[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


When is the right time to release free software? Red Hat has taken some grief recently for releasing development versions of the compiler and C library with Red Hat 7. One reason (of many) that has been put forward to explain this decision is that Red Hat is seeking to help stabilize the development of gcc 3.0 by increasing the development version's user base. By increasing the number of testers (also known as "users"), Red Hat 7 will flush out the remaining bugs and provide motivation for the gcc team to get 3.0 out there.

This situation reminds one of the infamous 5.0 release, which was the first mainstream distribution to include glibc2. Then, too, Red Hat justified its action as helping to bring about the stability of the C library.

The interesting thing is: Red Hat is almost certainly right. Until Red Hat 5.0 came out, few people outside the development community had tried to use glibc2. By including glibc2 in Red Hat 5.0, the company increased glibc2's user base by at least an order of magnitude. Those of us using the system can attest that quite a few bugs were found. The library soon stabilized. For a while, anyway.

The lore of free software says that no software is released before its time. By avoiding deadlines, free software developers give themselves the freedom to hold back a release until it is truly solid. That is the source of the extraordinary reliability of free software.

It appears that the lore has left out a step. It seems that the development community can only reach a certain degree of stability; thereafter it's necessary to spring the software on people who are trying to use it to get real work done. Only that level of testing can have a realistic hope of nailing down the last remaining serious bugs.

Thus Red Hat - and its users - may be doing the community a real favor by pushing out software relatively early. The pain suffered by Red Hat users allows all those smug Debian and SuSE administrators to have their rock-solid systems that much sooner.

Part of the dues we pay for our free software is being part of the bug-finding crew. That's just how it works. But an awful lot of people don't get into bug-flushing duty until the software is presented to them as being ready, or nearly so. Development projects are catching on to this dynamic; why else do we have a development kernel called 2.4.0-test9, rather than 2.3.70-something?

Of course, it is not only free software which operates this way. Proprietary software, which rarely comes in development versions, is often even farther away from stability when it is presented to its users. Anybody who attempted to install Solaris 2.0 understands this very well.

Free software users, at least, get their bugs fixed more quickly. Perhaps it would be appropriate to recognize this need for last-round testing more formally and visibly. That would certainly be preferable to surprising users with something that is supposed to be a stable release. In the end, helping get the last bugs out is a pretty small price to pay for the benefits of free software.

The StarOffice source is out. Right on time, Sun released the source for StarOffice - now renamed OpenOffice. There is obviously interest in this release - the download traffic on the first day was such that Sun's server evidently crashed from the load. At this point, a new distribution scheme via Akamai has been set up, and downloads are now fast.

At least, as fast as one could hope for. The source distribution weighs in at almost 80MB (370MB unpacked) - StarOffice was never a lightweight beast. The source consists of almost 35,000 files in over 2100 directories. Even so, it's not the full thing - some of StarOffice was built from third-party code and can not be redistributed under the GPL. These parts include little details like printing and spell checking.

Those wanting to dig into this source will have a daunting task ahead of them. "The source code is not as comprehensively commented as we'd like." says the OpenOffice source overview page in a rather understated way. If you do find comments in the code, they may just turn out to be in German. The build instructions are hard to find (there's no README file), terse, and incorrect. But, more importantly, consider that the code is in rapid and massive development, and the plan is to make major changes (i.e. to turn it all into GNOME components). Sun has a large number of engineers working on the project, and they will likely be the bulk of the developer community for some time.

In other words, OpenOffice looks an awful lot like Mozilla. So it should not surprise anybody if this project takes a very long time to get to its first truly stable release.

Then again, interesting things could happen much sooner. Consider this article on the KDE Dot News site which looks at how OpenOffice might be helpful to KDE - despite the fact that it's supposed to be a GNOME project. It seems the KDE folks see quite a few things that they could snarf out of OpenOffice to improve KOffice; the LGPL licensing of OpenOffice allows them to do that, of course. The end result could be truly ironic: KOffice may push ahead even faster as a result of the OpenOffice release while GNOME goes without a stable office suite for a long time. After all, OpenOffice will be a while until it's ready for prime time, but its release has taken some of the wind from the sails of AbiWord - the previous GNOME office suite project.

Feature Article: Sharing the Dream of Flight. For those of you who add a love of flying to your love of Open Source, we have the perfect present for you: an Open Source project that is working to build the best flight simulator ever seen. The project is called FlightGear. Liz Coolbaugh got a chance to investigate this project at the FlightGear booth during LinuxWorld San Jose 2000. As a result of that contact, we're now extremely pleased to provide you with this feature article about FlightGear, Sharing the Dream of Flight, written by FlightGear developer Alexander Perry.

"The FlightGear project is aiming to achieve "best of breed" by avoiding short-cuts and incorporating the best implementations of each aspect of the simulation. We are using open-source technology to achieve this goal. In fact, what makes the FlightGear project unique is that we are pioneering the use of "Open Source technology" towards improving flight simulation and making it more accessible, more usable, and more affordable than ever before."

Inside this week's Linux Weekly News:

  • Security: Data privacy and the file that wouldn't go away, lots of new vulnerabilities and updates.
  • Kernel: Toward shorter kernel development cycles; the kernel and new compilers; network driver entropy.
  • Distributions: New distributions: Madeinlinux, Ute-Linux and JBLinux.
  • Development:New Galeon and Mozilla, Samba project fork, Larry Wall speech, Ada for Linux.
  • Commerce: Scientific Computing Associates and Cluster systems; Eric Raymond's Open letter to Carly Fiorina.
  • Back page: Linux links, this week in Linux history, and letters to the editor
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


October 19, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Security page.

Security


News and Editorials

Data privacy and the file that wouldn't go away. Most of you are already familiar with the idea that files don't really disappear when you delete them. They get "dereferenced", e.g., the space on the disk where they were stored becomes available for writing new data, but the old data doesn't automatically go away. Normally, this is not a critical issue for the average user. In fact, many utilities have been written over the years to take advantage of this feature -- allowing an unwary user to "undelete" that file that they really hadn't meant to delete in the first place.

However, in a security-critical facility, everything changes. It is absolutely critical to know that a file, once deleted, is really, really gone. This problem isn't specific to computers, of course. Paper shredders were created to deal with this same issue in the paper office. Recovering information from a piece of paper that has been burned is an old trick in the detective/mystery writer business. If you're really, really serious about it, you dissolve the paper with acid, then mix with other fluids, then flush the results down the toilet -- everyone knows that, right? No, but presumably if you're in a business where the issue is important, you've learned.

So someone in a sensitive industry using the computer also knows that something extra must be done to "really" delete a file. There are a variety of options for this under Linux. One program to do this which was shipped with Red Hat Linux 6.2 is called "shred". The man page describes it as a utility to "Delete a file securely, first overwriting it to hide its contents." Unfortunately, it turns out that shred doesn't do a very good job. In fact, shred is so bad at what it does that its own author has abandoned the program, asking archive sites to remove it entirely. If you've been using shred, guess what, the files you thought you deleted may still be wandering around your disk.

The news isn't all bad; another program called Wipe is available to do the same thing and appears to be much more highly regarded. However, to demonstrate just how difficult the job is, Wipe's home page starts out with a warning that even Wipe won't be effective unless you disable the write cache on your disk and, under Linux, mount your filesystem with the "mand" option (to get kernel-enforced mandatory file locking). That's just the beginning, though, as noted by Alfred Perlstein, who pointed out that data logging filesystems, transactional filesystems, filesystems that perform online defragmentation (FreeBSD-FFS+reallockblks) and filesystems that offer snapshot capabilities may all interfere with the intentions of programs like shred and wipe.

If you've checked for all of those issues, don't forget one more: backups. You could spend a lot of time making sure your file has been deleted from your disk only to discover one or more perfectly good copies on your backup media (you do backups, right?).

Face it, we've optimized disks, filesystems and operating systems to prevent accidental loss of data. As a result, making sure that data really goes away is not easy to do. For most of us, that isn't a problem. For those of you in security-critical environments, be sure to check out your procedures carefully. There is a lot of margin for error.

Sen. Edwards Intro's 'Spyware Control Act' (Newsbytes). Senator. Edwards, a Democrat from North Carolina, introduced a new bill into Congress to address software privacy issues, the "Spyware Control and Privacy Act". Newsbytes covered the new bill and its potential impact. "Under S. 3180, the "Spyware Control and Privacy Protection Act," manufacturers that build spyware into their products must give consumers clear and conspicuous notice - at the time of installation - that the software contains spyware. Such a notice would describe what information would be collected and to whom it would be sent. The spyware would then be forced to lie dormant unless the consumer chooses to enable it."

Redress amounts up to a half million are allowed under the current format of the bill. Note, however, that some of the teeth of the bill is removed by exceptions for technical support and licensing issues.

Maybe I Should Be Afraid of Linux? (SecurityPortal). SecurityPortal looks at Linux and security. "In any case, this is a serious strike against Linux's security as a server operating system. Linux seems to have become the 'number 1 target.' The bulk of the new exploit code is coming out for Linux, even for vulnerabilities present in all Unices." Overall the article is quite positive. (Thanks to Cesar A. K. Grossmann).

This month's CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for October is out. It covers the rise of "semantic attacks," web privacy policies, and the selection of Rijndael for the AES standard. There is also a brief mention of the CueCat fun.

Security Reports

Format string vulnerabilities in PHP. Multiple format string vulnerabilities in PHP 3 and PHP 4, including one involving the use of syslog, were independently reported by two separate parties. Here is the report from Jouko Pynnönen and the advisory from @stake, Inc. These vulnerabilities can be exploited remotely to execute arbitrary code under the web server's identity. The PHP team was notified and has released new versions both PHP 3 and PHP 4 to fix these problems.

Here is the announcement for PHP 4.0.3, the corrected version of PHP4. PHP 3.0.17, the corrected version of PHP 3, is also available for download.

This week's updates:

GnuPG false signature verification. The Gnu Privacy Guard is a complete and free private/public key encryption system. Jim Small reported to BugTraq a problem in how GnuPG handles multiple signatures within a single message. It turns out that GnuPG 1.0.3 and earlier only check a single signature within a message for validity, even if the message contains multiple signatures.

Werner Koch, from the GnuPG development team, posted an acknowledgment of the problem. GnuPG 1.0.4 has, since then, been released and contains the fix for this problem. Anyone using GnuPG will want to upgrade their package as soon as possible.

As another data-point for the need for pro-active auditing for security problems, Werner commented, "This problem has been in GnuPG since the beginning but Jim seems to be the first one who noticed that. We need better auditing folks!"

XFree86 3.3.X Xlib buffer overflow. Another buffer overflow in Xlib in XFree86 3.3.X was reported on BugTraq by Michal Zalewski. It appears that this problem was fixed in XFree86 4.0 over a year ago, but the fix was never backported to XFree86 3.3.X. Ramifications of this vulnerability appear to be limited. No official response or patch has been provided as of yet.

muh IRC bouncer format string vulnerability. muh, a GPL'd IRC bouncer, contains a remotely-exploitable format string vulnerability that can allow the execution of arbitrary code under the identity of the muh user. The problem was reported in this FreeBSD advisory but would affect any system with muh installed. The advisory indicates that the vendor has been contacted and an updated version of muh released. However, information from the muh homepage indicates that only a source patch for the problem is currently available.

NIS/ypbind format string vulnerability. A format string vulnerability has been reported in NIS/ypbind. ypbind is used to request information from a NIS server which is then used by the local machine. The logging code in ypbind-3.3.X is vulnerable to a printf formatting attack which can be exploited by passing ypbind a carefully crafted request. As a result, ypbind can be made to run arbitrary code as root. This is a bad vulnerability; an immediate upgrade is strongly recommended.

The SuSE update below makes interesting reading as it describes the problems that have come up with various versions of the ypbind daemon. As a result, SuSE has not released a fix for ypbind-3.3.X, but instead has updated ypbind-mt (default for SuSE 7.0) and recommends that all customers upgrade to the SuSE 7.0 base and then apply this fix.

This week's updates:

Kondara MNU/Linux update to pdnsd. pdnsd is a small name-server optimized for caching. Kondara MNU/Linux put out an advisory reporting that pdnsd terminates unexpectedly after receiving an illegal packet, opening up a potential denial-of-service attack. They provide pdnsd 1.0.11 packages which contain a fix for the problem.

Meanwhile, pdnsd 1.0.12 has been released as well (according to the pdnsd home page), promising more hardening against denial-of-service attacks and "additional security enhancements".

curl buffer overflow. The Debian Project has issued a security update to curl, fixing a buffer overflow problem in that package. Debian has released patched versions of curl and curl-ssl 6.0-1. Meanwhile, curl 7.4.1 has also been announced and includes a fix for a "possible buffer overflow" as well, presumably the same one.

Buffer overflows in ping. Red Hat has issued a security update to ping fixing two buffer overflows and modifying the manner in which ping handles sockets. Note that there are multiple free software versions of ping floating around; the one fixed today was Alexey Kuznetsov's ping, which is part of iputils, as opposed to the ping included in netkit. Chris Evans found most of the problems and worked with Alexey to get them fixed. Presumably, any other distribution that is using Alexey's ping will also need to put out an update.

FreeBSD update to fingerd. FreeBSD has issued an update to fingerd to fix a security problem specific to FreeBSD.

Authentication failure in cmd5checkpw 0.21. cmd5checkpw is an authentication module that implements the CRAM-MD5 authentication mode. Designed to work with qmail, it can be used by other programs as well. Javier Kohen has reported an input validation error in cmd5checkpw which, when used in conjunction with a version of qmail-smtpd that has been patched to add SMTP AUTH support, can cause a segfault when a non-existent username is used. In turn, the patch to qmail-smtpd will interpret this segfault as a successful validation. cmd5checkpw 0.22 fixes the error in the authentication module and qmail-smtpd-auth 0.26 fixes the problem in the qmail patch.

Web scripts. The following web scripts were reported to contain vulnerabilities:

  • Auction Weaver LITE 1.0 - 1.04 perl-based CGI scripts contain vulnerabilities that could allow remote attackers to create, read, or delete arbitrary files using the privileges of the Auction Weaver uid. Auction Weaver 1.05 has been released with fixes for these problems.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • Anaconda Foundation Directory contains a directory transversal vulnerability. The vendors have been notified but have not yet responded.
  • Half-Life Dedicated Server is reported to contain an exploitable buffer overflow that is being actively probed for and used by potential attackers. No response from the vendor has been seen so far.

Updates

gnorpm tmpfile link vulnerability. Check last week's LWN Security Summary for more details.

This week's updates:

Previous updates:

GNU CFEngine format string vulnerability. Root access can be obtained on a local system by exploiting CFEngine's use of syslog and its related format string vulnerability. Check last week's LWN Security Summary for more details.

This week's updates:

Previous updates:

traceroute local root access. A local user can exploit vulnerabilities in traceroute to gain root access. For more information, check the October 5th LWN Security Summary.

This week's updates:

Previous updates:

Apache mod_rewrite vulnerabilty. Files outside the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check last week's LWN Security Summary.

Apache 1.3.14 was released this week and contains fixes for this problem. Note, however, that it also broke configurations that use RewriteMaps, because the lookup key is no longer expanded. A patch to fix this has also been released. People upgrading to 1.3.14 will want to make sure that this patch has been applied.

This week's updates:

Previous updates:

ncurses buffer overflow. Check last week's LWN Security Summary for the initial report of this problem. It is surprising that Caldera has produced the only set of package updates for this problem so far.

This week's updates:

ssh/OpenSSH file transfer vulnerability. Check the October 5th LWN Security Summary for the initial report of this problem. Last week, Linux-Mandrake issued updated ssh packages that removed the setuid bit from OpenSSH under the mis-apprehension that this would mitigate this security problem. This week, they've announced the withdrawal of that security update, since removal of the setuid bit did not fix anything and broke some forms of authentication.

LPRng, LPR format string vulnerabilities. Format string problems in LPRng were reported in late September. Updates for LPRng and lpr (for a related problem) continue to be published.

This week's updates:

Previous updates:

xpdf symlink race condition. Check the August 31st Security Summary for the original report.

This week's updates:

Previous updates:

tmpwatch fork bomb denial-of-service vulnerability. Check the September 14th LWN Security Summary for details. A local root compromise problem turned up as well last week; this is fixed in all of the updates below as well.

This week's updates:

Previous updates:

usermode inherited environment variable vulnerability. Check last week's LWN Security Summary for details.

This week's updates:

Previous updates:

Resources

RFPolicy 2.0. An updated version of RFPolicy (Rain Forest's Policy) has been released. This is a widely-discussed full disclosure policy is well worth reading for those of you new to security reporting (as well as those of us who aren't new). Of course, no organization enforces this policy, but it does outline widely-accepted practices for both vendors and people who have found security problems and wish to report them.

Updated security tools. Here are some Open Source security tools which were announced, released, or for which minor updates have been made available in the past week:

  • VLAD the Scanner - An open source scanner that checks for the SANS Top Ten security vulnerabilities commonly found to be the source of a system compromise. It has been tested on Linux, OpenBSD and FreeBSD.

Events

Summercon 2001 - Request for Proposals. Summercon 2001 has issued its Request for Proposals for their next event, schedule June 1st through the 3rd, in Amsterdam, the Netherlands. "For those of you who do not know about Summercon, it is the oldest of the living security/hacker conferences. Its origins are well tied to the early years of Phrack Magazine."

Upcoming security events.
Date Event Location
October 29-November 2, 2000. SD 2000 (Software Development Conference) Washington D.C., USA
November 1-3, 2000. Compsec 2000 Westminster, London, U.K.
November 1-4, 2000. 7th ACM Conference on Computer and Communication Security Athens, Greece.
November 3-5, 2000. PhreakNIC v4.0 Nashville, TN, USA.
November 8, 2000. Security Forum 2000 Vancouver, British Columbia, Canada.
November 13-15, 2000. CSI 27th Annual Computer Security Conference and Exhibition Chicago, IL, USA.
November 26-December 1, 2000 Computer Security 2000 and International Computer Security Day (DISC 2000) Mexico City, Mexico
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


October 19, 2000


Secure Linux Projects
Bastille Linux
Immunix
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
Linux Security Audit Project
LinuxSecurity.com
OpenSSH
OpenSEC
Security Focus
SecurityPortal
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Kernel page.

Kernel development


The current development kernel release is 2.4.0-test9. The -test10 prepatch is currently in its fourth revision. This patch contains the usual pile of assorted fixes. It also has one new feature: the "frame divertor." This gadget can be used to perform transparent proxying and gatewaying across networks; essentially it puts an interface into promiscuous mode and vacuums up packets to be copied to another network.

Your editor's subjective impression is that the -test10 prepatch is one of the more stable of the recent kernels; -test8 and -test9 were rather rough in spots.

The latest 2.4 jobs list was posted by Ted Ts'o at ALS.

The current stable kernel release is 2.2.17. The stream of 2.2.18 prepatches has resumed with 2.2.18pre16. Among other things, this version of the patch contains the NFSv3 server patches, completing the integration of the new NFS code. There is much rejoicing in NFSland. There is also a large M68k update that didn't get put in entirely correctly, leading to some header files going into the wrong place. Presumably pre17 will fix that little problem.

How to get a faster kernel update cycle? The 2.4 kernel is late, the press is giving us grief, and people are wondering how the stable kernel release cycle could be sped up. The situation feels very similar to two years ago, when everybody was wondering where the 2.2 kernel was. 2.6 will probably be the same.

Alan Cox did post an interesting suggestion. In his scheme, there would essentially be two stable kernel release tracks. Once 2.4 comes out, the 2.5 development series would go off as usual. At some point, however, the developers would stop and decide which of the new features could be backported to the 2.4 kernel in a stable manner. That port would be done, with the result being 2.6. The 2.5 series would then be renamed 2.7, and the whole thing would eventually be stabilized as 2.8.

The idea would be to get a lot of the interesting new features out more quickly, while allowing the deeper changes to mature over a longer period of time.

Doing all of that backporting sounds like a lot of work, but the simple fact is that it happens now. Much of what has gone into recent 2.2 releases has been brought back from the current development series. It could well make more sense to create a new stable series to accept the backports; that way the current stable series could truly be maintained in a bugfix-only mode, which would help it to remain stable.

Jeff Merkey, instead, proposes that the kernel go to a much more modular architecture. Then the core kernel could be released independent of what is happening with, say, the device drivers. This mode of development might well lead to faster release cycles, but it would also require the kernel developers to freeze the interfaces between modules in a much more formal way. The developers have fiercely defended their ability to change the internal API as needed during development cycles. The alternative is to be slowly buried in backwards compatibility cruft. An example would be the block driver interface, which is showing some age and is likely to be severely thrashed in 2.5. An attempt to freeze the internal interfaces in a stronger way would block that sort of change and is likely to meet a high degree of resistance.

It may well be, in the end, that it really takes two years to do a proper development cycle on the kernel. If that proves to be the case, the best thing to do might be to find a way to get the important changes (such as device support) back to the users quickly while giving the deeper changes the time they need to mature and stabilize properly.

Network drivers and randomness. The Linux kernel includes a random number generator. It is used for a number of tasks, mostly security related, both inside and outside the kernel. As anybody who has studied the topic knows, generating random numbers with software can be very hard. Software, being deterministic, will tend to produce predictable numbers. So the kernel looks to other sources for its randomness. Much of this randomness ("entropy") comes from device drivers and their interrupts. The timing of interrupts from the keyboard, disk drives, and so on is variable enough to make the random numbers truly random.

Oliver M. Bolzer was looking at the code to convince himself of its strength and noticed that few drivers participate in the creation of entropy for the random number generator. In particular, he asked, why don't the network drivers take part in the entropy generation process?

It's a good question. After all, packet arrival times will certainly exhibit a certain kind of randomness. The problem is that the arrival of packets is also under external control. A suitably determined attacker could conceivably aim packets at the system in a way that would subvert the random number generator and weaken the security of the system as a whole. It would be a most difficult attack, no script kiddies need apply. But, rather than leave a potential opening in a crucial part of the system, the kernel developers are likely to keep the network drivers out of the entropy business.

On kernels and compilers. Occasionally a Red Hat 7 user, or somebody else with a too-new version of gcc, runs into trouble when compiling the kernel. It's worth remembering that the kernel has a well-defined set of compilers that it is supported with; for 2.2 and 2.4 both it's either gcc-2.7.2.* or egcs-1.1.2.

For this reason, distributions which include newer compilers also provide a special "kernel gcc" package, often called kgcc. It's important to install and use that version of the compiler for building kernels.

The problem here is almost never with the compiler itself. The kernel code uses no end of tricks for performance reasons, and operates in a much more volatile environment than most applications. Successive versions of the compiler tend to be more aggressive and better at optimization; every now and then a new optimization breaks some kernel code, leading to very strange bugs. Over time these get ironed out and the newer compiler becomes "certified" for use with the kernel. Until that time, the only people who should be using newer compilers to build the kernel are those who actively want to find the problems.

The hunt for undefined code. Here's one kind of problem that a new compiler can turn up. Most C programmers learn early on to avoid code like:

	a[i] = i++;
The results of this kind of code are undefined; the array assignment could happen either before or after the value of i is incremented.

Bernd Schmidt looked through the kernel source for this sort of code, and found quite a bit of it. He has submitted a patch to fix up the things he encountered; as he puts it, "in some cases, it wasn't entirely clear what the code intended, so I had to guess." This patch went into 2.4.0-test10-pre4, so we may well find a spot or two where he guessed wrong. The effort is a good one, though. This kind of code is a time bomb waiting to go off; it needs to be cleaned up sooner rather than later.

Other patches and updates released this week include:

Section Editor: Jonathan Corbet


October 19, 2000

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

New distribution: Madeinlinux.MadeinLinux 4.0 box Out of Italy comes this announcement for a new distribution called Madeinlinux. It comes in both workstation and server versions, includes ReiserFS and XFree86 4.0. In keeping with modern fashion, the first release is "Madeinlinux 4.0."

There are a couple of interesting features of this new distribution. The obvious one, of course, is its tight market definition. This is a Linux distribution tailored for Italians. To bolster its appeal in that market, they have extended "Italian support" past the installation menus, Gnome menus and man pages, to include the use of Italian in the shell and in the boot and error messages. More extensive documentation has been provided in Italian as well. In addition, though no specific details have been provided on what they changed, they promise that Italian law has been taken into consideration and the distribution tailored to adhere to it. As Linux develops and spreads, it will be interesting to see how well such nationalized distributions do against distributions that are working hard to set an international standard, such as Red Hat, SuSE, Linux-Mandrake, etc.

Meanwhile, one of the other emphases of Madeinlinux is the inclusion of a modest set of packages, designed to only include the five to ten applications that an individual is likely to use constantly, plus all the software needed to support those applications. As a result, the workstation and server versions each fit onto their own CD. To achieve this, they've made choices for the customer, instead of providing a range of options and allowing the customer to choose.

This is becoming a common theme among many of the new distributions we are seeing. While Debian's packages continue to expand almost infinitely, and even Red Hat expands to multiple CDs after years of holding on to a single CD for the base operating system, new distributions are choosing a different path. In order to differentiate themselves from the older distributions and to make Linux less daunting for newcomers, they are willing to make hard choices, even politically difficult choices, as to what packages will or will not be included by default.

Of course, if you don't like their choices, you can download the software you prefer. However, newcomers to Linux are less likely to do this. As a result, they are likely to choose a distribution that supports the packages that have been recommended to them and, once they learn a specific package (such as an email client), they are likely to stick with it, unless faced with an overwhelming reason to change.

From the history we have so far, we know that distributions tend to expand over time. They have to continue to include packages that people are actively using, yet they need to include the latest and greatest new packages as well. New distributions can take a different tack, starting from scratch and without existing customers to offend. If they do a good job, they'll attract new customers. Meanwhile, their workload for maintaining, supporting and improving the distribution is decreased.

Will that also help them survive in such a crowded market? We'll have to wait a year or two to tell.

For more information on Madeinlinux, check out their response to the LWN Distributions Survey.

Other New Distributions

First version of Ute-Linux available. The first version of Ute-Linux has been released. Ute-Linux comes out of the Timpanogas Research Group, and is intended to be a platform for their NetWare and clustering technologies; it's built with Red Hat and OpenLinux packages. See the announcement for a long description of the distribution and how it's built.

JBLinux -- 'Just the Best of Linux'. JBLinux is a new distribution promising to offer speed and stability. Echoing this week's editorial theme, it also promises to include only the "most essential software" for Linux. The website also warns that it is not recommended for beginners. JBLinux 1.1beta 6 was announced on October 16th. In addition, in response to requests, the author has also provided a package list for the latest version. JBLinux is currently only available in ISO format.

General-Purpose Distributions

TurboLinux ships Workstation Pro 6.1, cluster server. TurboLinux has announced the release of TurboLinux Workstation Pro 6.1. This release includes an IA-64 version; TurboLinux thus claims to have the first commercial IA-64 Linux.

The company has also announced the release of "TurboLinux Cluster Server 6." It's a high-availability clustering system, aimed at web servers. Interestingly, the PR points out that the cluster server can be installed on top of Red Hat's distribution.

Debian News. This week's Debian Weekly News covers VA Linux's announcement of new servers pre-installed with Debian, Debian GNU/Hurd CD images that are available for the first time and a milestone in the port of Debian to the HP-PA RISC architecture.

The October 12th Debian Kernel Cousin covers eight threads from debian-devel, including the installation of packages in non-standard directories, a new version of lintian and more. It is a nice way to keep up with Debian development issues without pouring through several hundred mail messages a week.

The latest issue of the Kernel Cousin Debian Hurd shows increased development activity, now that the summer months are over. Progress has been made getting XFree86 3.3.6 up and running under the Hurd. A memory leak has been reported and is still being investigated.

New Caldera FAQs. Caldera has added several new FAQs to their support knowledge base. Topics covered include Samba, printers and hardware-specific installation questions.

Linux-Mandrake news on AvantGo. For you Palm users out there: MandrakeSoft has announced that Linux-Mandrake news is now available via AvantGo.

FTP version of SuSE 7.0 available. SuSE has announced the availability of the FTP version of its 7.0 release. (Scroll down in the announcement to get the English version).

Mini/Special Purpose Distributions

e-smith server and gateway. A new version of e-smith server and gateway has been announced. e-smith server and gateway 4.0 is based on Red Hat 6.1 and promises "more modular design, improved dialup support, user groups, email forwarding, virtual domains, network time server support, IMAP support, printer sharing, bootable CD-ROM, and incremental upgrade". e-smith server and gateway is from e-smith, inc. and is used on their line of Internet appliances.

Minor distribution updates. Here are some minor updates to distributions that have been announced this past week:

  • Nuclinux 0.9.3. This single floppy distribution now uses Links instead of lynx.
  • PeeWeeLinux 0.52. This embedded distribution now has 2.2.17 kernel packages, along with other minor bugfixes.

Section Editor: Liz Coolbaugh


October 19, 2000

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Development page.

Development projects


Browsers

Galeon 0.7.7 released. Version 0.7.7 of the Galeon Web Browser has been released. This version features improved mime type handling, better key handling, and many bug fixes. Galeon's motto is "The web, only the web"; the browser is small, fast, basic, and very effective. Currently, the installation is somewhat tricky and involves installing the Mozilla browser, along with recent versions of gnome-libs. A one-step installation process would be a welcome change.

Mozilla Milestone 18 released. The Mozilla project has released Mozilla M18. This version includes improvements to the Mail-News system and better response time.

Learning the ways of Mozilla (Upside). Upside Today has run an article on Learning the ways of Mozilla. The article discusses the efforts of two Mozilla designers, David Boswell and Ian Oeschger, in documenting the process of working with the Mozilla development project.

Project Update: Mo-Zilla not Less-Zilla (LinuxNews). Linux News' Michelle Head looks at the Mozilla development effort. The Mozilla project schedule and licensing issues are discussed. According to Mozilla's Mitchell Baker: "Linux is one of Mozilla's core platforms; we build and test on Linux constantly. Code that doesn't support Linux is not welcome in our source tree."

Databases

Oratcl 3.1 announced. Version 3.1 of Oratcl (no, that isn't a typo!) is now available. "Oratcl is an extension to the Tcl/Tk language that utilizes Oracle OCI calls to provide Oracle access via tcl."

Education

Freeduc Zone (Ofset.org). The Ofset organization has a project known as Freeduc, the FREe EDUCation software database that aims to build a catalog of educational open-source software projects. If you are working with Linux and education, check it out. "Until now - and probably for a while in most heads - the GNU/Linux system at school has been perceived as a good replacement of other proprietary servers. However the server is probably the least important things in term of freedom in a school network. It doesn't allow a teacher to share a workstation software with students. Supporting GNU/Linux in the workstation side can grant higher sharing freedom between users in school. At the same time several group has built list of free edu soft. OFSET has setup Freeduc, a tool to help to list, to evaluate and to package free - non GPL exclusive - edu soft."

Embedded Systems

Second deepLINUX Embedded Toolkit release candidate. The second deepLINUX Embedded Linux Toolkit (dELT) release candidate has been announced. It fixes a fairly serious problem that prevented the first one from working for a lot of people.

SiS boots PC BIOS out of the system (Linux Devices). Linux Devices reports on an announcement from SiS, which claims to have the first System On a Chip to boot Linux without a BIOS. The system performs device initialization directly from the Linux kernel and speeds the booting process considerably.

Interoperability

Wine Weekly News for October 9 and 16, 2000. The Wine Weekly News for October 16 is out. A new version of the Winecfg tool, version 0.32b, has been released.

Last week's Wine Weekly News showed up somewhat late. News included a recent $1.8 million investment from CodeWeavers to fund Wine development, an upcoming Wine release, and discussion of the effect that Microsoft's purchase of Corel stock may have on Wine.

Open-source angst: Fear of forking (ZDNet). ZDNet discusses the recent fork in the Samba project. One fork will emphasize the basic Samba functionality and the other fork will work on W2K interoperability and other cutting-edge support. See the original announcement about the SAMBA_TNG fork from Samba.org.

Network Management

OpenNMS Update. The latest OpenNMS update, Vol. 1 Issue 30, has been forwarded to LWN. This issue includes some highlights from the ALS show in Atlanta this past week.

Office Applications

Gnumeric 0.57 Released. Version 0.57 of the Gnumeric spreadsheet has been released. Numerous bugs have been fixed and improvements have been made to international character set support. Interestingly, this version now sports a working Applix importer.

GnomeICU 0.94.1 released. The Gnome ICU project is back on track after a brief hiatus and has released GnomeICU 0.94.1, an ICQ protocol based internet communications program. This release has some important bug fixes and adds a few new features.

LyX Development News for 20001018. Allan Rae has posted the latest edition of the LyX Development News. Lyx is a graphical front-end for Donald Knuth's TeX typesetting language. Lots of information on CVS and release scheduling is covered here, along with plenty of information for the upcoming 1.6 release.

On the Desktop

GNOME With Goodies (Linux Magazine). Linux Magazine reviews Helix GNOME in a feature article by Jason Perlow. "In addition to having many updated software applications that the official GNOME doesn't have, Helix GNOME is also a lot more polished and "feels" more like a commercial product -- it has a lot more desktop themes to choose from and the pre-loaded menu icons have a more professional look."

The people behind KDE: David Faure. The "people behind KDE" series continues with this interview with David Faure. "The funniest thing about meeting KDE or Linux developers in general is that everyone is always younger than you first imagine."

KDE Desktop 2.0 Final Release Candidate Available. The (hopefully) final release candidate for KDE 2.0 has been announced. The project plans to freeze the release on October 16, so now is the last chance to find and report any showstopper bugs.

KDE and OpenOffice. Here's an editorial on KDE Dot News on how the OpenOffice release will benefit KDE. "In contrast, KOffice, was built from the ground up for KDE[2], and is fully integrated with native KDE component and related technologies. It may actually be easier to import useful code and technology from OpenOffice to KOffice than to rewrite OpenOffice."

KDE Linux Packaging Project taken down. KDE Dot News reports on the demise of the KDE Linux Packaging Project due to lack of time and "one person" who was making life difficult. An interesting discussion about dealing with this kind of problem in an open-source project follows.

Science

PyClimate 1.0 released. Version 1.0 of PyClimate, a climate variability analysis toolset, has been released. PyClimate has been released under the GPL license.

Web-site Development

Apache 1.3.14 released. Apache 1.3.14 has been released. The mod_rewrite security problem and a few other bugs have been fixed. A new directory-based configuration scheme has been added. If you plan on using the new version, however, you'll want to apply this patch. Without it, sites that use RewriteMaps will likely break.

Zope Weekly News. This week's Zope Weekly News is out. It covers the first reactions to the Zope book, as well as providing updates on the latest happenings in Zope development.

Section Editor: Forrest Cook


October 19, 2000


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Ada

Ada for Linux. If you are working with the Ada language, you should check out the Ada for Linux Team page. This group is working on an open-source Ada compiler and associated development tools.

C/C++

Internet C++ alpha release. The alpha release of Internet C++ has been announced. Internet C++ is intended to be an open alternative to both Java and C#; it's essentially C++ which runs on a portable virtual machine. They have even ported Doom to the new system...

Java

A proposal for fixing the Java programming language's threading problems (IBM). IBM's Developer Works has published an article by Allen Holub that discusses Java's threading problems. " Allen Holub suggests that the Java programming language's threading model is possibly the weakest part of the language. It's entirely inadequate for programs of realistic complexity and isn't in the least bit object oriented. This article proposes significant changes and additions to the Java language that would address many of these problems. "

JavaUnix 1.0 released. Version 1.0 of JavaUnix, a portable extension API for the Java platform that provides access to Unix environment and filesystems, has been released. JavaUnix is distributed with an "Open Source" license.

Perl

Larry Wall gives ALS Keynote. Larry Wall gave a keynote speech at the Atlanta Linux Showcase entitled Camel Lot #6 where he discussed Perl's future directions. Nathan Torkington transcribed Larry's talk and Larry's slides from the talk are available. An audio recording of the talk is available in mp3 format from Dr. Dobb's.

University of Perl daily journals (Use Perl). Nathan Torkington continues his series of jornals from the University of Perl class. Here are the notes from day 1.1 and day 1.2.

PHP

PHP 4.0.3 Patch Level 1 available. PHP 4.0.3 Patch Level 1 is available for download. This version fixes a bug with Apache php_value and .conf files and plugs a memory leak in module versions of PHP.

PHP Conference Material Site. If you are interested in enhancing your PHP web publishing skills, you might want to check out the PHP Conference Material Site which has numerous slide sets from talks on PHP. The slides cover a wide range of PHP topics from introductory to advanced level.

Python

This week's Python-URL. Here is Dr. Dobb's Python-URL for October 17, full of goodies from the Python development world.

This issue was evidently written just a little too soon to catch the Python 2.0 release (see below). Those who are interested in what's in 2.0 should most certainly check out What's New in Python 2.0 by A.M. Kuchling and Moshe Zadka. It covers the new features in detail; worth a look.

Python 2.0 released. Guido van Rossum has announced the release of Python 2.0. This release contains a number of new features, some of which were explored in last week's LWN development page. Congratulations to the Python team!

Python Web Modules Overview. Paul Boddie has published a list of Python Web Modules. This is a good site to check out if you want to get an overview of the various Python based web projects. Zope and its derivatives are not covered in the list since they are documented elsewhere.

Tcl/tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for October 16 with the usual collection of interesting tidbits from the Tcl development community.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Commerce page.

Linux and Business


Scientific Computing Associates and Cluster systems. Scientific Computing Associates (SCA) has been around since 1980. From the start they have focused on high-performance, distributed computing. To get into the Linux market, SCA has established strategic partnerships with several Linux companies.

Earlier alliances had one or both of the SCA products - Linda and Paradise - included with a Linux distribution, including Red Hat 6.2 and Terra Soft Solutions' Yellow Dog and Black Lab releases.

Now Atipa has announced the availability of a new line of Beowulf cluster systems. The "Ascendance" series, aimed at high-end number-crunching applications is priced starting at $13K. Found in this press release is this statement about Atipa's partnership with SCA. "As a result of Atipa's strategic partnership with Scientific Computing Associates (SCA), the Ascendance clusters come bundled free-of-charge with a 4-node Linux version of Linda(R), SCA's powerful enabling program that allows Atipa's customers to more easily "parallelize" their existing applications, saving both time and money."

In a related press release Atipa announced that it has joined "The Linda Club", a new partnership initiative for Beowulf resellers sponsored by (SCA).

SCA's most recent partnership is with TurboLinux, announcing that SCA will distribute and support TurboLinux's clustering products.

Eric Raymond's Open letter to Carly Fiorina. Eric Raymond has sent out an open letter to Carly Fiorina, CEO of Hewlett-Packard. "Whether you [switch to Linux] or open-source HP-UX itself won't be an easy decision. The community would accept either choice; but I suggest to you that joining the Linux coalition certainly represents HP's best chance of maintaining a market position free of Microsoft's strangling grip."

Red Hat, North Carolina State Univ. establish open source university. North Carolina State University in Raleigh will be standardizing their entire college of engineering on open source technologies, according to a joint announcement made by the University and Red Hat. Red Hat bigwigs Erik Troan and Donnie Barnes are NC State alumni.

Lutris releases Enhydra Wireless. Lutris has announced the release of Enhydra Wireless, a version of its open source application server aimed at mobile users.

New Lineo S-1 filing. It looks like Lineo's IPO process may be picking up again. The company has filed an amended S-1 registration form (1.3MB of legalese), which suggests that the offering date is getting closer. For the most part it's just an updating of the information from the first time around. They now state an intention to raise $60 million; they are up to 265 employees; revenue was $3.8 million in the first nine months of the year, and they lost $14 million in that time. A couple of interesting new things to be found in there this time around: they are working on a Crusoe port of Embedix, and they now list Caldera Systems as a potential competitor.

There is also now mention of a directed share program, but no information on how it might work.

Helius patents satellite-to-LAN communications. Helius, owned by the Canopy Group, has announced that the US PTO will allow it to patent its satellite Internet router technology. The announcement is somewhat vague at this point, and the patent does not yet appear in the public databases, so it's hard to say what the situation really is. "'We extend congratulations to Helius on the official ownership of this intellectual property,' said Ransom Love, president and chief executive of Caldera Systems, Inc."

Accelr8 offers OpenVMS migration toolkit. Anybody out there still using VMS? The folks at Accelr8 have announced the availability of the "MIGR8 OpenVMS" conversion toolkit for Linux just for you...

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • Bowstreet (PORTSMOUTH, N.H.) announced their Java-based implementation of UDDI, an emerging standard for finding and using any company's web-based services. The implementation, called jUDDI is available immediately.

  • CynApps (SANTA CLARA, Calif.) added to the EDA community's open-source toolbox by making its Cyn++ macro preprocessor available under an open-source license.

  • Jabber.com, Inc. (DENVER) announced that the Jabber Open Source Project has surpassed 50 active sub-projects, all focused on extending functionality of the Jabber real-time XML instant messaging platform.

  • Synopsys, Inc. (MOUNTAIN VIEW, Calif.) announced it is releasing technology enhancements to the open source Liberty format and providing new open source parsers for Synopsys Design Constraints (SDC) and Liberty formats.

Commercial Products for Linux

Products Using Linux

  • Compaq Computer Corporation (HOUSTON) offers developers access to an IA64 system running Linux. Take it for a test drive.

  • Computer Associates International, Inc. (ISLANDIA, N.Y. and TOKYO) announced that Seiko Precision has selected CA's Ingres II relational DBMS to support its Linux-based building facilities management system, BUILTALK-LX.

  • Dell (ROUND ROCK, Texas) claims that it is the first server vendor to showcase 64-bit enterprise applications running in a real world environment on the Linux operating system.

  • Linuxcare Labs has recently certified a number of systems/components for compatibility with Linux, including the IBM ThinkPads A20m, T21, and X20, as well as the Ecrix VXA1-e Tape Drive.

  • LinuxWizardry Systems, Inc. (VANCOUVER, B.C.) teamed up with Information Highway.com, Inc. to launch multi-user DSL service in North America with several ISP companies.

  • TurboLinux has followed Red Hat and SuSE in announcing its support for the entire IBM eServer line.

  • Vianet Technologies (PLANO, Texas) announced the release of Power Zoom Version 1.1.0, a software-based image enhancement and delivery system (based on Red Hat Linux 6.2) for Internet and e-commerce applications.

Products with Linux Versions

  • ActiveState (ATLANTA, GA) announced the release of PerlMx, a tool that enables system administrators to create customized mail scripts.

  • Attachmate Corporation (BELLEVUE, Wash.) announced the release of Attachmate e-Vantage Host Access Server 2.3, the latest version of Attachmate's Web-based host access management solution.

  • Connex (SAN JOSE, Calif.) announced that a free trial of its SANavigator software, a solution for managing complex storage networks, is now available for download.

  • Dirig Software, Inc. (ORLANDO, Fla.) announced version 2.0 of its core Proctor technology, which serves as the basis for Dirig's xSPress, RelyENT and Proctor applications and systems management solutions for service providers, enterprises and OEMs respectively.

  • EndRun Technologies (SANTA ROSA, Calif.) began shipping its new Praecis timing products based on cellular wireless CDMA technology.

  • Firstwave Technologies, Inc. (ATLANTA) announced the launch of its flagship offering, eRM with u.Dialog, a customer relationship management (CRM) solution.

  • Geodesic Systems (CHICAGO) announced the general availability of its new Geodesic REMIDI software product, which automatically addresses system availability issues.

  • Hewlett-Packard Company (PALO ALTO, Calif.) announced that Linux support has been added for its Chai Appliance Platform, a suite of integrated software components for creating Internet-enabled information appliances.

  • ILOG (MOUNTAIN VIEW, Calif.) announced the release of ILOG Concert Technology, a C++ optimization modeling library and interface.

  • Innovative Electronics, Inc. (ENGLEWOOD, N.J.) has developed a browser-based Electronic Journal for the retail environment.

  • Integrated Research Pty Ltd (SYDNEY, Australia) announced the release of PROGNOSIS 7.04, a significant upgrade to its systems and application management software suite.

  • Internet Security Systems (ATLANTA) announced the availability of 98 new security risk definitions included in four separately released X-Press Updates to its SAFEsuite security management software platform.

  • NetSetGo (ROCHESTER, N.Y.) announced the v-Server and z-Server, product packages designed to meet the specific Web site and application hosting needs of small and mid-sized businesses (SMBs) in under-served markets. There is a z-Server - Linux package which includes dual Intel Pentium III processors, Hewlett-Packard LPR2000 server-class hardware, 512 Mb RAM and the Red Hat Linux 6.2 Operating System.

  • Network Appliance (SUNNYVALE, Calif.) and Sybase, Inc. announced certification and support of NetApp storage appliances in Sybase Adaptive Server Enterprise (ASE) environments.

  • Parthus Technologies PLC (SAN JOSE, Calif. and DUBLIN, Ireland) announced the launch of InfoStream, a Mobile-Internet computing platform on a single chip, co-developed with Psion PLC.

  • Selectica Inc. (SAN JOSE, Calif.) announced the immediate availability of ACE 4.5, an Internet-based system that simplifies and accelerates the process of selecting, configuring, pricing, and purchasing of complex products and services across all sales channels.

  • Sphera Corporation (LAS VEGAS) announced the availability of Sphera HostingDirector 3.0, a software platform to address the mission-critical IT needs of the hosting provider industry.

  • SpiderCache Inc. (VANCOUVER, B.C.) announced the beta availability of SpiderCache Unix, for Solaris and Linux servers.

  • VCIX (NEW YORK) introduced its Cortra Site Studio software to the web development market.

  • Virtual Unlimited (VELDHOVEN, The Netherlands) announced Beeyond 1.0, a secure platform for applications over the Internet, is on sale now.

  • Workstation Solutions, Inc. (AMHERST, N.H. and FREMONT, Calif.) have tested and qualified Workstation Solution's Quick Restore for the new VA Linux 9205 NAS system.

  • ZoomON (SAN JOSE, Calif.) announced ZoomON Vizit, an online solution that dynamically converts images from native to viewer-ready format for a wide variety of input and output file formats.

Java Products

  • Lutris Technologies Inc. (SAN FRANCISCO) announced that it will showcase Lutris Enhydra 3.0, the commercially supported Open Source Java/XML Wireless application server at the Intel eXCHANGE Expo.

  • NQL (SANTA ANA, Calif.) announced beta availability of a Java version of its Network Query Language that has been qualified for the Linux operating system.

Books and Training

  • Lineo added training to its hard real-time Linux offerings with the announcement of development and implementation training services. "The three-day training course, which costs $795, will be held from 9:00 a.m. to 5:00 p.m., Nov. 7-9 in Herndon, Virginia."

  • O'Reilly (SEBASTOPOL, CA) has released Building Oracle XML Applications by Steve Muench. This book gives a detailed look at the many Oracle tools that support XML development; including the Oracle XML Parser, the Oracle XML SQL Utility, and the XSQL Servlet.

  • O'Reilly (SEBASTOPOL, CA) announced PC Hardware in a Nutshell, a comprehensive, concise guide to buying, building, upgrading, and repairing Intel-based PCs, for novices and seasoned professionals alike.

  • SSC has announced the launch of the "Embedded Linux Journal." It will be a print magazine, distributed in a controlled-circulation "trade rag" manner. The first issue comes out in January.

Partnerships

  • Breakaway Solutions, Inc. (BOSTON) and ArsDigita Corporation, a developer of open-source software solutions for collaborative commerce, announced a joint relationship that will significantly enhance the services provided to existing and prospective customers.

  • Forlink Software Corp. Inc. (BEIJING) announced that it had joined HP's Mobile E-Services Bazaar as an application and solutions provider.

  • Knox Software (CARLSBAD, Calif.) announced that Intel Corp. will package the Knox flagship product, Arkeia with the Intel NetStructure 1010 and 1020 Hosting Appliances.

  • LinuxWizardry Systems, Inc., a Linux company specializing in network appliances and enterprise computing, announced a strategic alliance with sangoma.com, a company that develops, manufactures and markets wide area network (WAN) connectivity hardware and software products for networks and Internet infrastructure.

  • Merlin Software Technologies (BURNABY, British Columbia) announced the signing of an OEM Agreement with Caldera Systems Inc. As part of the agreement, Caldera Systems and Merlin are offering a special promotional bundle of Caldera eServer and Caldera eDesktop bundled with PerfectBackup+.

  • Metro Link Inc.(FORT LAUDERDALE, Fla.) has joined OnCore Systems Corp. in a strategic relationship to provide a complete graphical solution to customers in the mission-critical and avionics community requiring robust platforms and FAA RTCA/EUROCAE DO-178B certification. Metro Link's X Window System server can be implemented with the OnCore Operating System in its embedded Linux capacities.

  • Nitrosoft LINUX, Inc. (OTTAWA, ON) announced it has joined the MSP Association, an international consortium of companies that was formed to define, shape and promote the emerging Management Service Provider sector.

  • PostgreSQL, Inc. (SAN FRANCISCO) and enTRUST Solutions, LLC met during the Oracle Openworld conference to formally join forces on database, product, application and market developments.

  • Spintek Gaming Technologies Inc. (LAS VEGAS) announced that it has entered into an agreement with Shuffle Master Inc. licensing Spintek to utilize Shuffle Master's Linux-based operating system for game development.

  • Sun Wah Hi-Tech Group (Hong Kong) announced in Shenzhen it has become a strategic shareholder of RedFlag Software Co. Ltd. to promote the homegrown software and OS industry internationally. SWHT was previously named the first RedFlag-authorized dealer in Asia, certified to run the first RedFlag Linux Training and Technical Centre in the region.

  • SuSE Linux (SEOUL, REPUBLIC OF KOREA and NUREMBERG, GERMANY) announced a joint venture with Information Network Center Co, Ltd., a South Korean IT Company. Together, they are launching SuSE Linux Korea Co. Ltd. based in Seoul, Korea.

  • Tricord Systems, Inc. announced a strategic partnerships with Linuxcare to provide consulting, testing and development services for Tricord's server appliances, along with providing professional servers to Tricord on Samba.

  • TurboLinux, Inc. (SAN FRANCISCO) announced a partnership with Cylinux Clustering Technologies to develop Icarus, a TurboLinux-based turnkey ISP solution to be deployed at one of the largest ISPs in the Mediterranean.

Investments and Acquisitions

  • TeamLinux Corporation (AUSTIN, Texas) announced that Silicon Valley Bank has provided TeamLinux Corporation with a $1 million line of credit to support its accelerating growth.

  • Trustix has announced the completion of a NOK 25 million funding round, headed up by Convexa Capital.

Personnel

  • Lineo, Inc. (LINDON, Utah) announced the appointment of Richard Larsen as the senior vice president of Lineo's worldwide sales operations. Lineo also announced the appointment of John Mezinko as vice president of Americas sales and Paul Ray as director of worldwide product sales.

  • Merlin Software Technologies International Inc. (BURNABY, British Columbia) has completed a number of infrastructure changes designed to better position the company for future growth. In addition to the expansion of the company's offices and engineering departments, the company will be accepting two new members to the Board of Directors.

  • Rebel.com announced the appointment of Solly Patrontasch as President and Chief Operating Officer (COO).

  • TurboLinux, Inc. (SAN FRANCISCO) announced that Sybase, Inc. Chairman, CEO and President John S. Chen was named to the company's board of directors.

Linux At Work

  • Hiscom (Leiden, the Netherlands) has switched over to Linux for their HIS (hospital information system). The "Vlietland" hospital based in Schiedam (near Rotterdam) was the most recent convert to the Linux HIS system.

Other

  • eOn Communications Corporation (KENNESAW, Ga.) announced that its Linux-based eNterprise communications server has received the TMC Labs Innovation Award from Communications Solutions magazine.

  • IDC (FRAMINGHAM, Mass.) predicts that the worldwide packaged software market is well positioned for strong growth through 2004. "In terms of operating environments, the big news is Linux. IDC expects strong growth on Linux, especially in the applications development and deployment software segment. In this market, Linux's revenues will increase at a CAGR of almost 183%. Despite the strong growth, Linux's revenues will still be dwarfed by 32-bit Windows."

  • Plaut Consulting Inc. (WALTHAM, Mass.) announced the successful completion of a five-week implementation of WORKS for mySAP.com for the San Francisco, Calif.-based Penguin Computing Inc.

  • SiS (TAIPEI, Taiwan) announced its integrated-chipset-based platform has reached a remarkable milestone: a BIOS free, disk-less, single flash device platform. The company cooperated with two Open Source Software (OSS) projects. A prototype based on the SiS630 family, was demonstrated at the technical session of the Atlanta Linux Showcase (ALS).

  • SteelCloud (DULLES, Va.) announced it would begin trading on the National Nasdaq under its new SCLD ticker symbol starting Thursday, October 19, 2000. One of SteelCloud's first products is a Linux-based web caching appliance.

  • Trustix has announced the results of a "hack the system" test. Of a claimed 400,000 attempts to break into a Trustix Secure Linux system, not one was successful.

Section Editor: Rebecca Sobol.


October 19, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Linux in the news page.

Linux in the news


Red Hat

Red Hat keeps Linux under control (Computer Weekly). Computer Weekly talks with Bob Young, mostly about Red Hat 7 and the Red Hat Network. "Although Red Hat has grown in line with Linux take-up, Young now believes that Linux is in danger of falling victim to its own explosive growth. The open nature of its software development could also affect Linux take-up, unless something is done to make it more manageable." (Thanks to Alan J. Wylie).

An Analysis of The Red Hat Network - Part 2 (LinuxToday.au). The Australian LinuxToday site continues its look at the Red Hat Network. "Next, the issue of having a system profile of your machine stored on Red Hat's servers. This would not be an issue, except for the fact that having any information about a server in your company, stored on other people's servers outside your company, is inherently a security risk. I don't recommend doing it, and I don't recommend that you take this issue lightly."

A question of leadership (ZDNet). Evan Leibovitch writes about the controversies around Red Hat 7 in this ZDNet column. "The inevitable question is, then: who's in control of glibc and gcc? The GNU Project or Cygnus? The Red Hat page on glibc still says it's GNU. Yet the GNU website information is ancient and its release recommendations are ignored."

It's not easy being Red Hat (Upside). Here's an article in Upside about Red Hat's recent glitches. "From a plummeting stock price to exaggerated reports of buggy code to growing outcry over the company's perceived attempts to set itself apart from the rest of the Linux distributor community, Red Hat has been buffeted by nothing but bad news in recent weeks."

StarOffice

Is StarOffice Sun's 'Survivor'? (ZDNet). This ZDNet column takes a dim view of the StarOffice release. "Is it just me or does this seem a like putting 450 rugged individualists on a ship and launching them to sea, while we stand on the dock waving our Linux flags -- never expecting to see them again? More casualties of war and adventure. I hope they at least have fun."

Sun Launches Star Office Into Open Source (ZDNet). ZDNet covers the StarOffice release. "As with just about every commercially backed open-source project these days, there are some caveats for those interested in the code on Openoffice.org. Not only do interested parties have to agree to the GNU Public License terms, they also must agree to adhere to the Sun Industry Standard Source License (SISSL). Under the terms of SISSL, licensors must agree to adhere to Sun-specified application programming interfaces and compatibility tests."

StarOffice open-source code released (InfoWorld). InfoWorld covers Sun's release of the StarOffice source code. "By 8:45 a.m. Eastern time, just 45 minutes after going online, the servers used to host the long-awaited open-source code Web site, www.OpenOffice.org, were overloaded by download requests, causing a crash that was not fully repaired until 3 p.m. The number of hits to the site was not disclosed, but analysts and officials said the deluge of downloads demonstrates the potential popularity of the StarOffice software and open-source code development in general."

Corel/Microsoft

U.S. giant can tap Ottawa company's talent (Ottawa Citizen). The Ottawa Citizen has run this article about the Corel/Microsoft deal. "The answer, according to detailed filings with U.S. regulators, appears that Corel has become the insurance policy that Microsoft needs to ensure it won't be left behind if the Linux operating system takes off."

Government filing hints at Microsoft's Linux plans (News.com). News.com looks at Corel's SEC filings on its investment from Microsoft. "As spelled out in a regulatory filing issued by Corel on Wednesday, Microsoft has the option of directing Corel to translate some or all of the .Net framework from its Windows operating system to Linux."

Microsoft .Net for Linux? (ZDNet). ZDNet looks at Microsoft's investment in Corel. "But, according to the SEC document, it was Microsoft that was poised to sue Corel for patent infringement. The three patents in question involved Microsoft's equation editor, table formatter, and spelling and grammar checker."

Companies

TurboLinux Smells IPO (InternetNews.com). Here's an article on InternetNews.com about the latest round of funding at TurboLinux. "A source close to the company told InternetNews.com Wednesday it would be going public in the next few weeks, saying that the funding, which consists of many of its original financiers, was a 'kind of top-off round.'"

Uncertain times for TurboLinux, Linuxcare (Upside). Upside is carrying a story on the state of TurboLinux and Linuxcare. "As most Linux investors are painfully aware, stock performance in the Linux sector has been extremely rocky. April's market slump put a damper on both companies' IPO plans. To get themselves through the tough times, both have cut staff, hired new management and survived on what little money remained in their corporate war chests."

Open-source angst: Fear of forking (ZDNet). Samba, Inc. announced plans to fork a SAMBA_TNG tree from the Samba mainline. ZDNet covered the announcement in their Computing section: "A number of open source advocates claimed the Samba fork would not actually amount to a fork, since the development team said it had no plans to commercialize the Samba TNG results but planned to incorporate the code back into Samba 3."

Business

Linux Group Seeks to Enhance Portability (InternetNews.com). InternetNews.com reports on the release of the Linux Development Platform Specification. "The LDPS is intended to address fragmentation, an issue which has dogged UNIX for years and threatens to make versions of Linux released by different vendors incompatible with each other. That could bring the adoption of Linux to a grinding halt, as corporations -- frustrated by technical incompatibilities between Linux applications and various distributions of the Linux OS -- might turn to other solutions."

Will App Specs Achieve What Unix Couldn't? (LinuxToday.au). The Australian LinuxToday looks at Linux standards. "In my view, Linuxspace is one of computing's last easy-going, freewheeling frontiers. The freedoms on offer lead to creativity, not just in coding but also in developing new business models and groundbreaking ways of working. Sure a tight specification would make life even easier for developers, but it would almost certainly stifle innovation. I reckon the critics are closet techno-fascists who can't come to terms with the real meaning of open source. Software needs to evolve; it can't do that in a straightjacket."

Without aggressive leadership, Linux Standard Base is doomed to irrelevance (InfoWorld). Nicholas Petreley takes the Linux Standard Base to task in this InfoWorld column. "I am also calling for the Linux community to shame the mother organization Free Standards Group into either hiring a solid leader to get LSB moving, or for the existing leadership to get off its bum and produce a comprehensive specification and a self-hosting sample implementation in our lifetime."

Software patents: will Europe roll over for the multinationals? (Register). The Register has a lengthy editorial on software patents in Europe; worth a read. "In the past, the national patent bodies and the EPO have had little supervision and have not previously been the focus of political machinations: they have tended to be something of a graveyard for civil servants and a rather boring place to work... What is now happening is that these bodies are trying to expand their domain in a play for more power and more money. The EPO and national patent bodies are being encouraged by big multinationals, especially IBM and Cisco, who are lobbying intensively to burn software patents into EPO law." (Thanks to Stéfane Fermigier).

Linux gains ground in emerging Korean SmartPhone market (LinuxDevices.com). LinuxDevices.com looks at the "SmartPhone" market in Korea. "MIZI Research and Palmpalm Technology are the major Korean companies currently developing SmartPhones based on Embedded Linux."

Growing pains slow Linux cycle (ZDNet). ZDNet looks at the delays in the 2.4 kernel release. "How long this arrangement can be sustained is the subject of heated debate. Some developers have argued that as Linux gains ground in the enterprise, it's essential that the release of new kernels conform to a formal schedule. Others argue that technological innovation and stability cannot be held hostage to release deadlines."

By any other name... (ZDNet). ZDNet has posted a column by Richard Stallman on the GNU/Linux name issue. "Is it important whether people know the system's origin, history, and purpose? Yes -- because people who forget history are often condemned to repeat it. The Free World which has developed around GNU/Linux is not secure; the problems that we developed GNU to solve are not completely solved, and they threaten to come back."

Resources

Linux at work - Stupid dd Tricks (or, Why We Didn't buy Norton Ghost) (Signal Ground). This success story shows how some enterprising grunts used Linux with dd and a few other common tools to make hard disk copies for machines they ship. "The problem lies in Ghost's licensing. If you want to install in a situation like ours, you have to purchase a Value-Added Reseller (VAR) license from Symantec. And, every time you create a drive, you have to pay them about 17 dollars. When you also figure in the time needed to keep track of those licenses, that adds up in a hurry."

LinuxDevices.com Embedded Linux Newsletter. The LinuxDevices.com Embedded Linux Newsletter for October 12 is out with the usual comprehensive summary of happenings in the embedded world.

Installing Yellowdog Linux On an IMAC DV SE (LinuxNewbie.org). LinuxNewbie has added a new "Newbieized Help File" (NHF). This one covers the installation of Yellowdog Linux on an IMAC DV SE. "Expect problems. This is still leading- to bleeding-edge technology".

Reviews

Being the Perfect Host (Web Techniques). Web Techniques online has a review of two Linux based server platforms: the FullOn 2x2 from VA Linux Systems and the 1U Server from Penguin Computing Systems. "A system like the 1U Server would be a very nice system for smaller sites. The FullOn with its faster CPU and SCSI drive will handle more hits, but it takes twice as much vertical rack space, and that could mean a bigger monthly bill from your ISP."

Book Review: Linux Hardware Handbook (Signal Ground). Signal Ground reviews the Linux Hardware Handbook by Roderick Smith. "You'll be disappointed if you want to learn how AMD's Duron/Thunderbird processor handles Linux since the material only makes mention of the original Athlon. There is also no mention of the Socket A mainboard or Intel's Celeron II. The time constraints to get a book published can make the information contained within seemed dated by the time it surfaces." (Thanks to Tom Moran).

Libranet Linux 1.8.1 (DukeOfUrl). The DukeOfUrl reviews Libranet 1.8.1. "What I found was a distribution like no other. At only version 1.8.1, Libranet has really done some exceptional things to Debian-things that certainly make Corel's and Stormix's additions look rather meager."

Interviews

Licensing, Open Source, and the Rest (DukeOfUrl). The DukeOfUrl talks with Nick Triantos of NVidia. "Basically, NVIDIA's drivers cannot be open sourced. They contain several components which are licensed technology, and we have no rights to share that source code with anyone. We do not even provide source code to OpenGL or our kernel module to our board customers."

Linux Online: Interview with Shawn Gordon. Linux Online has an interview with Shawn Gordon, CEO of theKompany.com, a company that produces development tools and application software for Linux such as PowerPlant. "... We are selling convenience, and some value add. In the case of our PowerPlant product, you have hundreds of various languages, ide's, libraries, databases and such that help the development process. We are like a mini distribution, but PowerPlant is meant to be a compliment to any RPM or DEB based distribution, not replace it. It would take you a long time to download a gig or more of the applications and source found in PowerPlant. Then we have the value add and include a fully licensed version of Erics Ultimate Solitaire as well as a half dozen demos from Loki."

Linux world: It's an alternative (Jerusalem Post). An introductory piece with a little more class than most, this article from the Jerusalem Post covers the world of Linux and open source through an interview with Jon "maddog" Hall. The article also has a little more optimism than most: "While most of the 60,000 work only part time on Linux, this vast number means that almost all bugs have been caught and corrected, and the system is consistently being improved". Almost all? Well, maybe not that many.

Miscellaneous

Twice Snubbed, Linux Users Fire Back (TechWeb). This is TechWeb's followup to an article they ran last week about the lack of Linux at the Digital Dividends Conference. (See the last week's LWN for more information.) "This time, Linux companies will be there -- but they'll be outside in the rain carrying signs, handing out free Linux software, and waving the mascot Penguin at attendees.." (Thanks to Tim Hanson)

Pope, Protestants Open Source Bible (BBSpot). BBSpot covers a new sort of open source documentation project. "The biggest complaint about the Bible has been about the numerous variations of the book. Therefore the project's main goal is to unify the different versions of the Bible into one coherent work." Not for the humor-impaired or easily offended. (Thanks to Paul Hewitt).

Section Editor: Rebecca Sobol


October 19, 2000

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Announcements page.

Announcements


Resources

SSLUG says: Software patents - No thanks!. The Skåne Sjælland Linux User Group has put up a document describing in detail their opposition to the granting of software patents in Europe. It's available in English, Swedish, Danish, and Spanish. "The Amazon patent constitutes a crime of theft from society as a whole because the inventors of the basic web technologies at the heart of the Amazon one-click technique have put them at the disposal of everyone free of charge."

Unix Web Application Architectures document. Samuli Kärkkäinen has made available a white paper on how to write web application servers. It covers a number of the technologies that are available and contains a lot of good information.

Events

Summary of Linux2000. Erik Hensema attended the Linux2000 conference in Ede, The Netherlands; he has sent us this writeup of what transpired there. It looks like a good time was had by all.

Apachecon Europe 2000 registration. Online registration for Apachecon 2000, an event run by the Apache Software Foundation, will be available till Friday, October 20th.

Call for Participation: O'Reilly P2P Conference. O'Reilly has sent out a call for participation for it's Peer-to-Peer Conference focusing on the Technical, Legal, and Business Dimensions of Peer-to-Peer Computing, Distributed Computation and Web Services.

October/November events.
Date Event Location
October 20, 2000. Geek Nite Out 2000 (Kickoff for Alternative Computer Expo (ACE 2000)) Albert Park, Melbourne, Australia.
October 21 - October 22, 2000. Alternative Computer Expo (ACE 2000) Albert Park, Melbourne, Australia.
October 23 - October 25, 2000. ApacheCon Europe 2000 Olympia Centre, London, England.
October 27, 2000. Embedded Linux Expo & Conference Wyndham Westborough Hotel, Westborough, MA.
October 29 - November 2, 2000. Software Development Conference & Expo 2000 East Washington Convention Center, Washington, D.C.
October 30 - October 31, 2000. Open Source Database Summit Hayes Mansion Conference Center, San Jose, California.
October 30, 2000. First Annual Federal GNU and Linux Users' Conference And Awards Presentation Washington, D.C.
October 30 - November 1, 2000. Linux Expo Canada Metro Toronto Convention Center, Toronto, Ontario
November 1 - November 5, 2000. Linux@IT.COM Palace Grounds, Bangalore, India
November 4 - November 10, 2000. SC2000 - SuperComputing Dallas Convention Center, Dallas, TX.
November 7 - November 9, 2000. Embedded Systems Conference Europe Maastricht, Netherlands.
November 10 - 11, 2000. Linux Meeting 2000 Rome, Italy.
November 12 - November 15, 2000. XML DevCon Fall 2000 San Jose, California.
November 13 - November 17, 2000. LINUX Business Expo Sands Convention Center, Las Vegas, Nevada.
November 25, 2000. Australian Open Source Symposium Adelaide, Australia.
November 28 - December 1, 2000. IEEE International Conference on Cluster Computing Technische Universität Chemnitz, Saxony, Germany.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

Web sites

LinuxFreeSupport Joins the ShowMeLinux Team. ShowMeLinux announced the recent addition of LinuxFreeSupport to their team of contributors. LinuxFreeSupport will be authoring ShowMeLinux's 'Support Line', a column offering answers to questions posed by readers.

User Group News

Linux Start-up Rep to Speak At LUG Fest. Justine tenZeldam, a PR consultant for Open Country, Inc., will speak at the Simi Conejo Linux Users Group LUG Fest III on October 28, 2000. Her topic will be "Emerging Computing Trends And Opportunities For Women/Minorities".

LUG Events: October 19 - November 2, 2000.
Date Event Location
October 19, 2000. Rice University Linux Users Group Rice University, Houston, TX.
October 21, 2000. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
October 21, 2000. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
October 25, 2000. Linux User Group of Assen Assen, Netherlands.
October 28, 2000. Simi Conejo Linux Users Group LUG Fest III Nortel Networks, Simi Valley, CA.
October 28, 2000. Central Ohio Linux User Group Columbus, Ohio.
October 29 - October 30, 2000. Italian LUG community meeting University of Bologna, Italy.
November 1, 2000. Kansas City Linux Users Group Kansas City Public Library, Kansas City, MO.
November 1, 2000. Southeastern Indiana Linux Users Group Madison/Jefferson County Public Library, Madison, IN.
November 1, 2000. Silicon Valley Linux Users Group Cisco Building 9, San Jose, CA.
November 2, 2000. Edinborough Linux Users Group Holyrood Tavern, Edinborough, Scotland.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


October 19, 2000

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

Sorted by section and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page

See also: last week's Back page page.

Linux Links of the Week


LinuxQuestions.org is a new site aimed at helping people get their questions answered. Thus, its central feature is a forum area where these sorts of conversations can take place.

The eXtensible Name Service (XNS) is an ambitious project which is trying to put together a specification and open source implementation of a scheme for personal information exchange. They seem to be saying all the right things about privacy, you can check their white paper on spam filtering for an example of what XNS can do, and they hope to provide a lot of conveniences. See the XNS in a nutshell page for an overview of the project.

Section Editor: Jon Corbet


October 19, 2000

   

 

This week in history


Five years ago: The Linux Laptop Home Page hit the net. Five years later, it remains a definitive reference for those wanting to use Linux on laptop systems.

Two years ago (October 22, 1998 LWN): Jonathan Postel, one of the founding fathers of the Internet, died from complications from heart surgery.

LinuxWorld went online.

Microsoft went on the offensive with an open letter in France:

Linus Torvald [sic] left the university last year to join a Californian company. The development of Linux since slowed down considerably. In the same way, the maintenance of each functionality of Linux depends on the mobilization of the teams. Thus, certain functionalities have not known updating for two years.

In other words, delays in the delivery of new stable kernels are not particularly new... (LWN ran a full English translation of the letter).

Gaël Duval announced plans to form a corporation around Linux-Mandrake. Two years later, MandrakeSoft is doing well.

One year ago (October 21, 1999 LWN): The first signs came out of the U.S. administration that crypto export laws would be relaxed somewhat. Only now, a year later, are we beginning to see distributions shipping (in the U.S.) with crucial software like ssh.

LinuxToday was acquired by Internet.com. Co-founder Dave Whitinger then left, later to turn up at Atipa.

 
   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
From: Peter Samuelson <peter@cadcamlab.org>
Date: Fri, 13 Oct 2000 05:24:17 -0500 (CDT)
To: letters@lwn.net
Subject: Stop the colors already!


In the beginning there was Red Hat Linux.  OK, not quite in the
beginning, but dial back to 1995 or so when Red Hat emerged as a market
leader in the then-uncrowded field of Linux distributions.  I heard of
Red Hat and thought, "Cool name."

Then Terra Soft came on the scene with Yellow Dog Linux.  Cute, I
thought -- obviously a play on Red Hat's name, but different.

I didn't start getting suspicious until a few more entries trickled in.
Black Lab Linux.  Red Flag Linux.  Blue Cat Linux.  Then I began to
wonder: is this an LSB recommendation I missed?  "A compliant Linux
distribution SHOULD be named ``{color name} {noun} {Linux}''.  Vendors
MAY, if desired, combine the color name and the noun into one word."

So now, according to the LWN sidebars, we have the five mentioned above
plus Black Cat Linux, BluePoint Linux, White Dwarf Linux and Green Frog
Linux, not to mention the variations Darkstar Linux, Red Linux, Redmond
Linux, Think Blue Linux and the Red Escolar Project.  Oh, and don't
forget the ones that incorporate the Red Hat name directly, like VA/Red
Hat and KRUD.

The whole thing actually reminds me of open-air markets in the third
world where one can buy a cheap watch made by "Ceiko".

People!  Give us a break here!  I am no Red Hat fan, but this is
ridiculous.  Please tell me we don't yet live in a world where one must
"sound sort of like Red Hat" to be seen as legitimate.  I know the
distro market is getting crowded, but surely there are still some good
non-color-related brand names out there.  I happen to think the names
"Slackware" and "tomsrtbt" are absolutely inspired -- why can't a more
recent distribution come up with a clever name like those?

(The rant about almost everyone using the same old Ewing penguin mascot
has been saved for another day....)

Peter
   
Date: Thu, 12 Oct 2000 13:25:34 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: jon@lwn.net
Subject: "What would conference organizers think..."

Based on that list of names, the answer is obvious: they'd think it
sucked.  They're not in it to help the developing nations, they're in
it to make money.

It's not *their* fault; if they *don't* act like money grubbing assholes
interested only in raw profit, their stockholders will sue them out of
their jobs; we asked for it, we got it, Toyota.

Cheers,
-- jra

-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida     http://baylink.pitas.com                +1 727 804 5015
   
Date: Thu, 12 Oct 2000 10:14:37 -0700
From: Dan Stromberg <strombrg@nis.acs.uci.edu>
To: lwn@lwn.net
Subject: kde and gnome and pr and licensing

I don't think it was Gnome's good PR, so much as KDE's bad licensing,
that led to KDE's lack of popularity with people who have what's best
for linux at heart.

KDE has fixed their license problem finally, but it's probably
(hopefully) too late for KDE to recover from Gnome getting the
critical mass of developers.

I'm not asking you to sell out your preference for KDE to proselytize
for Gnome alone, but I do hope that your reporting on KDE vs Gnome
will be a little more even handed in the future.

-- 
Dan Stromberg                                               UCI/NACS/DCS
   
From: "Nicholas Lee" <nj.lee@plumtree.co.nz>
To: <letters@lwn.net>
Subject: Debian back ports are often easy
Date: Thu, 12 Oct 2000 22:57:34 +1300

It should be noted that because of Debian's well integrated developer
enviroment that often 'back porting' or simply recompiling of recent
packages is easy.  It is possible to hand rebuild unstable pacakges in
stable.

For instance just this week I wanted the latest version of gnupg for my
potatoe system.

As you can see from http://packages.debian.org/gnupg there is 2 point
releases between the stable  (1.0.1-2)and unstable (1.0.3-2) versions of
gnupg in Debian at present. [*]

Although I downloaded the dsc, orig.tar.gz and diff files directly from the
web page I could have easily said (after adding the unstable src location
lines to the apt/sources.list conf file) :

  $ apt-get source gnupg

From that point its as simple as:

  $ dpkg-source -x gnupg_1.0.3-2.dsc   #  If you've downloaded these files
directly, rather than by apt
  $ (cd gnupg-1.0.3 ; fakeroot debian/rules build)
  $ sudo dpkg -i gnupg_1.0.3-2.deb

This process does require the Debian developer tool set to be installed, but
with apt-get this is again a reasonible simple operation.  These are at the
least the debmake, debhelper and fakeroot packages.


[*] Note the fact that 1.0.3-2 depends on the latest unstable libc6 package
meant I wasn't about to install the straight unstable gnupg package.
Having been through the last update from glibc 2.0 to 2.1 with unstable
potatoe while in the middle of an important development effort with
Blackdown jdk, I've learnt my lesson.


Nicholas

   
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds