Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

This move will bring an end to more than two years of controversy centered around the Qt license. Qt's initial license was in no way free, and caused much concern among free software users. Trolltech eventually responded with the QPL which was, grudgingly, acknowledged to be a free license. The QPL remained incompatible with the GPL, however, leading many to conclude that linking the (GPL licensed) KDE code with Qt was not legal. For this reason, the Debian distribution still does not include KDE.

Now that everything is covered under the GPL, this trouble should go away (but see the next article, below). KDE is indisputably free software.

Will this change bring about the end of the "KDE vs. GNOME" rivalry? Most certainly not. But GNOME has lost whatever high moral ground it may once have had. The competition will continue, but it will, hopefully, be in a much more interesting vein. The two projects, deprived of the licensing issue, will have to compete on two factors:

• Technical merit. GNOME and KDE have taken different approaches to a number of technical issues. As LWN has stated in the past, it is going to be very interesting to see how these choices work out. There will be much to learn from watching how the two projects go.

• Human factors. In the end, the real question is the extent to which KDE and GNOME produce software that people want to use. Creating that software is going to require a great deal of attention not only to the features that people want, but also to usability. Getting the human factors side of things right is seriously hard, and both projects could probably make good use of some more effort directed specifically toward usability issues.

The end result seems reasonably predictable, really. It's already common to see systems with both KDE and GNOME installed. Users may "run" either KDE or GNOME, but they will pick and choose their applications individually, depending on which they like best. In the end, letting users decide what is best for them is what Linux is all about.

(See also: KDE's response to Richard Stallman's editorial, and this additional response from some KDE developers).

Must KDE ask forgiveness for its sins? One would hope that the KDE licensing wars would be truly over. This note from Richard Stallman, however, makes it clear that the hangover may be with us for a little bit yet. Those who violate the GPL lose the right to use the code covered by that license; according to the letter of the law, people who linked GPL code with Qt can no longer use that code without forgiveness from its copyright holders. Nobody has ever been held to that standard before, but RMS seems to think that things should be done differently this time.

Mr. Stallman claims that KDE has made use of (unspecified) GPL-licensed code from other projects. One could conceivably create trouble with this charge - assuming that specifics of the alleged improprieties were to be made public. But what is the point?

RMS has generously offered forgiveness for all software under the FSF copyright, and has called on others to do the same. If one absolutely must make an issue of alleged past violations, this is the only way to do it. KDE's only crime is to try to make the best free Linux desktop it could; to tell them they need to beg forgiveness is insulting at best. It's time to put the whole KDE licensing issue behind us and move on.

:CluelessCat? Thanks to a (previously) little-known company called "Digital Convergence," we now have our latest attack on the right to program.

Digital Convergence came up with an interesting idea. They give away a cheap barcode reader (called the ":CueCat") and some (Windows) software. People plug the reader into their computer, then use it to read a special code printed with advertisements and such. The browser running on the computer will then be directed to a specific web page just waiting to take a credit card number. For added fun, the device can also pick up coded audio signals from a television.

If you put an interesting device out there, some Linux hacker somewhere will try to make it work. If the device is free, and relatively simple as well, quite a few hackers will jump in. And, sure enough, :CueCat drivers started appearing on the net.

Digital Convergence, as it turns out, didn't like that; it called in its lawyers and set about shutting down sites hosting :CueCat drivers. It seems that such a driver violates the company's "intellectual property," though exactly what that property is has not yet been specified. See, for example, copies of the lawyer letter posted on the FBM Terrorist Conspiracy From Hell, Inc page. The case appears weak, but the company has managed to get the :CueCat drivers pulled down - for now.

Why would Digital Convergence do such a thing? While many Linux users may not use their readers to go to advertisers' web pages, some certainly will. So companies that are paying Digital Convergence for the :CueCat referrals should be happy; happy customers are generally good for business.

One part of the answer can, perhaps, be found in this issue of Lauren Weinstein's Privacy Digest. Use of the :CueCat, it seems, requires sending in some personal information, along with the serial number of the device. Every code you scan gets tied together with your information, building a nice little profile. According to the Privacy Digest, Digital Convergence is aware of and responsive to privacy issues, which is encouraging. But the commercial value of the data collected by the :CueCat system is obvious.

And that is why Digital Convergence doesn't like the Linux driver, and why it is so important that the driver exist. When source is available, users of the device who are concerned about their privacy can do something about it. They need not depend on the promises of a company whose commercial interests clearly lie in the collection and sale of personal information.

This is a classic example of what the "free" in free software really means. If we can not write software to work with the things we own, we have lost an important freedom. This case is important, even for those who lack the desire for quicker access to commercial web pages facilitated by a feline-shaped scanner device.

(See also: this Slashdot topic with an unhelpful response from Digital Convergence and 901 (as of this writing) comments).

One last word on Geeks With Guns. Our publication of the Geeks With Guns report has inspired a fair amount of mail. Not everyone is pleased that we ran the article; others feel that we did not run it prominently enough. We covered it as an event involving Linux personalities at a Linux conference, and still feel it was appropriate.

On the other hand, the letters to the editor on the subject have been squelched with a firm hand. Our thanks to all of you who wrote to us - pro or con - but the discussion is heading rapidly into areas beyond LWN's scope.

As always, letters to the editor should be sent to letters@lwn.net.

Minor change to the software announcements. Thanks to changes put in by Scoop over at Freshmeat, the software announcements this week have been broken apart by major category, to make them easier to scan. Several people have asked for this; we expect it to be popular. We will probably also make an alternate version of the software announcements available next week, one that breaks up the announcements by license type instead of by category. Your feedback to these changes is always appreciated.

We've also left in place a minor change which causes an individual software announcement to pop up in an external window if you click on it. This is against our normal policy (we generally hate popup windows) and it can certainly be argued that it should be removed, allowing you to choose to drag and drop a link if you want to see it in an external window. What we want to know is your preference. Please send your comments to lwn@lwn.net.

Inside this week's Linux Weekly News:

• Security: Vendor coordination, glibc vulnerabilities, lots of updates.
• Kernel: TUX kernel-based web-server, zero-copy TCP, no Open-Source NDS for Linux.
• Distributions: FTOSX, MageNet and Scrudgeware join the distributions list, Linux-Mandrake 7.2 beta released.
• Development:FreeGIS, new Erlang, Perl, and Python.
• Commerce: iRobot, IBM Asia Pacific Linux Initiative, RSA patent release, M-Systems and LynuxWorks.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

News and Editorials

Fast response versus vendor coordination. Leading the new security reports section, you'll see a complex report on glibc problems and updates this week and last. One of the problems in glibc that was reported and fixed was a format string vulnerability in locale. This was demonstrably locally exploitable to gain root access. From a Linux-centric perspective, the process for fixing this moved forward in a fast and straightforward manner. However, there was another side to the story.

Simultaneous to the glibc locale discovery, CORE SDI discovered and reported a format string vulnerability in the Unix locale subsystem. They reported the discovery to SecurityFocus' vulnhelp forum, a forum set up to provide access to expert assistance in both verifying problems and in contacting vendors in advance, so that fixes for the problem could be readied. Particularly in this case, the problem affected so many different Unix and Linux operating systems, and no good workaround was available, so it was felt to be essential to work with the vendors. CORE SDI and SecurityFocus contacted a long list of vendors, including the many various Linux distributions. They were surprised, and strongly displeased, when several of the distributions did not respond to them, yet chose to publish the vulnerability, with updates, even though other vendors had not had the opportunity to develop fixes for the problem.

This issue is not new. CERT has long been known for the effort it puts into coordinating with vendors before releasing advisories. Correspondingly, they are also famous for advisories that come out months after the initial report of a problem, frequently after the problem has been widely exploited. Some vendors, for some problems, will be able to get fixes out very quickly. Other vendors, or other problems, may be more difficult to get out. Experience has shown that nothing irritates a vendor more, or motivates them more, than publicity, particularly publicity showing faster response from another vendor. Contacting other vendors that are potentially impacted before publication is a "good thing". Deciding how long to wait, if at all, before publishing your own fixes is a tougher decision.

Were the Linux distribution vendors at fault in their release of their updates? There will never be a unified opinion on that. Obviously, CORE SDI and SecurityFocus feel that they should have held their updates back. If they had done so, though, they would certainly have come under fire from others for slow response to a known, potentially severe security vulnerability. After beating on Linux distributors to get fixes out in a timely manner many times in this forum, for example, we are hard put to say that they made the wrong choice.

However, by operating in a very Linux-centric manner, and particularly by not communicating back with CORE SDI and SecurityFocus in a timely manner, they were certainly impolite. Such impoliteness can undermine potential future cooperation and should definitely be avoided. Even if they chose to go ahead with their advisories and updates, working with and notifying other interested parties in advance is a worthwhile choice.

In some respects, we may be viewing the effects of a lingering Unix vs Linux split. Many people in the Linux felt (and were) ignored by the Unix community in the early years of Linux (1993-1998). As a result, a habit of non-communication has grown up. If this is indeed part of the root of the problem, its eradication will come from the efforts of individuals on both sides to become more aware of the concerns and work of their counterparts. Where security is concerned, we all have the same goals, Linux, *BSD and commercial Unix vendors and users alike. Working together, wherever possible, is the right choice to make.

Falling Apart at the Seams (SecurityFocus). Here's an article on SecurityFocus which looks at complex security problems and their avoidance. "This new class of holes is different: a programmer doesn't understand what somebody else was thinking or expecting, and fails to make a smooth transition between the two pieces of code. Sometimes the transition appears smooth, but the underlying complexity scuttles system security in the end.The key to solving this problem is the open source movement, and its propensity for keeping code development simple and ego-free."

Open Sources: Wild ICAT adventure (cont.) (ZDNet). ZDNet reports on the ICAT project. "The idea: to make it possible to search for specific security vulnerabilities in computer systems and locate appropriate databases, fixes and patches". Via the offices of Alan Paler (SANS Institute), it appears that the National Institute for Standards and Technology (NIST) may pick up the tab for an expanded ICAT program in the future.

Security Reports

glibc vulnerabilities. This week has been full of advisories from various Linux distributions regarding two severe problems with glibc. Confusing the issue, more than one vulnerability is involved and they were reported at different times. That means that some of the updates only fixed the first reported problem, while others fixed both problems. We'll try to sort out the confusion.

ld.so environment variable vulnerability. Advisories for this problem showed up last week before we even found this report on BugTraq, from Solar Designer, about the problem. The following updates, which came out last week, address just this problem:

• Caldera (August 31st)
• Linux-Mandrake (August 31st)

format string vulnerability in locale. The locale subsystem in glibc is used to provide internationalization support. A format string vulnerability in locale can be locally exploited to gain root access (or in some cases, remotely exploited). Note that this problem is not specific to Linux; it has also been reported to affect several Unix operating systems, though FreeBSD and OpenBSD are apparently not impacted. The following updates address both the environment variable vulnerability and the locale vulnerability:

• Red Hat
• Debian
• Conectiva (initial advisory)
• Caldera
• Slackware
• Conectiva (updated advisory)

PHP upload vulnerability. A PHP vulnerability was reported based on the manner in which PHP handles file uploads. Rasmus Lerdorf acknowledged the problem, provided a patch and indicated that the PHP CVS archives now also include this patch. Also of interest may be this post from Signal 11, which includes a user code snippet for detecting and preventing an exploit based on this vulnerability.

Star Office phones home. Last week, there was a large hullabaloo about the discovery that the Microsoft Office file formats allowed embedded HTML to be executed by a user without their knowledge. This was referenced as a document format being able to "phone home". Although the capability is potentially useful, there was strong agreement that an application should warn the user first, to prevent this capability from being exploited for malicious or anti-privacy purposes.

This week, Kurt Seifried pointed out that Star Office also 'phones home'. He verified that StarWriter, StarCalc and StarImpress all use file formats in which embedded HTML text is automatically executed, without any warning to the user. No response from Sun about this problem has been seen as of yet.

Helix go-gnome script. In addition to their binary installer, Helix Gnome also offers an installation script, "go-gnome". Another BugTraq posting has reported that this script suffers from the same problems previously reported in their binary Installer. The vulnerability can be used to overwrite any file on the system

Both a workaround and a patch for go-gnome are provided in the original report. In addition, Helix Gnome has issued an official update to go-gnome.

Helix continues to take criticism for their responsiveness to security problems, since the initial posting was sent a week before to Helix without receiving a response. In addition, the original bug report and this followup both pointed out additional security issues to which Helix has not responded. Further postings indicate that the problem has been reported, in multiple forums for over a month and a half.

screen setuid root vulnerability. A vulnerability in screen 3.9.5 and earlier that can be exploited by a local user to gain root was recently reported. Note that screen must be installed setuid root in order to be exploited.

• Debian
• Linux-Mandrake (not vulnerable)
• Red Hat, unofficially reported not vulnerable
• FreeBSD
• Conectiva (not vulnerable)
• NetBSD

Remotely exploitable mopd vulnerabilities. FreeBSD issued an advisory warning of several vulnerabilities in mopd that are remotely exploitable. No specific details are provided, but people using MOPD (an older protocol used for booting older DEC machines such as VAXen and DECstations across the network) are encouraged to either remove the mopd port or upgrade their mopd packages.

FreeBSD's Linux binary compatibility mode. A potential kernel stack overflow in FreeBSD's Linux binary compatibility mode can lead to a system compromise, reports FreeBSD. An upgrade to the latest FreeBSD 3.5-STABLE, 4.1-STABLE or 5.0-CURRENT should fix the problem. This problem should be limited to FreeBSD.

FreeBSD ELF lockup. Also specific to FreeBSD, a system lockup can be triggered by a problem with the ELF binary format. This leaves the system vulnerable to a local denial-of-service attack, since a 15 minute hang can be triggered by an unprivileged user. A kernel patch is provided, or the system can be upgraded.

brouted gid kmem vulnerability. FreeBSD issue an advisory warning that the brouted dynamic routing daemon is erroneously installed setgid kmem. As a result, it can be locally exploited to gain root access. Removing the setgid bit should fix the problem. Updated packages have also been made available. This vulnerability could impact other operating systems that include the brouted daemon.

GNOME esound file permissions problem. FreeBSD has reported a file permissions problem in esound, the GNOME desktop component responsible for multiplexing access to audio devices. esound uses a world-writable directory in /tmp for the storage of a Unix domain socket. A race condition allows this to be exploited to compromise the esound user's account (or root, if root runs esound). FreeBSD has made updated packages available and contacted other vendors about the problem.

Commercial products. The following commercial products were reported to contain vulnerabilities:

Updates

PGP ADK-related security problem. In last week's Security Summary, we mentioned that the information available was unclear as to whether the freeware version of PGP for Unix/Linux was affected. Greg Louis dropped us a note to point out that the available information was updated soon after publication. On this website, a clear statement is made that the freeware version of PGP for Unix/Linux version 6.0-6.5.2 are vulnerable. An upgrade to PGP 6.5.8 is recommended. Happily, that version is now available for download.

Zope 'mutable object' vulnerability. Check the August 24th Security Summary for details. Two fixes have been released for this problem; only the most recent one fixes all issues. The updates below are ones that contain the second fix. Check the August 17th Security Summary for additional distribution updates that include the first fix only.

This week's updates:

Linux-Mandrake

• Red Hat (Zope is part of the PowerTools product) (August 24th).
• Debian (August 24th)
• Conectiva (August 24th)

mgetty temporary link vulnerability. Check last week's Security Summary for details. An upgrade to mgetty 1.2.22 should fix the problem.

This week's updates:

• Linux-Mandrake

• Conectiva (August 31st)
• Caldera (August 31st)

Netscape 'Brown Orifice' vulnerability.Check the August 10th Security Summary for more details.

This week's updates:

• Debian
• TurboLinux
• FreeBSD

• Conectiva (August 24th)
• Red Hat (August 24th)
• Linux-Mandrake (August 24th)
• Caldera (August 24th)
• SuSE (August 24th)
• SuSE (now available on US mirrors) (August 31st)

perl/mailx. Check the August 10th Security Summary for details.

This week's updates:

• Slackware

• Red Hat (August 8)
• Debian (August 8)
• Caldera (August 9)
• Linux-Mandrake (August 9)
• SuSE Linux (August 17th)
• Conectiva (August 17th)
• Yellow Dog Linux (two updates: mailx, and perl).

xlockmore. Check the August 24th Security Summary for details. An update to xlockmore 4.17.1 is recommended.

This week's updates:

• FreeBSD

• Conectiva (August 24th)
• Debian (August 24th)
• Linux-Mandrake (August 31st)

xchat URL handler bug. Versions of xchat from 1.3.9 through and including 1.4.2 can allow commands to be passed from IRC to a shell. Check BugTraq ID 1601 for more details.

This week's updates:

• Helix GNOME

• Red Hat (August 24th)
• Linux-Mandrake (August 31st)
• Conectiva (August 31st)
• Debian (August 31st)
• Slackware (not vulnerable) (August 31st)

Resources

Portable OpenSSH 2.2.0p1. Version 2.2.0p1 of portable OpenSSH was announced this week. The new version now includes DSA key support, Random Early Drop connection rate limiting, and improved interoperability with SSH.COM's ssh 2.3.0.

ICMP Usage In Scanning v2.0 - Research Paper. Ofir Arkin has issued an updated version of his research paper on the use of ICMP in scanning the Internet for host detection, operating system fingerprinting and more.

Jukka Lahtinen minicom. Check last week's Security Summary for details. No official updates have been seen as of yet. Unofficial reports indicate that Red Hat 6.1 and 6.2 and Slackware 7.0 are vulnerable and that SuSE, Linux-Mandrake, FreeBSD, Debian and (reported this week) Conectiva are not vulnerable.

Events

September/October security events.

Date	Event	Location
September 1-3, 2000.	ToorCon Computer Security Expo	San Diego, California, USA.
September 11-14, 2000.	InfowarCon 2000	Washington, DC, USA.
September 13-14, 2000.	The Biometric Consortium 2000	Gaithersburg, MD, USA.
September 19-21, 2000.	New Security Paradigms Workshop 2000	Cork, Ireland.
September 26-28, 2000.	CERT Conference 2000	Omaha, Nebraska, USA.
October 2-4, 2000.	Third International Workshop on the Recent Advances in Intrusion Detection (RAID 2000)	Toulouse, France.
October 4-6, 2000.	6th European Symposium on Research in Computer Security (ESORICS 2000)	Toulouse, France.
October 4-6, 2000.	Elliptic Curve Cryptography (ECC 2000)	University of Essen, Essen, Germany.
October 11, 2000.	The Internet Security Forum	Edinburgh, Scotland.
October 14-21, 2000.	Sans Network Security 2000	Montery, CA, USA.
October 16-19, 2000.	23rd National Information Systems Security Conference	Baltimore, MD, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Those wanting to try the testing releases should approach with caution, however; the releases through -pre5 have had some serious file corruption problems. The debugging effort took some time, and was not helped by the simultaneous emergence of a corruption bug in the pine mailer which was, ironically, triggered by a particular message on the BUGTRAQ list.

The bug (the kernel bug, that is) turns out to have been introduced in 2.3.7, over a year ago. Recent changes have brought it out, however. Once it was found, a couple of fixes of the "brown paper bag" variety went in, until Linus finally tracked it down. As he put it:

Thanks, and THIS time it really is fixed. I mean, how many times can we get it wrong? At some point, we just have to run out of really bad ideas..

As always with development kernels, be careful out there... especially given that the -pre6 patch announcement from Linus expresses a rather lower level of confidence.

Meanwhile, Daniel Stone has been working on a press release for the 2.4 kernel, whenever it should come out. (The release is optimistically dated September...)

The current stable kernel release is 2.2.17 - finally. The 2.2.17 release was officially blessed and announced on September 4. Work on 2.2.18 had actually begun before 2.2.17 came out; the latest announced prepatch is 2.2.18pre2; there is actually an unannounced "pre3" patch out there as well. The 2.2.18 series has started off with a number of "higher risk" updates - things which Alan Cox did not want to put into 2.2.17. Perhaps most significantly, the USB backport from 2.4 is there; most vendors were already shipping kernels with 2.4 USB anyway, so putting it into the official version won't change much.

The ritual call to see the updated NFS code in 2.2.18 has gone out. Alan is, so far, resisting. The new NFS code fixes a lot of problems (and adds NFSv3), but it's still a big change for a stable kernel series.

The current ancient kernel prepatch is 2.0.39pre7, which was announced on September 2. Unless something changes, this will be the last of a very long-running prepatch series, and the 2.0.39 stable kernel release will happen at some point relatively soon.

TUX is loose. Ingo Molnar got the Linux world's attention last June, when his "TUX" subsystem established the world SPECweb record for web page serving. Since then, however, things have been quiet on the TUX front; in particular, no source has been forthcoming. That changed on September 1 when Ingo announced the first Alpha source code release. TUX is now loose.

Of course, this code is not something you would want to put on your main corporate server at this point. It was bleeding edge when it ran the SPECweb test, and has seen a fair amount of development since then. There are no guarantees with this release, except that, as stated in the announcement, "if it breaks you get to keep both pieces."

It is, nonetheless, interesting to see what has been done to create such nice results. TUX is, as stated, a kernel-based HTTP server which is oriented toward static content. Even highly dynamic sites can have a lot of static content - images, for example. TUX gets that content out quickly by avoiding a lot of the overhead involved in a user-space web server. In addition, a number of tricks can be employed when you are running within the kernel. For example, TUX not only caches the busiest files, it also caches the computed TCP checksums to avoid having to do that work over and over again. TUX can also work with high-performance network cards to avoid copying file data within the kernel.

Also part of TUX is an exported hook which can facilitate the caching of dynamic content. Often dynamically-produced pages are always the same for the same URL "input," and the work of generating them can be avoided through proper caching. Making use of this capability requires changes to the (user space) code which generates the dynamic content.

TUX will never be able to handle the entire job for many sites, however. Thus, it relies on a user space web server daemon; whenever TUX encounters something it can't deal with, it just passes it on to the (presumably smarter) user space server.

The TUX developers are aiming at a stable release of the code sometime in September. Thereafter, don't be surprised if it starts showing up on web sites worldwide. (For more information, see the TUX README file that comes with the distribution).

Is zero-copy TCP worthwhile? A certain Jeff Merkey of the Timpanogas Research Group spent quite a bit of time criticizing the Linux kernel for copying network data too many times. After all, says Jeff, both NetWare and his own MANOS (NetWare replacement) system do zero-copy TCP, and thus must be better. Is Linux really that poorly implemented?

The answer turns out to be "no", for a couple of independent reasons. On the purely technical side, the standard output path for TCP data only copies that data once - and that happens as part of moving the data into kernel space and computing the TCP checksum. So it would prove hard to improve much on that code.

The other interesting point of view, however, came from Linus, who points out that zero copy is often not the performance win that people think it is. By the time you have done all the overhead required to do a zero-copy operation (pinning the user page in memory, setting up the scatter/gather DMA operation, etc., and cleaning up afterward), you might as well just have copied the data. Zero copy is a nice idea that often is not so practical in the real world.

That notwithstanding, Ingo Molnar pointed out that the TUX webserver implementation includes a zero-copy scheme.

No NDS for Linux - to spite Microsoft?. The Timpanogas Research Group, headed up by Jeff Merkey, has announced the withdrawal of its promise to provide an open source Network Directory Services (NDS) implementation for Linux. Instead, TRG will concentrate its efforts on its own (open source) "MANOS" operating system. The press release included this interesting comment:

It is not our desire at this time to hand Microsoft or anyone else an open source 'scythe' they can use to harvest the NetWare(TM) installed base until a competitive Open Source NetWare NOS is available for Novell's customers to consider.

It is an interesting view - somehow providing an open source implementation will allow Microsoft to snap up all the Novell users who are, presumably, looking for a new vendor. Mr. Merkey reiterates this claim in another post where he states: "If we post it, Microsoft will grab it and it will be in NT within 48 hours of them downloading it from our site."

This sort of thing, of course, is what the GPL is for. It is a sad world indeed if contributions to Linux are pulled out of fear that Microsoft might use them. If Microsoft picks up some Linux code and uses it in accord with the terms of the GPL, then there is nothing for anybody to complain about. After all, one of the criteria for free software is that it cannot discriminate against users. If the GPL is not respected, it's time to call out the lawyers. Fear of Microsoft is no reason to withdraw kernel contributions; one suspects that a more complicated agenda is at work here.

Why is there no Linux kernel debugger? A certain Jeff Merkey posted a message to linux-kernel giving a different reason for the withdrawal of the Linux NDS effort. It seems that the real problem is that the kernel debugging facilities for Linux are inadequate.

The lack of a Kernel Debugger and other basic kernel level facilities on Linux make TRG's job about 20 times harder on Linux and take almost 10 times as long as is possible on NT, NetWare, or MANOS to develop software as a result of this.

Mr. Merkey has found himself to be rather less alone with this one - numerous people wonder just why a kernel debugger is not part of the mainline kernel itself. See, for example, this poston the absence of kdb.

The reason there is no debugger in the Linux kernel is, of course, because Linus does not want it there. This time, though, it was David Miller who came to the defense of this policy. The basic idea, which mirrors things Linus has said over the years, is that having an interactive debugger causes developers to focus on symptoms, rather than on what is really going on. According to David, some elbow grease invested in tracking down problems the hard way pays off in both a higher quality fix and a deeper understanding of how the kernel actually works.

The whole debate is long (and ongoing). For those interested in the soundbite version:

"Hard work now leads to less work later."
   -- David Miller

"Hard work now leads to less work full stop."
   -- Alan Cox

Other patches and updates released this week include:

• Miles Lott posted a read-only implementation of the BeOS filesystem for the 2.2 kernel.

• Mikael Pettersson released version 1.5 of his x86 performance counters driver.

• Christoph Hellwig posted his patch to make the Logical Volume Manager work with devfs.

• The September 2000 release of the CITI NFSv4 implementation for Linux has been announced.

• H.J. Lu has released version 0.2 of the nfs-utils package.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Red Hat claims huge Linux lead, rivals growing (News.com). News.com reports on the latest IDC study which shows Red Hat having the bulk of the Linux market. "Linux companies argue there is more competition between Linux and other operating systems than there is among versions of Linux itself. But Red Hat's aggressive push to have its brand name associated as closely as possible with Linux reflects the land grab under way as companies seek to establish as much dominance as possible of the up-and-coming operating system."

Distribution Reviews

Slackware Linux 7.1 (Duke of URL). The Duke of URL has put out a review of Slackware Linux 7.1. "Slackware is one of the best distributions around in the currency of its applications. In fact, I've never seen a more current distribution in all my years of using Linux. They're really raised the bar with KDE 1.91 and XFree86 4.0, and kernel 2.2.16, and proves that Slackware has more priorities than just staying close to UNIX. Thanks to Slackware, Linux never looked so good."

New Distributions

FTOSX. FTOSX is a new distribution from Future Technologies. They promise support for all the latest Linux technologies. Interestingly enough, this not only includes the Linux 2.4 kernel, but also the Linux 3.0 kernel ... which, of course, does not yet even have a development tree.

They also plan to have their own desktop environment, FTKDE, based on KDE 2.0 and FTX, which is called "a [sic] X Window porting based on 4.0". Their primary filesytem will apparently be ReiserFS. All of this is just a plan, though. The first FTOSX beta is not due out until October sometime. "We promise something new and more easy than actual Linux distributions.". [Thanks to Nicolas Verite].

MageNet Linux Server. The MageNet Linux Server distribution is based on Red Hat, but tailored to add or replace services according to their own preferences. For example, they have chosen to replace wu-ftpd with proftpd, ircII 4.x with ircII EPIC, and more. Their goal is a distribution with better security and more features than Red Hat 6.2. [From Freshmeat].

Scrudgeware. "A totally free operating system" is the goal of Scrudgeware. To that end, they have pledged to include only "GNU/GNOME/GPL" software. They are also designing the sytem to eliminate redundancies, so rather than include, for example, both KDE and GNOME, they have chosen to focus on GNOME and provide that exclusively. Of course, the licensing issues that might have influenced their decision originally have changed with his week's announcement that Trolltech is also licensing the latest Qt library under the GPL. However, we'll hazard a guess that they won't change their choice as a result. [From Freshmeat].

General Purpose Distributions

Linux-Mandrake News. Ulysses, Linux-Mandrake's first beta for their 7.2 release, has been announced. It includes KDE2 beta 4, enhanced installation and administration tools, XFree86 4.01, and CUPS as the default print system, among many other changes. "Please keep in mind that Ulysses is an experimental Operating System, it's not for daily use! The goal of beta testing is to help debug it and Ulysses is sure to contain things that are broken. Use with care!"

Joining a number of other distributors, MandrakeSoft has announced that it is publishing an enterprise version of its distribution. Linux-Mandrake Corporate Server 1.0 will include things like ReiserFS, an automated installation tool, and something referred to as "the amelioration of multiprocessor treatments." It will be available in Intel and Sparc versions.

MandrakeSoft also announced that, according to PC Data, Linux-Mandrake sold the most units of any distribution in the U.S., with 31.5% of the market. They are also pleased to have received the "Editor's Choice" award from Linux Magazine.

SOT launches BestLinux developer site. SOT has announced the launch of its BestLinux.org developers' site. SOT is based in Finland and their Best Linux distribution supports Finnish, Swedish and English.

Debian GNU/Hurd. A new issue of the Kernel Cousin Debian Hurd is available. If it is accurate, then there were only been two posts to the debian-hurd mailing list during the last two weeks of August -- possibly a sign of the start of the new college semester.

Slackware News. A new development tree for Slackware was made available this past week. The "current" tree already includes Netscape 4.75, XFree86 4.0.1, inn-2.3.0 and several glibc security fixes (check the Security Summary for more details).

Embedded Distributions

PeeWeeLinux 0.5.1. A new, minor update to PeeWeeLinux has been announced, PeeWeeLinux 0.5.1. "A command-line driven interactive script to load target devices has been added. Supported devices are any hard drive, including Compact Flash devices and floppy disks." The new script is called rd_dialog and loading of compressed RAMdisks for FAT and ext2 partitions is supported, among others.

Special Purpose/Mini Distributions

BYLD 1.0. The first stable release of Build Your Linux Disk (BYLD) was announced with minimal fanfare. Changes from the previous beta release are minor. BYLD is a mini-distribution primarily intended as starting place for people who want to "roll their own" distribution. It installs onto a single floppy disk and is sometimes used to build rescue disks or portable network clients.

Redmond Linux Beta1 Refresh. Redmond Linux is a relatively new distribution that caters to the non-technical end-user. It is based on Caldera OpenLinux. Their beta1 refresh version was announced last week and includes the 2.4.0-test3 kernel, KDE2 beta 4, an updated installer, and more.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

Browsers

Mozilla-Europe 2000. The Mozilla-Europe 2000 meeting has been announced. The conference will be held near Frankfurt Germany on September 23 and 24, 2000.

Interoperability

Installing & Using WINE (LinuxNewbie.org). LinuxNewbie.org has put up a help file on installing and using WINE. "...the best way to find out if a program will run under WINE, is to just try it. Sometimes compatible programs won't run, sometimes programs thought not to be compatible, will run. Just try it. You won't break anything. :)"

Wine Weekly News for September 4, 2000. The Wine Weekly News #59 for September 4, 2000 has been published. Take a look for the latest Wine development news.

Network Management

OpenNMS update. Here's the OpenNMS update for September 5, covering the latest happenings in the quest to create an open network management system. Among other things, the project is looking to hire developers...

Moodss-11.10 announced. Version 11.10 of moodss has been announced. Moodss, the Modular Object Oriented Dynamic SpreadSheet is a tool that is used for dynamically monitoring changing system information with a graphical or tabular display.

Office Applications

AbiWord Weekly News. The AbiWord Weekly News for August 31, which actually covers two weeks, is out.

Eye of Gnome 0.5 released. The Eye of Gnome version 0.5 image viewer has been released. This is the last release of EOG before some major reworking commences.

On the Desktop

KDE 2.0 release schedule. A new KDE 2.0 release schedule has been posted. It calls for the first release candidate on Thursday, September 14, and the official 2.0 release on October 16.

Qt 2.2 and Qt Designer released. Trolltech has announced the release of Qt 2.2. Many new features are included, including the new "Qt Designer" GUI builder. The announcement does not mention it, but this is the version which is covered by the GPL.

KDE Licensing Information. Rik Hemsley and Matthias Elter have put together an extensive list that details all of the licenses that are used in the base KDE source code tree.

GNOMEnclature: Handling multiple documents (DeveloperWorks). IBM's DeveloperWorks site has put up a lengthy, technical article on using the GNOME MDI class. "In this installment, George Lebl turns away from widgets to look at GnomeMDI, the Multiple Documents Interface from gnome-libs. GnomeMDI makes it easier to handle a variety of different documents at the same time in one program."

Science

FreeGIS CD v1.0.4 available. The latest packaging of the FreeGIS tools has been announced. An update on FreeGIS in general can also be found in the announcement - it looks like the pace of this project, which is putting together a collection of free Geographical Information System tools, is picking up.

Open Source Medical Project. Linux Med News has updated its Open Source Medical Project list recently. Numerous new additions have been added to bring the total to 29 applications.

Web-site Development

Midgard Weekly Summary. Here is the Midgard Weekly Summary for August 31. It covers the release of Midgard 1.4b5, and various other topics.

Zope Weekly News for September 6. The September 6 edition of the Zope weekly news is out. News includes a zope.org mirror site, a new Zope security document, and skins for Zope.

Section Editor: Forrest Cook

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Programming Languages

Erlang

Erlang 5.0 beta released. A new beta release of Erlang 5.0, known as release R7A has been announced. See the R7A release highlights for a preview of the changes and new features.

Perl

Perl 5.7.0 released (use Perl). Use Perl has posted this announcement about the release of Perl 5.7.0. "As promised when 5.6.0 came out, Perl 5 has now been clearly separated into stable maintenance releases and unstable development releases. Releases with even version numbers (6, 8) will be maintenance releases and odd version numbers (7) will be development releases."

Review of Programming Perl, Third Edition (DeveloperWorks). IBM's Developer Works has run a review of the third edition of the book Programming Perl. "The third edition of Programming Perl is impressive from the start. It has almost double the page count of the second edition. The cover is the same, except for the discreet banner in the top right corner, the TMTOWTDI ("There's More Than One Way To Do It") slogan at the top, and the list of authors. The similarity is only skin deep, however, as a look at the table of contents will quickly dispel any illusions that this book is only a revision."

Perldoc website announced. A new web site, perldoc.com, has been announced. This site is being maintained by Carlos Ramirez and offers a searchable html version of the Perl 5.6 documentation. A useful entry for the perl programmer's bookmarks file. The site also contains an archive of CPAN, the Comprehensive Perl Archive Network.

German Perl Workshop 3.0. The third German Perl Workshop is being held February 28 through March 2, 2001 near Bonn, Germany. Abstract submissions should be sent in until October 23, 2000.

University of Perl 2000 (O'Reilly). O'Reilly has announced the University of Perl 2000, a traveling Perl boot camp to be held in Seattle, Los Angeles, Atlanta, and New York City during October.

FreeWRL 0.26 released. A new release of FreeWRL has been announced. FreeWRL is a Perl based open source VRML browser for Linux. FreeWRL is licensed under the GPL license.

Python

Python releases. Python 1.6, the last in the 1.* series, has been released. Meanwhile, for the more bleeding-edge oriented, the first beta of Python 2.0 has also been released. (Thanks to Kalle Svensson). Also see the announcements for Python 1.6 and Python 2.0b1 from Guido van Rossum.

Linux.com interviews Guido van Rossum. Linux.com has interviewed Guido van Rossum, creator of the Python language. "2.0 will have several syntax extensions over 1.6, e.g. augmented assignment, list comprehensions, and an extension to the print statement. It will also have lots of XML support (mostly integrating the good work done by the XML-sig) and a new garbage collection feature, which will collect cyclical garbage for the first time in Python's life."

Python-dev summary for August 16-31. Here is A.M. Kuchling's Python-dev summary for August 16 to 31. It covers the "any day now" first beta release of Python 2.0 and many other topics in the Python development arena.

This week's Python-URL. Here is Dr. Dobb's Python-URL for September 5 with the latest in Python development news.

XML Processing With Python(Themestream). Themestream has run this article by Steven Vore on processing XML with Python. "This is not a normal book review. In fact, I'm leery of calling it a review at all. In reality, these are my notes taken while reading & working through examples in XML Processing With Python By Sean McGrath."

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for September 4 with the latest in Tcl development news.

Software Development Tools

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

iRobot's technical specifications page talks a bit about what's inside; it's running a 450 MHz AMD K6 processor, 64MB memory, and a 6GB disk. It has USB and wireless ethernet connections, a video camera, and a temperature sensor. They don't say whose distribution it is running, but the reference to "Linux 6.2" on the FAQ page gives a clue. It's running a version of Apache with SSL enabled.

An obvious concern with a system of this type is going to be security. After all, some care should be taken before placing a web-controllable, mobile device with audio and video capabilities at large on one's house. iRobot's security seems to be based mainly on SSL security and passwords; as long as you keep a handle on your password, the thing should be reasonably safe. That assumes, of course, that nobody turns up a bad Apache bug, that there are no Apache configuration mistakes on the device, and that the robot is not running any other services which could be compromised. Experience says that the software on this system is likely to need an update sooner or later; one hopes that the iRobot folks have a mechanism in place to deal with the likely trouble.

A related issue of concern: a device with a name like "iRobot" should certainly come with a statement of compliance with the Three Laws of Robotics, but none such appears on the web pages...

The IBM Asia Pacific Linux Initiative. IBM's Linux support moves into the Asia Pacific region with its Asia Pacific Linux Initiative. According to this announcement IBM will be spending more than $200 million over the next 4 years. The company already has "Solution Partnership Centres" in Tokyo, Shanghai, Sydney, Seoul and Bangalore. These provide a single point of contact for Linux developers to access the systems, software and technical skills of the online IBM resources. In addition, several "Linux Competency Centers" will be funded throughout the area, setting up alliances, deploying consultants, and more. The DeveloperWorks site will appear in Japanese and Chinese versions. IBM is partnering with TurboLinux for some of this work.

RSA patent released into public domain. RSA Security Inc. has announced that the RSA public key encryption patent has been released into the public domain. The act would have been rather more generous a few years ago - this patent is, after all, set to expire in two weeks. It is still something to celebrate, however; one of the fundamental cryptographic algorithms is finally free.

M-Systems and LynuxWorks announce DiskOnChip support for BlueCat Linux. M-Systems has announced that LynuxWorks will be including DiskOnChip flash memory support in BlueCat Linux.

Press Releases:

Open Source Products.
Unless specified, license is unverified.

• AMIRIX Systems Inc. (HALIFAX, NOVA SCOTIA, CANADA) announced the release of an open source configuration tool for embedded Linux systems. Amirix is a sponsor of the non-commercial 'Embedded Debian Project' whose goal is to create a completely open, multi-vendor embedded Linux software resource based on the Debian GNU/Linux distribution.

Commercial Products for Linux.

• 3R Soft (SAN JOSE, Calif.) unveiled MailStudio@MESSAGE, a web-based e-mail server program.

• Dialtone Internet, Inc. (FT. LAUDERDALE, Fla.) announced that all its Linux Servers and Linux Cluster Servers are being updated to deliver web content to wireless devices.

• Loki Software announced that SimCity 3000 Unlimited for Linux is now in production. The first copies will roll off the assembly lines late next week for shipment to our online store and other distributors.

Products with Linux Versions.

• Citrix Systems, Inc. (FORT LAUDERDALE, Fla.) announced the introduction of Citrix Extranet, its new Virtual Private Network (VPN) software solution.

• easyDNS Technologies Inc. (TORONTO) announced support for dynamic DNS updates for domain names subscribed to their DNS service.

• Hewlett-Packard Company (PALO ALTO, Calif.) announced its family of HP e-utilica solutions, which enable service providers and carriers to instantly launch or augment pay-per-use application hosting and compute capacity services.

• LegacyJ Corp. (SAN JOSE, Calif.) announced PERCobol Enterprise Version 2.5, a COBOL compiler that bridges to Java.

• Media Excel, Inc. (AUSTIN, Texas) introduced SoftStream, a real-time software encoding solution written in C language.

• Metagon Technologies, LLC (Charlotte, NC) announced that its flagship product, DQbroker will be available for free evaluation on September 11. DQbroker is a peer-to-peer distributed processing solution.

• Merlin Software Technologies International Inc. (BURNABY, British Columbia) announced it will provide support for Sun's Solaris operating system, IBM AIX and RedHat SPARC in the upcoming release of PerfectBACKUP+ v7.0.

• Pixami, Inc. (SAN RAMON, CA), a B2B infrastructure company formed to provide digital imaging technology to the online photo industry, announced it will now begin offering its complete suite of online photo enhancement technologies on the Linux operating system.

• Rational Software (PHILADELPHIA, Pa.) announced Rational SiteLoad, a Web-based load testing product designed to help e-businesses avoid costly and highly visible Web site failures.

• RSA Security Inc. (BEDFORD, Mass.) introduced the latest version of its RSA BSAFE Crypto-C security software.

• Sensiva, Inc. (Mountain View, California) unveiled a line of Internet navigational software that provides a consistent interface across different applications, different platforms and different languages.

• Zero G (SAN FRANCISCO) announced the immediate availability of version 3.5 of the InstallAnywhere product line, a multi-platform software deployment system.

Java Products.

• Inprise/Borland (SCOTTS VALLEY, Calif.) announced Borland JBuilder 4, the latest version of its pure Java cross-platform development environment.

• Vertel Corporation (WOODLAND HILLS, Calif.) announced the e*ORB Java Edition, mediation software, tested on Linux.

Books & Training.

• IDG Books Worldwide (FOSTER CITY, Calif.) announced a rebirth of its Visual(TM) brand (formerly the 3-D Visual(R) series). Some Linux related titles are included in the series.

• O'Reilly (Sebastopol, CA) just released the second edition of "Java Network Programming".

Partnerships.

• Corel Corporation (MILPITAS, Calif.) announced it will partner with PCTEL, Inc. to support a Linux-compatible software modem.

• EdgeMatrix (HONG KONG) has clinched a deal with Brighton Technologies to WAP-enable mobile shares trading in China. EdgeMatrix software run on Linux.

• Embarcadero Technologies, Inc. (SAN FRANCISCO) and Red Hat, Inc. announced the immediate availability of Embarcadero's ER/Studio, Rapid SQL and DBArtisan database management solutions for Red Hat Linux.

• Loki Software Inc. (TUSTIN, Calif.) and Trolltech announced a strategic alliance to provide business and end-user programs for Linux.

• Merlin Software Technologies International Inc. (BURNABY, British Columbia) announced an agreement with Servicios Humanos Especializados en Computo, S.A. under which S.H.E.C will distribute PerfectBACKUP+ throughout Mexico.

• Minerva Networks (SANTA CLARA, CA) announced a partnership with SGI. Minerva has integrated its IP Television service management software with Linux-based SGI 1200 and SGI1450 servers.

• NeTraverse Inc. (AUSTIN, Texas) and RedFlag Software Co., Ltd. announced a strategic partnership and alliance. RedFlag will standardize the NeTraverse Win4Lin Desktop and Server products to run Windows applications on RedFlag Linux.

• RadiSys Corp. (HILLSBORO, Ore.) has signed a partnership agreement with MontaVista Software Inc. to promote the Linux operating system on RadiSys' embedded solutions.

Personnel.

• Baymountain, Inc. (RICHMOND, Va.), a provider of Linux-based ASP services announced that Barry Bryant has joined the company as Chief Operating Officer.

• Lineo, Inc. (LINDON, Utah) named Bob Waldie, formerly of Moreton Bay, as Chief Operations Officer.

• LinuxOne (Mountain View, CA) announced the resignation of Richard Kraus, CEO and President.

Linux At Work.

• SurfControl plc (LONDON) announced a contract with Concert, the AT&T/BT global communications venture, to supply Concert with the new Linux-compatible version of its Internet filtering software.

Other.

• Bluepoint Linux Software Corp. (LOS ANGELES) announced that it received two awards on " 'Yesky Cup' 2000 Computer Week Reader Survey Award Banquet" held on August 31 in Beijing, China.

• A new magazine called Genome Technology will publish its first issue this month. Included is a feature story on one of the world's largest production Linux installations at Incyte Genomics in Palo Alto.

• InfoWorld magazine (REDWOOD SHORES, Calif.) awarded Oracle8i Release 2 on Linux the highest overall Test Center rating of "excellent."

• Tata Consultancy Services (TCS) (NEW YORK) announced the opening of four new offices located in New York City; Round Rock, TX; St. Louis, MO; and Phoenix, AZ. The Round Rock office will serve as the home base for TCS' Linux Research and Development activities.

• TechMetrix Research (BOSTON) announced the availability of its newest study, Open Source and Free Software Report.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the News

KDE, Qt, and GNOME

Good news for KDE:Trolltech adds GPL option to Qt (ZDNet). A report on the Qt licensing change. "One happy beneficiary of Qt's new GPL license is KDE, the most popular Linux desktop environment, which is currently vying with GNOME to be the preferred environment for mainstream Linux developments. KDE, an open source project itself, has occasionally been shunned by open source advocates due to its dependence on the non-GPL Qt."

Barrier lowered between Linux interfaces (News.com). Another report on the Qt license change: "The change means the KDE user interface, which is based on Trolltech's Qt, will now compete on a more equal technical basis with the Gnome user interface, which is based on the GTK+ library. In a series of flame wars in recent years, debaters have often focused on the legal underpinnings of the two user interfaces."

.comment: Peace in Our Time? (LinuxPlanet). LinuxPlanet talks with Nat Friedman and Miguel de Icaza about the Qt license change. "I don't think it changes things, because people who actually care about licenses are a minority of the software world. That's why KDE got so much popularity independent of whether it had license problems or not. But it's going to help a lot of people who finally can have a free desktop, and that's good."

It's the apps, stupid (ZDNet). Here's a column on GNOME and KDE. "To their credit open source developers, by and large, have ignored the battle analyses and just kept coding -- and that's good news for all of us. For as Linux gets better, as GNOME and KDE keep pushing each other, as open source desktops continue to increase in popularity and attract more applications, we all win and nobody loses."

Companies

Open Source NetWare Thorn To Novell? (ZDNet). ZDNet looks at the Timpanogas Research Group and its plan to produce an open source NetWare clone. "Now, TRG is free of a two-year court order preventing it from writing any code, according to Merkey, the company's CEO. TRG expects to deliver its open source Metropolitan Area Network Operating System in the second half of 2001. The OS will run a 'NetWare-like SMP kernel' and will support NetWare directory, file and print protocols, Merkey says. In addition, MANOS will be able to run Linux applications, and will be released under the Gnu Public License, which lets users freely distribute, copy and modify the source code."

Transmeta's Stock Offering May Buck a Cooling Trend (NY Times). The New York Times covers Transmeta's IPO filing. "Despite Mr. Torvalds's presence, Transmeta is not a company whose business is based around the Linux operating system; it is a semiconductor company that plans to use Linux in conjunction with some of its chip designs. Nonetheless, some analysts and money managers raise the specter of slumping Linux-related stocks when talking about Transmeta."

Business

Conoco hopes to hit oil with slick supercomputer (News.com). News.com looks at Conoco's new cluster. "The computer uses dozens of single- and dual-processor Intel-based computers connected by a 10-mbps network, 10 terabytes of hard disk storage and a tape library. The company declined to provide further details on the hardware."

Four industry giants back new lab for Linux R&D (Computerworld). Here's an article about the Open Source Development Lab. "Dan Kusnetzky, an analyst at International Data Corp. in Framingham, Mass., agreed, saying that the only way Linux will be ported to large-scale hardware will be through the creation of such a lab, where independent developers will have hands-on access to leading-edge machines."

Will Linux Group Burn Sun? (ZDNet). Here's an article that sees the Open Source Development Lab as a potential anti-Sun conspiracy. "Publicly, the new Open Source Development Lab (OSDL) hopes to promote Linux in the enterprise. But privately, the OSDL-funded by HP, IBM, Intel and NEC USA-may be plotting against Sun Microsystems."

Sun helps Linux go global (News.com). News.com has put up this article on Sun's release of its internationalization software. "The software is a layer that makes it easier to write software onto which any number of languages can be grafted. A program written to use the layer can be more easily shifted so Japanese as well as French people can use a program. Currently, Linux software is typically rewritten for each new language." (Thanks to César A. K. Grossmann).

Resources

LinuxDevices.com Embedded Linux Weekly Newsletter. The LinuxDevices.com Embedded Linux Weekly Newsletter for August 31 is out. As always, it contains a comprehensive summary of happenings in the embedded Linux world.

MP3 on Linux HOWTO (DukeOfUrl). The DukeOfUrl site has put up an article on working with the MP3 audio format with Linux systems. "In fact, odds are if you have a Linux machine, you already have all the tools you'll need to create and MP3, you just might need some command-line advice."

Linux Hardware Support Survey Part 1: Motherboards (Signal Ground. This article takes a look at how well various motherboard manufacturers support Linux. The research was done by looking at each manufacturer's web site and looking for Linux references. "What we found surprised us and even made us laugh out loud at times. Sadly, the hardware world is still overwhelmingly Windows-centric. But there were some glimmers of enlightenment in this sea of companies, and we'll recommend companies to deal with if you're a penguin at heart."

Poll: most important software tools (LinuxDevices.com). LinuxDevices.com is running a poll of embedded Linux developers in an attempt to find out which are the most important software tools in that arena. If you have opinions on the matter, you might want to head on over and share them.

Linux Buyer's Guide IV (DukeOfUrl). The DukeOfUrl has released its latest Linux Buyer's Guide. "AMD is back in the lead and with authority. Once again, I do not choose an SMP setup here because many applications are just not multi-threaded yet. Our goal here is to put together a realistic dream machine, not a wasteful one."

Reviews

From Old PC To Powerful Server (ZDNet). ZDNet reviews Cybernet's NetMAX Professional Suite. "Installation isn't pretty during the first section, consisting of bewildering Linux text messages scrolling up the screen. Linux-phobes aren't asked to do anything even resembling a command, however; the program just answers a few quick questions and continues to the browser-based installation screens, which are clean and attractive." (Thanks to Louie L. Lindenmayer III).

Interviews

Interview: Quentin Cregan (O Linux). O Linux interviews SourceForge developer Quentin Cregan. "SourceForge's role in Open Source appears to be becoming (hopefully) the base carrier of content. Geocities for Open Source, if you like =) We think it's great that so many developers can come to one place, and find so much freely downloadable and modifiable software."

Finally

A lab of one's own (Upside). This column covers the Open Source Development Lab, the upcoming MacOS X release, and a sighting from LinuxWorld: "Recent attendees of the LinuxWorld Convention and Expo may have spotted the offending T-shirt: A cartoon image of the BSD 'daemon' mascot and Tux, the Linux penguin mascot, er, re-enacting the famous love scene from 'Deliverance.' The caption: 'Plugging Linux Security Holes since 1994.'"

Hypocrisy: An Open Source Closed Community (LinuxPower). Here's a column from somebody who had a bad day at LinuxWorld. "The slashdot camp expects to be treated like kings, with the open source community as their court. Perhaps they have forgotten that one of the wonderful things about the open source community is that we're all equals." (Thanks to Charles Chapman).

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Free Software Job Website. Lolix.org is a job site for the Free Software community. Employers may post job descriptions and potential employees may post resumes. The original site is for France, a United States version is being beta tested.

Resources

Top Ten Tips for Linux. O'Reilly presents some useful tips for Linux users. "These tips may seem simple, but I've found it's often the simple tricks that are the most useful in day-to-day work."

Linux Gazette #57 released. The September 2000 issue of the Linux Gazette is out.

LinuxFocus for September. LinuxFocus Magazine has released the September 2000 issue.

Events

Panel on the Open Source Movement at ESC. This year's Embedded Systems Conference will feature a debate on the topic: "The Open-Source Movement: Boon or Bane for Embedded Systems Developers?". The debate is scheduled for Monday, September 25 at 6:00 p.m.

September events.

Date	Event	Location
September 20 - September 22, 2000.	7th International Linux Kongress	Erlangen, Germany.
September 24 - September 28, 2000.	Embedded Systems Conference 2000	San Jose, CA.
September 25 - September 28, 2000.	LINUX Business Expo	Atlanta, Georgia.
September 27 - September 30, 2000.	Linux Asia 2000 - email: Zaid Karim Shaari	Putra World Trade Centre, Kuala Lumpur.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net.

Web sites

Open Source Website. Planet Source Code has announced that its authors have made over a million lines of Open Source code available on the site to the computer programming public.

The launch of Linux2order.com. Linux2order.com, a Web-based company, announced the launch of its website, offering software applications and utilities for the Linux operating system,

User Group News

LUG Events: September 7 - September 21, 2000.

Date	Event	Location
September 9, 2000.	Linux Users of Victoria InstallFest	Monash University, Clayton, Victoria, Australia.
September 11, 2000.	Southeastern Indiana Linux Users Group Meeting	Madison/Jefferson County Public Library, Madison, IN.
September 17, 2000.	Omaha Linux User Group Meeting	Omaha, Nebraska.
September 17, 2000.	Beachside Linux User Group Meeting	Conway, SC.
September 18, 2000.	Linux Users' Group of Davis Meeting	Z-World, Davis, CA
September 19, 2000.	Free Software & GNU/Linux Club at Utah State University Forum	Logan, Utah
September 19, 2000.	Bay Area Linux Users Group Meeting	Four Seas Restaurant, Chinatown, San Francisco, CA
September 20, 2000.	Linux User Group of Groningen Meeting	Groningen, Netherlands

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net.

Software Announcements