcomes on Linux Med News. "Structured content and fancy ontology may be good enough for some things, but they cannot replace pictures. This is especially true in the surgical domain, where microscopy, radiology, and photography are central to describing patients' clinical status. Thanks to Alexander Chelnokov, Ivan Somov, and Andrew Golovin, the OIO system is now a flexible and seamless tool for handling images in the context of other structured content."

Web-site Development

Midgard 1.4.2. The Midgard Community has released the 1.4.2 version of the Midgard Application Server. The release contains Midgard core libraries, scripting language bindings for PHP4, Web application server for the Apache platform and Asgard, the Web-based administration interface. The 1.4.2 release provides major bug fixes to the Midgard platform, and is recommended as an upgrade to all production servers.

Midgard Weekly Summary #63. A new Midgard Weekly Summary is making the rounds after a long hiatus. Topics include a revamped Midgard web site, and the new Midgard 1.4.2,

Zope News, October 1. The latest edition of Zope News includes a recap of the final Zope 2.4.1 release, the Component Architecture and Enterprise Zope proposals, and a security hotfix for 2.2.0-2.4.1 related to the "fmt" attribute of dtml-var tags.

A look at Squid (Unix Review). Joe "Zonker" Brockmeier investigates Squid on Unix Review. "If you haven't heard of Squid before, it's a package that handles proxy caching for Internet objects. Note that I didn't say "Web pages," because Squid can handle more than just HTML files. Squid can be used for a number of things, including saving bandwidth, handling traffic spikes, and caching sites that are occasionally unavailable. Squid can also be used for load balancing." Squid has been released under the GPL license.

SkunkWeb 3.1 Beta 3 released. Version 3.1 beta 3 of the SkunkWeb Web Application Server has been released. This version adds FastCGI support, has support for the ~user syntax, and deals with directories that don't have an index.html file. Bug fixes and performance improvements are also included.

Section Editor: Forrest Cook

October 4, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Programming Languages


Caml Weekly News for October 2, 2001. The most recent Caml Weekly News is out. Topics include a port of ocaml to mingw, downcasting with coca-ml, a new ocaml regex library, and more.

The latest from the Caml Hump. This week, the Caml Hump features Mathplot, a GUI frontend for graphing functions with PostScript output.


Beginning Haskell (IBM developerWorks). IBM's developerWorks has a tutorial on haskell by David Mertz. Registration is required.


Dynamic Web-based data access using JSP and JDBC technologies (IBM developerWorks). Noel J. Bergman looks at JSP and JDBC on IBM's developerWorks. "This article discusses using the JSP and JDBC technologies to integrate static, dynamic, and database content in Web sites. For the purposes of simplicity and illustration, the JSP pages here use short scriptlets to expose the JSP developer to the underlying JDBC concepts instead of hiding them in custom tags. The author introduces a key design approach that integrates JavaBeans components with JDBC, similar to the way that JavaServer Pages technology already uses beans with HTTP. He also provides code for implementing this integration."


September 2001 Free The X3J Thirteen!. The September 2001 edition of Free The X3J Thirteen! is out. "This issue covers the GNU CLISP 2.28 prerelease test campaign, an update on the CMU CL infrastructure site, new open-source Lisp software by Franz, Inc., a call for GCL and Maxima maintainers, a progress report on the SPARC and PPC ports of SBCL, the SBCL Internals Documentation project and new versions of CLiki, ECLS and OpenMCL."

SBCL Internals Documentation Project. A new documentation project for Steel Bank Common Lisp has been announced


Writing SAX Drivers for Non-XML Data (O'Reilly). Kip Hampton writes about the Perl implementation of SAX, the Simple API for XML on XML.com. "SAX is an event-driven API in which the contents of an XML document are accessed through callback subroutines that fire based on various XML parsing events (the beginning of an element, the end of an element,character data, etc.)


PHP Weekly News for October 1, 2001. The October 1, 2001 edition of the PHP Weekly News has been published. Topics include a fix for the PHP-GTK extension, upcoming Greek and Polish manual translations, SMB support, compiling with GCC 3.0.1, and more.


Python 2.2a4 released. The fourth and probably last alpha version of Python 2.2 has been released. This release contains a number of new features and enhancements, along with a number of bug fixes; see the announcement for details. Those interested in what's new in 2.2 should also see Andrew Kuchling's writeup.

Iterators and simple generators (IBM developerWorks). In an IBM developerWorks article, David Mertz talks about iterators and simple generators in Python 2.2. "A generator is a function that remembers the point in the function body where it last returned. Calling a generator function a second (or nth) time jumps into the middle of the function, with all local variables intact from the last invocation."

Announcing gracePlot.py v0.5. GracePlot.py is a Python interface to the Grace plotting package. Version 0.5 of gracePlot has been announced. This is a work in progress. Unlike GNUplot, Grace comes with its own GUI.


Cincom Smalltalk Journal. The October 2001 edition of the Cincom Smalltalk Journal is online and includes an article on Smalltalk and Extreme Programming by Chet Hendrickson


The latest from XML.com (O'Reilly). O'Reilly's xml.com site features new articles on Interactive Web Services with XForms, Division of XML communities, and limits of the current DTD models.


A lingua franca for the Internet (The Economist). The Economist reviews a number of common programming languages. "WALK into any big bookshop, and chances are that you will find a whole floor devoted to weighty tomes with titles such as "UML in a Nutshell" or "Programming Python". These books teach programming languages and related software tools. With their mind-numbing use of acronyms, they are not exactly a pleasure to read. But mastery of a programming language is a step along the road to success for many a whiz-kid with Internet ambitions."

Pipes in Linux and Windows (IBM developerWorks). IBM's developerWorks initiates a series on operating system programming interfaces by introducing the use of pipes under Linux. "Pipes originally appeared in the Bell Laboratories version of UNIX and have remained in all UNIXes and Linux since their inception. A pipe is a stream of bytes accessed through normal IO interfaces. It is created, and then written to or read from using whatever read or write IO system calls are available on the operating system. In the UNIX and Linux case, the IO calls are read() and write()."

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

SuSE closes funding round. SuSE Linux announced the successful completion of a financing round amounting to EUR 15 million (13.9 million USD). The new lead investor e-millennium 1 is a Venture Capital Fund with an industrial investors' network such as Accenture, Beisheim Holding, Deutsche Bank, La Caixa, and SAP. Also tucked into the announcement is the fact that SuSE will be laying off 120 people by the end of the year.

C|Net sells LinuxDevices.com. LinuxDevices.com has returned to its roots. Founder Rick Lehrbaum has formed a company called DeviceForge, LLC and bought back the rights to the site from C|Net, which acquired the site from ZDNet when the latter company was absorbed.

Linux Professional Institute. The September edition of LPI News includes information on the Level 2 Beta Exams and a report on LPI's presence at LinuxWorld San Francisco.

LPI announced the next locations in a series of one-day events designed to introduce its new Level 2 certification program.

Alta Terra Ventures Corp.. Alta Terra Ventures, provider of BearOps Linux products, announced that it has signed an agreement with the major shareholders of Univolve Corporation to purchase the company. Univolve is a private Alberta-based software company whose major thrust is reactive keyboard and compression technology with text-prediction software that is built on a Linux platform.

Alta Terra Ventures also announced that it has appointed Kudzu Enterprises LLC of Minneapolis, MN, to act as its primary software title distributor in the United States.

More information about the BearOps line can be found on this week's Distributions page.

Linux Stock Index for September 27 to October 02, 2001.
LSI at closing on September 27, 2001 ... 21.00
LSI at closing on October 02, 2001 ... 21.37

The high for the week was 21.53
The low for the week was 21.00

Press Releases:

Open source products

Distributions and bundled products

Hardware running Linux

Proprietary Products for Linux

Products and Services Using Linux

Products With Linux Versions

Java Products

Books & Training


Personnel & New Offices

Financial Results

Linux At Work


Section Editor: Rebecca Sobol.

October 4, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Encryption Debate Revived (TechWeb). TechWeb says that Senator Judd Gregg's crypto legislation won't hold up, as companies need strong encryption. "'Asking a sophisticated organization to hand over encryption is untenable and dangerous, and it won't happen,' said Kawika Daguio, acting president of the Financial Information Protection Association, a group that helps firms protect sensitive information."


Microsoft stands by IIS despite Gartner recommendation (CNN). This article from CNN says that some firms are moving to Linux even though they weathered the Nimda and Code Red storms. "Palo Alto, Calif.-based law firm Fenwick & West LLP is planning on migrating off of its IIS servers to a Linux operating environment running Apache's Web server software. The decision was prompted by the continuing security concerns related to IIS, said Matt Kesner, the firm's chief technology officer. Also driving the move is cost: It's cheaper to run Apache on Linux than it is it to run IIS, Kesner said. "


Open source technologies: The new solution for Web applications (ZDNet). Interactive Week looks at how open source Web development tools can spur e-commerce in businesses from small scale to the Global 2000. "Open source offers the promise of significant functionality, customizability, reliability and scalability without the cost or complexity of high-end enterprise applications. Because the business model behind most open source companies does not depend on license revenues, the problematic economics of enterprise applications simply does not apply."


You Can Get There from Here, Part 3 (Linux Journal). Linux Journal continues its look into administrative issues on Linux, this time focusing on the Lightweight Directory Access Protocol, known more simply as LDAP. "In all likelihood, you already have a copy of OpenLDAP on any recent distribution CD. The big advantage of building LDAP from source is that you will have all the bits and pieces right there when you are done. On my Red Hat test system, for instance, I found that the whole OpenLDAP suite was broken up into several components, such as clients, servers, PHP extensions and so on. In particular, a default installation may have everything you need to access an LDAP server, but not the server itself. That package was openldap-servers."


Management Tool Keeps Linux Systems In Tune (ZDNet). ZDNet looks at Aduva's management system for keeping Linux systems up to date. "Aduva Manager software, on the other hand, analyzes a Linux system through agents that send it system parameters. By referencing the online knowledge base, Manager can determine dependencies between various Linux components and which ones function optimally on a given hardware platform."

Lab improves Linux kernel patch tests (ZDNet). The Open Source Development Lab has released a benchmark tool for testing the scalability of patches to the Linux kernel. ``"The launch of STP validates the reliability, robustness and stability of Linux and open-source developments and makes industry-standard testing easy and readily available to anyone in the Linux development community," [noted OSDL director Tim Witham.]''

Section Editor: Forrest Cook

October 4, 2001


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Announcements page.



Linux Standard Base aims for single Linux platform (ZDNet). Another technology review from Garnter, this time covering the Linux Standards Base effort. "LSB has the potential to save the Linux market from fragmentation and avoid the same splintering as Unix went through. But to make it work, Linux distributors must be committed to LSB. While the major vendors have all pledged their support, it is still too early to see their commitment- the distributors simply have not yet had a chance to fully incorporate LSB into their own Linux distributions." A list of standards upon which the LSB is based is also available.


Free Software Event in Portugal. Another public event has been scheduled, this time on October 12th in the city of Porto, Portugal. FSF vice-president Bradley Kuhn is expected to speak at the city-hall sponsored event. News on the web site is in Portuguese.

CodeCon 2002. CodeCon 2002, "the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community," will be held February 15 to 17 in San Francisco. The call for papers has gone out, with a deadline of January 1 for submissions. All submissions must be accompanied by source code.

Events: October 4 - November 29, 2001.
Date Event Location
October 4 - 5, 2001Federal Open Source Conference(Ronald Reagan Building)Washington DC
October 4, 2001XML OneSan Jose, California
October 8 - 12, 2001IBM pSeries and UNIX Technical University(Hotel Munchen)Munich, Germany
October 9, 2001Java Information Days, EuropeHelsinki
October 10, 2001Richard Stallman and Eben Moglen to speak on: "Free Software: the Free Market/Free Speech Solution to the Microsoft Antitrust Problem."(George Washington University)Washington, D.C.
October 10, 2001Java Information Days, EuropeStockholm
October 11 - 13, 2001Wizards of OS 2(House of World Cultures)Berlin, Germany
October 11, 2001Java Information Days, EuropeOslo
October 12, 2001Java Information Days, EuropeCopenhagen
October 12, 2001Porto Cidade Tecnologica(City Hall)Porto, Portugal
October 14 - 18, 2001ACM Conference on Object-Oriented Programming, Systems, Languages and Applications(OOPSLA 2001)(Tampa Convention Center)Tampa Bay, Florida
October 21, 2001LUGOD Linux Installfest(Engineering Unit II, Rm 1131, UC Davis)Davis, CA
October 22 - 25, 2001XMLEdge International Developer Conference & Expo 
October 22 - 26, 2001The Open Group Quarterly ConferenceAmsterdam, Netherlands
October 30 - November 1, 2001LinuxWorld GermanyFrankfurt, Germany
October 30 - 31, 2001tech-u-wear 2001(Madison Square Garden)New York City
November 6 - 10, 2001Annual Linux Showcase and ConferenceOakland, CA
November 6 - 8, 2001LinuxWorld MalaysiaKuala Lumpur, Malaysia
November 6, 2001Java Information Days, EuropeParis
November 7, 2001Java Information Days, EuropeAmsterdam
November 8, 2001NLUUG Annual Autumn conferenceDe Reehorst, Ede, Netherlands
November 8 - 9, 2001XFree86 Technical Conference(Oakland Convention Center)Oakland, CA
November 8, 2001Java Information Days, EuropeFrankfurt
November 9, 2001Open Source in Banking and Finance(OSBAF)(Baltimore Engineering Society)Baltimore, Maryland
November 9, 2001Java Information Days, EuropeZurich
November 28 - 30, 2001Linux-Kongress 2001(University of Twente)Enschede, The Netherlands.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

User Group News

LUG Events: October 4 - 18, 2001.
Date Event Location
October 4, 2001Linux User Support Team, Taegu(LUST-T)Taegu, Korea
October 4, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
October 4, 2001St. Louis Area Computer Club Linux workshopSt. Louis, MO
October 4, 2001
October 18, 2001
Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
October 4, 2001UNIX/Linux Special Interest Group of the Dayton Microcomputer Association(DMA office at 119 Valley St)Dayton, OH, USA.
October 4, 2001SSLUG: Hyggemöte på Malmö HögskolaDenmark
October 4, 2001Ottawa Canada Linux Users Group(OCLUG)(Algonquin College Rideau Campus)Ottawa, Ontario, Canada
October 6, 2001Twin Cities Linux Users Group(TCLUG)Minneapolis, MN
October 6, 2001Sheffield Linux User's Group(ShefLUG)(Sheffield Hallam University)Sheffield, UK.
October 6, 2001LEAP-CF InstallfestOrlando, FL.
October 6 - 7, 2001Eugene Expo(Wheeler Pavillion)Eugene, Oregon
October 9, 2001Victoria Linux Users Group(VLUG)(University of Victoria)Victoria, British Columbia
October 9, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale, NY
October 9, 2001
October 16, 2001
Kalamazoo Linux Users Group(KLUG)(Western Michigan University)Kalamazoo, Michigan
October 9, 2001K-LUGRochester, Minnesota
October 10, 2001Toledo Area Linux User's Group(TALUG)Toledo, OH
October 10, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
October 10, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
October 10, 2001Linux Users Group of Sacramento(sacLUG)(Calweb)Sacramento, California
October 10, 2001St. Louis Unix Users Group Wireless Networking(Sunnen Products)St. Louis, MO
October 11, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
October 11, 2001Kernel-Panic Linux User Group(KPLUG)San Diego, CA
October 12, 2001St. Louis LUG Linux InstallFestSt. Louis, MO
October 12, 2001Porto Cidade Tecnologica(City Hall)Porto, Portugal
October 13, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
October 13, 2001Route 66 LUGLa Verne, CA
October 13, 2001KPLUG Installfest(National City Adult Center)San Diego, CA
October 15, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
October 16, 2001Bay Area Linux User Group(BALUG)(Four Seas Restaurant, Chinatown)San Francisco, CA
October 16, 2001KCLUG InstallfestKansas City, MO.
October 16, 2001Linux Stammtisch(Bandersnatch Brew Pub)Tempe, AZ
October 17, 2001Central Iowa Linux Users Group(CIALUG)West Des Moines, IA
October 17, 2001Linux User Group in GroningenThe Netherlands
October 17, 2001Washington D.C. Linux User Group(DCLUG)(National Institute of Health)Bethesda, Maryland
October 17, 2001New York Linux User's Group(NYLUG)(IBM Building)New York, NY
October 18, 2001St. Louis LUG(SLLUG)(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
October 18, 2001South Mississippi LUG(SMLUG)(Barnes & Noble)Gulfport, Mississippi
October 18, 2001New Orleans Linux Users' Group(NOLUG)(University of New Orleans (UNO) Mathematics Building)New Orleans, Louisiana

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

Section Editor: Forrest Cook.

October 4, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Six years ago Linux Counter reported 21059 registered Linux users.

Three years ago (October 8, 1998 LWN): We asked "what will happen to the Linux VARs?" Dell and Gateway and even IBM were making noises about getting into Linux and it looked like life could get harder for companies that sold Linux-installed computers. Three years later, the landscape does look a bit different. VA Linux is out of the hardware business. IBM is in, installing Linux on everything from laptops to mainframes.

A new Linux news site called LinuxToday was launched by Dave Whitinger and Dwight Johnson. The first story posted was the announcement of the release of Apache 1.3.2.

One expects negative press from a Microsoft publication. This was one of the kinder quotes:

Companies such as Caldera Inc. and Red Hat Software Inc. are Linux distributors selling various products that leverage Linux?s many outstanding attributes. The products carry what seem like mythical price tags, such as Red Hat?s $29 price for its Extreme Linux. Of course, there is no support for the product other than that found on Internet chat groups. -- Bill Laberis, ENT

Nowadays the Red Hat Professional Server edition will run $180 for a box set and you can subscribe for all the support you want.

Upside has changed its tune since this was written:

The arguments are both noble and naïve. Linux has a cult-like following, matched only by that of the Macintosh OS and OS/2. It's a modern Unix! It's stable, superior, enriching! It's gonna get creamed. -- Richard Brandt, Upside.

Oracle8 for Linux went up for free download. For a long time Linux supporters had heard people say that "when Oracle is available for Linux" they'll know it's serious. It was serious.

Two years ago (October 7, 1999 LWN): Sun announced the release of the Solaris source code - under the Sun Community Source License. That source release still hasn't made much of a splash.

Microsoft came out swinging with its Linux Myths page. That particular page has disappeared, but our response is still available. Microsoft did have reasons to worry:

And so we find ourselves in the middle of a revolution. We find ourselves choosing the way our computers will behave, the way they will run. It is an easy change, and, for many, a quick change. Learning a few new ways of opening and closing programs and spending an hour studying new commands is easier than spending all weekend every six months or so trying to get a computer running again. Making choices is easier than living with regrets. This is the lesson that Bill Gates, the $100 billion founder of Microsoft, will learn over the next 12 to 24 months. He and his company have to make some choices. It's a tough time. Linux will not go away and Microsoft cannot buy it, since it is not for sale. (It never will be for sale, because it is an Open Source operating system, available to everyone without charge.) Since it can't be bought, Linux won't go away. To Bill Gates and his increasingly shrinking band of followers, Linux is like the unwanted guest. It won't leave. -- Al Fasoldt, Technofile

Meanwhile, some people figured out that ssh 1.2.12 had been published under a free software license. People grabbed hold of it, and the OpenSSH project was born. OpenSSH is now the standard version for Linux systems.

Red Hat 6.1 hit the FTP servers, though the boxed version wasn't due out until October 18. The power pack edition of Linux-Mandrake 6.1 also became available.

LinuxForKids.org was launched.

One year ago (October 5, 2000 LWN): Corel and Microsoft entered into an alliance to work together on ".NET". This was no ordinary alliance, though, since Microsoft bought almost 25% of the company in the process. This pronouncement from the Meta Group was carried on C|Net's News.com:

Corel currently plays an important role in Linux. Many other Linux companies look to it for its skills, tool sets and the work it does on key Linux committees. Therefore, Corel can be a valuable ally for Microsoft in Linux, allowing Microsoft to influence key questions, such as how the user interface, setup and deployment will look and function.

We think the folks at Meta overstated Corel's role and influence in the Linux world. In any case, Corel has since sold off its Linux division.

The current stable kernel release was 2.2.17. The 2.2.18 prepatch series was in the "bug squash" mode, and had a few small problems - for example, the PPC and Sparc architectures would not build. An official 2.2.18 release was still somewhat distant.

There were some complaints that the new Red Hat 7 took "bleeding edge" a bit too far. Particularly the compiler package, gcc-2.96 (the latest version of GNU gcc was 2.95.2) and the C library, glibc-2.1.92, though the current official release was 2.1.2.

New features like a largely-upgraded package system, kernel 2.4, enhanced USB support, and even out-of-the-box 3D support via XFree86 4.0.1 make Red Hat's latest look like a dream come true. Is it a dream come true, or Linux's worst nightmare? -- Duke of URL

Section Editor: Rebecca Sobol.

October 4, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review


 Main page
 On the Desktop
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

October 4, 2001

From:	 <rs@rcsimpson.demon.co.uk>
To:	 <letters@lwn.net>
Subject: Audio editors
Date:	 Mon, 1 Oct 2001 23:15:23 -0400 (EDT)


In last week's "On The Desktop" the opinion was expressed that Linux has
lots of sound file editors, but none that are realy useful.  Never was a
truer word spoken!!

I frequently need a sound editor to cut and mix sound effects for a local
amateur dramatic society, and obviously I try to do it in Linux.  Sadly, I
am often sorely tempted to give up and do it on Windows.  If you go to
Freshmeat you will find at least a dozen progams which claim to edit sound
files and let me tell you that I have tried all of them.  They either
won't install, or won't compile, or crash, or have incomprehensible user
interfaces, or zero documentation or don't provide even the simple
features which I require.  However, almost without exception they have a
web site which says "This is going to be the Linux CoolEdit2000 / Sound
GIMP but its still in the early stages of development"

If I were reading this letter, I would say at this point, "This is free
software.  If you don't like it get off your ass and write some code."
But that's not the problem.  There are plenty of people writing sound
editors.  The problem is that instead of writing 80% of two editors they
have written 15% of 12 editors.

As a user who just wants a simple reliable sound editor with a modern look
and feel can I send a plea to sound editor authors to get together and
concentrate their efforts on just one or two projects.  It will hurt some
egos, but what Linux needs most is quality applications.

Thank you,

	Richard Simpson

Richard Simpson @ home

From:	 Fred Mobach <fred@mobach.nl>
To:	 Linux Weekly News <lwn@lwn.net>
Subject: Linux DA
Date:	 Thu, 27 Sep 2001 10:37:20 +0200


Regarding LinuxDA you wrote "The GNU GPL did not seem to be included."

I've also downloaded the source tarball and posted my comments on Linux
Today (see

One of my comments was 

"And before I forget, the contents of the file 
-rw-r--r-- 1 fred users 18458 Jul 13 1998 linux/COPYING 
seems quite usual."

That happens to be the GNU GPL with Linus' remark on top of it.


Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976

Fight terrorism, be it killers or software patents.
From:	 Leandro =?ISO-8859-15?Q?Guimar=E3es?= Faria Corsetti Dutra
To:	 letters@lwn.net
Subject: Gartner: dump IIS
Date:	 Thu, 27 Sep 2001 13:39:40 -0300

> Apache is the dominant web server platform; anybody wishing to attack

> large numbers of systems via a web server would look at Apache first.

> The "obscure and uninteresting" argument will not wash here.

	The argument is weak because it is hypothetical: no one know for sure how many 
crackers have tried their hands at Apache and failed.  So it's nearly 
impossible to prove it.

	But it is also impossible to disprove it.  While Apache is the most used web 
server, it is also uninteresting to attack, since the source code is 
available.  Not only that, IIS has a much bigger presence in the really 
interesting sites to attack, those of hated multinational companies or 
organisms making commerce or propaganda over the Net with little technical 
qualification in house.

	In other words, using Apache has some correlation to being "a nice guy" who 
won't be cracked, but a much bigger correlation to being a technically 
knowledgeable organization with whom perhaps a script kiddie shouldn't meddle.

/ \ Leandro Guimarães Faria Corsetti Dutra           +55 (11) 246 96 07
\ / http://homepage.mac.com./leandrod/     BRASIL    +55 (43) 322 89 71
  X  http://tutoriald.sourceforge.net./     mailto:lgcdutra@terra.com.br
/ \ Campanha fita ASCII, contra correio HTML    mailto:leandrod@mac.com

From:	 Billy Tanksley <btanksley@hifn.com>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: Linux security debate
Date:	 Thu, 27 Sep 2001 13:33:50 -0700

I'm puzzled by the people claiming that the Linux security API should
include an automated check for free software.  My problem isn't a dislike of
free software; rather, I'm puzzled that people are proposing a modification
to a free software product which can easily be removed.

If a company wants to distribute a closed-source "security" plugin, they
simply have to modify the Linux kernel to allow closed-source.  Nothing

Therefore, this debate shouldn't be about automated mechanisms; it should be
about whether a security module is the same thing as a kernel module, or
whether security modules should get the same exclusion from the GPL which
the kernel modules enjoy.

And I won't even go there.  :-)

OTOH, it occurs to me that perhaps the error was in the story (or my
understanding of the story), rather than in the arguments.  This issue
certainly deserves better coverage -- I hope you'll discuss it in greater

From:	 <anonymous>
To:	 <lwn@lwn.net>
Subject: SSSCA
Date:	 Sat, 29 Sep 2001 22:18:39 -0700

Honorable Gentlemen:

I read the following on the internet

A controversial law was recently drafted, although not yet introduced, by
U.S. Sen. Fritz Hollings (D-South Carolina), chairman of the Senate Commerce
committee, and Sen. Ted Stevens (R-Alaska), titled "The Security Systems
Standards and Certification Act" (SSSCA). If made into law, the proposed bill
would make it illegal to "manufacture, import, offer to the public, provide
or otherwise traffic in" digital devices that do not use "certified security
technologies." The SSSCA, if enacted, will have serious negative affects on
free software, most specifically to open-source operating systems such as

I find this extremely disturbing. I work at Intel and this bill is coming on
the heels of some related requests recently made by Microsoft of Intel (I
don't feel comfortable going into details).

Frankly, it appears that not only has Microsoft gotten away with alleged
anti-competitive behavior with only a token "slap on the wrist", but now
wants to make it illegal to even compete against them. If this bill is
passed, I will seriously start to wonder whether Microsoft is the only
software lobby in Washington. Please consider this letter the voice of
another lobby -- the open source community.

If you feel you must pass a law to protect copyright material on computing
platforms, please develop a law that allows all software writers and hardware
developers the ability to comply without the threat of financial ruin by an
alleged monopolist such as Microsoft. My definition of "ability to comply"
would be a law that follows a standard software file format and standards for
encryption/decryption algorithms/hardware mechanisms. 

Either the military and/or the university system should develop these
standards such that no licenses would have to be obtained from or fees paid
to private companies such as Microsoft. If ideas are taken from private
industry for incorporation into this standard, then it should be up to the
government to compensate contributing private companies for the intellectual
property incorporated into the government standard. 

An individual or company should only be charged a fine if they are found to
be out of compliance. It should not be that a company should have to wait for
government certification before issuing software. This avoids a situation in
which a large company such as Microsoft has a dedicated inspector that can
make timely certifications verses a small developer who may have to wait
months to get a non-dedicated inspector to certify the software. Developers
that are found to be in compliance with the standards should be immune from
lawsuits that may arise from damages caused by hackers.

From:	 Charles Cazabon <wwwpatentpolicy@discworld.dyndns.org>
To:	 www-patentpolicy-comment@w3.org
Subject: "Non-discriminatory" patents will kill the web
Date:	 Tue, 2 Oct 2001 08:06:57 -0600
Cc:	 letters@lwn.net

Dear sirs,

The W3C is currenty bandying about the idea that incorporating patented
technologies in proposed W3C standards would be acceptable, providing that the
patent holder agreed to license the patents to all comers for a reasonable and
"non-discriminatory" fee.

What leap of logic led to this great fallacy?  How did the W3C come to propose
this absurdity which could lead to the destruction of not only itself, but of
the web in toto?

Patents serve one purpose -- they allow the patent holder to exclude others
from manufacturing or using an "invention" of the patent holder.  The patent
holder can then use this government-granted permit to either monopolize a
market legally, or to extort money from all other parties interested in
participating in a market.

The W3C, on the other hand, has always tried to promote technical
interoperability and sane standards.  It has done an admirable job of this.
Without royalty-free standards such as those that underpin the web today,
where would we be?  How advanced or useful would the web be if HTML or other
standard were encumbered by patents?  How diverse would the content of the web
be if the only organizations that could publish content were the ones that
could afford to purchase patent licenses?  The actual dollar amounts are
immaterial; any patent license fees at all would have completely eliminated
all but the commercial players, and the commercial players are not what have
made the web a success today.

The W3C must reject this RAND proposal; it must refuse to endorse any proposed
standard that uses patented technologies or methods unless a royalty-free
license is granted to all interested parties.

Charles Cazabon
Charles Cazabon                  <wwwpatentpolicy@discworld.dyndns.org>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds