Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The company, remember, claims that an old patent (from 1976) covers the act of linking between pages on the web. As a result, says BT, anybody who makes such links without licensing the patent is guilty of infringement. There are, of course, a few people and companies here and there which are guilty of this nefarious deed, meaning that BT should have no shortage of possible legal targets.

One wonders, then, how Prodigy was chosen for the honor of being the first victim of BT's legal team? (That team, incidentally, is Kenyan & Kenyan, the same company that sent out the ":CueCat" letters for Digital Convergence. They seem to be making a determined effort to kick Canter and Siegal out of the Internet doghouse). Some legal eagle has presumably calculated that Prodigy has the proper combination of deep pockets and shallow legal coverage. A good result from the first case would certainly help BT in its task of shaking down the rest of the American Internet industry. BT must be hoping for a quick settlement.

One can only hope that Prodigy stands its ground. BT will have a very hard time winning this case on its merits, for a couple of reasons.

The first reason is that, of course, there is a certain amount of prior art out there. The patent was filed early - 1976 - so many of the technologies we are familiar with now do not apply. But the patent is predated by Ted Nelson's Xanadu work, the pioneering efforts of Doug Englebart, and, of course, Vannevar Bush's amazing As We May Think, which was published in 1945. In the light of that work, BT's patent looks decidedly unoriginal.

There is also the little difficulty of proving that anybody is actually infringing on the patent, even if it is held to be valid. There are a couple of independent problems here:

• The patent involves the use of a dumb "remote terminal." Modern computers used to access the web do not really fit the description of a "remote terminal" as used in the patent.

• Patents written in a "client/server" mode, as it turns out, are hard to enforce. An ISP like Prodigy is really only supplying the server side of the mechanism described in the patent; the client ("remote terminal") side is provided by the user. It is difficult to say who, if anybody, is really infringing on the patent, since nobody is implementing the full system described in the claims.

(The above is lifted from Greg Aharonian's PATNEWS newsletter, which covers the topic in detail. See the Internet Patent News Service page for more information on PATNEWS).

So BT is not going to have a easy time prosecuting this patent. With luck, however, the company will, in failure, succeed in convincing a wider group of people that software patents are a bad idea.

(See also: Don Marti's open letter to the CEO of Prodigy, Rick Collette's petition to British Telecom asking the company to back off, and news articles in The Register and News.com).

The LWN.net 2000 annual timeline. Our long-time readers will know that we have made a bit of a tradition out of our annual, year-end timeline. We're happy to announce that the initial version of our LWN.net 2000 timeline is now available. Check it out for a summary of the major events in the Linux community over the last year. As always, it has been an interesting ride.

For the curious, here are the timelines for 1999 and 1998.

When Linux companies go bad. What happened to Corel? Earlier this week C|Net's News.com reported that Corel was considering a sale of its Linux business to a venture capital group known as Linux Global Partners (LGP). While C|Net reported possible transactions, the National Post was a bit more firm: "Software maker Corel Corp. has agreed to sell its Linux line of products to a New York-based venture capital firm in a transaction that will close in January, sources close to the deal said [on December 15th]." The news wasn't the first report of Corel's fall from the Linux hierarchy - see ZDNet's report from November - and it probably won't be the last. With all the speculation circulating, what does Corel have to say? "We have no further comment on this issue."

Assuming the sale is a done deal, what does this say about Corel and, more importantly, about Linux distributors? Is this a trend for commercial Linux distributors? Hardly. Red Hat is more robust now than ever, having handily beaten analysts' 3rd quarter earnings estimates. And TurboLinux had a stellar year, garnering over $80 million in investments.

So the problem is essentially limited to Corel. Why? What happened? By May of 1999, Corel's WordPerfect had generated over a million downloads to beta users. Overall, Corel estimates they have 22 million WordPerfect users worldwide (all platforms). Quite a start to their entrance into the Linux business world. Later, the Debian-based Corel Linux distribution hit the streets to much fanfare. In early 2000, Corel announced their intention to port their popular graphics application Corel DRAW! to Linux, eventually releasing it to beta along with a free version Corel's PHOTO-PAINT. The future looked bright for desktop applications on Linux.

But then things got ugly. Earlier this year, Corel tried to acquire tools vendor Borland Software Corp. to extend its Linux offerings, but the deal fell through after Borland uncovered Corel's poor financial condition and Corel's stock price fell. This past summer, Corel cut 21% of its staff (320 employees). CEO Michael Cowpland resigned in August, starting speculation that the Linux emphasis at Corel might not extend much past Cowpland's reign.

In the November ZDNet article, CEO Derek Burney claimed Corel was refocusing, not relinquishing, its Linux business. Linux now is one of Corel's four business operations - the others are graphics software, business applications and new ventures. However, Corel's Linux operating system, and a Linux version of WordPerfect, generate only about 10 percent of Corel's revenue, which was $36.4 million in the quarter ended August 31. This is hardly the sort of income necessary to maintain the development staff necessary for expanded Linux support and still meet the needs of existing Windows customers.

Corel made several mistakes on the road to profitability with Linux:

• They wasted time on a Corel branded distribution. They could easily have picked up one of the myriad of other distributions available (see the Distributions page for a long list of possibilities).
• They required software sales to be their primary form of revenue for Linux products, while all other Linux software companies are mixing software sales with support and other services.
• They relied too heavily on WINE and didn't consider how that one library could be such a limiting factor to overall product viability. Native ports are less prone to such limitations across an extended product line.
• They focused on a non-existent desktop market for Linux.

Corel wasn't completely dead just yet, though. In October, Microsoft invested $135 million in the company to work on .Net services, which Corel initially viewed as not including Linux. According to Burney, who spoke to ZDNet at Comdex: "we didn't understand that an operating system could be constituted as a set of .Net services," Burney explained. This is a realization that Corel has arrived at as it has explored .Net technologies under nondisclosure agreements with Microsoft, he said. In theory, at least, this would mean that a client accessing .Net back-end services wouldn't have to run Windows, Burney said. The investment gave Microsoft a 25% stake in the company.

But that wouldn't be enough to sustain the Linux effort. After Cowpland's departure, it became obvious something had to be done. In an interview with InfoWorld in November, Burney stated "To be successful in the Linux market, you need a wider product offering. There's got to be some kind of acquisition," he said. "It could go either way... there are no sacred cows." The sale was just a matter of time.

The choice of LGP isn't necessarily a bad one. LGP has an investment portfolio of key Linux companies including Helix Code, CodeWeavers, GNU Cash and Metro-Link. The sale price of $5 million in cash is in line with the $6.2 million Corel's Linux business pulled during its current fiscal calendar. The sale might just be a good thing, if LGP manages to find the right management team to run their newly purchased entity.

What is Linux? That may seem like a strange question from a publication like this; it's thus, perhaps, even stranger that it comes from Jon 'maddog' Hall. One would expect that the Executive Director of Linux International and the Director of Linux Evangelism for VA Linux Systems would have an answer...

It starts with an amusing quote from Sun CEO Scott McNealy, quoted in this ZDNet article:

You people just don't get it, do you? All Linux applications run on Solaris, which is our implementation of Linux.

Some people were annoyed by this statement, though most were simply amused. Or even flattered...after all, it's not that long ago that Sun would have taken pretty strong offense at the notion that Solaris is an implementation of Linux.

This is where maddog Hall comes in. In a rare appearance on the linux-kernel list, he points out that nobody has really defined what "Linux" is.

At least, nobody has made that definition in a way that is widely accepted. The Free Software Foundation is happy to define Linux as being just the kernel - the systems we actually use are, instead, "GNU" systems. This claim is, needless to say, controversial. But if Linux is just the kernel, what about RTLinux (a real-time version), mkLinux (a microkernel variant), the S/390 kernel (running on a virtual machine), and so on? The Linux kernel is an amorphous thing.

Increasingly, "Linux" means the binary interface that runs a certain class of applications. Vendors like Sun have been making an effort to implement that API - it was a very quick switch from "Linux has no applications" to "we run Linux applications." Quoting from Mr. Hall:

If it is true that "all Linux applications work on top of Solaris", what standard prevents them from calling Solaris just another implementation of Linux? And should it?

He suggests that the Linux Standard Base may be the right body to set a standard for what is called "Linux." The LSB, perhaps, really needs to deal with the tasks it has now before taking on new ones. But the question is worth asking: what, exactly, is Linux? And correspondingly, what is not Linux? How much do we want to be flexible and where will flexibility lead us astray? Can a proprietary operating system ever be considered "an implementation of Linux", when Linux has always been "Free"? There is a lot to ponder.

Michael Hammel officially joins the LWN Team. Many of you may have already noticed a different name on a response to an enquiry, comment or suggestion sent to LWN in the last couple of months. Michael Hammel actually joined our team in September, much to the joy and relief of the rest of our team members. The volume of news, development and general information about the Linux community has only continued to grow, as we're sure all of you have noticed. Michael's addition to the staff was therefore both a necessity and an opportunity of which we plan to take advantage.

Many of you already know Michael, either through his website, Graphics Muse, his book "The Artists' Guide to the Gimp", his articles for Linux Magazine, Linux Answers and Linux Journal, his talks at a variety of conferences or through his work as Chairman and co-founder of the Colorado Linux Info Quest conference (coming up again March 30th, 2001!). You'll now also meet him within the LWN halls as well, as primary editor of the LWN Daily Page and much more. Please join us in officially welcoming Michael to the LWN team.

Inside this week's Linux Weekly News:

• Security: /tmp discussed again, a plague of Zope security hotfixes, GnuPG, JPilot and more.
• Kernel: The Linux Quality Database project; the public nature of linux-kernel.
• Distributions: Distribution year in review, state of the Woody, Red Hat does IA-64, and Caldera sponsors Samba
• Development: Debian Jr packages, LyX GUIs, XFree86 4.0.2, SpaceChart 3D
• Commerce: Embedded Linux training, Red Hat's financial results, Linux is hard at work.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

The inherent problems in /tmp. A topic of much discussion on BugTraq this week was the security problems inherent in the use of a /tmp directory. It was pointed out, arguably enough, that the entire /tmp model is in direct conflict with the overall Unix model of security. Unix was developed as a time-sharing system, thus it was also designed to protect one user from the actions of another.

Into this model was introduced /tmp, a shared directory to which anyone had write privileges and the ability to delete files created by other users. Why? Looking back from a historical angle, one might first guess that it was introduced due to limited resources, in order to share space more efficiently. On the other hand, Unix filesystems already do this quite efficiently. There is no advantage from a space perspective from having a shared /tmp directory as opposed to a /tmp/$user directory hierarchy. The same rules about file deletion could be applied to this type of space; as a systems administrator, this editor managed many "temporary disks", large amounts of shared space with a limited life-span for the files on the disk. These disks were not managed as world-writable directories; instead, they contained subdirectories for each user.

Cudgeling the memory cells as to when and why /tmp was used, its earliest advantages all amounted to programmatic convenience. It was easier to scrub a single directory than a directory hierarchy. It was easier for a programmer to know the name of a directory to which temporary files could be written and to assume that such files would be automatically deleted, rather than manage the deletion directly. Files written to /tmp didn't clutter up a user's home directory, didn't count against the normal disk quotas. In general, simple checks to make sure sufficient space existed on the disk before writing were skipped as well. As best as we can remember, /tmp is simply a programmatic convenience.

Of course, /tmp was also adopted during an era of extreme trust, so the security issues were simply not considered to be as important as making sure that people could work easily and conveniently while efficiently sharing resources.

The first rule of thumb in a /tmp-related vulnerability is that the programmer is at fault. This is correct; an application that uses a temporary file in a world-writable directory has a responsibility to do so securely. Nonetheless, the use of world-writable directories will continue to be a source of new vulnerability reports. Any distribution that prides itself on security would be wise to implement, by default, a system with user-specific temporary file storage, either under $HOME or elsewhere. Of course, the first one to try will be the one to find all the applications that ignore the TMPDIR environment variable and have "/tmp" hard-wired into the application. It would not be an easy or simple transition.

All of this is theoretical, of course. What is not theoretical right now is the need for all programmers to fix sloppy programming habits in the way they use /tmp. Kris Kennaway posted a nice, concise message which should serve as a good rule of thumb for how to deal with /tmp, leaving us with applications that will work whether a system uses a shared /tmp directory or some safer alternative.

December CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for December is out. It covers, of course, electronic voting, along with a look at IBM's new crypto algorithm and digital safe deposit boxes. The newsletter is also available on Bruce's site.

Slackware Linux announces OpenSSL cryptography libraries. Slackware Linux announced the addition of the OpenSSL cryptography libraries and the OpenSSH suite of network connectivity tools. Users of Slackware 7.1 and -current can download these packages from Slackware's current developmental tree.

eCrime, Law and You (ZDNet). The Wall Street Journal's Keith Johnson takes a look at The HoneyNet Project in his article eCrime, Law and You. Honeypots are baited traps for hackers. In this case, the honeypots are used primarily as learning tools, with a "know your enemy" concept.

"To be sure, Spitzner's HoneyNet Project -- which includes some 30 security professionals, programmers and psychologists, all working on the project in their spare time -- isn't the first time honeypots have been used to gather intelligence on the Internet underground. ...

But unlike previous honeypots, which were baited with known vulnerabilities designed to mimic various computers, Spitzner's team puts unmodified production systems online -- networks with the same specifications, operating systems and security as those used by many companies. And this project isn't a hush-hush, internal corporate operation like previous honeypots: Spitzner posts all of his findings on the Internet for the security community to see at project.honeynet.org".

Kaspersky Lab 'year end' review. Kaspersky Lab has published a anti-virus year in review document. It's mostly Windows-oriented, of course, but there is a brief section on Linux. "Despite the fact that some species are able to replicate and work independently, no Linux virus has ever been detected 'in-the-wild.' Kaspersky Lab experts assume that this is because the Linux desktop standard is not as popular as its competitors." ...or, perhaps, it's the fact that it takes a little more than a bogus email attachment in the Linux environment...?

Security Reports

GnuPG web of trust circumvention. A couple of security problems with GnuPG were discussed on the gnupg development mailing list recently. The first problem deals with web of trust circumvention, made possible because private/secret keys will be imported from public key servers along with private keys, without user intervention. The same problem can occur via the "--import" option.

As a result, a new "--allow-secret-key-import" option has been added to GnuPG and a security patch against GnuPG 1.0.4 has been released.

Note, we compliment Red Hat on their advisory on this topic, which provided excellent references for tracking down the original source material for these vulnerabilities.

This week's updates:

• Red Hat
• Trustix

Zope local role and DTML editing vulnerabilities. It has been a busy week for the Zope team. Two more security hotfixes were released this week, one for a problem with the processing of local roles and the other a problem where users with DTML editing privileges can manipulate the raw data of an object for which they have no privileges.

These two vulnerabilities following quickly on the report of a Zope legacy vulnerability last week. Zope 2.2.5 should be released in the near future, including all the recent security hot fixes.

This week's updates:

• Red Hat, local role only
• Conectiva
• Debian
• Red Hat, DTML added
• Linux-Mandrake

JPilot directory permissions problem. JPilot is a desktop organizer for the PalmPilot that allows information from a PalmPilot to be sync'd to the disk of a Unix or Linux system. A directory permissions problem was reported in JPilot by Weston Pawlowski. By default, JPilot uses the default umask on its ".jpilot" subdirectory and files. As a result, private information, including possibly passwords, may be readable and/or writable. An easy workaround is to change the default permissions on the ".jpilot" directory. Check BugTraq ID 2136 for more details.

• Linux-Mandrake

nano tmplink vulnerability. Nano is a free pico clone. Not too surprisingly, it has also been found to be vulnerable to the same tmplink problem originally reported in the joe editor in November. Check BugTraq ID 2135 for more details.

This week's updates:

• Debian

stunnel local arbitrary command execution. stunnel is an SSL encryption wrapper designed to be used with Internet daemons such as POP and IMAP, to prevent cleartext passwords from passing across the network. Insecurely-structured calls to syslog can be exploited by a remote attacker to gain local access, potentially as root. The release of stunnel 3.9 fixed this problem, as well as others. For more details, check BugTraq ID 2128.

This week's updates:

• Trustix
• Red Hat
• Conectiva

BSD ftpd single byte buffer overflow. The ftpd daemon provided with NetBSD and OpenBSD was found to be vulnerable to a one byte overflow, which can be exploited remotely to gain root access. Note that this vulnerability is being actively exploited. FreeBSD and Linux systems are not vulnerable. The anonymous ftp service must be enabled and a writable directory provided for the exploit to work. OpenBSD has released a patch and the NetBSD CVS source tree is reported to have been fixed. Check BugTraq ID 2124 for more details.

• Trustix, not vulnerable, but new BSD ftpd packages provided anyway
• OpenBSD
• Trustix, BSD ftpd packages updated due to a typo in the original patch

Multiple vulnerabilities in FreeBSD procfs. FreeBSD issued an advisory warning of multiple vulnerabilities in procfs which can be exploited locally to gain root, to hang the system or to bypass restrictions on the super-user account. Workarounds and patches are made available. Note that they mark this vulnerability as not specific to FreeBSD. Presumably Linux systems are not impacted, but other BSD systems may be. For more details, check BugTraq IDs 2131 and 2132.

Another potential buffer overflow in bftpd. bftpd 1.0.13 was announced last week to address multiple vulnerabilities, including multiple buffer overflows. This week, an additional potential buffer overflow was reported by Christophe Bailleux. Perhaps as a result, bftpd 1.0.14 was released this week, with a note that security has been improved yet again.

expect buffer overflow. Expect is a nice tool for automating interactive applications. This week, a buffer overflow in expect was reported. Any script written with expect can be exploited. Of course, only setuid/setgid scripts will subsequently yield an increase in privileges. No information on a fix for this problem has been reported yet.

itetris local root vulnerability. An exploit has been published that can reportedly be used to gain local root access via a 'system' call whose input is not thoroughly checked. No confirmation, patch or fix for this has been posted yet; you may wish to disable itetris on your system until one is made available.

ProFTPD memory leak. A potential memory leak in ProFTPD was reported this week which could be exploited to cause a denial-of-service attack via the use of the SIZE command. Sample code to demonstrate the problem has been posted. The developers have been informed, but have not yet been able to recreate the symptoms.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

• AHG EZshopper, a perl-based e-commerce package, can be manipulated to read any file under the webserver's root directory. Here is this week's NSFocus advisory. Also note, however, that this is an old, unfixed bug. Check BugTraq ID 2109 for more details.

• Subscribe-Me Lite, a non-commercial mailing list manager, contains a vulnerability that can be exploited to arbitrarily delete subscribers from the mailing list using the administration panel. The original note to BugTraq indicates that the author has been notified and appropriate changes made. Check the cgiscriptcenter product page for update information.

• simpleguest.cgi contains a vulnerability that can be exploited to execute arbitrary code under the identity of the webserver. An exploit has been made available. No reference to these problems was found on the homepage.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Cisco Catalyst switches contain an ssh protocol mismatch that can be exploited to cause a denial-of-service vulnerability. Catalyst software release 6.1(1c) fixes the problem.

• Watchguard SOHO Firewall had four different vulnerabilities reported this past week. All have been addressed as of the latest release of the software, version 2.2.1. For more information, check BugTraq IDs 2113, 2114 and 2119.

• CoffeeCup FTP client contains weak password encryption, allowing server passwords to be compromised.

Updates

Secure Locate buffer overflow. Originally reported in the November 30th LWN Security Summary, the first distribution update for this problem came in this week from Debian.

This week's updates:

• Debian
• Linux-Mandrake
• Red Hat

Zope security update. The Zope Legacy vulnerability was reported last week. All versions of Zope up through 2.2.4 could be exploited to allow anonymous users privileges inside the server. The application of the Zope Legacy hotfix is highly recommended.

This week's updates:

• Linux-Mandrake
• Debian
• Conectiva

• Red Hat (December 14th)

DNS-based IRC server denial-of-service vulnerabilities. Check last week's Security Summary for the original report of denial-of-service vulnerabilities and more in multiple IRC clients, including BitchX 1.0c17-2 and earlier.

This week's updates:

• Linux-Mandrake
• Conectiva

• Caldera (December 14th)
• Red Hat Powertools (December 14th)

rp-pppoe denial-of-service vulnerability. Also first reported last week, Roaring Penguin Software's PPPoE client (a user-space PPP-over-ethernet client) contains a boundary condition exception that can be exploited to cause the connection to drop when a malformed TCP packet is received. rp-pppoe 2.5 has been released to fix the problem.

This week's updates:

• Linux-Mandrake
• Red Hat

• Conectiva (December 14th)

Oops buffer overflow. Check the December 14th LWN Security Summary for the original report. Version 1.5.1 has been released with a fix for this problem.

This week's updates:

• FreeBSD

ssldump format string vulnerability. Last week, we discussed a format string vulnerability in ssldump. This week, ssldump author Eric Rescorla responded, pointing out that the issue is not actually a format string vulnerability; it is "a pointer indirection problem resulting from a bug in the handling of sequence number wraparound". He is working on a fix for the problem and asked people to let him know of any other problems in ssldump that they find.

pam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module on December 7th.

This week's updates:

• Linux-Mandrake
• Linux-Mandrake, updated due to a dependency problem with the 7.2 pam packages in the original advisory

• Red Hat (December 7th)
• Immunix (December 14th)
• Conectiva (December 14th)

ed symlink vulnerability. Originally reported on November 30th, Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.

This week's updates:

• Conectiva
• Trustix

• Debian (November 30th)
• Linux-Mandrake (December 14th)
• Red Hat (December 14th)
• Immunix (December 14th)
• Conectiva (December 14th)

Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.

This week's updates:

• Linux-Mandrake

• FreeBSD (November 9th)
• Red Hat (November 23rd)
• Immunix (November 23rd)
• Conectiva (November 30th)
• Red Hat, Alpha packages added for RH7 (November 30th)
• SuSE (December 7th)
• Kondara (December 7th)

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

• Trustix

• Debian (November 16th)
• Linux-Mandrake (November 16th)
• SuSE (November 16th)
• FreeBSD (November 23rd)
• Conectiva (November 30th)
• Red Hat (December 7th)
• Caldera (December 7th)
• Conectiva 6.0 packages added (December 14th)

klogd/sysklogd format string vulnerability. Check the September 21st LWN Security Summary for the original report of this problem. Note that the "new" advisory listed this week is actually quite old; we don't know what kept it from getting posted in September, when it was dated, but we have included it this week in order to give a round report on available updates for this problem.

This week's updates:

• TurboLinux (dated September 28th, released via BugTraq December 20th)

• Red Hat (September 21st)
• Conectiva (September 21st)
• Slackware (September 21st)
• Linux-Mandrake (original) (September 21st)
• Debian (September 21st)
• Immunix (September 21st)
• SuSE (September 21st)
• Caldera (September 21st)
• Trustix (September 21st)
• Yellow Dog (September 28th)
• Linux-Mandrake, updated advisory with an additional fix (September 28th)
• SuSE, ftp server problems (September 28th)

Resources

sshmitm and webmitm. Dug Song released sshmitm and webmitm this week. These are tools for testing potential simple active monkey-in-the-middle attacks against SSH and HTTPS.

Events

Upcoming security events.

Date	Event	Location
December 20-21, 2000.	The Third International Workshop on Information Security	University of Wollongong, NSW, Australia.
December 27-29, 2000.	Chaos Communication Congress	Berlin, Germany.
February 7-8, 2001.	Network and Distributed System Security Symposium	San Diego, CA, USA.
February 13-15, 2001.	PKC 2001	Cheju Island, Korea.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Those who are interested in reasoning behind the makefile changes can take a quick look at this note from Linus which we fished out from among the extensive spam on the kbuild list.

Alan Cox has put out 2.4.0-test13-pre3ac2 which contains a number of pending fixes. It is, says Alan, "for the adventurous."

The current stable kernel release is 2.2.18. Work continues on 2.2.19, with the current prepatch being 2.2.19pre2. The bulk of the effort currently is oriented toward integrating Andrea Arcangeli's virtual memory work.

2.2.18 breaks the emu10k1 (SB Live!) driver, at least if it's compiled directly into the kernel. The fix, for those not wanting to wait for 2.2.19, is to apply this small patch.

The Linux Quality Database Project. Michael D. Crawford has announced a new bug tracking project for the Linux kernel. His plan is to put together a database-backed web site where users can report kernel bugs, search for bugs relating to their hardware, and track when and how things get fixed.

The idea certainly has merit. There is currently no formal mechanism for tracking kernel bugs other than the extensive database in Alan Cox's head (and the "TODO" lists that are kept at the end of development cycles). The "AC" database appears to be comprehensive, but access is difficult for most Linux users, and making backups has proved difficult. A development project as fundamental as the kernel really should have a better scheme for keeping track of things.

Of course, this sort of thing has been tried before. The real problem is not the development work in making the system function; that is relatively straightforward. But if the kernel developers do not actually make use of the resulting system, its database is worthless. Kernel hackers tend to be busy people, they are uninclined to spend time maintaining some database somewhere. Linus, in particular, has been unenthusiastic in the past.

So this project has some challenges in front of it. Success will require paying as much attention to the human side of the equation as to the technical side, if not more. If it works, the rewards will be worth it.

On the public nature of the linux-kernel list. The linux-kernel list has long been a place where people have said what they thought, without a great deal of concern over who might be watching. They do so, in fact, to the tune of about 200 messages per day. LWN includes messages from this list, but we have always made a point of passing over the more inflammatory stuff. After all, very little is accomplished by reproducing flamewars.

Increasingly, however, linux-kernel is being watched by people who have little real interest in the kernel itself. Journalists see the list as a way to tune into what's going on with Linux, and not all of them will resist the opportunity to engage in a little sensationalism.

Example: we would not have normally included Linus's opinion on Red Hat 7 here. Excerpts from that posting, however, showed up on Linuxgram as "Linus Savages Red Hat 7.0". There is little new to be said about the choice of compiler in that release (which LWN covered at the beginning of October); the only point was that Linus was speaking strongly, as is his way at times.

This particular episode doesn't mean much. The real point is that Linux kernel development, at least as it is expressed on linux-kernel, is an increasingly public process. The open nature of the process is a good thing, of course, but a spotlight that is too bright could prove to be worrisome. The development process will be hurt if developers no longer feel that they can speak freely to each other. It would be a shame if communications among the developers were to be repressed, or if it were to move to closed, invitation-only mailing lists.

(Those who are really interested in the Red Hat 7 discussion may want to look at the responses from Alan Cox and Jakub Jelinek).

Other patches and updates released this week include:

• Powertweak 0.99.0, a performance tuning tool, was released by Dave Jones.

• Steven Cole has posted a patch which allows ReiserFS-3.6.22 to be used with the current development kernels.

• Gujin is a bootloader, currently at version 0.2, written by Etienne Lorrain. It provides a graphical boot menu which is automatically generated via a scan of the disks on the system.

• Modutils 2.3.23 was posted by Keith Owens, followed quickly by a small bugfix. This version fixes the problem that made 2.3.23 not work with 2.2 kernels.

• Stephen Tweedie has released a new 2.2.18 raw I/O patch with a couple of additional small fixes.

• Jeff Dike has made user-mode Linux work with 2.4.0-test12.

• Christoph Hellwig has announced the creation of a new mailing list for the development of kiobuf-based I/O.

• Andreas Gruenbacher has released version 0.7.5 of the access control list (ACL) patch

• Tim Waugh has released eppio, a utility for communicating via a parallel port in EPP mode.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

The Year in Review. It's my turn to work the Distributions page and, as with everyone who works a Weekly page here at LWN, I had to come up with some meaningful lead in to the week's summaries. At this time of year news comes slowly - except for Security which seems to never take a holiday. There was very little topical news for Linux distributions in general. So I thought "If nothing much happened this week, then how about the rest of the year?" Ah yes - the year in review. What better time to look back than the time when, well, I have nothing else to talk about.

The most common form of work avoidance for writers this year is to compile their top 10 lists: top 10 distributions, top 10 updates, top 10 reasons why I can use old Red Hat CDs as decorative coasters, etc. Since I think Top 10 lists are pretty mindless, I think instead I'll just peruse the just published LWN Timeline for distribution-related events of significance during the past 12 months.

The first event is actually a non-event - Linux distributions pass the Y2K bug test quite handily. Was there ever a doubt? While many smaller and less supported applications held on to the year 100 (versions of Elm for example), the kernel itself came through relatively unscathed.

In February Caldera launched its IPO. Very few Linux distributions have filed for IPOs yet - and in the current climate of Wall Street further filings seem doubtful for the near term. What started the year as a craze ended the year in a daze. But then what stock sector didn't? Linux stocks haven't died completely, but they will have to address the more mundane issues of revenue and, eventually, profit over the next year if they expect to regain any of the ground they lost this year.

TurboLinux made a fair amount of noise over the year. It first garnered a $50 million investment from companies such as Dell and Compaq, later adding Oracle to its list of prominent investors. It followed that investment with another $30 million round in October. A month after receiving the initial $50 million investment the company shipped TurboLinux 6.0. In May they announced, as did SuSE, planned support for big iron from IBM - the S/390 distributions. In August TurboLinux was selected by HP to be installed on some of that hardware companies IA-64 workstations and joined a host of other companies in opening the Oregon-based Open Source Development Lab. Finally, October found TurboLinux filing for its IPO minus original founders Cliff and Iris Miller who left to form Mountain View Data.

Embedded distributions were big news all year as the PC sector slid and the Internet device sector grew. Hard Hat Linux (MontaVista), BlueCat Linux (Lynx Real-Time) and White Dwarf Linux (EMJ Embedded Systems) all hit the streets in February. In May Debian joined the fray with the Embedded Debian Project. And Lineo released Embedix 3.0 in October.

Some of the other important distribution news this year included:

• The launch of the Red Escolar Project in May. This project is destined to have a major impact in Mexico, aimed at providing usable systems for 5 year periods.
• Dell's announcement that Red Hat would be its third "strategic, global operating system" along with Windows and NetWare. In itself this was a strong endorsement, but its also just the most visible of a long string of hardware vendors making Linux a pre-installed option.
• IBM's slew of announcements in December, including the announcement of a $5 billion spending spree on Linux development. Big Blue Penguins - not as scary as they sound, actually.

Debian: State of the Woody. Anthony Towns has sent out a 'State of the Woody' posting describing where he thinks the next major Debian release stands. It is a good summary of what has been accomplished so far with this release, what problems remain (installation, mainly), and gives a time line for a stable release next June. Worth a read.

Red Hat. Red Hat had several announcements this week. The first was their announcement of the availability of the Beta version of Red Hat Linux for Itanium-based systems based on Red Hat 7.

Another announcement from the company pointed out that Red Hat had received several prestigious awards from leading industry publications and recognition at industry tradeshows in the year 2000.

Finally, Red Hat issued a bug fix advisory for gcc 2.96, which was shipped - amidst a slew of controversy - with the Red Hat 7 release. The bug fixes address various items, many of which appear related to g++ and cpp (the preprocessor).

Turbolinux Signs Linux ISP Deal with Chinese Ministry of Information Industries. Turbolinux announced it had signed a contract with the Huasong Company, an affiliate of the Chinese Ministry of Information Industries (MII), to provide Turbolinux solutions for the ministry's Internet infrastructure and telecommuncation centers in as many as 500 cities across China.

Caldera Sponsors Samba Client Library Development. Caldera Systems, Inc. announced that they have contracted with Richard Sharpe of the Samba team to create a client library for Linux and Microsoft integration. The Caldera-funded project includes the development of library source code, associated reorganization and reuse of Samba code and documentation of the library application program interface (API). As part of the Samba project, the library and documentation will be available under the General Public License (GPL). Caldera's engineering group will work with the Samba team to complete the project by February 2001.

New Distributions

GNU/Linux Ututo. A new distribution announced this past week, GNU/Linux Ututo is the first GNU/Linux distribution done in Argentina. The web site is in Spanish, so you may want to check out the usual Babel Fish translation.

We searched for a link to this distribution but couldn't find one (no link is provided in the article). If anyone has a pointer to a web site for this distribution let us know so we can add it to our ever growing list of distributions.

General-Purpose Distributions

Mission Critical Linux Convolo Cluster 1.2. Mission Critical Linux announced the availability of Convolo Cluster Version 1.2, a Linux cluster solution that supports Network File System (NFS) failover.

Debian Weekly News for December 19th, 2000. The latest issue of the Debian Weekly News has hit the streets. Topics covered include the new "testing" branch and its association with woody, vote counting issues and security fixes for zope, slocate and various editors.

Slackware. Slackware: announced this week that OpenSSL, the free Secure Sockets Layer library, and OpenSSH, the free encrypted remote shell program, have been made available in Slackware-current.

In addition, KDE has been updated to 2.0.1 in -current, and the Mutt mail client and AT&T's Korn Shell 93 have been added to the distribution.

MSC.Linux. MSC.Software Corp. announced this week the beta availability of MSC.Linux, a clustering version of the Linux operating system designed for engineering and corporate environments.

Embedded Distributions

PeeWeeLinux. PeeWeeLinux, a small footprint embedded distribution, announced release 0.53.24 this past week. The web site for the distribution also mentions 0.53.25 but has not publicly announced that release.

Mini/Special Purpose Distributions

Coyote Linux. Coyote Linux versions 1.23 and 1.24 were releases earlier this past week. Version 1.24 represents the latest stable release of Coyote Linux. Among the features added are SSH for secure remote access, support for systems without a math-coprocessor, updated network card drivers, and several bug fixes (including the broken DHCP server support in 1.23). Version 1.23 fixed serveral bugs and includes the 2.2.18 kernel. It also has an updated PPPoE daemon.

muLinux. muLinux, a floppy based distribution, quietly released 11r2. The previous stable release was 10r5.

NetBSD 1.5. Wasabi Systems, Inc., a company founded by key members of the NetBSD project, released a CD version of NetBSD 1.5 this week. The Standard Edition, which ships immediately, contains 2 CDs which are bootable on x86 PC, Alpha, DECstation, SPARC, UltraSPARC, Power Macintosh, VAX and many other platforms. A 12-page installation guide is also included. The Package Release, which will be available sometime in January, includes the Standard Edition plus an extra CD with 3rd party applications precompiled for the x86 platform.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

News and Editorials

Browsers

Mozilla Status Update for December 13, 2000. A new Mozilla Status Update has been published. Check it out for the latest status on Composer, MailNews, Rendering, XML/DOM, and more.

Databases

Python Berkeley Database 3.1.x wrappers. Robin Dunn has announced a new BerkeleyDB wrapper module for Python. This project is unique in that it does not rely on SWIG like previous wrappers.

Education

Linux in education report #35 for December 18th, 2000. The latest Linux in Education report has been published by SEUL/edu. Discussions cover using the Gimp, Sketch, and various other tools for graphing and plotting, plus the usual list of new educational applications available for Linux.

Debian Jr. Package List. The current list of packages has been published for the Debian Jr. project. "The primary goal of the Debian Jr. project is to make Debian an OS our children want to run. This involves some sensitivity to the needs of children as expressed by the children themselves. As parents, developers, older siblings, sys admins, we need to keep our ears and eyes open and discover what it is that makes computers desirable to children. Without this focus, we can easily get sidetracked trying to achieve abstract goals like 'user friendliness', 'simplicity', 'low maintenance', or 'robustness' that, while they are certainly laudable goals for Debian as a whole, are too broad for addressing the specific needs and wants of children."

Dr Genius 0.5.10 released. Version 0.5.10 of Dr Genius is now available for download. Dr Genius, Dr Genius Refers to Geometry Exploration and Numeric Intuitive User System, aims to help with the visualization of geometry. The project is the result of the merging of two other projects, George Lebl's Gnome Genius Calculator and Hilaire Fernandes' GTK Dr. Geo. Dr Genius is licensed under the GPL license.

Electronics

New releases from gEDA. The gEDA project has announced new versions of the gschema schematic capture program and the Icarus Verilog circuit simulation software.

Embedded Systems

Fundamentals of Real-time Linux Software Design (LinuxDevices). LinuxDevices.com presents a technical white paper by Kevin Dankwardt, explaining the fundamentals of real-time Linux system programming. "If there is only a single task to worry about, lots of issues, such as kernel preemptibility, are no longer pertinent. If you are not dealing with hardware interrupts, then, do you really have a real-time system (we include timers here)? If your target system has multiple CPUs then you may have a means of distributing your tasks and interrupts in such a way that the issues discussed, again, are not important."

Embedded Linux Newsletter, December 14th, 2000 (LinuxDevices). This week's issue of the Embedded Linux Newsletter is out. Topics for the past week included PDA alternatives, point of sale terminals, and a slew of papers from the second annual Real-time Linux Workshop.

Games

Indrema updates open-source stance (LinuxDevices). Indrema, maker of an embedded Linux based game console has updated its position with regards to the open-source development model. "After extensive feedback from the open source community (most of whom were concerned about the conflicts of certification with the bazaar development model), Indrema has decided to change the freeware / Open Source portion of the certification plan to better accommodate independent developers, particularly Open Source developers."

Interoperability

Caldera sponsors Samba client library development. Caldera Systems has announced that it is sponsoring Samba developer Richard Sharpe to develop a new client library for the Samba system.

CodeWeavers Releases a Packaged Wine Preview (Linux Today). The Code Weavers have announced a packaged version of Wine that works with Gnome and KDE. A Wine Configuration Wizard, Wine Launcher, and the WineMaker porting tool are included in the package.

Wine Weekly News for December 18, 2000. The December 18, 2000 version of the Wine Weekly News has been published. This issue has an in-depth feature on dynamic loading in Wine as well as the usual project status information.

Network Management

OpenNMS Update, Volume 1, Issue 39 (December 20th, 2000). The latest OpenNMS Update has arrived. Version 0.4.1 of OpenNMS has been released and some common questions regarding it have been answered. Also included are a list of new features, a wish list, and some afterthoughts about productivity during the holidays.

Office Applications

LyX Development News for December 20th, 2000. A new issue, number 10, of the LyX Development News has been published. This edition covers the debate on keeping or dropping GUI independence for that application along with a brief history of the LyX name. The usual batch of development quotes and mail thread summaries are also included.

The Gimp version 1.1.31 is available. Developer's Version 1.1.31 of the Gimp is available for download. This follows last week's release of version 1.1.30 with a few more bug fixes. If this version proves to be stable, it will soon become Stable Version 1.2.

On the Desktop

XFree86 4.0.2 Released. The XFree86 Project, Inc has released XFree86 Version 4.0.2. This release brings X support to the Darwin/Mac OS X PowerPC platform, support for many new graphics cards, Render support, enhanced internationalization, and even an improved XTerm, among other things.

KDE 2.1 beta 1, Qt 2.2.3 released. The announcement for KDE 2.1 beta1 has gone out. This release contains a new theme manager, the Pixie image viewer/editor, the KDevelop C/C++ IDE, and more.

Also, Trolltech has announced the release of the Qt 2.2.3 GUI framework. This is a bugfix release.

10 Questions with Charles Northrup. Charles Northrup, CTO of Global Technologies Ltd. Inc and lead developer on their GNOME for Windows Project is interviewed by Linux Orbit's John Gowin.

"Linux Orbit: It was noted on the press release that work was being done on a KDE port as well. What's the timeline for the KDE port?

Charles Northrup: This is dependent on user demand mostly. We have not received any requests for KDE to date. If the requests come in, we will look at this effort more seriously."

The People Behind KDE: Luigi Genoni. The people section of dot.kde.org spotlights Luigi Genoni. "What is your role within KDE?
I'm the maintainer of knetfilter, a gui to set up and configure firewalls with Linux 2.4.0 and iptables. It is a marginal application in front of the KDE great stuff, but it is one of the many applications for sysadmins developed for KDE that, in my opinion, make KDE as rich and interesting as it is for the users."

Linux Accessibility Conference and GNOME. The Linux Accessibility Conference will take place during CSUN's Sixteenth Annual International Conference, March 22-23, 2001 at the Los Angeles Airport Hilton Hotel.

"The mission of the conference is twofold:
1) To demonstrate the potential of Linux and free software in the accessibility arena.
2) To formulate a course of action for advancing Linux accessibility and to begin to organize interested supporters and developers into working groups focusing on specific topics. These topics include: GNOME, KDE, X Windows, Console, Braille, Speech, Internationalization and Localization (i18n and l10n), Internet Applications (Mozilla), and Universal Accessibility Standard. "

Easy GUI programming with EasyGTK (IBM developerWorks). IBM's developerWorks is carrying a story on using EasyGTK, a wrapper library around GTK+ that purports to make writing GTK+ applications simpler. "The Gnome Toolkit (GTK+) is a free toolkit for creating great user interfaces. EasyGTK is a wrapper library that translates calls into GTK+, removing much of the effort and time needed to master GTK+." Gnome Toolkit? Try Gimp Toolkit, guys.

Printing Systems

Cups V1.1.5 released. Version 1.1.5 of the Common Unix Print System (CUPS) has been announced. A huge list of changes are listed including security fixes, installation improvements, more USB support, new documentation, and lots of other stuff.

LPRng 3.7.2 available. Version 3.7.2 of the LPRng enhanced print spooler is available for download. Information on this release is somewhat sparse at this time.

Science

SpaceChart 3D starmapping for Gnome. A new version of SpaceChart has been released. " SpaceChart is a program that allows you to see the stars in glorious 3D and rotate them to see them from any point of view. You can also limit which stars you want to see, according to their spectral class and luminosity, and draw links between all stars closer than a certain distance. "

Systems Administration

Interview with David Cantrell (Userlocal.com). Userlocal.com interviews David Cantrell, a noted Slackware developer. "Using the CHECKSUMS.md5 files that we provide in the distribution, autoslack will look at your machine and a distribution tree of your choice and tell you what packages can be removed, upgrade, or new ones that can be installed. Optionally it can download those packages and/or perform the actual package operation."

Web-site Development

Midgard Weekly Summary, December 20th, 2000. The Midgard Weekly Summary has been posted. Features include the upcoming final 1.4 candidate, the implementation of a nightly build system, and Midgard 2.0 schedules.

ZopeLDAP 1.1.0 released. A new version of ZopeLDAP is now available. This release brings the ability to run in a non-transactional mode, a Python friendly Entry object API, and improved documentation.

Zope Weekly News for December 14, 2000. The December 14, 2000 edition of the Zope Weekly News has been published. News includes the release of Zope 2.3 Alpha 1 and the upcoming release of Zope 2.2.5.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Assembly Language

The new Amiga: VP assembly code demo (developerWorks). It's not Linux specific, but Amiga's cross platform development environment - the Tao Group's Virtual Processor (VP) technology - is intriguing on it's own. IBM's developerWorks is carrying a story showing an example application written in this new, "hardware independent", assembly language. " VP code is, in a nutshell, the ideal assemble language. In fact, it's such an improvement over traditional non-virtual assembly language that it needs to be seen and understood in order to be appreciated. Just to highlight a few of its strong points: it has an unlimited number of integer and floating-point registers [and] you can use high-level looping constructs (similar to those in a higher-level language like C)."

Java

Building Servelets with Session Tracking (IBM developerWorks). IBM's developerWorks is running a tutorial on Building servlets with session tracking by Jeanne Murray. "This tutorial teaches techniques for building Internet applications using servlet and JSP technology. A key point is to enable session handling, so the servlet knows which user is doing what. The tutorial shows a URL bookmarking system in which multiple users access a system to add, remove, and update an HTML listing of bookmarks. The servlet uses JSP technology to handle the user interaction." Registration is required.

Perl

Perl 5.6.1 TRIAL1 Released (Use Perl). Release 5.6.1 TRIAL1 of Perl has been released. This is a trial version, it's not ready for production yet.

Perljvm Under Active Development Again (Use Perl). The Perljvm project, which aims to port Perl to the Java Virtual Machine, is under active development again.

PHP

PHP 4.0.4 released. PHP version 4.0.4 has been released as of December 19, 2000. This version contains a ton of bug fixes as well as a few new features.

Introduction to PHP (IBM developerWorks). IBM's developerWorks has run an introduction to PHP that describes the PHP web scripting language. "PHP is a scripting language that is embedded in HTML and interpreted by the server. It can be used to manage dynamic content, work with databases, handle session tracking, and even build entire e-commerce sites. It works well with a number of popular databases, including MySQL, PostgreSQL, Oracle, Sybase, Informix, and Microsoft SQL Server."

Python

Python-URL! for December 18th, 2000. The latest Python-URL! has hit the ether, with topics covering the use of Python in cryptography and math, variable/parameter/assignment semantics, and using Python to access the parallel port lines under Windows 95.

Jython 2.0a2 released. Version 2.0a2 of Jython is available. Jython is an implementation of the Python language written in Java.

Smalltalk

Bistro 3.4 available. Nik Boyd has announced the availability of Bistro 3.4. Bistro is a variation of Smalltalk that runs on top of the Java VM.

Tcl/tk

Scripted wrappers for legacy applications (REGULAR EXPRESSIONS). In a REGULAR EXPRESSONS article, Cameron Laird and Kathryn Soraiz show us how to use Perl and Tk to build a gui wrapper around a C program.

Dr. Dobb's Tcl-URL! for December 18th, 2000. The weekly edition of Dr. Dobb's Tcl-URL! has been published. Featured topics include authenticating usernames and passwords in URLs, handling background errors, and a comparison of Tcl to other scripting languages.

Tcl/Tk 2001 Conference Announcement. The Tcl/Tk 2001 Conference has been announced for July 23-27, 2001 in SanDiego, California.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Embedded Linux. Linux training has been big business for some time now, but it is mostly aimed at Linux on the desktop and Linux system administration. Until now there has been little or no training for those interested in embedded Linux. Now both Lineo, Inc. and MontaVista Software are gearing up to fill that gap.

Lineo's Lineo Academix is a scholastic program designed to prepare students for the field of embedded Linux programming. MontaVista, instead, will launch MontaVista University on January 15, 2001 to train developers working in the open source embedded Linux domain. Next, of course, will come the certification exams.

In other embedded news, EMBLIX, the Japan Embedded Linux Consortium, announced their first elected officer corps, the results of an election process that was initiated at MST 2000 last month. The consortium also established three working groups designed to initiate discussion within the embedded Linux community about platform and interoperability issues.

Red Hat third quarter revenue grows to $22.4 million. Red Hat, Inc. reported revenue of $22.4 million for the third quarter of fiscal 2001, ended November 30, 2000. That's an increase of 112% over the $10.5 million reported for the third quarter of fiscal 2000 and an increase of 21% over the second quarter of fiscal 2001. Gross margin was 60% for the third quarter fiscal 2001, versus 58% reported in the second quarter fiscal 2001 and 41.5% in the third quarter fiscal 2000. The Company reported an adjusted net loss of $900,000, or $0.01 per share, for the third quarter of fiscal 2001, compared to an adjusted net loss of $5.4 million, or $0.04 per share, for the third quarter of fiscal 2000. They are still not making a profit, but they getting closer.

Linux is hard at work in many fields. Linux NetworX, Inc. announced that Lawrence Berkeley National Laboratory, Berkeley Calif., has selected a Linux NetworX cluster computer system for its Drosophila Genome Project. The Linux cluster of 40 processors will be used by the Berkeley Lab to analyze and sequence the Drosophila (fruit fly) genome.

Linbox has announced (in French) that it has sold 950 Linux-installed servers to the French Direction Générale des Impôts - which administers taxation. An English translation is available via Babelfish.

RSS 1.0 Released by International Working Group. RDF Site Summary (RSS, also referred to as Rich Site Summary format) 1.0, an XML-based application enabling Web sites to describe and syndicate site content and metadata, has been released.. RSS is used by many sites, including LWN.net, to post headlines from their sites for external use. This is the first update to RSS since Netscape released version 0.91 in July,1999.

Eazel Announces Sun to Adopt Nautilus Software for Solaris Operating Environment. Eazel has announced that its Nautilus environment will be shipped with Solaris by Sun, along with GNOME 2.0. Sun will also contribute some development help to Nautilus.

Press Releases:

Open Source Products

• DevelopOnline (TEMPE, Ariz.) announced that Motorola is making its newest telecommunications PowerPC-based hardware platform available online to DevelopOnline's community of developers.

• DevelopOnline (TEMPE, Ariz.) announced that IBM Microelectronics is making its PowerPC Platform with the new 405GP processor available on DevelopOnline's collaborative development Web site.

• Lutris Technologies Inc. (SANTA CRUZ, Calif.) announced that Lutris Enhydra 3.5, an application server capable of supporting wireless protocols, has been released to manufacturing and may now be ordered online.

• Metaflow Technologies Inc. (GRENOBLES, France) introduced Implosion, a system on chip (SoC) design platform that uses Open Source IP for its key hardware and software components.

• Progress Software Corporation (BEDFORD, Mass.) announced that its new open source site, www.possenet.org, is up and running and offering collaborative access to the latest release, Version 9.1, of its Application Development Environment (ADE) source code. CollabNet is providing its SourceCast environment as the infrastructure for the www.possenet.org site.

• VeriSign, Inc. and Telcordia Technologies, Inc. (MOUNTAIN VIEW, Calif.) announced the opening of the first public trial, part of the ENUM World project, for testing services and applications using the ENUM standard. Participants in the trial will have free access to an open source software development kit and use of the trial registry.

Proprietary Products for Linux

• Aladdin Knowledge Systems (CHICAGO) announced plans to offer a beta version of HASP for Itanium, a comprehensive software security product.

• Mission Critical Linux, Inc. (LOWELL, Mass.) announced the immediate availability of Convolo Cluster Version 1.2, with full support for Network File System (NFS) failover.

• Oracle Corp. (REDWOOD SHORES, Calif.) announced the availability of Oracle Internet File System, designed for Internet-based applications using Java and XML. The latest version is available free-of-charge as part of Oracle8i, Release 3 for Linux platforms.

• PolyServe (BERKELEY, CA) introduced LocalCluster Enterprise, a new high-availability server clustering solution for data replication of web- and IP-based services.

• VMware, Inc. (PALO ALTO, Calif.) announced that its VMware Express desktop software is now available directly from VMware on its Web store ( http://www.vmware.com ) for $79. VMware Express allows users to run either MS Windows 95/98 applications on a Linux system.

Products and Services Using Linux

• e-smith (BOSTON) announced the latest upgrade of the Linux-based e-smith Server and Gateway, version 4.1, with virtual private networking and e-smith Web mail.

• LinuxWizardry Systems, Inc. (BOCA RATON, Fla.) announced a new product for the Magic Passage DSL/Cable Router product line. The new model will be designated the Magic Passage 1400 and will be an entry-level alternative to the current Magic Passage 2540.

• Stream Machine (SAN JOSE, Calif.) announced a reference design that captures, stores, and streams digital media to computers and entertainment products throughout the networked home. The Maestro Reference Design, available in the first quarter of 2001, is based upon the Stream Machine SM2210 codec, a market-leading MPEG2 compression / decompression chip now in full production. And Maestro uses an embedded Linux operating system.

Servers, installed Linux optional

• Dell (ROUND ROCK, Texas) announced that DellHost, Dell's integrated Web hosting service, is offering expanded custom, multi-tier solutions that include firewall and load balancing servers. DellHost has a PowerEdge 2450 server featuring dual 1GHz Intel Pentium III processors, 1GB RAM, three 9GB SCSI hard drives and Red Hat Linux operating system for $799 per month, plus set-up fees.

• IBM (ARMONK, N.Y.) announced that its new IBM eServer z900, "the reinvented mainframe", began shipping to customers around the world.

• Rave Computer Association, Inc. (Sterling Heights, Michigan) has added a redundant 4UAXmp rackmount to its family line of Rave AXmp Systems.

• SteelCloud (DULLES, Va.) announced the ultra high-performance SteelCloud Model 1000.

Products with Linux Versions

• Advanced Visual Systems (WALTHAM, Mass.) released version 5.1 of the AVS/Express data visualization platform. Features include OpenGL rendering on Linux-based systems.

• American Megatrends Inc. (ATLANTA) announced support for Red Hat Linux, RAID 10 and multi-controllers to its MegaRAID IDE100 and MegaRAID IDE66 hard drive accelerators. Linux drivers are available for download on AMI's web site at www.ami.com.

• Asante Technologies, Inc. (SAN JOSE, Calif.) announced that the company is now shipping GigaNIX, its new Gigabit Ethernet adapters for Apple Mac OS, Windows and Linux systems.

• ELSA (SAN JOSE, Calif.) announced shipment of the GLoria lll professional graphics accelerator optimized for mechanical computer-aided design, professional game development and film animation and effects.

• ELSA (SAN JOSE, Calif.) announced the shipping of the Synergy III professional graphics accelerator with application specific optimizations and dual monitor support.

• Equator Technologies, Inc. (CAMPBELL, Calif.) announced the availability of its Shark MAP-CA Development Board and the iMMediaTools Software Toolkit, version 5.2. Red Hat Linux 6.2 is supported.

• Hewlett-Packard Company and Sprint PCS (PALO ALTO, Calif. and KANSAS CITY, Mo.) announced an agreement to jointly market and sell the HP Openmail Anywhere solution as part of the Sprint PCS Wireless Web for Business.

• Marimba, Inc. (MOUNTAIN VIEW, Calif.) announced the release of Timbale version 1.2. With this latest release, Marimba introduces a cache module and added platform support (including some versions of Linux).

• SteelEye Technology Inc. (MOUNTAIN VIEW, Calif.) announced an extension of its LifeKeeper Next Generation Enterprise Reliability Platform into MySQL database environments.

• MAPICS, Inc. (ATLANTA) announced the delivery of the Spanish translation of Point.Man 5.0, MAPICS' extended enterprise application.

• Tarantella, Inc. (SANTA CRUZ, Calif.) and Alternative Technology, Inc. announced that they have signed an agreement for Alternative Technology to distribute the Tarantella web-enabling product line.

• Wind River Systems, Inc. (ALAMEDA, Calif.) announced general availability of the SNiFF+ 4.0 source code analysis environment for advanced source code visualization and navigation.

Books and Training

• LinuxCertified.com will offer its next weekend System Administration bootcamp on January 20-21, 2001 in San Francisco bay area (south bay). This workshop is designed for IT professionals and is designed to cover the most important Linux administration areas.

Partnerships

• 2netFX and Zapex Technologies, Inc.announced an alliance to design and deliver innovative hardware and software broadcast solutions to be used in the IP distance learning market. The first system offered by the alliance is a Linux-based server solution.

• e-smith, inc. (BOSTON) announced the e-smith Authorized Partner Program, an initiative designed to help solution providers deliver network server solutions to small and mid-size businesses.

• Lutris Technologies Inc. (SANTA CRUZ, Calif.) announced a licensing partnership with