[LWN Logo]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

 Main page
 Linux in the news
 Linux History

Other LWN stuff:
 Daily Updates
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The 2.5 kernel is coming, really, this time. Linus's 2.4.15-pre4 prepatch concluded the process of merging in the "high priority" items from Alan Cox's "ac" kernel series. Among other things, these items include the ext3 journaling filesystem (merged in -pre2). Says Linus: "I'm done with 2.4.x and ready to pass it on to Marcelo [Tosatti]"

This pass has not yet occurred, but there is little sign of any problems with the 2.4.15 prepatch that would prevent it from happening. With luck, both 2.4.15 and 2.5.0 will hit the net in the near future. This long-awaited transition is, perhaps, a good time to look back at how 2.4 development has played out.

This has been the longest period ever without a development kernel. Here's the history:

Stable KernelDevelopment kernel Days
1.0March 3, 19941.1April 6, 1994 34
1.2March 7, 19951.3June 12, 1995 97
2.0June 9, 19962.1September 30, 1996 113
2.2January 26, 19992.3May 11, 1999 105
2.4January 4, 20012.5"any day now" 315

The final "days" figure is still growing as of this writing; it's calculated on November 15. The point, anyway, should be clear: this is, by a factor of three, the longest that Linux has ever been without a development kernel. If one counts the freeze prior to the 2.4.0 release, it is now over a year since there was any place for new kernel code to go.

Of course, things have not been quite that way: quite a few bleeding edge features have found their way into the kernel in the last year. But the following facts remain:

  • Many kernel developers have had no target for new code in a year.
  • The 2.4 kernel has been a very long time in stabilizing.
One could easily argue that both of the above are bad things. Given that conclusion, what can be done to make things work better in the future?

Clearly, one thing to do would be to get a better handle on the development kernel process. Numerous people have said that the number of changes going into a development kernel should be strictly limited, and that the window for adding changes should be short. It would also help if the feature freezes were real: both the 2.1 and 2.3 kernels saw multiple "freezes," and serious changes were still going into the 2.4.0-test series just days before 2.4.0 came out.

Unfortunately, when the 2.5 series starts, there is going to be a major flood of far-reaching, backed up changes trying for inclusion. Very few parts of the kernel will be left untouched. Keeping the 2.5 change list short seems like a battle that has already been lost.

Despite the delays, it seems clear, in retrospect, that 2.4.0 still came out too soon. It only truly began to stabilize after 2.4.10, when the virtual memory subsystem was replaced, and it may be 2.4.18 or so before it is generally recognized as being solid. 2.4.0 should never have been released without a rock-solid VM implementation.

Could it be, though, that the long freezes required to stabilize something as complex as the kernel are self-defeating? By the time the bugs and performance problems are really ironed out, the pressure to add new features and major changes is intense. Linus has not always been able to resist that pressure, and it's unlikely that any other maintainer would do better. A freeze can be sustained for a month or so; to try to keep one in place for six months or a year is asking too much.

Linus has always refused to start a development kernel series until the stable kernel is truly stable. The idea, of course, is to keep the developers focused on fixing things until all the serious bugs are gone. To an extent, that approach certainly works; it's also true, however, that many developers go off making bigger changes anyway, and that some of them get into the "frozen" kernel.

Maybe it is time for the kernel development process to take a cue from the Debian Project. Debian development does not stop when a release is frozen; the development and stabilization processes go on in parallel. Debian is no faster than the kernel at producing new major releases, but those releases, when the finally come, tend to be solid. The continued presence of an unstable release relieves the temptation to throw inappropriate things into the frozen version.

When the time comes to impose a freeze for 2.6 (or 3.0?), the kernel developers may want to give some thought to firing off a 2.7 (or 3.1) shortly thereafter. Rather than pulling developers away from the task of stabilizing the production kernel, a parallel process could help keep them from destabilizing it.

IBM goes into the prebuilt clusters business. IBM has sent out an announcement regarding its new line of "eCluster" servers. IBM has been selling Linux-based clusters for some time, of course; what's different here is that the cluster comes as a single, off-the-shelf package. It's not a cheap package, though: an eight-node "eServer Cluster 1600" will set you back $85,000.

The clusters are made up of eServer x330 and x342 servers - thin, rack-mount boxes with Intel processors. The operating system is Red Hat Linux 7.1. In addition, IBM has ensured that a number of commercial applications are available for its clusters, including high-availability packages, WebSphere, DB2, workload management tools, and transaction processing utilities. There is also a set of bundled cluster management utilities, brought over from the Unix world.

The Linux cluster industry has long shown great promise; how else can anybody get such computing power for so little money? It has been slow to grow up, however. Linux appeals to "do it yourself" types, but even the most independent users can balk at receiving a pallet full of boxes and cables, marked "some assembly required." As the products, management utilities, and applications mature, it is to be expected that cluster adoption will grow tremendously.

Next week's LWN.net Weekly Edition will be published on November 21 - one day early - so that we can get it out of the way and go off to enjoy the (U.S.) Thanksgiving holiday.

Inside this LWN.net weekly edition:

  • Security: A new PhpNuke at last.
  • Kernel: Coding styles; the cost of loadable modules.
  • Distributions: Ranking distributions (DistroWatch); Beehive Linux.
  • Development: Gnome Assistive Technology Projects, milter.org, making RPMs, Evolution 1 rc, Gimp 1.3, XNotesPlus v3.4.0, Anjuta and gIDE merge.
  • Commerce: Covalent launches Enterprise Ready Server; Compaq and OSDN create Clustering Foundry; OSDL announces 2nd Enterprise Achievement Award Contest.
  • History: The dangers of trojan horse software; Digital Creations released the source for Principia; The first LBE at Comdex.
  • Letters: Legal coverage; EULAs, bug reporting.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:

November 15, 2001


 Main page
 Linux in the news
 Linux History

See also: last week's Security page.


News and Editorials

A new PhpNuke at last. Back in September, a severe vulnerability was reported in PhpNuke; with a carefully-formed URL, arbitrary files could be uploaded to the server. Fixes were available, but the PhpNuke project itself was entirely silent on the matter for over a month. Not exactly what one wants to see when faced with a complete, well-documented, remote vulnerability.

Finally, however, the project has responded; a look at the PhpNuke downloads page shows that version 5.3 was released on November 7. This release includes, of course, the relevant security fixes. Any PhpNuke sites out there that have not already applied the unofficial fix will certainly want to upgrade now.

Bug secrecy vs. full disclosure (ZDNet). ZDNet is running a lengthy piece by Bruce Schneier responding to Microsoft's attempts to silence those who disclose security vulnerabilities. "What we've learned during the past eight or so years is that full disclosure helps much more than it hurts. Since full disclosure has become the norm, the computer industry has transformed itself from a group of companies that ignores security and belittles vulnerabilities into one that fixes vulnerabilities as quickly as possible. A few companies are even going further, and taking security seriously enough to attempt to build quality software from the beginning: to fix vulnerabilities before the product is released."

Security Reports

Red Hat security update to lpr. Red Hat has updated lpr to fix a remotely exploitable hole in that package. If you have lpr running on your (6.x only) systems, this one is almost certainly worth applying.

Horde IMP 2.2.7 security release. If you're running the Horde IMP mail system, do have a look at the IMP 2.2.7 release, which contains a fix for a nasty session hijacking vulnerability. No distributor updates have been as of this writing.

Red Hat updates iptables. Red Hat has issued an iptables update fixing a (Red Hat specific) problem wherein the firewall rules could fail to be set up at boot time.


Configuration file vulnerability in ht://Dig. The ht://Dig search engine contains a vulnerability which allows a remote user to specify an alternate configuration file. If that user is able to place a suitable file in a location where ht://Dig can read it, the system may be compromised. See the original report from the ht://Dig project for details. This vulnerability first appeared in the October 11 LWN security page.

This week's updates:

Previous updates: Input validation problem with sendmail. An input validation error exists in versions of sendmail prior to 8.11.6 (or 8.12.0Beta19) which may be exploited by local users to obtain root access. See the August 23 Security Page for the initial report.

This week's updates:

Previous updates:

Webalizer tag vulnerability. The "webalizer" logfile analysis program has a vulnerability which can allow an attacker to place arbitrary HTML tags into the reports. When the reports are viewed, these tags can be used toward unpleasant ends, including cross-site scripting attacks. A fix is available which closes the vulnerability. (First reported in the November 8, 2001 LWN security page).

This week's updates:

Previous updates

Remotely exploitable buffer overflow in w3m. w3m is a text-based browser similar to Lynx. A buffer overflow in w3m can be triggered when a base-64 encoded string longer than 32 characters is found in a MIME header field. Source code patches to fix the problem were posted to the w3m developers' list. (First LWN report: June 28, 2001).

This week's updates:

Previous updates:

Debian security update to ssh-nonfree. The Debian Project has released a security update to its non-free ssh package fixing the remotely exploitable vulnerability there. This vulnerability has long been fixed in OpenSSH, but it remains in the non-free version. The real recommendation is to switch to OpenSSH; however, there is a new non-free ssh package available for those not wanting to make that change.


Bastille-Linux 1.3.0-pre1 is available from the Bastille-Linux web site. This version is oriented toward the hardening of Red Hat Linux 7.2. It is a testing prerelease, so the usual cautions apply.

vsftpd 1.0.0 released. Chris Evans has announced the 1.0.0 release of his "very secure FTP daemon." It may be version 1.0, but vsftp already has a track record: apparently Red Hat used it to handle the load (15,000 concurrent users) when 7.2 was released.

Chris is contemplating a very secure ssh server as his next project.

ssh exploit analysis. A detailed analysis of the ssh crc32 compensation attack detector exploit has been posted by David A. Dittrich. Those interested in the low-level mechanics of how this (old) exploit was managed should have a look.

Brute force web application session ID exploits are the subject of this paper published by iDEFENSE labs.

LinuxSecurity.com's newsletters, Linux Advisory Watch and Linux Security Week, for this week are available.


Upcoming Security Events.
Date Event Location
November 15, 2001International Conference on Information and Communications Security(ICICS 2001)Xian, China
November 19 - 22, 2001Black Hat BriefingsAmsterdam
November 21 - 23, 2001International Information Warfare SymposiumAAL, Lucerne, Swizerland.
November 24 - 30, 2001Computer Security MexicoMexico City
November 29 - 30, 2001International Cryptography InstituteWashington, DC
December 2 - 7, 2001Lisa 2001 15th Systems Administration ConferenceSan Diego, CA.
December 5 - 6, 2001InfoSecurity Conference & ExhibitionJacob K. Javits Center, New York, NY.
December 10 - 14, 2001Annual Computer Security Applications ConferenceNew Orleans, LA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet

November 15, 2001

LWN Resources

Secured Distributions:
Astaro Security
Engarde Secure Linux
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux

Security Projects
Linux Security Audit Project
Linux Security Module

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

BSD-specific links

Security mailing lists
Linux From Scratch
Red Hat
Yellow Dog

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Security Focus


 Main page
 Linux in the news
 Linux History

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.14. Linus's prepatches are up to 2.4.15-pre4. For the most part, this prepatch consists of a fairly restricted set of patches and updates, along with a fairly complete merge from the "ac" kernel series. There were, however, a couple of surprises:
  • The ext3 filesystem has been merged; as of 2.4.15, the mainline kernel will have two journaling filesystems available. It's marked "experimental," of course, but it's a start. As part of the ext3 merge, the kernel now has a "journal block device" module which is intended to provide a generic journaling layer usable by any filesystem.

  • The changelog does not mention it, but another goodie that has been included is the InterMezzo filesystem. InterMezzo is a high-availability, distributed filesystem, with the usual nice features (caching, disconnected operation, failover, etc.).
A close reading of the patch turns up a number of User-mode Linux configuration options, but UML itself has not yet been merged.

There are no "ac" patches for now; Alan has been working on merging his stuff into 2.4.15 instead.

Coding style in the kernel. Code style is one of those issues that programmers can argue over indefinitely. So, in a sense, it's surprising that the Linux kernel list sees very few discussions on this matter. Most of the time, kernel hackers are more concerned about the quality of the code, rather than what it looks like.

Thus, a look through the kernel source will turn up a number of different ways of formatting code - especially in peripheral pieces like drivers. There is an official coding style for the kernel, though, as set down (in typical Linus style) in the CodingStyle document found in the source tarball. It's introduced in this way:

This is a short document describing the preferred coding style for the linux kernel. Coding style is very personal, and I won't _force_ my views on anybody, but this is what goes for anything that I have to be able to maintain, and I'd prefer it for most other things too. Please at least consider the points made here.

First off, I'd suggest printing out a copy of the GNU coding standards, and NOT read it. Burn them, it's a great symbolic gesture.

If you want to start a debate on a subject, however, all that seems to be necessary is to involve perennial target Richard Gooch. A number of developers have gone after him for not following the Linus-blessed coding style. The argument, essentially, is that, since Richard's code is part of the core kernel, it should adhere more closely to the coding standards. Numerous other developers need to look at this code, they say, and they have a harder time of it as a result of the different style.

Richard's response is that it's his code, and, as long as he's maintaining it, he should be able to use a style that allows him to work efficiently:

And the coding style used elsewhere in the kernel is revolting to me. More importantly, it's harder for me to parse than my own style. I shouldn't have to constantly stumble over an appalling coding style in my own code!

Some kernel hackers could get away with this approach, but Richard is running into resistance. One person even submitted a patch reformatting one of Richard's subsystems into the standard style. Linus didn't accept it - among other things, he doesn't want to be doing that sort of tweaking at this particular point in the stable kernel series.

If a certain subset of hackers has its way, however, coding standards will be more of a concern with future changes to the kernel. Most large projects do have such standards, and maybe it's time for the kernel to follow suit. It would be a change in the kernel development environment, which has always prized the independence of its hackers, however.

Are loadable modules free? The question was raised: what sort of speed difference is seen when using loadable modules instead of hard-linked code? The immediate response from some was "almost nothing," but further consideration has shown that not to be true. There are, in fact, a number of costs associated with loadable modules.

The biggest, perhaps, relates to how loadable modules are placed in kernel memory. The code for a module needs to live in a contiguous address space. The kernel sets up that address space with a function called vmalloc, which allocates memory with virtual addresses. In other words, a loadable module is in an address space that is visible to the kernel, but which is separate from where the core kernel code goes.

This difference is important. The core kernel address space is a direct map of physical memory; it can be handled very efficiently in the processor's page table. Indeed, on some processors, a single page table entry covers the entire kernel. Space obtained from vmalloc, instead, uses one page table entry per memory page. A greater number of page table entries means more lookups, and more translation buffer misses. One estimate is that the slowdown can be as much as 5%.

Given this problem, why not load modules into the regular kernel memory space? Module code requires a contiguous address space. Since the standard kernel space is a direct map of physical memory, contiguous address spaces must also be contiguous in physical memory. Once the system has been running for a while, finding even two physically contiguous pages can be a challenge; finding enough to load a large module can be almost impossible.

Nonetheless, it turns out that Andrea Arcangeli's kernel patches include a feature where the kernel will attempt to find a contiguous space for an incoming module. If that attempt fails, the kernel falls back to the older vmalloc approach. This change, it is said, makes a measurable difference with some benchmarks.

Some architectures (i.e. PowerPC) also have problems going between kernel and module code. There can be a substantial amount of setup work required every time that transition happens.

Modules also seem to have endemic problems with race conditions - it is possible, for example, for the kernel to attempt to access a newly-loaded module before it is fully initialized. Modules can also, in some situations, be removed while still in use. Such occurrences are obviously quite rare, but they can be catastrophic when they happen.

The race conditions can be fixed with enough work, but that may require changing some fundamental kernel interfaces. In general, dealing with loadable modules is not an easy task; as one kernel hacker told us in a private message: "Doing live surgery on the kernel is never going to be pretty."

Warning about GPLONLY symbols. A little while back, the ability to reserve kernel symbols for GPL-licensed modules only was implemented. An attempt to load a non-GPL module yields an "unresolved symbols" complaint, along with the message: "Note: modules without a GPL compatible license cannot use GPLONLY_ symbols." This message has, apparently, created a certain amount of user confusion, so the next version of modutils will, instead, say something like:

Hint: You are trying to load a module without a GPL compatible license and it has unresolved symbols. The module may be trying to access GPLONLY symbols but the problem is more likely to be a coding or user error. Contact the module supplier for assistance.

This seems like a step in the right direction, but it raises an obvious question: why not simply distinguish between the two different errors and tell the user exactly what's going on? There is no real reason to tell users about GPL-only symbols if the module in question is not trying to use any of them.

The answer is that it's just too much trouble, for now. The modutils symbol code is getting messy; it will be fixed in 2.5, but, for now, the above message is the best that can be done. Besides, says modutils maintainer Keith Owens, "Since it only affects BOMs [binary-only modules], I don't really care that much about precise error messages."

Other patches and updates released this week include:

  • Ingo Molnar has posted a scheduler patch which works to keep processes running on the same CPU.

  • Release 1.6 of the 2.5 kernel build system is available from Keith Owens.

  • Version 1.0.9 of the Journaling Filesystem has been announced by Steve Best.

  • Linux-NTFS 1.4.0 has been released by Anton Altaparmakov.

  • Keith Owens has released modutils 2.4.11.

  • Andi Kleen has announced the release of a new snapshot of the X86-64 kernel tree.

  • FUSE (Filesystem in USErspace) is a patch, released by Miklos Szeredi, that provides an interface for the creation of filesystems in user space. It does appear to be an easy interface to work with - a Python interface has already been posted.

  • IBM has released version 3.1 of its Dynamic Probes kernel debugging facility.

  • Robert Love has released a new preemptible kernel patch; the main change this time around is support for the ARM architecture.

  • Richard Gooch has updated his new devfs core implementation.

  • Now that 2.5 appears imminent, Eric Raymond has started putting out new releases of the CML2 configuration system.

  • Version 0.51-2.4.14 of the User-mode Linux implementation was announced by Jeff Dike.

  • Nick Bellinger has posted an implementation of the Openwall SECURE_LINK capability using the security module framework.

  • A new AX.25 release was announced by Jens David, who has also announced that he will no longer be maintaining that project.

  • Version 0.7.23 of the access control list implementation for Linux was posted by Andreas Gruenbacher.

  • The first public netlink interface for netfilter has been announced by J. Schulist.

  • Ben Collins has released version 1.2.4 of SILO, the Sparc boot loader.

Section Editor: Jonathan Corbet

November 15, 2001

For other kernel news, see:

Other resources:


 Main page
 Linux in the news
 Linux History

See also: last week's Distributions page.

Note: The list of Linux distributions has moved to its own page.


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Ranking distributions (DistroWatch). Last week we looked at the popularity of distributions, based on statistics compiled at Linux Counter. The top five distributions were Red Hat, Debian, Mandrake, Slackware, and SuSE; in that order. Since then DistroWatch has come up with another method of ranking the distributions; based on the number of page hits each individual distribution gets on their site. They list forty distributions in order, by number of page hits. Their top five: Red Hat, Mandrake, Debian, SuSE, Slackware. No one should be surprised that the same five show up in slightly different order.

Also found at DistoWatch is The Linux Distribution Game, a guide to picking a Linux distribution. It covers the top five and another seven as well. Among the lesser known distributions we found Beehive Linux, not new exactly, but new to our list. Read more about Beehive below.

New Distributions

Beehive Linux. The creators of Beehive Linux wanted a fast, simple, secure i686 optimized Linux distribution without all the cruft and clutter. This distribution is lean and mean and has native ReiserFS support built in. This is a distribution made by system administrators, for system administrators. Beehive has been around since January 1, 2001.

ClumpOS. ClumpOS is a CD-based Linux/MOSIX mini-distribution designed to allow you to quickly, or temporarily, add nodes to a MOSIX cluster. The initial release, R3, came out November 12.

Linux for Windows 9X. Linux for Windows 9X is a Windows 9X friendly version of Linux. It installs on a Windows 9X disk and allows for two way exchange of files between both Linux and Win9X. Monkey Linux was the prototype for this distribution, which is now at version 0.2.

Distribution News

Debian. Look for the Debian Project at Hispalinux Congress 2001 in Spain, and at Linux Kongress in the Netherlands.

LynuxWorks unveils BlueCat 4.0. LynuxWorks has released BlueCat Linux 4.0, the latest version of its embedded distribution. Pricing starts at $2700. Also from LynuxWorks is this announcement of a forthcoming hard real-time version of BlueCat Linux, based on RTLinux.

Mandrake Linux Community Newsletter. The Mandrake Linux Community Newsletter for November  is out. Covered topics include replacing NT primary domain controllers with Mandrake Linux, a new menu-driven rescue mode, and the business case of the week.

Red Hat. The Red Hat German development team has created a rescue CD for Red Hat Linux 7.2 that fits on a credit-card sized CD. Now available for download at ftp://ftp.redhat.de/pub/rh-addons/rescue-cd/

Diskcheck is a small utility supplied with Red Hat Linux 7.2 that is used to optionally notify the System Administrator when disk space on one or more partitions drops below a pre-defined level. The version that shipped with RH 7.2 has some problems, so Red Hat has made a new diskcheck program available.

SuSE Enterprise Server 7 for the S/390. SuSE announced that its Enterprise Server 7 distribution is now available for the S/390 mainframe architecture.

SuSE Linux to discontinue 6.3 version. SuSE Linux 6.3 will no longer be supported after Monday, December 10th 2001, after a lifespan of two years. If you haven't upgraded your SuSE box in a while, maybe it's time.

Minor Distribution updates

2-Disk Xwindow Linux System. The 2-Disk Xwindow Linux System released 1.2.01 beta with major feature enhancements on November 12. Minor enhancements went into 1.2.01, released November 14.

BasicLinux. BasicLinux version 1.5 has been released. BasicLinux is a mini-version of Linux that boots from HD, FD or CDrom and runs in a 4meg ramdisk.

floppyfw. floppyfw is a router and simple firewall on one single floppy. Stable version 1.0.12 contains a DHCP server and DNS cache. Also this version uses the 2.2.20 kernel.

kmLinux. kmLinux is a complete Linux distribution for schools. kmLinux-2.1.2 contains kernel-2.4.12, XFree-4.1.0, KDE-2.2.1 and lots of other good stuff. See the announcement in English. The web site is in German.

Mindi-Linux. Mindi-Linux uses a skeleton ramdisk and your kernel, modules, and tools to build a boot/root disk set. Version 0.45 has been released.

Sorcerer GNU Linux. Sorcerer GNU Linux is a source-based ix86 Linux distribution designed for advanced Linux administration. A kernel update to 2.4.14 and minor feature enhancements went into version 20011106.

ttylinux. ttylinux is a minimalistic Linux distribution that can fit in 4 MB of disk space. Version 1.15 of ttylinux has been released.

Distribution Reviews

SuSE Linux Professional 7.3 (KillerTux). There is a review of SuSE Linux Professional 7.3 on the KillerTux site. "At this point we were stuck and couldn't get to a prompt. We thought this would be an excellent opportunity to try the ext3 file system. Therefore, we powered off the unit. Sadly, we lost the partition. The system was never able to boot into Linux again. Instructions on the screen were to manually run fsck. Nothing we tried helped. Our new setup is using ReiserFS." Despite that, it's actually quite a positive review: "In our opinion, SuSE Linux Professional 7.3 is an excellent product."

Section Editor: Rebecca Sobol

November 15, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


 Main page
 Linux in the news
 Linux History

See also: last week's Development page.

Development projects

News and Editorials

Assistive Technology Projects for Gnome The Gnome project continues to move forward in the area of accessibility with two new projects, the Gnome Onscreen Keyboard and Gnopernicus.

The Gnome site features an accessibility section that addresses the various disabilities that affect people, and presents solutions to make Gnome software useful to people with these impairments. These solutions are known as assistive technologies, and address a wide variety of impairments with some interesting solutions.

The Gnome Onscreen Keyboard, or GOK project has the following goals: "GOK aims to enable users to control their computer without having to rely on a standard keyboard or mouse. Many individuals have limited voluntary movements and must control the computer using alternative input methods. These input methods may be controlled by actions such as blowing and sipping to activate a pneumatic switch, an eye blink and/or directed gaze with an eye tracking system, head movement, muscle contractions or limb movements."

The Gnopernicus Project addresses people with visual disabilities. "The Gnopernicus project will enable users with limited vision, or no vision, to use the Gnome 2 desktop and Gnome/GTK+-2 applications effectively. By providing automated focus tracking and fullscreen magnification, Gnopernicus will aid low-vision Gnome users, and its screen reader features will allow low-vision and blind users access to standard GTK+2 and Java-based GUI applications via speech and braille output."

Both of these new projects are made possible by the Gnome 2 built-in accessibility framework.

Audio Projects

MuSE 0.6.3 available. A new release of MuSE, the Multiple Streaming Engine, has been made available. MuSE allows multiple audio streams to be merged and sent to an Internet broadcast server. "MuSE is being developed in the hope to provide the GNU community with a user friendly tool for network audio streaming, making life easier for independent free speech radios." This version features support for 16Khz sound, and lots of bug fixes.


PostgreSQL v7.2 beta 2. The second beta of PostgreSQL v7.2 has been released. This release contains a number of improvements in performance, administration, and security. (Thanks to Doug McNaught).


SEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for November 12 is out. Covered topics include software for web-based journals, and the first of a series of Linux in Education case studies.


New releases from the gEDA project. The gEDA project features a few new releases this week, the Gnu Circuit Analysis Package version 0.30, and an Icarus Verilog snapshot for November 10, 2001.

Embedded Systems

Updated Linux-PDA Quick Reference Guide. Rick Lehrbaum has posted a newly updated version of the Linux-PDA and PDA-Linux Quick Reference Guide.

Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for November 8 is out, with the usual roundup of goodies from the embedded Linux world.

Mail Software

Mailman 2.0.7 released. Mailman 2.0.7 has been released. Among other things, this release contains a couple of security fixes.

New site: milter.org. A new site for mail filtering issues, milter.org, has gone online. The goal of the site is to act as a clearing house for mail filtering software issues. (Thanks to Jose Nazario.)

Network Management

Snort 1.8.2 released. Version 1.8.2 of Snort, The Open Source Network Intrusion Detection System, has been released. This is a bugfix release which fixes a number of problems.

Printing Systems

CUPS v1.1.11 is Released. CUPS version 1.1.11 has been announced. "CUPS 1.1.11 adds support for embedded TrueType fonts and PostScript functions in PDF files and adds a new 'cupsaddsmb' program for exporting CUPS printer drivers to Windows clients, adds preliminary support for MacOS X and Darwin. It also now supports printer drivers with more than 100 media options, includes several general performance improvements, and fixes a potential JavaScript vulnerability in the web interface."

OSDN Printing Summit 2001 notes wrap-up. The completed notes from the OSDN Printing Summit 2001 are online. "Actual progress probably will come about less as a result of this conference but instead when many distributions ship printing systems that aren't completely half-assed. Only then will real progress begin to appear."

Web-site Development

Zope 2.4.3 released. Following last week's 2.4.3 beta 1 release, Zope 2.4.3 is now available. This release includes a few more bug fixes.


Getting Started with LDAP (O'Reilly). Luke A. Kanies introduces LDAP, the Lightweight Directory Access Protocol, on the O'Reilly Network. "This article was much more difficult than I expected. I initially began with an in-depth explanation of LDAP as a protocol, but realized that the real goal here is to be able to work with LDAP right now, not after reading 50 pages of abstract explanations."

Using RPM on Red Hat Linux 7.1 (IBM developerWorks). Dan Poirier talks about the process involved in creating RPM packages on IBM's developer Works.

November 15, 2001

Application Links
High Availability

Open Source Code Collections
Le Serveur Libre



Desktop Development

Audio Applications

GLAME 0.5.3 released. A new release of the GLAME audio manipulation program is available. Version 0.5.3 is a development release and it includes several bug fixes and optional real-time updates of plugin parameters. National language support for French and German has been added to the graphical front end.


Gdkxft 1.3 Patch Enables Anti-Aliasing on Mozilla. A new release of Gdkxft is available, version 1.3. "Gdkxft transparently adds anti-aliased font support to GTK+ 1.2. Once you have installed it, you can run any (or, nearly any) existing GTK+ binary and see anti-aliased fonts in the GTK widgets. You don't need to recompile GTK+ or your applications. The latest version of Gdkxft, version 1.3, adds AA support for Mozilla."

Galeon 0.12.7 available. With an unceasing pace of forward motion, the Galeon project has released version 0.12.7. This version is RC2 for Galeon 1.0 and includes a few bug fixes.

Desktop Environments

First Evolution 1.0 release candidate. The first release candidate for Evolution 1.0 has been announced. "After more than two years of hard work, with over 750 thousand lines of code, Ximian Evolution stands out as the premier groupware suite for Linux and UNIX systems." What's needed now, of course, is for lots of people to try it out and find the remaining bugs.

Gnome Foundation Board candidate list. For those who are interested: here's the full list of those running for the GNOME Foundation board.

New GNOME Installation Guide. A new version of the GNOME Installation Guide is out. It's a comprehensive document for beginners who want to install their own GNOME and understand what's actually going on with it.

GUNIH - GNOME in the Hispanic Universities. The GNOME Hispano group has announced a new project, Gunih, which aims to get more software contributions from the Hispanic university community.

Bonobo conference paper available. Dirk-Jan Binnema has published a technical overview of Bonobo, the paper was recently presented at the Dutch Unix User Group (NLUUG) Autumn conference

Kernel Cousin KDE for November 9, 2001. The November 9, 2001 edition of the Kernel Cousin KDE is out. Featured topics include LDAP KIOSlave, Simplifying the DCOP Process, Struggling to Clean Up KConfig, Disabling Action in XML GUI, Registering KDE Mime Types?, KNotes Joins the PIM Applications, Proofreading Strings For KDE3, KDE3 Features Plan and Kalling the [K]Artists.

ALS 2001 Summary (KDE dot News). KDE dot News looks at the KDE presence at the recent ALS 2001 conference.


The latest from WorldForge. The WorldForge project has a few new releases, Metaserver 1.2, which is a stable release of the Metaserver, and Cyphesis 0.1.0, both from Al Riddoch. Also, the November edition of The Chopping Block has been published.


GIMP 1.3 released. Version 1.3.0 of the GIMP, the beginning of a new development series, has been released. "Get ready for reorganized, not-yet-really-working sourcecode, compile it, hack it, send patches and help making a new GIMP that kicks ass." Of course, being a proper beginning of a development series, 1.3.0 doesn't actually work... (Thanks to Zachary Beane).

Gimp-Print 4.1.99 rc1 available. Leading up to the 4.2 stable release, Gimp-print version 4.1.99rc1 has been released. This version adds a Polish language translation, support for more printers, build fixes, and more.


Wine Weekly News for November 11, 2001. The latest Wine Weekly News is available. Topics include Winsock2, overlapped I/O, linking in .lib Files, and more on a problem with VirtualDub.

Office Applications

XNotesPlus v3.4.0. Former LWN editor Michael J. Hammel has released XNotesPlus v3.4.0, a personal information manager with full Palm Pilot support.

AbiWord Weekly News #69. Issue #69 of the AbiWord Weekly News is out with the latest developments from that project.


This week in DotGNU. The This Week in DotGNU summary for November 12 is out, with the latest from that project. Included is a look at progress with the free Java implementation.

Desktop Environments

Window Managers

Widget Sets


Programming Languages


OSE version 7.0 available. Version 7.0 of OSE is available. "OSE is a generic application framework suitable for constructing general purpose applications, distributed systems and web based services." This version is the first stable release after a year of beta releases.


Haskell Communities and Activities Report. The first edition of the bi-annual Haskell Communities and Activities Report has been announced. The goal of the report it to produce an executive summary of Haskell project and language development.


Object-Oriented Perl (O'Reilly). Simon Cozens discusses introduces the reader to Object-Oriented Perl in an O'Reilly article.

Building Perl projects with MakeMaker (IBM developerWorks). Sean Dague introduces MakeMaker for Perl. "If you've used UNIX or Linux for some period of time, you've probably written a few Perl programs to automate simple tasks. Each of these programs does something basic and simple that might otherwise take you 10 or 20 minutes to do by hand. In this article, Sean will show you how to convert just such a Perl program into a far more robust programming project, one that will be generic enough to be widely distributed across many disparate platforms."

Computer Telephony Programming in Perl (use Perl). David Rowe talks about using Perl and Telephony::CTPort to control PCI telephone interface cards. "After much experimentation with different languages and packages, it became obvious to me that Perl would be a great language for Computer Telephony programming. So I wrote the Telephony::CTPort module to encapsulate the functionality of a CT card port in Perl. For example, you can take the port off hook, onhook, record and play audio files, and collect DTMF digits using this module."


PHP Weekly Summary for November 12, 2001. The November 12, 2001 PHP Weekly Summary is out. Topics include a new BSD-style Zend Engine license, a Windows CHM bug, new DOMXML and gettext extensions, PostgreSQL Async, PHP on Netware, and more.


This week's Python-URL. Dr. Dobb's Python-URL for November 9 is out. Covered topics include teaching Python to kids, the future of stackless Python, and more.


Triple-R: The Rubicon Result Repository. The Ruby Garden has added a section called Triple-R, the Rubicon Result Repository. Triple-R contains "a comprehensive (and growing) set of automated tests for both the language and the built-in classes and modules. This test suite, called Rubicon, can be run by any Ruby user."


Tcl-URL for November 14, 2001. The November 14, 2001 Tcl-URL is out. Topics include CriTcl, simulating LED displays, a Tcl demo of graph theory, and more.


Using XSL-FO to create printable documents (IBM developerWorks). Rodolfo M. Raya introduces XSL-FO (XML Stylesheet Language-Formatting Objects) on IBMs developerWorks. "Need portable documents that, unlike most XML documents, include representation information? This article introduces XSL-FO (XML Stylesheet Language-Formatting Objects) and explains how it can come to the rescue. To demonstrate the advantage of using XSL-FO, the article includes an example implementation of a database reporting system that uses Java and XML code."

XML::SAX (use Perl). The use Perl site features an article on XML::SAX, a Perl module that adds better XML support to Perl.

Integrated Development Environments

Anjuta and gIDE merged!. The Anjuta and gIDE projects have been merged. "The merged project will continue under the name 'Anjuta'. The application itself will be identified as 'Anjuta Dev Studio', and will initially be based on the gIDE codebase."

Section Editor: Forrest Cook

Language Links
Caml Hump
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
IBM Java Zone
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP Weekly Summary
Daily Python-URL
Python Eggs
Ruby Garden
MIT Scheme
Why Smalltalk
Tcl Developer Xchange
O'Reilly's XML.com
Regular Expressions

 Main page
 Linux in the news
 Linux History

See also: last week's Commerce page.

Linux and Business

Covalent launches Enterprise Ready Server. Covalent has announced the release of its "Enterprise Ready Server" product. It's based on the (otherwise unreleased) Apache 2.0 server, but with a Java application server and some administration tools added on. Covalent has also announced the obligatory support services.

Compaq and OSDN create Clustering Foundry. Compaq and the Open Source Developer Network have announced the creation of a "clustering foundry" on SourceForge. The foundry appears to be primarily a way for Compaq to share its clustering technology with the community.

'Creatures Internet Edition' for Linux. Linux Game Publishing has announced that "Creatures Internet Edition" will be released for Linux.

Learning the Unix Operating System, Fifth Edition. O'Reilly has announced the release of the fifth edition of Learning the Unix Operating System by Jerry Peek, Grace Todino and John Strang.

Teamware Office 5.3 released. Fujitsu's Teamware Group has announced the release of Teamware Office 5.3 for Linux. It's "a complete set of ready-to-run groupware applications for today's business professionals."

OSDL announces 2nd Enterprise Achievement Award Contest. The Open Source Development Lab has announced its second "Enterprise Achievement Award" contest, which will give $25,000 to whoever they decide has made the greatest contribution to "Enterprise Linux" over the last two years. The full set of rules is available for those who are interested; the nomination form is online as well.

Analyst: Linux to dominate high performance computing in less than three years. The Aberdeen Group has released a research report claiming that Linux will dominate the high performance computing market by 2004.

Evans Data: Linux interest higher outside the U.S.. Evans Data has announced the results of a survey of developers. According to them, 39.6% of North American developers expect to be working with Linux in the next year, compared to 48.1% of "international" developers. Also: "More than half of those surveyed have enough confidence in Linux to use it for mission-critical apps."

Linux Stock Index for November 08 to November 14, 2001.
LSI at closing on November 08, 2001 ... 27.73
LSI at closing on November 14, 2001 ... 29.10

The high for the week was 29.10
The low for the week was 27.73

Press Releases:

Open source products

Distributions and bundled products

Proprietary Products for Linux

Hardware running Linux

Products and Services Using Linux

Products With Linux Versions

Java Products

Books & Training


Personnel & New Offices

Linux / Open Source At Work


Section Editor: Rebecca Sobol.

November 15, 2001


 Main page
 Linux in the news
 Linux History

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Open Source alive and well at O'Reilly P2P conference (Register). The Register covers the P2P conference from an open source perspective. "Among the vendors in attendance, Sun was especially prevalent. In his keynote, Sun's Phipps advised the audience that their best protection against vendor lock-in was Open Source. He said Sun views Open Source as a valuable software development methodology, rather than 'being religious about it.'"

Linux Outlawed! (Troubleshooting Professional). Troubleshooting Professional has put up a special issue on the SSSCA. "What is the end result if SSSCA passes? It starts bleak, and gets bleaker. For starters, Linux is outlawed."

MS promotes Linux from threat to 'the' threat - Memo (Register). The Register has picked up an alleged internal Microsoft memo on competing with Linux. "Speaking of fights, Brett Cocking and team from the SLG vertical just don't know when to quit! Not only did they displace RedHat for a 40+ web server deal at Broward County in Florida, they're also going straight after one of the Linux community's key wins at the City of Largo (dubbed the City of Progress). 'If they're the city of progress, why are they running Linux?', Brett jokes."

How Microsoft invented open source, by Billg (Register). The Register reports on the Microsoft shareholder meeting. "There you have Bill's view of how the good free software movement should perform, tapping away at the creation of baseline 'adequate' functionality so other people can - we hesitate to say 'steal' - it, develop it and make money out of it."

Apache 2.0 to debut from Covalent (News.com). News.com reports on Covalent, which is about to release a version of Apache 2.0, even though the Apache Project has not yet done so. "But Covalent, which employs some but not all of the key members of the Apache development effort, is ahead of the rest of the Apache programmers, who still consider 2.0 to be beta software and whose current 'production version' is 1.3.22, which is ready for real-world use."

Linux security self-censorship ominous (Register). Here's an article in The Register about the suppression of information about security fixes in the 2.2.20-pre changelogs. "First, Microsoft's Scott Culp argued in an essay that security researchers shouldn't reveal the nature of security holes in software. Then Culp may have found an unexpected ally in his war against full disclosure: Linux's second-in-command, Alan Cox. Cox's decision to delete security-related material from the Linux kernel changelog seems almost to honor Culp's request that we suppress information useful to attackers."


Casio to ship Linux, Transmeta laptop next week (Register). Here's a brief Register article on the new "Fiva" laptop from Casio. "Interestingly, though, users select which operating system they want to boot into by toggling a physical 'Change Over' switch in the Fiva's body. Flip it to A Mode and you get XP; set it to B Mode and you get Linux."

New CEO replaces Lineo founder (News.com). According to this brief News.com article, Lineo founder Bryan Sparks has stepped aside, and COO Matt Harris is the new CEO of the company. "Founder and former CEO Bryan Sparks will remain chairman, [spokesman Lyle] Ball said, though his new duties remain vague."

VA Linux goes mainstream (IT-Director). IT-Directory has put up a look at the SourceForge 3.0 release. "This version of SourceForge runs, not surprisingly, on Linux (however, the company has announced plans for other operating systems, of which the first will be Sun Solaris). You might think that it would also run based on an open source database such as MySQL but, fortunately for its sales potential, the company has taken the pragmatic stance of rolling it out on Oracle (though 8i rather than 9i) in the first instance."


Future of the Data Center (ComputerWorld). Nicholas Petreley talks with Open Source Development Lab leader Tim Witham in this (slightly old) ComputerWorld article. "What impressed me most was his long-term outlook for Linux. Witham is convinced that Linux will own the data center in about five years." (Thanks to Peter Link).

Linux: The Penguin Marches On (IT-Director). Here's an IT-Director article on how Linux is doing in the corporate world. "Our guess is that Linux on the desktop is still too early to call, but on the server it now looks to be unstoppable."


A developer's perspective on Sharp's Zaurus SL-5000D Linux/Java PDA (LinuxDevices). LinuxDevices.com is running a detailed look at the Sharp SL-5000D PDA. "Sharp calls their kernel 'Lineo Embedix'; though it is not clear what Lineo brings to the party -- at least from the point of view of the kernel. Basic functionality is provided by BusyBox , an open source project now maintained by Lineo. In any case, it should not be necessary to purchase Embedix to write software for the Zaurus -- freely available tools will work just fine." Worth a read.

Editors' Choice Awards (Linux Journal). The Linux Journal has announced its "Editor's Choice" winners for the year.

Word to the Wise: KWord's Quest for Completion (LinuxPlanet). LinuxPlanet looks at KOffice, and is not particularly impressed. "Without neglecting to acknowledge the incredible efforts of the open source developers that have gotten us this far with KOffice on what must amount to a shoestring budget, I have to say that as a consumer, I am getting a bit cynical about opening up a Linux product and being disappointed with the results."

Internet liberation theology (Salon). Salon reviews The Future of Ideas, the new book by Lawrence Lessig. "Lessig's discussion of levels of control in the information ecology follows from the work of NYU communications scholar Yochai Benkler. Benkler described the Internet as a multitiered environment consisting of an underlying physical layer (the wires), a logical layer (the protocols) and the content (the Web pages you view, the cable programming you receive). At each level, Lessig notes how the balance is tilting increasingly from freedom to control."


Interview: Neal Walfield (KernelTrap). KernelTrap interviews Hurd developer Neal Walfield. The article gives a good overview of what the Hurd is about. "With respect to usability, the Hurd works quite well as a desktop system, however, I would not yet recommend it to anyone as a server. That said, approximately half of the Debian Woody archive has been compiled for the Hurd. This includes most development tools and noteworthy programs such as XFree86."

Alan Cox on the DMCA, his future, and the future of Linux (NewsForge). NewsForge interviews Alan Cox. "I have a list of things I want to get done in 2.5, most of which consist of removing old ugly code. There is some device driver stuff I want to work on, and there are a whole collection of userspace things I want to play with somewhat more -- especially configuration tools and usability."


Geeks on the Half Shell (Linux Journal). Here's a travelogue by Doc Searls from the Geek Cruise. "After the third Bloody Mary, it doesn't matter what the hell Richard Stallman says."

Section Editor: Forrest Cook

November 15, 2001


 Main page
 Linux in the news
 Linux History

See also: last week's Announcements page.



IDG World Expo Introduces Online Conference Planner for LinuxWorld NY 2002. DG World Expo has announced software called My Show Planner, an online conference planner that allows conference attendees to personalize their conference schedules and social engagements at LinuxWorld Conference & Expo.


Linux Bangalore/2001. A three day Linux conference, known as Linux Bangalore/2001, will be held in Bangalore, India from December 10 through 12, 2001.

Events: November 15, 2001 - January 10, 2002.
Date Event Location
November 15 - 16, 2001SC2001Denver, Colorado
November 15 - 17, 2001HispaLinux CongressMadrid, Spain
November 17, 2001Lightweight Languages Workshop 2001(LL1)(MIT Artificial Intelligence Lab)Cambridge MA
November 25, 2001The Business of Open Source Software(BOSS)(Ottawa Public Library)Ottawa Ontario, Canada
November 28 - 30, 2001Linux-Kongress 2001(University of Twente)Enschede, The Netherlands.
December 7 - 9, 2001PLUTO MEETING 2001Terni, Italy
December 10 - 12, 2001Linux Bangalore 2001Bangalore, India

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Section Editor: Forrest Cook.

November 15, 2001



Software Announcements

Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license


Our software announcements are provided courtesy of FreshMeat


 Main page
 Linux in the news
 Linux History

See also: last week's Linux History page.

This week in Linux history

Six years ago Red Hat Linux 2.1 was released.

Three years ago (November 19, 1998 LWN): Trolltech announced that the Qt library would be released under an open source license. That license, the QPL, was truly open source, but remained controversial anyway. The Qt licensing issue didn't really die down until the library was relicensed under the GPL in 2000.

Bruce Perens warned about the danger of trojan horse software. Three years later, there have been very few trojan incidents, but the danger is probably more real than ever.

Stable kernel 2.0.36 was released with the first known application of "holy penguin pee." According to Linus:

This, btw, is not something I would suggest you do in your living room. Getting a penguin to pee on demand is _messy_. We're talking yellow spots on the walls, on the ceiling, yea verily even behind the fridge. However. I would also advice against doing this outside - it may be a lot easier to clean up, but you're likely to get reported and arrested for public lewdness. Never mind that you had a perfectly good explanation for it all.

Digital Creations released the source for their Principia product. Principia, of course, became Zope, arguably the first big Python "killer app".

The Linux Journal Editor's Choice Awards went out...the product of the year was Netscape Communicator, the "most desired port" Quark Xpress, and the best new hardware was the Corel Netwinder. Some awards just don't stand the test of time...

Slackware 3.6 was released. Both Red Hat and SuSE announced support programs for their distributions. Red Hat hired Matthew Szulik to be the company president.

VA Research (now VA Linux Systems) received a venture investment from Sequoia Capital, and Netscape purchased "NewHoo," which has since become the Open Directory Project.

FUD of the week:

Linux may be a great way for computer-literate individuals to get under the hoods of their computers for little cost, but it's nothing more than a convenient form of protest and public relations for the major software vendors that plan to support it. If nothing else, the Linux community has an influence beyond its numbers, and getting on its good side might help sales elsewhere. As long as Linux remains a religion of freeware fanatics, Microsoft (and other NOS vendors) have nothing to worry about.
-- Michael Surkan, ZDNet.

Two years ago (November 18, 1999 LWN): The first Linux Business Expo happened as part of Comdex in Las Vegas. The Linux Professional Institute completed its first certification exam, finally.

SuSE 6.3 was announced - though it was not due to hit the net until December. Mozilla M11 was released.

Rumors were circulating of a new company to be formed by GNOME hackers Miguel de Icaza and Nat Friedman. Red Hat's purchase of Cygnus Solutions was confirmed. VA Linux Systems decreed that its IPO would happen at $11-13 per share - rather short of the $30 that it eventually went out at (but far higher than today's price).

Scary thought of the week:

I don't think people realize just how close we came to a Microsoft-dominated Web. If Microsoft, having trounced Netscape, hadn't been surprised by the unexpected strength of Apache, Perl, FreeBSD and Linux, I can easily imagine a squeeze play on Web protocols and standards, which would have allowed Microsoft to dictate terms to the Web developers who are currently inventing the next generation of computer applications.
-- Tim O'Reilly in Salon.

Advogato hit the net.

One year ago (November 16, 2000 LWN): The KDE League announced its existence. Meanwhile, the GNOME Foundation released the preliminary results for the first board of directors.

Digital Creations (now Zope Corporation) hinted at how successful free software companies might look and operate in the near future. They secured a $12 million funding round at a time when venture capital was scarce.

MandrakeSoft hired Bastille Linux security guru Jay Beale as Security Group Director. A position he has retained.

IBM released the source for OpenAFS (a version of the Andrew File System) under its "IPL" license. IBM also released the first "reference implementation" of its Enterprise Volume Management System (under the terms of the GPL).

Netscape 6 launched.

A scan through open source chat rooms such as Slashdot.org reveals that most users who tested the software say it is still full of kinks and bugs and are already looking forward to the release of Netscape 6.1.
-- Upside.

"... barriers to the adoption of open source software persist", wrote Michelle Head at LinuxNews.com.

The health care industry would seem to present the perfect challenge for open source design: one would think that an organization requiring a stable, secure operating system able to manage a number of different types of data with complete integration and the kind of ease-of-use most physicians need would have open source written all over it. But the health care industry's information technology status remains largely in the Dark Ages--even as healthcare's growing complexity cries out for cutting-edge technology solutions.

One year later one burning topic at the recent National Summit on Future of eHealth Application Development was:

What is the role for standards, open source software, or public domain approaches to eHealth development? What changes (e.g., structural changes, incentives, funding) are needed to jumpstart and sustain such approaches?

Progress, perhaps.

Section Editor: Rebecca Sobol.

November 15, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review


 Main page
 Linux in the news
 Linux History

See also: last week's Letters page.

Letters to the editor

Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

November 15, 2001

From:	 "Eric S. Raymond" <esr@thyrsus.com>
To:	 lwn@lwn.net, editors@linuxtoday.com, malda@slashdot.org, editor@linux.com,
Subject: Thank you, Microsoft, but no thanks!
Date:	 Fri, 9 Nov 2001 16:50:08 -0500

In remarks at a Microsoft stockholders' meeting, Bill Gates recently
claimed that Microsoft was responsible for the success of open source.

"Really," he said "the reason you see open source there at all is
because we came in and said there should be a platform that's
identical with millions and millions of machines."

As an exercise in retroactive imperialism, this is little short of
breathtaking.  It ignores the fact that though the open-source culture
wouldn't get public visibility until after 1993, or a name for itself
until 1998, it already existed well before the foundation of Microsoft
in 1975.  Many of today's most active hackers can readily remember a
time when the typical response to the word "Microsoft" was "Who are
they?" -- and some of our most important work (such as the Berkeley
TCP/IP stack that Microsoft itself copied and used) was written years
before the computing landscape flattened into PCs as far as the eye
can see.

But there is one smidgen of truth in this; yes, Mr. Gates, recently you have
helped open source succeed -- in much the same way Osama bin Laden has
helped beef up airport security lately.  

Microsoft's monopolistic, price-gouging, bullying behavior is making
open source more attractive every day.  We'd thank you, except that
you're only accelerating a process that would have happened anyway.
You're a serviceable villain, but not a necessary one; the dedication
to excellence and the sense of worldwide community that are behind the
open-source movement were here long before Microsoft, and will still be here
long after Microsoft is gone.
		<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>
From:	 Dan Stromberg <strombrg@nis.acs.uci.edu>
To:	 letters@lwn.net
Subject: legal aspects of opensource
Date:	 Thu, 8 Nov 2001 10:33:45 -0800

I sincerely hope you won't stop covering the legal aspects of
opensource.  It's important information, and you cover it well.

Dan Stromberg                                               UCI/NACS/DCS

From:	 Bruce Ide <greyfox@flying-rhenquest.net>
To:	 lwn@lwn.net
Subject: Redistributing GPL Code
Date:	 Thu, 8 Nov 2001 05:16:43 -0700

> Heres an interesting scenario, though: suppose an unethical vendor 
> obtains a copy of a program licensed under the GPL, makes a change, 
> and resells the product under a proprietary license?  

Then I sue him for distributing a derivative work under the copyright

Unlike a regular EULA, which takes rights away from the user, the GPL
only grants you rights. If you do not accept the GPL or EULAs get
declared unconstitutional in court, control reverts back to standard
copyright with all the happy copyright protections including the
derivative work clauses.

This of course depends upon the copyright holder defending his
copyright. If the copyright holder happens to be the FSF, I guarantee
you they'll go after the infringer like a rabid pit bull. I'm pretty
sure Stallman's been itching to try the thing out in court. You
know why every company this far has caved when he's gone after
them for similar things? Because those companies have lots of
expensive lawyers who have evaluated the GPL. They've told the
people in charge that it's solid and that the company will lose
in court if the FSF sues them. Check with any big company that
does software and you will find they have a policy that if you
work on a software product, you can't contribute (or even
look at the source for) a similar open source program. Even
in your spare time.

Usual disclaimers apply; I am not a lawyer (But I play one on

Bruce Ide                               greyfox@flying-rhenquest.net 
Carpe capregenus                        http://www.flying-rhenquest.net

From:	 Chris Brand <Chris_Brand@spectrumsignal.com>
To:	 'Gleef' <gleef@ybten.net>, "'letters@lwn.net'" <letters@lwn.net>,
	 'Alan Cox' <alan@lxorguk.ukuu.org.uk>
Subject: Re: DMCA Issues
Date:	 Fri, 9 Nov 2001 14:38:28 -0800

Gleef wrote:
>Alan is neither a US citizen nor a US resident, and should not bear
>the brunt of fighting a US law; I consider his stance of staying away
>from the US, until the DMCA no longer threatens him, prudent.  
Ironic, then, that since the 1988 Copyright, Design and Patents Act became
law in the UK, it has been illegal there to "publish information intended to
enable or assist persons to circumvent that form of copy-protection"
See http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296.
I suspect that anything that is considered "rights management" could also be
considered "copy-protection", although I'm certainly not a lawyer. Certainly
file permissions and userids may be used for copy-protection, and Alan's far
more vulnerable to UK law than the DMCA.

Chris Brand

From:	 Alan Cox <alan@lxorguk.ukuu.org.uk>
To:	 Chris_Brand@spectrumsignal.com (Chris Brand)
Subject: Re: DMCA Issues
Date:	 Fri, 9 Nov 2001 22:49:07 +0000 (GMT)
Cc:	 gleef@ybten.net ('Gleef'), letters@lwn.net ('letters@lwn.net'),
	 alan@lxorguk.ukuu.org.uk ('Alan Cox')

> law in the UK, it has been illegal there to "publish information intended to
> enable or assist persons to circumvent that form of copy-protection"
> See http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296
> <http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296>  2b.

Note the "intended to"

The DMCA lacks intent checks. Thats also why thefreeworld.net requires you
promise you arent using the info to commit an offence.


From:	 Seth LaForge <sethml@ofb.net>
To:	 letters@lwn.net
Subject: Re: bug reporting in noncommercial software
Date:	 Sat, 10 Nov 2001 14:48:01 -0800
Cc:	 debian-debbugs@lists.debian.org, David.Kastrup@t-online.de

Two weeks ago on lwn.net, David Kastrup complained that his users
don't submit bugs, and that the failure of free software to keep bugs
under control is due to lack of bug reports.  This is an area I've
been giving thought to lately.  I think that a large part of the
problem is the great variety of bug reporting and tracking mechanisms
in use.  If I want to report a bug for some program, I have to hunt
down the documentation which describes how to submit a bug, possibly
register with a bug reporting database, figure out what version I have
of the program and all software that it depends on, and coherently
describe the bug.  By this time I've spent half an hour of my life
reporting a bug that may well have already been reported by somebody
else.  This doesn't much encourage me to report bugs.

The Debian Project (<URL:http://www.debian.org/>) has inadvertantly
found a solution for the problem.  They have a bug tracking system
for tracking bugs in packages in the Debian distribution - it's at
<URL:http://www.debian.org/Bugs/>.  The system is primarily for
tracking bugs in the packaging of programs (for example, a package
that doesn't install man pages properly), but it is also used to track
bugs in the actual programs.  Every package has a designated package
maintainer.  When a software bug is reported to a package maintainer,
the maintainer is responsible for forwarding the bug on to the package
author (or bug tracking system, or mailing list, or what-have-you) and
keeping track of its progress.  By routing all bug reports through
maintainers who decide what action to take, Debian has made it much
simpler and more consistent to report a bug.

Further, Debian features the excellent "reportbug" utility.  Suppose I
discover a bug in elvis.  All I have to do is type "reportbug" in a
shell.  I get back a prompt "Enter a package:".  I type "elvis".
reportbug then queries the Debian bug tracking system for existing bug
reports on elvis and displays summaries of all bugs.  I can then view
the full text of any bug report, and if I find one that matches the
bug I'm attempting to report, I can either quit or submit a followup
to the existing bug report.  If I don't find my bug already listed,
reportbug will bring up an editor window in which I can describe the
problem.  report bug then appends information about the version of the
package involved, all packages it depends on, my kernel version, etc.
and sends the report on to the Debian bug tracking system.

reportbug makes it easy for me to discover if my bug has already been
reported.  It makes it sure that all bugs get reported with full
information on version numbers and the status of the system.  I only
have to learn to use a single bug reporting tool rather than learning
a new tool for every program I encounter a bug in.  It's great!

It would be wonderful if a system like this could be extended to free
software in general, rather than just the Debian distribution.
Because there are Debian packages for most free software, there's bug
tracking for pretty much any free program I might run into, but the
system isn't available for users of other distributions, or non-Linux
systems.  I'm not sure how one would generalize the Debian bug
tracking system to extend to all of free software.  One way that comes
to mind is to split the Debian bug tracking system into two halves -
one half for Debian-specific bugs, and the other half for program
bugs.  Then package up reportbug for all of the major Linux
distributions, as well as for *BSD, Solaris, etc.  Encourage the
authors of simple packages to use it as their primary bug tracking
system; I'm sure there are plenty of projects and programs which
currently don't use a bug tracking system out of inertia, but would if
there were a simple standard.

Of course there are currently political and technical obstacles to
splitting the Debian bug tracking system as I propose, but the
fundamental infrastructure is there and ready to go.  I hope this
letter will inspire some thought and perhaps action on the matter.

Seth LaForge
From:	 Scott Johnston <scott@accom.com>
To:	 letters@lwn.net
Subject: ivtools-1.0 release
Date:	 Fri, 09 Nov 2001 15:28:51 -0800

Thanks for the mention of the 1.0 release of ivtools.  I should mention
that Vectaport Inc. is no longer an ongoing commercial concern, but the
ivtools software lives on with a BSD-style license.  This could prove
useful to free software businesses developing custom commercial
applications that require direct-manipulation graphics.

Yes, idraw is ancient by recent standards, but then so is X11, emacs,
TeX, ghostscript, and don't forget the Unix kernel.  Old software does
not necessarily make for useless software.  But you knew that.

Scott Johnston

From:	 Nathan Myers <ncm@nospam.cantrip.org>
To:	 letters@lwn.net
Subject: Gartner reports' true meaning
Date:	 Sun, 11 Nov 2001 03:39:55 -0800

To the editors,

The Gartner Group has has published several reports lately touching
on Free Software that must have left many LWN readers confused.  
After years of painfully misleading commentary, suddenly we see a 
few outbreaks of rare good sense, punctuated by more of the customary 

I have been observing "market research" companies for a decade, and 
have learned a lot about what such reports really mean.

Although all "market research" companies claim to do research (and a 
few actually do!), that is not their main job.  They offer their "reports" 
at outrageous prices, but most of their paying customers aren't paying
to learn what's in the reports.  What are the real customers buying?  The 
real customers are what are usually called "corporate communications" 
officers -- less politely, flacks.

The job of a flack is to get her employer's product noticed.  Sending 
press releases is a part of the job, but press releases, when not 
discarded, usually appear where people can safely ignore them.  To get 
a press release noticed, it has to _seem_ to come from somewhere else.  
This is the market researchers' real job.  They gather material sent in
by their real, paying customers into "reports".  They invite cooperative 
magazine columnists to (otherwise) expensive conferences, feed them 
handsomely, and hand them reports.  Columnists regurgitate the reports
in those industry magazines we all get at well below production cost.

When we see a "market research" report, even knowing its true origin,
we can learn something.  We can learn what the big players in a market 
want believed.  More, we can learn what many buyers, as well as investors
and smaller competitors in that market, will do.  Buyers follow the 
recommendations because they believe, or don't know what else to do, 
or are afraid not to.  The smaller competitors have to provide what
the customers think they want (so actually have to buy the reports!).  
Investors put their money where the buyers are.  When this positive-
feedback cycle works just right, everybody makes out fine until somebody 
notices that the products don't work or the consumers aren't interested.
(Even then, nobody has to give any of the money back.)

What does this mean about recent, surprising, reports?  First, the 
market research agencies are in a fix right now.  A big chunk of their 
more generous, naive, and "innovative" customer base just closed its 
collective doors.  Literally thousands fewer corporate communications 
officers are shoveling press releases and checks into their mailboxes.  
Second, just because few are paying to have reports written doesn't 
mean they can stop writing reports; they depend for survival on their 
names appearing in print.  Third, the cheapest, most reliable way get 
mentioned in print is to write controversial things.  Finally, a good 
way to drum up new business is to provoke it by publishing what some 
would pay to have re-spun.

The recent, surprising reports from the Gartner Group could be examples
of this process: maybe Gartner is just stumping for Microsoft business.
More likely, something even more cheesy is going on.  In any case, the 
most sensible response to a Gartner Group report is to ring the spittoon
and move on.

Nathan Myers
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds