[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


The case for competition. Those who would criticize free software often pick on competing projects (GNOME and KDE being the classic example) as an example of inefficiency and inability to work together. Many free software supporters take a similar view. According to many, the free software community would be better off if everybody worked on a single project in each area. Think of how much more could be accomplished that way.

Recent events, however, have provided us with a counterexample of utmost clarity. The Berkeley Internet Name Domain (BIND) server is one of the classic free software success stories. It is free software, and plays a crucial role in the operation of the Internet. It runs almost every DNS server on the planet; its "market share" makes Sendmail and Apache look like bit players.

And therein lies the problem. When a security problem turns up in BIND, the entire net is immediately vulnerable. In this respect, the net is a monoculture. Imagine the damage that could be done by a malign individual who is able to find and exploit a new BIND bug. Given that (1) BIND bugs seem to turn up regularly, and (2) BIND 9 contains a large amount of new code, this scenario is a real possibility. The fact that ISC plans to create a closed forum for the discussion of BIND security issues (see this week's LWN security page) does not add confidence in this area.

BIND shares a lot of characteristics with sendmail. It is a piece of near-universal infrastructure which performs a crucial function. It is also too large and complex to ever be audited thoroughly. Sendmail, however, faces viable competitors; those who do not want to run it can do very well with qmail, Postfix, Exim, or others. These mailers handle a small piece of the Internet's mail traffic, but they add a great deal of security and robustness to the system.

BIND is not entirely without competition either. Some of the other free (or "almost free") DNS servers out there include:

  • djbdns. This DNS server was written by D. J. Bernstein, who also wrote qmail. It shares a number of the characteristics that qmail has: the code is compact, fast, and highly secure. It also shares qmail's downsides: Mr. Bernstein's aggressive personality (see his Buggy Internet Name Daemon page), not-quite-free licensing (you can't redistribute modified versions), and code that is at times difficult to read. djbdns also lacks some capabilities (such as TCP service), making it not necessarily suitable for larger domains.

    Update: we've received mail saying that we have understated the capabilities of modern versions of djbdns; we're investigating, and we regret any errors on that front. Further update: we now have a detailed look at djbdns available as a separate feature which, hopefully, sets the record straight.

  • CustomDNS is a DNS server, written in Java, which is intended for highly dynamic domains. DNS lookups are handled "on the fly," so that, say, associating domain names with DHCP-assigned addresses can be handled. CustomDNS uses HP's e-speak technology under the hood. The whole package is covered by the GPL.

  • Dents is a DNS server written in C. It features a control architecture built on CORBA and a modular plug-in system for added features (there is, for example, the inevitable module that calls a Perl script to resolve queries). It is licensed under the GPL. Dents appears to have much of what is required, but development seems to have stalled (the last release on SourceForge (0.3.1) is from September, 1999; no CVS commit appears to have happened in the last three months) and the documentation is nonexistent. The force behind Dents was Johannes Erdfelt; he is now heading up the Linux USB project, and is likely too busy to work with Dents. Dents is not yet ready for prime time.

  • ENS is a small DNS server which is intended to be used in embedded systems.

From the above list, one can conclude that BIND's competitors have some ground to cover yet (though supporters of djbdns disagree). Energetic hackers looking for a project may want to consider the creation of a viable competitor to BIND; the net will be a safer place when we have one.

Speaking of the KDE/GNOME competition... if you search for KDE on Google you'll find, among the expected things, a "sponsored link" from Ximian. Not everybody thinks that's quite the form the competition should take...

SuSE lays off most of its U.S. staff. We have now received word from several SuSE employees that they have been laid off as part of a general cost-cutting measure. Evidently, almost all of SuSE's U.S. presence will be closed down, leaving "about two dozen" people out of work. The people affected were doing installation support, consulting, and some development work. Some of them have been saying their goodbyes on the SuSE English mailing list; it is clear that they will be missed. We wish the best for all the SuSE folks.

If you are not one of the people involved, this step is actually not all that significant. SuSE apparently has no intention of cutting back on its English edition or backing out of the U.S. market - SuSE Linux will be available as always. And, in the end, a couple dozen people out of a worldwide total of around 600 is a pretty small reduction - a number of Linux companies have made much larger cutbacks than that. SuSE remains alive and well. (See also: this Slashdot comment posting from SuSE employee Michael Hasenstein on the layoffs and what they mean for SuSE).

Amusingly, SuSE's U.S. PR agency dismissed LWN's initial reporting on the layoff as "totally rubbish". We're waiting for our apology...:)

It's time to make a choice about software licensing. At least, that's what we read on the front of a piece of junk mail that Microsoft, in its wisdom, chose to send to the LWN offices. On the back, the choices are clearly spelled out:

  • A. Big Penalties from the BSA
  • B: Big Savings from Microsoft

You'll be glad to know that the Business Software Alliance has declared a "28-day truce" - for the month of February, it will "hold off on software investigations." Now is the time to go out and be sure you've bought licenses for everything you (and your employees) are using, or "pay the price."

Microsoft hopes to simultaneously take advantage of and dissociate itself from this ugly aspect of proprietary software. Come to terms with the Good Cop (Microsoft), and it will protect you from the Bad Cop (the BSA).

This brochure, of course, leaves out an important alternative:

  • Run free software and tell the BSA to take a hike

Anybody who has administered a network of systems can attest to the hassles of dealing with software licensing. The up-front cost is one thing, but the administrative time involved in managing software licensing is considerable. Tracking software on systems, maintaining a database, running license manager daemons, getting everything working again after a hardware or software upgrade, and so on, takes a great deal of effort. Proprietary software is a costly game to play if you stick to the rules.

And if you don't, there's the BSA with its audits and raids and penalties. The BSA has become a sort of software industry police force, with the willingness and ability to go to the courts for the authority to raid companies and "audit" their computers. And this is not just a U.S. phenomenon; the BSA is a worldwide organization.

Free software brings freedom, and that includes freedom from threats and raids by BSA bullyboys. How much is that freedom worth to your company?

LinuxWorld 2001 New York. If you didn't catch the links to our LinuxWorld coverage on the daily page this past week, here is your chance to check it out. This year's conference was a study in contrasts; the exhibit floor was twice the size of last year, but several vendors canceled their attendance at the show at the last minute. The venture capitalists were no longer circling, but that didn't mean that money wasn't present. This time, it came in the form of a large new presence from the big computer companies, IBM in particular, but also Intel, Dell, Compaq and more.

In many ways, there was more money around than ever; IBM's investments were part of that, but also it was clear that the large companies were confident that Linux was moving into the enterprise. Maybe we've only got our toe in the door at the moment, but that is changing quickly. And the enterprise is where customers can and will spend money to get what they need.

Overall, the mood was upbeat. While Linux IPOs and other get-rich-quick schemes were definitely in disfavor, the feeling that Linux and Open Source software is an unstoppable movement was still present, possibly bolstered by the preview release of Revolution OS, a documentary about Free Software, Linux and Open Source and its impact on many people's lives. Even if you aren't one of the people in that film (it could only focus on a few), it is an experience to see the world we've lived in portrayed on film. We hope it will do well at its official opening in March and move on to become available for more people to see.

Meanwhile, our coverage is not yet complete; interviews and feature articles based on last week's work will be forthcoming in the near future.

Inside this week's Linux Weekly News:

  • Security: Privacy issues with HTML mail, ISC "members only", NSA teams with VMWare, insecurities in Wireless protocol.
  • Kernel: Some 2.4.1 problems; the great kiobuf debate
  • Distributions: Ututo, Astaro and Relax join the list. SuSE wins an award and enters the Internet Portal business.
  • Development: LDP update, multi-headed KDE, LAMP, Tkinter 3000, DDD 3.3.
  • Commerce: LinuxWorld wrap-up.
  • History: "Open Source" turns 3.
  • Letters: On DirecTV's "black Sunday"
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


February 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.


Security FAQs
SuSE
Linux Security HOWTO

Security


News and Editorials

Privacy issues with HTML-based email. The Privacy Foundation has issued an advisory regarding potential security problems with HTML-based email containing Javascript code. When read by mail clients such as Netscape 6, Outlook or Outlook Express, javascript code included in a message can be used to silently report back to the original sender information such as to whom the message is forwarded or what additions are made to a forwarded message, potentially revealing sensitive information.

This message from the politechbot.com mailing list provides a good summary of the issues involved, as well as links crediting the source of the security report. They sum it up pretty well, "Friends don't send friends HTML email".

Note that not all HTML mail readers are affected. Some turn off Javascript by default while others automatically strip Javascript from messages before displaying them. Now is a good time to determine how your mail client handles such messages.

ISC to close access to Bind security info?. Last week's reported security vulnerabilities in both bind 4 and bind 8 were followed this week by plans from ISC (the company who has been developing bind 9) to create a new "bind-members" forum for the discussion and dissemination of security information related to bind. Membership in this forum would be strictly limited, a nondisclosure agreement would be required, and a fee would be charged. Theo de Raadt forwarded (to Bugtraq) a copy of an email message from Paul Vixie at ISC that discusses the proposal. As you might expect, a large amount of furor and discussion resulted.

Kurt Seifreid at SecurityPortal.com followed up on this issue with ISC and others. His article includes a brief email interview with Paul Vixie, who commented:

An important point to make, if you're going to write about this, is that nothing ISC has historically done will stop. The code is still completely redistributable under the Berkeley-style license (which, unlike the GPL, allows vendors to distribute binaries based on modified sources without sharing those source modifications with ISC or anybody else). CERT will still be ISC's channel for announcing security bugs to the community. Patches will still be accepted from the community, and published to the community. The ONLY thing bind-members will do is ADD SOMETHING NEW.

The commentary in the article from Linux-Mandrake, Immunix OS, and others, though, is still uniformly negative towards this move.

From our perspective, though we sympathize with ISC's need to develop a revenue stream based on this Open Source product, their suggested model strongly resembles the X Consortium model (which Paul Vixie references). We consider that a failed model. In spite of the inclusion of non-profit members without a fee, the X Consortium eventually bogged down in corporate politics, failing to deliver quality development upgrades and leaving a vacuum that the XFree86 group has happily stepped in to fill. In a similar manner, the bind-members group could result in timely information about potential security problems not getting out, or one vendor's fixes being delayed because fixes from other vendors were not yet available. Given the wide-spread use of bind across the Internet, this is a cause for much concern.

If ISC is, indeed, planning on offering services to vendors that are in addition to what it already offers on public mailing lists, they should certainly be able to require a fee for that service. However, the need for a non-disclosure agreement along with that fee has not been demonstrated.

For more coverage on this issue, check out our editorial on this week's front page.

NSA attempting to design crack-proof computer (ZDNet). ZDNet looks at how VMWare and the National Security Agency have teamed up to make a more secure PC. "Called "NetTop," VMware's answer would turn each computer into a number of virtual PCs running on a Linux computer that would sit on each worker's desk. The security system would erect supposedly impenetrable, but virtual, walls between public data and more sensitive information on the same computer. "

Note that VMWare on Linux was considered an avenue for this development while VMWare on Windows NT, etc., was not. Why? Because Linux provides the source code and Windows does not. NSA understands that they need the source code to be available to build a trusted system.

NSA is therefore making a strong stand in support of Open Source, but not necessarily in support of Free Software. The article also discusses their plans to use commercial off-the-shelf software. Hopefully, closed source proprietary software will not be used while manipulating secure data ... otherwise, their exclusion of Microsoft's operating system will be meaningless. (Thanks to Richard Storey)

Security of the WEP algorithm. Nikita Borisov, Ian Goldberg, and David Wagner have posted a whitepaper describing vulnerabilities they see in the Wired Equivalent Privacy (WEP) algorithm, part of the 802.11 standard. The potential for passive and active attacks to decrypt traffic are described, as well as one to inject new traffic. "Our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment. We recommend that anyone using an 802.11 wireless network not rely on WEP for security, and employ other security measures to protect their wireless network."

Security Reports

SSH1 brute force password vulnerability. A potential vulnerability in SSH1 was reported this week involving the ability to brute force passwords due to the manner in which failed passwords are logged. A patch against ssh-1.2.30 is provided.

SSH protocol 1.5 key session recovery vulnerability. A second SSH problem was reported this week, this time with the SSH protocol 1.5. This advisory describes the vulnerability, which can allow the session key for an exchange to be captured and then used to decrypt session packets. ssh-1 "up to" ssh-1.2.31 is reportedly vulnerable, presumably meaning that ssh-1.2.31 is also affected. ssh-2.4.0 and later is not impacted because the server key is regenerated for every connection. SSH.com deprecates the use of SSH1.

OpenSSH "up to" 2.3.0 is also vulnerable. A patch has been introduced into the OpenSSH source tree. Updated versions of OpenSSH and portable OpenSSH (for non-OpenBSD systems) have not yet been announced; presumably they'll be made available soon.

Linux kernel 2.4.1 denial-of-service vulnerability. A denial-of-service vulnerability has been reported in the Linux 2.4.1 kernel code. A patch for the problem is available and will be merged into the next prepatch for Linux 2.4.2. Distribution updates for the problem are unlikely to be seen, since most distributions have not yet begun shipping the new stable kernel series.

XEmacs/gnuserv execution of arbitrary code. gnuserv is a client/server package included with XEmacs, but also available as a standalone package. Via gnuserv's support for MIT-MAGIC-COOKIE authentication, it can be exploited remotely to execute arbitrary code. gnuserv 3.12.1 resolves the problem and is included with XEmacs 21.1.14. Check BugTraq ID 2333 for more details.

CUPS denial-of-service vulnerability. This is the second time we've seen reports of security problems in CUPS which appear to originate from Linux-Mandrake (e.g., no previous reports were seen on BugTraq or elsewhere). This time, a denial-of-service problem was reported that can be triggered via an extra-long input line. In addition, however, the Linux-Mandrake update apparently also includes other security-auditing steps, such as the replacement of sprintf calls with snprintf, strcpy with strncpy, etc., to better protect against other potential buffer overflows.

man -l format string vulnerability. A format string vulnerability in the man command was reported in its processing of the "-l" command line option. Note that not all versions of man provide the "-l" option. Only Debian and SuSE are reported to be affected, with varying results, due to varying permissions on the man binary. SuSE has confirmed the problem and promised an update soon. A bug report has been filed with Debian.

Multiple vulnerabilities in ProFTPD. Three vulnerabilities in ProFTPD have been reported to BugTraq in the past month, according to this advisory from the ProFTPD development team. The vulnerabilities include a size memory leak, a USER memory link and format string vulnerabilities (links to the original reports are provided through the advisory). ProFTPD 1.2.0rc3 has now been released with fixes for all the above problems.

  • Cobalt, unofficial package updates

Sporadic reports of nmap crashing bind 9.1.0. Reports have been posted to BugTraq describing reproducible crashes of bind 9.1.0 caused by nmap. On the other hand, each of those reports has been followed by anecdotal evidence that 9.1.0 does not crash on all platforms and setups. So far, no one has pinpointed the cause of the crash in the 9.1.0 source code, so while there is a potential denial-of-service problem, it has not yet been confirmed.

Infobot perl-based IRC bot remote execution of arbitrary command. A security problem has been reported with the Infobot perl-based IRC bot which could be exploited to run arbitrary files under the IRC bot user id. Disabling fortran math in the configuration file and restarting is a workaround for the vulnerability. No patch or update has been reported yet.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

  • qDecoder, part of the CrazyWWWBoard web-based bulletin board system, is reported to contain a remotely-exploitable buffer overflow. A patch for the problem has been provided.
  • iWeb Hyperseek 2000 is reported to contain a directory transversal vulnerability. No fixes have been posted as of yet.
  • A directory transversal problem was also reported in the GGoAhead WebServer, primarily a Windows product, but also available for Linux.

Commercial products. The following commercial products were reported to contain vulnerabilities:

  • ChiliSoft ASP for Linux and other operating systems is reported to contain a problem with the inherited security mode, in which the group value for virtual domains is not properly inherited. ChiliSoft indicated that the problem should be fixed in Chili!Soft ASP 3.6, due out this quarter.
  • Two problems were reported in the Cisco Content Services (CSS) Switches, including a Denial-of-Service vulnerability and a directory transversal vulnerability. Upgrades to fix the denial-of-service are available, but no solution to the directory transversal problem has yet been seen.

Updates

Multiple vulnerabilities in bind 8.2.2 and bind 4. Check the February 1st LWN Security Summary for the initial reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4 fixes are also available, but an upgrade to bind 8 or even bind 9 is generally considered a preferable approach.

This week's updates:

Previous updates:

MySQL buffer overflow. Check the January 25th LWN Security Summary or BugTraq ID 2262 for the original reports. This can be exploited remotely to gain access to the system under the uid of the mysql server. MySQL 3.23.31 and earlier are affected. MySQL 3.23.32 fixes the problem.

This week's updates:

Previous reports:

kdesu password sniffing vulnerability. The KDE "kdesu" utility has a vulnerability that can allow a local user to steal passwords; see the January 25 LWN Security Section for the initial report.

This week's updates:

Previous updates:

Multiple glibc vulnerabilities. Multiple glibc vulnerabilities have been reported in recent weeks in glibc. Since glibc updates generally address all the problems, rather than one specific problem, we are combining the update report for them. For the original reports, check the January 18th, 2001, LWN Security Report under the topics "glibc RESOLV_HOST_CONF preload vulnerability" and "glibc local write/ld.so.cache preload vulnerability".

This week's updates:

  • Conectiva
  • Immunix, updated packages (the originally released updates did not fix the problem)
Previous updates:

exmh symlink vulnerability. Check the January 18th LWN Security Summary for the initial report.

This week's updates:

Previous updates:

Resources

William Stearns announced the latest version of his ramenfind script, for detecting and removing the Ramen worm.

Osvaldo J. Filho posted a small patch to syslog which will log version requests for bind, helpful for noticing probes for the latest bind vulnerabilities.

Events

Upcoming security events.
Date Event Location
February 13-15, 2001. PKC 2001 Cheju Island, Korea.
February 19-22, 2001. Financial Cryptography 2001 Grand Cayman, BWI.
February 19-22, 2001. VPN Con San Jose, CA, USA.
February 24-March 1, 2001. InfoSec World 2001 Orlando, FL, USA.
March 3-6, 2001. EICAR and Anti-Malware Conference Munich, Germany.
March 27-28, 2001. eSecurity Boston, MA, USA.
March 30-April 1, 2001. @LANta.CON Doraville, GA, USA.
April 6-8, 2001. Rubi Con 2001 Detroit, MI, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh


February 8, 2001

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current kernel release is still 2.4.1. The two usual prepatch tracks are in full swing. On the Linus side, there is 2.4.2pre1, released just after LinuxWorld. It contains a small set of fixes, and doesn't yet deal with the known 2.4.2 problems (see below). Alan Cox, instead, has released 2.4.1ac5, which contains a much larger set of fixes.

On the 2.2 kernel front Alan has released 2.2.19pre8. There are still, apparently, a few things yet to go into this patch, so the real 2.2.19 release is not yet imminent.

Some difficulties with 2.4.1. While many (most) users are running 2.4.1 without trouble, there are a couple of issues that have come up which are worth knowing about. They are:

  • There is a bug in the handling of Unix datagram sockets which locks up the kernel - or at least one processor on SMP systems. Chris Evans has posted a simple test program which demonstrates the bug - don't run it on your big server. A patch for this bug exists, and will certainly be merged into the next kernel prepatches.

  • Hans Reiser has posted a message on stability problems with ReiserFS. There are currently five outstanding bugs with this filesystem, not all of which yet have fixes available (one of them looks like hardware problems, rather than a real ReiserFS bug).

Neither of these issues is all that surprising. Every major stable kernel release seems to have one denial of service bug lurking somewhere; it takes a larger testing community to flush it out. Similarly, ReiserFS is now seeing testing on a far larger scale than it ever has in the past, and a few surprises are certain to show up. This is the late stage of the free software development process in action; fixes are being made quickly, and the end result will be a more stable kernel.

ReiserFS can also cause system crashes, but this is not a ReiserFS bug. It seems that some people are building the 2.4.x kernel with Red Hat's "gcc-2.96" compiler that was shipped with Red Hat 7. That compiler has some, um, issues, and it miscompiles some of the ReiserFS code. If you're running a late Red Hat system, be sure to build your kernels with "kgcc," or at least get the latest, patched gcc from Red Hat (which is said to work much better).

The great kiobuf debate. Recently, a fairly fierce debate has been filling up mailboxes on the linux-kernel and kiobuf-io-devel mailing lists. It all has to do with the kiobuf data structure, which was, until recently, seen as a generally good addition to the kernel in the 2.3 series.

The kiobuf structure was added, initially, to support raw disk I/O; kiobufs and their supporting routines make it easy for kernel code to move data directly between user space and a device, without an intervening copy into kernel space, and without having to worry about the ugly details of memory management. Their use has slowly grown; in the 2.4.1 kernel kiobufs can be found in the generic SCSI (sg) driver and in the logical volume manager code. There is also a patch floating around that uses kiobufs to implement direct, user-to-user pipes. And SGI's XFS patch not only uses kiobufs, but modifies the block I/O subsystem to make them integral to disk I/O.

One would think that kiobufs were taking over, except for the little fact that the zero-copy networking patches do not use them. Instead, a new and completely different mechanism for direct userspace access was created. In the discussion that followed, it turned out that quite a few people, including Linus, are not pleased with the kiobuf design.

In a (very) simplified way, that design is as follows: a kiobuf, in the end, consists of an array of struct page structures, along with an initial offset and a total length value. By using page structures directly, the kiobuf allows the code using it to avoid dealing with the virtual memory entirely - a struct page refers directly to a physical page. The initial offset tells where, in the first page, the data starts; all the remaining pages are filled with data starting at the beginning. A kiobuf thus describes a single, contiguous area; working with multiple areas requires using a "kiovec" - an array of kiobufs - instead.

The objections to this design include:

  • It is said to be a very heavyweight structure. Kiobufs are a bit large, mostly due to the incorporation of an array for the page structures. Ingo Molnar has characterized kiobufs as "big fat monster-trucks of IO workload."

  • Kiobufs do not handle scatter/gather operations (those which work from multiple, noncontiguous memory areas) very gracefully; such an operation requires setting up a kiovec and using several kiobufs which, as previously noted, are already criticized as being too large. Networking, in particular, makes heavy use of scatter/gather I/O, and needs to be able to set up and tear down structures very quickly.

  • One of the reasons that kiobufs are difficult for scatter/gather operations is that they assume that all data is aligned on page boundaries, with the exception of the first page. That tends to be true for disk I/O, but is rarely the case for networking. Linus, in particular, doesn't want any page alignment assumptions in this sort of code.

In the end, the fight seems to boil down to this: should a kiobuf include an array of offset/length pairs for each page within the buffer? With such an array, scatter/gather operations could be described with a single kiobuf, and the kiovec idea could go away.

Linus, certainly, takes the position that the offset and length values should be pushed down deep in the structure in this way. Kiobuf designer Stephen Tweedie, however disagrees. Putting the length and offset at that level would make it hard to get the completion status of any individual segment and would tend to split apart large requests which should really stay together.

The discussion then wandered into whether the venerable buffer head structure could be made to do what kiobufs do. A number of people seem to think that they could, especially if the block I/O API were modified to make it easy to submit large chains of them as a single operation. But no code for this use of buffer heads has, as yet, been forthcoming.

This issue, clearly, goes pretty deeply into how fundamental operations are performed in the kernel. For this reason, the design issues involved seem to touch a number of nerves. It will probably be some time before a real resolution is reached; those who are programming with kiobufs, however, should be prepared to see the interface change...

The first public Linux-NTFS release is out, see the announcement for details. This release makes it possible to mount NT filesystems in a writable mode under Linux. It's not yet perfect, however; when it writes to an NTFS partition it leaves a bit of damage behind. For the short term, it was evidently easier to provide a separate utility ("ntfsfix") which fixes things up afterwards.

Other patches and updates released this week include:

  • David Miller continues to put out frequent zero-copy networking patches; this patch also, currently, contains the fix to the Unix datagram bug.

  • Jeff Merkey has released version v1.1-7 of his driver for Dolphin Scalable Coherent Interface adapters.

  • A new kernel development mailing list has been created by Ingo Oeser; it is intended to host discussion of a wide range of operating system techniques, not just those in use in the Linux kernel.

  • devfs-v99.19 was posted by Richard Gooch; it is a backport of the latest devfs code to the 2.2.18 kernel. He has also posted devfsd-v1.3.11, the devfs daemon that is needed to use a devfs-enabled kernel.

  • Rusty Russell has released code to generate a graph of the 2.4.0 kernel. It requires several hours to run, and, on some systems, has proven a little difficult to generate.

  • Juergen Schneider has posted a patch which adds an animated boot logo to the framebuffer driver.

  • Robert H. de Vries has posted a new version of his POSIX timers patch. This time around, Linus responded that he'll not be applying the patch anytime soon, since he does not like the implementation.

  • The USAGI Project (USAGI = "UniverSAl playGround for Ipv6") has announced the second stable release of its system, which features support for both the 2.2.18 and 2.4.0 kernels.

Section Editor: Jonathan Corbet


February 8, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

New Distributions

Ututo. Ututo is a Linux distribution designed to be run directly off of a CD. It was developed in Argentina to support solar energy students and allow them to easily use a program called sceptre. Once completed, though, it became a more generally useful tool, for teaching, for disseminating information and more. Security is not a focus of this distribution; from the comments in the distributions survey they were kind enough to fill out for us, "everyone is root" and any hard drives on the system will be mounted and made available.

Ututo is derived from both SuSE 6.4 and Debian 2.1. It is available for download, but not yet available for sale (though they are working to make that possible). Spanish is the main language supported, wherever possible.

Astaro Security Linux. On the firewall/router front, Astaro Security Linux was added to our list this week. Note that the license for the product is marked on Freshmeat as "free for non-commercial use". We haven't had a chance to investigate that comment; obviously any changes they make to GPL'd software must be made available, since they are distributing them, but they may also be including software developed in-house that is more heavily restricted.

Astaro ships with "a specially-hardened Linux 2.4" kernel. Version 1.741 was released last week to include updates to bind 8.2.3.

Relax Linux. Relax Linux just announced version 2.5, so we presume they've been around a while, even if we haven't heard of them until their recent posting to Freshmeat. Relax Linux is a small disk Linux distribution (less than 350MB) that can be booted via the loopback device (presumably off a Windows partition) or installed in an ext2 partition. It is aimed at the desktop user.

Distribution Reviews

SuSE Professional 7.0 (DukeOfUrl). The DukeOfUrl reviews SuSE Professional 7.0. "SuSE has another distinguishing feature that I wish more distributions would model, and that is their documentation. It rivals many of the third-party manuals Linux users often feel compelled to buy. With SuSE Professional you get four manuals, not one, not one plus a quick start guide, but four full-fledged paperbacks, well, almost."

General-Purpose Distributions

ASPLinux News. ASPLinux is a "100% Red Hat-compatible" distribution out of Singapore. We've mentioned their distribution plans a couple of times in the past year, including this coverage last September. This week, they announced the pre-production release of their distribution. They are making boxed sets available to people in exchange for feedback and comments.

Conectiva News. The folks at Conectiva are looking for mirror sites for the stable and snapshot releases of their distribution. Requirements: between 2.5GB and 10GB of space, depending on how much you are willing to mirror.

Debian News. This week's Kernel Cousin Debian has a full report on a range of good discussions that have come up on the Debian developer list recently. Issues with the way in which package maintainers have been using debconf lead the list -- there is concern that Debian is building packages that stomp on manual changes to package files, an example seen in other distributions that Debian does not wish to follow.

Other discussions have been heard before and will be again, such as, "Should Debian provide optimized binaries?" and "What about a Debian/BSD?".

Not yet covered in the Kernel Cousin Debian are recent package organization changes, notably for XFree86 4. These are apparently causing compatibility problems that are keeping new packages out of testing. Package maintainers should review the suggestions for handling these problems.

A few weeks ago, a list of 68 packages that would be removed from Debian if new maintainers did not step forward was posted. This week, the results are in and only five packages will removed. The rest have been adopted by new maintainers, which is very good to hear. For the curious, archie, fvwmconf, gambc, ocamltk and rel are the packages that are being removed from Debian.

Meanwhile, there is also progress on the new maintainers front. A new recommendation system has been put in place to try to assure that new maintainers are likely to be qualified before they enter the approval process. It is hoped that will cut down on the number of entries in the process and prevent a backlog from choking the system.

Check out the latest Kernel Cousin Debian Hurd for a look at the progress in that counterpart to Debian GNU/Linux. It was interesting to catch comments from Richard Stallman about the Hurd kernel in the documentary Revolution OS, first shown last week at LinuxWorld. He indicated that the model used for the Hurd kernel was "too complicated to be quickly debugged or easily maintained" and actually called Linux "a better kernel". For more information on Revolution OS, check out our LinuxWorld coverage.

Linux-Mandrake News. MandrakeSoft has announced the beta release of "Mandrake Security," a firewall and router system built with Linux-Mandrake 7.2.

LinuxPPC News. LinuxPPC has announced, in partnership with Integrated Computer Solutions, that Open Motif will be bundled with its distribution.

Slackware News. Slackware's support for the Alpha and Sparc platforms is now truly official; the Changelogs for all three platforms have now been made available. Large file support is going into the Intel and Sparc platforms. Meanwhile, the rate of general package updates has started to escalate for all three platforms.

SuSE News. The magazine GermanHot100 has named (in German) SuSE as its February 'Startup of the month'. The article gives an overview of the company and its near-term plans. An English translation is available via Babelfish.

SuSE has announced its entry into the Linux portal business with the "Linux Knowledge Portal." It includes technical tips, news site headlines, and a lot of other stuff, including some original news items. For example, there is an interview with Linus Torvalds where he is asked to predict what will happen in 2001: "'AntiTrust' the movie will be a big hit, and as a result Miguel de Icaza will move to Hollywood to start a career as an actor. However, he hits on some bad times, and ends up being featured only in a few B-class porno flicks."

Embedded Distributions

Details emerge on Transmeta's "Mobile Linux" (LinuxDevices). LinuxDevices.com is carrying an article by Henry Kingman, senior producer of ZDNet's Linux Resource Center. "Buried in one of the technical sessions in the basement at Linuxworld came a low-key pre-announcement of the first public availability of "Mobile Linux," a quasi-distribution and embedded Linux development toolkit that Linus Torvalds and other Transmeta employees have been working on for several years. "It's very close," according to Dan Quinlan, a Linux developer at Transmeta."

Section Editor: Liz Coolbaugh


February 8, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

O'Reilly.com has started a new site called ONLamp.com. The term LAMP is defined as Linux Apache, MySQL, and [Python,Perl,PHP]. "Several months ago, David Axmark and Monty Widenius of the MySQL team visited us in Sebastopol and they dropped a new term in our laps: LAMP. This term was popular in Germany, they said, to define how MySQL was used in conjunction with Linux, Apache, and either Perl, Python, or PHP. Their explanation of LAMP made a lightbulb go off in my head."

The LAMP concept illustrates one of the great strengths of open-source software development, the ability to freely pull together component projects into bigger meta-projects. One can certainly do the same thing with proprietary software, but the potential for licensing pitfalls is enormous, especially when more than two components are used.

The area of meta-projects is ripe with opportunities, many interesting projects await those programmers who are clever enough to pull the pieces together.

Browsers

Mozilla Status Update for January 31, 2001. The latest Mozilla Status Report is available with the development status of various Mozilla components.

Documentation

Linux Documentation Project update. Here's an update from the Linux Documentation Project It covers new HOWTOs, spam trouble on the LDP mailing lists, and the open project list.

Electronics

Icarus Verilog 0.4 released. Version 0.4 of the Icarus Verilog compiler has been released. This version contains many bug fixes and improved Verilog language coverage.

Xcircuit 2.2.1 beta. A new beta version of xcircuit, an electronic schematic drawing program, has been announced. This version now uses Python for processing startup files.

Embedded Systems

Embedded Linux Newsletter for Feb. 1, 2001. LinuxDevices has released its weekly Embedded Newsletter. This week's issue has features on running Qt on the Compaq iPAQ, the MachZ System on a chip, and much more.

Interoperability

Wine Weekly News for February 5, 2001. The February 5, 2001 edition of the Wine Weekly News is available. This issue only contains the wine-devel discussions since the Wine project leader was at the Paris LinuxExpo.

Network Management

OpenNMS Update. The OpenNMS Update for February 6 is out. Topics include the introduction of a new project member, SNMP Data Collection, and more.

Office Applications

AbiWord Weekly News. After taking a bit of a break, the AbiWord Weekly News is back. Have a look for the latest news in the development of the AbiWord word processing system.

On the Desktop

Bonobo 0.32 released. Bonobo 0.32, the 'Slicker quicker monkey' release, has been announced, Lots of bug fixes are included.

Multihead Support for KDE 2.1. Bradley T Hughes has announced a patch for KDE 2.1 that adds support for multiple displays.

On a Kollision Kourse (LinuxToday). LinuxToday's Bill Bennett takes a look at KDE 2.1. "It was only at the end of October when I wrote about the launch of KDE 2.0. This was a major step forward for desktop Linux - quite possibly THE major step forward for desktop Linux. With a graphical desktop, fully integrated Internet capability and an unfinished, but nevertheless promising application suite, KDE 2.0 meant Linux users could have most of the functionality of Windows and Office 2000 combined, but at no cost and with full access to source code."

Qt 2.2.4 Is Out. Trolltech released Qt 2.2.4. This is a bug fix release.

Web-site Development

ZODB/ZEO Programming Guide (alpha). Andrew Kuchling has announced the alpha release of his ZODB (Zope Object Database) programming guide. It's well done, and gives a good view of how the ZODB and ZEO (Zope Enterprise Objects - the network-distributed objects system) work. Worth a look even if you never plan to program with it.

Midgard 1.4.1-beta1 released. The first beta of Midgard 1.4.1 has been released. This release of the "Midgard Content Management and Application Serving system" includes PHP4 support, enhanced replication support, and more.

Mason 1.0 released. Version 1.0 of Mason has been released. "Mason is a powerful Perl-based web site development and delivery engine. With Mason you can embed Perl code in your HTML and construct pages from shared, reusable components." The Perl Journal also published a review of Mason.

Section Editor: Forrest Cook


February 8, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Which language is right for you? (Regular Expressions). Regular Expressions has featured an article that compares various scripting languages. Perl, Python, REBOL, Ruby, and Tcl are compared. "You can largely expect to be able to do the same things with Perl, PHP, Python, Rexx, Scheme, Tcl, and other such languages: script dynamic Webpages, build administrative utilities, prototype graphical user interface applications, glue together legacy data and processes, and so on. "

Java

Jacks: Java compatibility testing, the open source way (IBM developerWorks). Maya Stodte writes about the use of Jacks an open-source regression testing suite. "The Jacks test suite checks a Java compiler's conformance to the JLS (Java Language Specification). It's made up of a large number of small test cases, with each test focused on a specific section of the JLS. Eric Blake, a principal contributor to the Jacks project, describes the benefits of this type of testing in terms of its detail-oriented scope. 'By generating small test cases with specified compilation behavior, then automating the execution of each of these cases, a compiler writer or debugger can quickly pinpoint problems in the translation of Java source to bytecodes.'" (Thanks to Mo DeJong)

Markup Languages

Quick Start with SOAP (Perl.com). Paul Kulchenko discusses SOAP clients and servers in an article on perl.com. "SOAP specifies a standard way to encode parameters and return values in XML, and standard ways to pass them over some common network protocols like HTTP (web) and SMTP (email). This article, however, is merely intended as a quick guide to writing SOAP servers and clients. "

xml-i18n-tools released. The XML internationalization team has released the initial version of xml-i18n-tools. "The module contains some utility scripts and assorted auto* magic for internationalizing various kinds of XML files. This supersedes the earlier scripts that I (Kenneth) distributed to be checked into each module. In addition, it has an additional merging feature, currently only for oaf files."

Perl

Perl5 Porters for February 6, 2001 . The February 6, 2001 edition of Perl5 Porters is out. Topics include the Perl 5.6.1 release schedule, Test::Harness, CHECK blocks, and more.

Python

Python 2.1 alpha 2 released. The second alpha release of Python 2.1 is out. Check out the announcement for a full list of changes and new features.

There is also a separate documentation release that covers this alpha release of Python 2.1.

The Tkinter 3000 Widget Construction Kit. An alpha version of the Tkinter 3000 Widget Construction Kit is now available. "The Tkinter 3000 Widget Construction Kit library (WCK) provides an extension API that allows you to implement all sorts of custom widgets, in pure Python. The WCK is designed to work with the existing Tkinter library, as well as the new Tkinter 3000 bindings."

PyUnit 1.3 released. Version 1.3 of PyUnit has been released. PyUnit is a Python port of the Java JUnit testing framework.

Mod Snake 0.5.0 released. Version 0.5.0 of Mod Snake has been released. "Mod Snake is an Apache module written for the purpose to give Python developers the same power that C module writers have. It currently runs in both Apache 1.3 and Apache 2.0, providing access to new functionality such as writing protocol modules and filtering. It includes modules for Python CGI acceleration, embedded Python in HTML, and other example modules." Along those lines, Auth DBAPI 0.10, an authentication plug-in for mod_snake has also been announced.

This week's Python-URL. Here is Dr. Dobb's Python-URL for February 6 with the latest from the Python community.

Ruby

Ruby talk, CAML consortium. For those of you who are tired of languages that start with "P": Dave Thomas has made available the slides from his presentation on Ruby which give an overview of the language. Daringly, he presented this talk to the Dallas Perl Mongers meeting, and "no fruit was thrown."

On the Caml front, we have an announcement for the creation of the Caml Consortium, "whose aim is to federate the design and development efforts around the Caml programming language." Scroll down for the English version of the announcement (Thanks to David Mentrè).

Tcl/Tk

This week's Tcl-URL. Dr. Dobb's Tcl-URL for February 5 is out with the latest from the Tcl/Tk development community.

Software Development Tools

DDD 3.3 Released. Version 3.3 of DDD, the Data Display Debugger, is now available. New to this version are data themes, debugger interaction on running programs, support for JDB 1.2, and bug fixes.

XPCOM Part 1: An introduction to XPCOM (IBM developerWorks). Rick Parrish writes about the Mozilla component framework, XPCOM, in an IBM developerWorks article. "What's XPCOM, you ask? XPCOM, which stands for Cross Platform Component Object Model, is a framework for writing cross-platform, modular software. As an application, XPCOM uses a set of core XPCOM libraries to selectively load and manipulate XPCOM components. XPCOM components can be written in C, C++, and JavaScript, and they can be used from C, C++, and JavaScript with extensions for Perl and Python that are under development.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


LinuxWorld wrap-up. LinuxWorld blew in on a blizzard of press releases and went leaving a mound of them left to plow through. Many were covered in last week's LWN on both the front page and on the commerce page. Of the remaining mound, most have been sorted into various categories in the Press Release section below. And here are the Award Winners for this year's LinuxWorld Conference & Expo:

Lineo acquires Embedded Power Corporation. Lineo has announced the acquisition of Embedded Power Corporation, a company which deals in real-time operating systems for digital signal processors.

LynuxWorks launches SynergyWorks, gets Bluetooth stack. LynuxWorks has announced the launch of SynergyWorks, its third-party partners program. The company has also announced that Rappore Technologies has ported its Bluetooth wireless networking implementation to BlueCat Linux.

Ximian GNOME to be HP standard desktop. HP has announced that it will adapt Ximian (formerly Helix Code) GNOME as its standard HP-UX desktop for the next major release after HP-UX-11i. Ximian will be helping out by porting the whole system to HP-UX on both the PA-RISC and IA-64 architectures.

Intel's PR on Will Swope's keynote. Intel has issued a press release on the LinuxWorld keynote given by V.P. Will Swope. "Swope outlined a series of steps that are necessary to move Linux into the mid-tier of data centers, including the establishment of industry-wide development projects that will ultimately enhance the OS with enterprise features. He cited the project to enhance the Linux OS to support 16 64-bit processors with near-linear performance improvement as one such project."

The release also announces the "Intel Advanced Network Services" for Linux - a load-balancing and failover system; they claim it's the first such program for Linux, which is pretty clearly not true. See, for example, the Linux Virtual Server Project, which is hardly new.

Brian Paul wins the Free Software Foundation Award. Here's the announcement that Brian Paul was awarded the Free Software Foundation Award for his work with the Mesa 3D graphics library.

Announcing the 'Whizzbee' web server. We just received an announcement for a new, proprietary web server called "Whizzbee." It is built on top of Apache, and is intended to operate in clustered environments. The web page claims that Whizzbee is "free software," but a quick look at the license agreement makes it clear that they are speaking in the "free beer" sense only. The Apache license, of course, allows the release of proprietary derived products.

January Netcraft web server survey. The January Netcraft web server survey is out. Apache has dropped a little, to "only" 59% of the servers on the net. More significant, however, is the constant increase of Microsoft servers handling sites that do SSL encryption. Some serious thought into why Apache is not dominant in that arena would be worth the effort; SSL servers are an important component of World Domination. (Thanks to Mike Prettejohn).

Linux Stock Index for February 02 to February 06, 2001:

LSI at closing on February 02, 2001 ... 41.03
LSI at closing on February 06, 2001 ... 41.68

The high for the week was 41.68
The low for the week was 40.97

Press Releases:

Open Source Products

Unless specified, license is unverified.
  • 3iNet (HOUSTON, TX) released its UIB 1-A, Universal Internet Box. UIB 1-A contains a full set of software tools that accelerate time-to-market. They include the company's own embedded version of Linux that fits into 8MB of flash memory, all necessary device drivers and a powerful software toolkit. The toolkit consists of a C++ class API that allows direct access to the LCD, push buttons, LEDs, modem, etc. All the source code for the device drivers and toolkit is provided under GPL public license.UIB 1-A contains a full set of software tools, including the company's own embedded version of Linux that fits into 8MB of flash memory, all necessary device drivers and a software toolkit. The toolkit consists of a C++ class API that allows direct access to the LCD, push buttons, LEDs, modem, etc. All the source code for the device drivers and toolkit is provided under GPL public license.

  • CYRANO announced the availability of version 1.0.0 beta 1 of OpenSTA (Open System Testing Architecture) which includes a re-designed User Interface.

  • Kargo, Inc. (NEW YORK) announced the release of Morphis, its transcoding platform for wireless content.

  • Sleepycat Software, Inc. (LINCOLN, Massachusetts) released its latest version of the Open Source embedded database Berkeley DB. The release includes a new port to the QNX realtime platform, and supports all major UNIX and Linux systems, Wind River's VxWorks and Windows.

  • SpeechWorks (BOSTON) announced the availability of an open source VoiceXML Interpreter, known as Open VXI, as a reference platform for developers.

Proprietary Products for Linux

  • CodeWeavers, Inc. and MusicMatch, Inc. (NEW YORK) announced the general release of MusicMatch Jukebox for Linux 1.0.

  • Enhanced Software Technologies Inc. (NEW YORK) demonstrated BRU-Pro, its newest data protection product for Linux-centric networks.

  • Linux Canada Inc. (ALBERTA, CANADA) announced the beta release of its new accounting application for business, Quasar.

  • Lotus Development Corporation (NEW YORK) announced the availability of Domino Workflow on the Linux platform.

  • LynuxWorks, Inc. (SAN JOSE, Calif.) announced that FairCom Corporation's c-tree Plus File Handler V6.10, embedded database technology, and the FairCom database Server V6.10.34 will be supported on BlueCat Linux.

  • Metrowerks (NEW YORK) has enhanced its CodeWarrior software development tools for Linux, with new functionality including full Java support, native debugging, and concurrent and distributed compiling.

  • Oracle Corp. (REDWOOD SHORES, Calif.) announced Oracle Business Components for Java and Oracle Internet File System.

  • Oracle Corp. (REDWOOD SHORES, Calif.) announced a special promotion to help developers get started on Linux using Oracle9i Application Server and the latest version of the Oracle8i database by downloading Oracle's Linux Fast Start Kit.

  • RidgeRun, Inc. (NEW YORK) announced its Open Multimedia Interface (OMI), an API and multimedia plug-in for Linux.

Products and Services Using Linux

  • Cirrus Logic Inc., Austin (NEW YORK) announced that Maverick microprocessors now support IBM's compact relational database, DB2 Everyplace on embedded Linux devices.

  • Lineo, Inc. (NEW YORK, LinuxWorld) launched the SecureEdge hardware brand, the OEM development platform for Linux-based appliances and devices.

  • Merlin Software Technologies International (NEW YORK) announced Arcana, a family of Linux appliances for small business networking.

  • Merlin (NEW YORK) also announced Brigade, a Linux appliance that provides firewall services for both the home and small business.

  • PLX Technology, Inc. (SUNNYVALE, Calif.) announced the PLX PCI 9056 I/O Accelerator, silicon that enables 32-bit, 66MHz PCI operation in CompactPCI adapters, PCI adapters and embedded systems that incorporate Motorola MPC 850/860 PowerQUICC processors or generic 32-bit, 66MHz local bus designs. Linux drivers are available with source code.

  • Red Hat Inc. and Wincor Nixdorf (PADERBORN, Germany) announced that they have developed a Linux-based, JavaPOS solution platform for retail point-of-sale (POS) systems.

  • Tuxia, Inc. (AUGSBURG, Germany and BLOOMFIELD, N.J.) announced that its embedded system, TASTE, provides a Linux-based operating system for National Semiconductor's Geode family of high performance, low power consumption integrated processors.

  • VA Linux Systems, Inc. (NEW YORK) announced expanded technical support and onsite service options as part of its "Total Linux Coverage (TLC)" program. In addition, VA Linux has signed an agreement with Logicon to deliver onsite installation and warranty support.

  • WARP Solutions Inc. (NEW YORK) announced the launch of its Linux-based WARP Intelligent Content Distributor and WARP Load Balancer.

Products with Linux Versions

  • Dirig (NASHUA, N.H.) announced that it has released a new Specific Application Manager (SAM) for proactively managing MySQL.

  • Empirix, Inc. (WALTHAM, Mass.) announced that its Bean-test offering has been optimized for IBM WebSphere Application Server Version 3.5.

  • ExperVision (FREMONT, Calif.) announced the availability of Open RTK 6.0 for Unix/Linux, with over 50% improvement in recognition accuracy and 100% improvement in speed over the previous version.

  • Hummingbird Ltd. (TORONTO) announced Exceed onDemand version 3.0, a solution to facilitate remote and low-bandwidth UNIX application connectivity.

  • IIT GmbH (BREMEN, Germany) announced the production release of version 2.0.0 of its free JMS system SwiftMQ, which now contains native I/O support for Linux and Solaris platforms.

  • Managed Objects (MCLEAN, Va.) announced that its Formula software now includes adapters for NetIQ AppManager and Hewlett Packard VantagePoint Operations, as well as support for the Linux operating system.

  • MPI Software Technology, Inc. (STARKVILLE, Miss.) announced the official release of MPI/Pro Version 1.6.3. This version of MPI/Pro supports Linux for TCP and VIA (Giganet only) networks and PowerPC, x86, and Alpha processors.

  • SERENA Software (BURLINGAME, Calif.) announced that its eChange Man solution supports all Hewlett-Packard Company server platforms running Linux and other operating systems.

  • TASKING (DEDHAM, Mass.) announced the M16C Tool Suite V2.0, with advanced compilation and error-checking capabilities.

  • Trinagy (TORRANCE, Calif.) has developed the VANTAGEwatch family of agent products. The VANTAGEwatch suite -- TRENDwatch, SYSwatch APPwatch and RMONwatch.

  • UniPress Software, Inc. (EDISON, N.J.) announced FootPrints, the company's web-based issue tracking and help desk system.

  • XYZFind Corp. (SEATTLE) released XYZFind Server 1.0, its new repository, search, and query engine for XML. Trial versions for Solaris, Linux, and WinNT/2K are available for download on the company's website, www.xyzfind.com.

  • YesSoftware (SAN FRANCISCO, CA) announced the release of CodeCharge, a code generation application for database publishing on the web.

Java Products

  • appGate, Inc. (DURHAM, N.C.) announced the rollout of appGate Connect, a new Java-based client software that will be bundled with the latest release of their appGate software.

  • Insignia Solutions, Fremont (NEW YORK) announced that it will offer its accelerated, Java-compatible Jeode Embedded Virtual Machine technologies to design engineers and Linux programming developers on DevelopOnline.com.

  • PointBase (NEW YORK) announced that it is partnering with DevelopOnline to offer the PointBase 100% Pure Java object-relational database management software through DevelopOnline's Web-based open platform development site.

  • Tower Technology (NEW YORK) announced the general availability of its TowerJ Java deployment platform on Linux/Intel Itanium based servers.

Books and Training

  • CompTIA (LOMBARD, Ill.) announced that its Linux+ certification program has three new sponsers, Course Technology, Intel Corporation and SuSE.

  • Learning Tree International (RESTON, Va.) announced the release of a new Hands-On IT Course, UNIX and Linux Optimization and Troubleshooting.

  • O'Reilly (Sebastopol, CA) released "Learning XML", by Eric T. Ray.

  • Sair Linux and GNU Certification (OXFORD, Miss.) unveiled its curriculum for Level II certification, a flexible educational program that will produce a Sair Linux and GNU Certified Engineer (LCE).

Partnerships

  • 3ware, Inc. (LINUXWORLD, NEW YORK, NY ) announced strategic partnerships with three providers of Linux solutions. eLinux, TheLinuxStore.com and Linuxcare, have partnered with 3ware to deliver storage solutions to Linux users.

  • DevelopOnline Corp. (NEW YORK) announced that developers using the STMicroelectronics' STPC platform online can soon take advantage of the Lineo Embedix operating system.

  • Eazel, Inc. (NEW YORK) announced a partnership with WorkSpot Inc., an Open Source Application Service Provider (ASP), to demonstrate Eazel's Nautilus software.

  • eMonitoringSolutions.com and Zoran Corporation (SACRAMENTO, Calif.) announced it has formed a strategic alliance with Zoran Corporation to develop Linux drivers for Zoran's USB Vision II chip.

  • Menta Software, Inc. (REDWOOD CITY, Calif.) announced a technology partnership with the New Internet Computer Company. They demonstrated the Linux-based NIC (New Internet Computer) with Menta's WinToNet server-based software at LinuxWorld.

  • Pixo Inc. and OLOTEK (CUPERTINO, Calif.) announced an agreement that will enable mobile device users to access rapidly changing financial information via Pixo's Linux-based Internet Microbrowser and the OLOStock site.

  • RidgeRun, Inc. (NEW YORK) announced that it is partnering with DevelopOnline to offer RidgeRun's DSPLinux SDK, based on Texas Instruments' TMS320DSC21 digital signal processor (DSP), through DevelopOnline's Web-based open platform development site.

Financial Results

  • Corel Corporation (OTTAWA, CANADA) announced results for its fourth quarter and fiscal year ended November 30, 2000. Revenues for the fourth quarter of fiscal year 2000 were $40.4 million, producing a net loss of $8.6 million.

  • Santa Cruz Operations, Inc. (SANTA CRUZ, Calif.) announced fiscal first quarter financial results for the period ending December 31, 2000. Revenues for the first fiscal quarter of 2001 were $26,455,000 compared with $32,797,000 for the fourth fiscal quarter of 2000.

Personnel

  • Caldera Systems, Inc. (OREM, Utah) announced the hiring of Julie Thornton to work with Linux Internation and Linux Professional Institute.

  • Magic Software Enterprises (OR YEHUDA, ISRAEL) announced that it has named software veteran Menachem Hasfari as its new Chief Executive Officer.

  • Merinta Inc. (AUSTIN, Texas) announced that Camillo Martino has joined the company as chief executive officer. Merinta offers complete Linux based end-to-end IA software solutions.

  • SlashTCO (UK) announced that Richard Morrell and Lawrence Manning, two of the leading figures in the UK Linux movement, are joining the staff of SlashTCO Limited.

  • TimeSys Corporation (PITTSBURGH) announced the appointment of Francis X. Dougherty as CEO.

  • Turbolinux, Inc. (SAN FRANCISCO) announced that Jerry Greenberg, senior vice president of Marketing, has been elected to the board of directors of the Open Source Development Lab (OSDL).

Linux At Work

  • MODCOMP, Inc. (FT. LAUDERDALE, Fla.) announced that Invensys ENE, Inc. has selected MODCOMP's ScadaBase E-business System to provide a real-time environment monitoring and reporting. ScadaBase runs on Linux.

Other

  • eWEEK (MEDFORD, Mass.) announced that an estimated 100,000 to 200,000 individual hackers failed to penetrate three platforms, Sun Solaris 7, IBM AIX 4.3.3 and Red Hat Linux, each of which was secured by Argus's proprietary PitBull intrusion-prevention system.

  • I-Logix Inc. (ANDOVER, Mass.) announced the launch of its Center for Pervasive Computing. I-Logic hopes the site will provide embedded developers with a single source for all material that closely ties pervasive computing and embedded development.

  • Sun Microsystems Inc. (PALO ALTO, Calif.) announced that the NetBeans Open Source Project (http://www.netbeans.org) has received a Crossroads 2001 A-List Award in the Open Source Java IDE (integrated development environment) category.

Section Editor: Rebecca Sobol.


February 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Hunting the wild hacker (Salon). Salon's Andrew Leonard looks at the "hacker ethic". "One reason free software is able to flourish is that most hackers are able to earn their livelihood relatively easily, with enough leisure time to hack for the public good. The hours that they do spend working for the Man are well enough compensated to allow them to construct the rest of their lives in whatever fashion they might desire. A McDonald's cashier or a taxi driver is not so lucky. Free software is built on the reality that programmers are an elite class of worker, both indispensable and relatively rare. The hacker ethic, then, is a luxury."

XUL: Microsoft's worst nightmare? (ZDNet). ZDNet has posted a lengthy look at what's going on at MozDev.org. "But with browser development in general reaching an advanced stage of maturity and attention turning to Web-based applications, the success of MozDev projects and the acceptance of XUL as the basis for such applications could have the potential to make Mozilla's technologies newly relevant." Worth a look.

Momentum builds for open-source processors (EETimes). Open-source processors are the semiconductor equivalent of open-source software movements like Linux, according to this article in EETimes. "A handful of commercial efforts are experimenting with open-source CPU cores. Contract-manufacturing giant Flextronics, for example, is laying plans to tap into open-source hardware for its ASICs. And both Metaflow Technologies Inc. (La Jolla, Calif.) and IROC Technologies SA (Grenoble, France) are building products using the Leon-1, a Sparc-like open-source processor developed at the European Space Agency's Technology Center." (Thanks to Richard Storey)

Linux Comes to the Big Screen (Wired). Wired News reports on Revolution O.S., a new film about the rise of free software. "In an attempt to reflect the complicated culture he captured in his project, [producer J.T.S.] Moore bills Revolution O.S. as an 'epic movie,' and said that his one regret was that he didn't have enough money to hire Charlton Heston to narrate the film."

LinuxWorld Expo

Around the World of Linux (Wired). Wired News reports from LinuxWorld. "Last year, some Linux-oriented journalists grumbled over the Windows-only computers in the media room. This year, some members of the mainstream press looked puzzled, but determined to be good sports when confronted with machines running Linux."

Also in Wired is this report on the Golden Penguin Bowl. "Torvalds, happily displaying his huge Golden Penguin trophy after the contest was over, said that he wasn't really pleased with his performance, and that it was obvious he should watch more 'bad science fiction movies,' something he'd been unable to do during the last hectic months of coding Linux kernel 2.4."

LinuxWorld Expo: Desktop Dreams (ABCNews.com). ABC News has gone to LinuxWorld and reported on desktop Linux. "But Dell's situation shows another major problem. With more than 90 percent of the desktop market occupied by Windows, you'd think Linux-leaning companies would approach offices who wanted to convert from Windows to Linux. But like most of the big players, Dell has profitable business deals with Microsoft."

188 Linux Distributions ... And Counting (TechWeb). TechWeb covers LWN editor Liz Coolbaugh's LinuxWorld talk on Linux distributions. "The leading offerings include Red Hat, SuSE, TurboLinux, Caldera, Debian GNU/Linux, Slackware, and Mandrake. Of the 188 offerings, 28 are derived from Red Hat Linux, the most common Linux distribution, Coolbaugh said."

Microsoft takes a page from Linux playbook (News.com). News.com talks with Microsoft's Doug Miller at LinuxWorld about how the company is making the Windows source available to "less than 100" of its customers. "Microsoft is not going so far as to allow its customers to tamper with the Windows source, Miller emphasized. By contrast, software that is licensed under the terms of the GNU General Public License may be altered by developers, as long as they agree to publish any changes before publicly distributing the modified source code. 'We don't want to be in the situation that Linux is in, where there are more than 140 different distributions, leading to serious fragmentation,' Miller said."

Big Blue eclipsed at LinuxExpo (Register). IBM is not taking over Linux, according to this article in the Register. "We're not sure if IDG has eased the gate pressure, or simply made the floor tax more equitable; but expansive stands from the likes of Zelerate, Blue Cat, Zimian easily outnumbered the traditional corporate big spenders." (Thanks to Richard Storey).

IBM exec says Linux is ready (Upside). Upside, too, has reported on Sam Palmisano's LinuxWorld keynote. "IBM may not have backed Linux from day one, Palmisano acknowledged, but after experiencing a companywide turnaround in the wake of the Internet connectivity explosion in the early 1990s, IBM executives weren't about to get caught napping as another explosion rumbled under their feet."

IBM Wholeheartedly Embracing Linux (InternetNews). Here's Internet.com's report from Sam Palmisano's LinuxWorld keynote. "One of the factors in Linux's ability to drive standards adoption is its global acceptance. 'It is the first operating system that wasn't developed in the U.S.,' Palmisano said. 'This thing is accepted all over the world. The value proposition is the ability to write an application without having to worry about the plumbing.'"

Palmisano Touts Linux For The Real World (TechWeb). TechWeb reports on IBM President Sam Palmisano's LinuxWorld Keynote. "If people still see Linux as a niche player, Palmisano said the open source code operating system is a major presence in telecom and Internet applications as well. 'That's probably 40 percent of our industry and 40 percent of a $1 trillion industry -- that's a niche,' he said. 'that's big enough for IBM to play in, and we need a big sandbox.'"

Companies

SuSE: Startup of the Month (GermanHot100). The magazine GermanHot100 has named (in German) SuSE as its February 'Startup of the month'. The article gives an overview of the company and its near-term plans. An English translation is available via Babelfish.

SuSE US Cans Three Quarters of Its Staff (LinuxGram). Here's a grim LinuxGram article on the SuSE layoffs. "[SuSE US President Volker] Wiegand basically said that Linux as a business isn't working out, calling it a victim of hype and irrational expectations. Customers have effectively been duped into believing that they would be getting something for nothing when, in fact, they would just be paying for it differently."

Lineo adds Embedded Power to its acquisition portfolio (LinuxDevices). LinuxDevices.com looks at Lineo's acquisition of Embedded Power. "Tom Barrett, CEO and cofounder of Embedded Power, says Lineo's primary objective in acquiring his company was for the addition of DSP software support. However, RTXC also represents a full spectrum "hard real-time" OS for microprocessors -- one that supports over twenty-five 8-bit through 32-bit microprocessors. "Our core competency is operating system environments for hard real time systems -- fast and small," points out Barrett."

Caldera deal provides ammunition against Red Hat (News.com). News.com talks with Ransom Love about Caldera's service deal with Acrylis and various other topics. "One difference between the services from Caldera Systems and Red Hat is that Caldera's is designed to be offered as a re-branded product sold by companies that resell Caldera or Santa Cruz Operations software. In other words, Caldera won't be the only one that hopes to profit from the management services."

Business

Enterprise Linux: Where's the beef? (ZDNet). Here's a ZDNet article wondering where the high-profile enterprise Linux deployments are. "If General Motors, Bank of America and Citicorp are making big bets on Linux, they aren't telling a soul outside their corporate borders. Not that such information would naturally be there, but searching 'Linux' on all three sites yielded zero results. You'd think there would be some mention of it."

Making a Profit From Free Software (ABCNews.com). Here's a LinuxWorld-inspired article on making money with free software. "Linux software companies think they can master making a profit by selling applications built from free, open-source parts. Three of the most prominent, Eazel, Sun and Corel, have different strategies: one is going with support and services, one is using free software to drive purchases of costly hardware, and the third says, hey, time to pay for your application software."

Reviews

NSA attempting to design crack-proof computer (ZDNet). ZDNet looks at how VMWare and the National Security Agency have teamed up to make a more secure PC. "Called "NetTop," VMware's answer would turn each computer into a number of virtual PCs running on a Linux computer that would sit on each worker's desk. The security system would erect supposedly impenetrable, but virtual, walls between public data and more sensitive information on the same computer. " (Thanks to Richard Storey)

SuSE Professional 7.0 (DukeOfUrl). The DukeOfUrl reviews SuSE Professional 7.0. "SuSE has another distinguishing feature that I wish more distributions would model, and that is their documentation. It rivals many of the third-party manuals Linux users often feel compelled to buy. With SuSE Professional you get four manuals, not one, not one plus a quick start guide, but four full-fledged paperbacks, well, almost."

Interviews

Torvalds on Linux: They aren't laughing now (SearchEnterprise Linux). A site called "SearchEnterpriseLinux" has put up an interview with Linus Torvalds. "I think the desktop is king. It's the harder market to enter, but it's the one that tends to encircle and overtake the business use. Just look at how business people laughed at PC's and DOS 15 years ago. They aren't laughing now. And the desktop is actually how Linux got started - my desktop."

Eric Raymond: Market slump means great things for Linux (ZDNet). ZDNet talks with Eric Raymond about Linux stock prices. "'(Open source) looks like a better proposition than ever,' Raymond told ZDNet News at the LinuxWorld show in New York. 'Companies need to save money, so they need to stop writing checks for expensive proprietary software.'"

Talking to Red Hat's David Mason about GNOME (LinuxPower). While at LinuxWorld Expo LinuxPower's Christian Schaller interviewed David Mason, Manager for the Red Hat Labs, about GNOME. "Christian: The first step towards getting GNOME 2.0 out the door is GTK+ 2.0 reaching its first stable release. What is the your current educated guess for a release date for GTK+ 2.0?

Dave: Ha! I will not fall into that trap! Lets just say soon. Keep in mind that people at Red Hat aren't the only ones working on GTK+, we just have the co-maintainers working here. Because of that we have to make sure that people who contribute in their spare time, as well as other GNOME related companies get their patches, feature requests, and bug reports in before we release the official 2.0."

Interview with Jasta (Linux in Brazil). Jasta is the mastermind behind Gnapster, the open source alternative to Napster. You can read the interview in English or in Portuguese. "Do you have a personal view on the copyrights abuse normally associated with Napster? What will the future bring to this matter?

My very strong personal opinion on all of that is this: Napster helps starving artists by increasing awareness about the band/group/artist, whereas it takes money away from already overpaid trendy musicians who obviously think they deserve the money they make for their pop crap (sorry to offend anyone who likes pop, but it sucks ;)"

Nat Friedman, in his own right (LinuxWorld). LinuxWorld interviews Nat Friedman of Ximian. "Finally, I asked Friedman if -- as the Ximian CEO -- he was worried about the number of open source companies floundering on the bottom line. He told me that what concerned him more than anything was that so many of the companies were 'blind to begin with.'"

Red Hat CEO details Linux services push (News.com). News.com talks with Red Hat's Bob Young. "'No one cares about vision,' he said. A year ago, investors 'valued us where we would be 10 years from now. Now the stock market values us at where we'll be in the next year or two.'"

Code + Law: An Interview with Lawrence Lessig (O'Reilly Net). The O'Reilly Network interviews Lawrence Lessig. "I certainly think that this is linked in the sense that the Americans have been selling this view around the world: that progress comes from perfect protection of intellectual property. Notwithstanding the fact that the most innovative and progressive space we've seen - the Internet - has been the place where intellectual property has been least respected. You know, facts don't get in the way of this ideology."

Miscellaneous

From FUD to trash talk (ZDNet). Evan Leibovitch looks at the evolution of anti-Linux FUD in this ZDNet column. "Such comments from Microsoft aren't FUD; they're about facets of Linux and open source that most folks consider strengths, but that Microsoft tries to paint as flaws. They'll complain that Linux companies aren't, and will never be, as big as Microsoft. Of course they neglect to tell you the flip side: the reason Linux companies won't ever be as big as Microsoft is because they drain less money from their customers."

Section Editor: Forrest Cook


February 8, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

FreeOS how-to articles. FreeOS has a series of articles for newbies including Starters for Linux - Part 1, Starters for Linux - Part 2 and Sharing, the NFS way.

Tip Of The Week: Breaking Up is Easy to Do. This week's tip from LinuxLookup is about the the "split" and "csplit" commands.

Help Wanted

Dominet Systems. Located in San Jose, California, Dominet Systems is an early stage startup developing 'Ethernet in the first mile' products. The company is looking for a professional to will help develop the systems software and Linux Kernel for its embedded Ethernet devices. The embedded space is just one more step on the path to Total World Domination!

Event Reports

Pictures from linux.conf.au. James Bromberger has his pictures from the recent linux.conf.au available here.

Notes from Linux Expo Paris. Here are Stéfane Fermigier's notes from the first day of Linux Expo Paris. He covers talks by Dirk Hohndel, Eric Allman, Jean-Paul Smets, Henri Poole, and others. The notes are in a combination of French and English.

David Faure's Impressions from Linux Expo Paris and OSDEM Bruxelles. KDE hacker David Faure attended both Linux Expo Paris and the Open Source and Free Software Developer's meeting in Brussels; he has written up his impressions in this article in KDE Dot News. "One thing about presentations: never hack KPresenter the night before a presentation :). When you realize at 2am that you don't have it working, you're in trouble."

25,000 Linux Vendors, Developers and Enthusiasts Pack LinuxWorld Conference & Expo. IDG World Expo, the organizer of LinuxWorld, announced a record-breaking number of attendees and exhibitors at this year's LinuxWorld.

Python seminar. A Python seminar was held in Korea recently and was a big success; apparently around 600 people attended it in the end.

Upcoming Events

Speakers at the O'Reilly Peer-to-Peer Conference. O'Reilly & Associates announced that Dr. Andrew Chien, CTO and co-founder of San Diego-based Entropia will speak at the P2P conference. (San Francisco, Feb. 14-16, 2001.)

XML DevCon Europe. Camelot Communications has an updated press release with keynote speakers and schedules and such. (London, Feb. 21-23, 2001)

Linux convention in Iceland. Eric Raymond and Alan Cox have been announced as speakers for the Linux convention in Iceland, March 15th, 2001. (The site is in Icelandic.)

Chairpeople needed for EIC2001. The 2nd annual Embedded Internet Conference is coming up August 14-16, 2001 in Santa Clara, California. Chairpeople are needed, so take a look at the schedule to see if you might be interested in chairing something.

Events: February 8 - April 4.
Date Event Location
February 14 - February 16, 2001. O'Reilly Peer-to-Peer Conference Westin St. Francis Hotel, San Francisco, California.
February 21 - February 23, 2001. XML DevCon Europe 2001 Novotel London West Hotel and Convention Centre, London, England.
February 28 - March 2, 2001. 3rd German Perl Workshop Sankt Augustin, Germany.
March 3, 2001. LinuxForum 2001 Copenhagen, Denmark.
March 5 - March 7, 2001. BangLinux 2001 Indian Institute of Science, Bangalore, India.
March 5 - March 8, 2001. The 9th International Python Conference Long Beach, California.
March 5 - March 9, 2001. Networld+Interop 2001 Sydney Convention and Exhibition Centre, Sydney, Australia.
March 7 - March 9, 2001. Linux Open Source Conference and Business Expo. Sydney Convention and Exhibition Centre, Sydney, Australia.
March 15. 2001 Linux convention (in Icelandic). Iceland.
March 19 - March 22, 2001. SGI Global Developer Conference Burlingame, Califonia.
March 20 - March 22, 2001. FOSE 2001 Washington DC Convention Center.
March 21 - March 24, 2001. Singapore Linux Conference / LinuxWorld 2001 Singapore.
March 22 - March 23, 2001. Linux Accessibility Conference Los Angeles, California.
March 28 - March 29, 2001. LinuxBazaar 2001 Czech Republic.
March 29 - March 30, 2001. Colorado Linux Info Quest Denver Marriott Tech Center, Denver, Colorado.
April 4 - April 5, 2001. Linux Expo Madrid Palacio de Congresos, Madrid, Spain.
April 4 - April 6, 2001. ApacheCon 2001 Santa Clara, California.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

NorthWest Chicagoland Linux User Group. NWCLUG is having an Installfest on March 11, 2001.

LUG Events: February 8 - February 22, 2001.
Date Event Location
February 8, 2001. Phoenix Linux Users Group (PLUG) Sequoia Charter School, Mesa, AZ.
February 8, 2001. Boulder Linux Users Group (BLUG) NIST Radio Building, Boulder, CO.
February 10, 2001. Route 66 Linux Users Group La Verne, California.
February 10, 2001. Consortium of All Bay Area Linux (CABAL) Menlo Park, California.
February 13, 2001. Long Island Linux Users Group (LILUG) SUNY Farmingdale, NY.
February 13, 2001. Victoria Linux Users Group(VLUG) University of Victoria, Victoria, British Columbia, Canada.
February 14, 2001. Toledo Area Linux Users Group (TALUG) University of Toledo, Toledo, OH.
February 15, 2001. Linux User Support Team, Taegu (LUST-T) Taegu, Korea.
February 15, 2001. St. Louis Unix Users Group (SLUUG) - Linux SIG St. Louis County Library, Indian Trails Branch, St. Louis, Missouri.
February 17, 2001. North Texas Linux Users Group (NTLUG) Nokia Centre, Irving, Texas.
February 17, 2001. Silicon Valley Linux Users Group Installfest Computer Literacy Bookshop, San Jose, CA.
February 17, 2001. Eugene Unix and GNU/Linux User Group Eugene, Oregon.
February 18, 2001. Beachside Linux User Group Conway, South Carolina.
February 20, 2001. Kansas City Linux Users Group Installfest (KCLUG) Kansas City Public Library, Kansas City, MO.
February 19, 2001. Linux Users' Group of Davis (LUGOD) Z-World, Davis, CA.
February 21, 2001. Arizona State University Linux Users Group (ASULUG) Tempe, AZ.
February 21, 2001. Linux User Group of Groningen Groningen, Netherlands.
February 21, 2001. Central Iowa Linux Users Group (CIALUG) West Des Moines, IA.

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.


February 8, 2001

   

 

Software Announcements


This week's software announcements from FreshMeat II are available in an Alphabetical listing or Sorted by license.

As part of the FreshMeat II site redesign, packages can now be listed in multiple categories. This will substantially change the former "by section" option as multiple packages will be listed multiple times. We hope that in the future the "by section" option, and potentially other options made possible by the new site, will be available to LWN readers.

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Four years ago: Red Hat 4.1 was released.

Inaky Perez Gonzalez announced the beginning of the Linux USB project. This effort was eventually abandoned after Linus created a USB implementation of his own, but not before it had made considerable progress and influenced the ultimate shape of Linux USB support.

Three years ago (February 12, 1998 LWN): Eric Raymond published a page entitled Goodbye, "free software"; hello, "open source" to promote his new term:

After the Netscape announcement broke in February early 1998 I did a lot of thinking about the next phase -- the serious push to get "free software" accepted in the mainstream corporate world. And I realized we have a serious problem with "free software" itself. Specifically, we have a problem with the term "free software", itself, not the concept. I've become convinced that the term has to go.

While the term "open source" has certainly found acceptance, "free software" has refused to go. Both terms are commonly used, but supporters of "free software" are adamant in their dislike for "open source."

Dave Winer, meanwhile, read The Cathedral and the Bazaar:

If Kleiner-Perkins starts a Linux Fund, you'll know! If there's money, there may be software. If not, I don't believe there will. Great programmers cost a lot of money. That's pretty hard to work around. I don't think the Linux people really get that yet. To potential investors, in my opinion Linux would be a good bet, but not with the GPL assumption. It will do well if money is available, both from investors and eventually from customers.

Three years later, the "GPL assumption" is stronger than ever.

Two years ago (February 11, 1999 LWN): Security bugs in pine, wu-ftpd, and ProFTPd went without updates from most Linux distributors for several days; some vendors had not updated their security pages for months. LWN called for distributors to get security updates out within 24 hours of the announcement of a vulnerability. Two years later, most of them do exactly that. (Exception: we're still waiting for a bind update from Turbolinux...) This situation has certainly improved.

Dell announced that it would start selling (a few) systems with Linux installed.

From an open source special in Feed:

People will note that I do not use the term "open source software" that many others use. I've been using the term "free software" for many years, and I don't think that "open source software" is an improvement.

Richard Stallman is nothing if not consistent.

Linux-Mandrake 5.3 was released. KDE 1.1 was released, and GNOME moved (temporarily) away from its simian naming scheme with the Skillful and Conspicuous Cow release (0.99.7).

One year ago (February 10, 2000 LWN: we reported on our experience at LinuxWorld:

With very few exceptions, anybody who has been active in the Linux arena for any period of time is in a good position. If you have code, technology, revenue, or readership, you probably have numerous options to choose from. Almost everybody who wants to cash in is able to do so. A rising tide lifts all boats, and this one is rising in a hurry.

The tide, of course, changed a little over the last year.

VA Linux Systems announced an agreement to acquire Andover.net. The deal valued Andover.Net at almost $1 billion - twice what the combined company is worth now.

Any unbiased appraisal of this merger, however, will yield one difficult but inescapable truth: The camaraderie and high spirits engendered by Linus and his band of programmers will soon be replaced by the same rancor and factiousness that permeates the rest of the capitalist world. And Slashdot, which is so highly revered by its readers and those who know its mission, will soon lose its trust, reputation, and standing. The deal has dealt the much-heralded geek community and its open-source development model a terrible blow, one from which it may never recover.
-- WebMonkey was not impressed.

Atipa announced its acquisition of EST, LinuxMall announced a merger with Frank Kaspar and Associates, and Corel announced a merger with Inprise. That last one, of course, never happened...

Speaking of things that never happened, the Linux Fund announced that it would soon file for an initial public offering of stock.

The development kernel release was 2.3.42; the results of the (then) Trillian Project - the IA-64 port - were just being merged into 2.3.43. IBM announced that it would contribute its JFS journaling filesystem to the Linux community.

The Debian new maintainer process opened up, finally. Red Hat announced the beta version of Red Hat 6.2:

This is no ordinary pig! Stand back folks, he's large and live and ready to rumble. This pig is knocking back CPU loads of 99 whilst having tea and crumpets with Pooh Bear. This bad boy eats Lizards for breakfast and spits out kernel patches. Approach with caution, he could be dangerous!

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

February 8, 2001

   
From: Mike Traffanstead <traff@roadrash.org>
To: "'lwn@lwn.net'" <lwn@lwn.net>
Subject: DirectTV and "Black Sunday"
Date: Thu, 1 Feb 2001 14:20:11 -0600 


In your article you state that DirecTV programmed the receivers to destroy
themselves.  This not quite the case.  DirecTV programmed the access cards
to go into an infinite loop, thereby denying access to ill-gotten services.
The cards can easily be replaced by setting up a proper account with DirecTV
and no damage is done to the actual receiver.  

The best analogy I can think of is if someone "acquired" an account on the
lwn server and you went through and removed it.  You didn't actually damage
anything, you just correct something that should not have been in the first
place.

Mike Traffanstead
(No relation to DirecTV)
   
Date: Mon, 05 Feb 2001 22:09:03 -0700
To: lwn@lwn.net
From: Maurice Hilarius <maurice@harddata.com>
Subject: DirecTV war

Hi Liz and friends.

Like many Canadians I am a "pirate Satellite Dish" enthusiast.  Why?
Because it is free? not really.  Because our fine government up here
imposes Canadian content, so to see the programming from the US we
have to go this way.

Anyway, back on topic: "Black Sunday" was not that big a deal. really.
Why?  They managed to destroy the boot portion of the ROM code on the
programming cards.  Already we have new interfaces that take the
programming cards, and have programmable logic on them.  Now we can
hack the signal even better, and we can now "firewall" our hardware
from their signal feed.  So, onwards up upwards, better equipped than
ever.  A buddy in the satellite wars builds the card wedges, and has
sold or taken orders for over 8,000 in the last month already.  On top
of that quite a few people have abandoned the program card route
entirely now, and are using pure emulators for their
interface/translators.  An old PC, some code and 2 serial ports, and
that is it!  So, as you can see, the game is not over. As a matter of
fact it is just getting going..

With our best regards,

Maurice W. Hilarius       Telephone: 01-780-456-9771
Hard Data Ltd.            FAX:       01-780-456-9772
11060 - 166 Avenue        mailto:maurice@harddata.com
Edmonton, AB, Canada      http://www.harddata.com/
    T5X 1Y3


   
Date: Thu, 01 Feb 2001 16:43:36 +0100
From: Laurent Szyster <l.szyster@ibm.net>
To: letters@lwn.net
Subject: BIND vulnerablility

> Bind vulnerabilities have, in the past, been widely
> exploited. It would be nice if it were different this
> time. The information and the updates are all available;
> the exploits do not yet exist. People who move quickly
> need not worry about this problem. 

People who replaced BIND by djbdns don't have to worry
at all about BIND's apparently infinite number or
buffer overflow ;-)

See:

  http://cr.yp.to/djbdns.html


Laurent Szyster
   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds