Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

System	1999 revenue (billion)	2004 revenue (billion)
Linux	$0.4	$4.1
Windows NT	$4.7	$12.8
Unix	$11.4	$14.9

If reality comes close to matching these figures, there are some interesting conclusions to be drawn here.

Unix systems (which Unix was not specified in the release) are expected to hold almost half of the multiuser system market in 2004. Market share will drop, but revenues will increase as the whole pie gets bigger. In other words, proprietary Unix will be feeling the pressure, but the rumors of its death are still somewhat premature.

The Linux growth rate will continue to be phenomenal. Of course, we didn't need IDC to tell us that, but it's nice to see anyway.

Windows NT, it is said, will grow twice as much as Linux in absolute dollars (though you get a different story if you look at percentages). It will bring in three times as much revenue as Linux in 2004. It's worth pointing out one thing here, though: the revenue from an average Linux deployment is a fraction of that from a Windows deployment. One Linux CD, perhaps not even purchased, can power many computers. Thus, we conclude that Windows may bring in more money, but far more Linux systems will be deployed.

Finally, $4.1 billion is a reasonable chunk of change - and it only represents one segment of the operating systems market, and only in the United States. It may be a bit of a lean time for Linux companies at the moment, but people will be making money - serious money - with free software before too long.

Perhaps we didn't need IDC to tell us that either. But it's still nice to hear.

SDMI brings out the threats. Two very different approaches to the protection of audio data (i.e. music) and its creators have come out recently. They are worth a look.

Remember the SDMI challenge? The Secure Digital Music Initiative seeks to defeat copying of digital audio through the use of a number of watermarking technologies. SDMI issued a public challenge last year, offering prizes for those who could crack their technologies - as long as the victorious parties kept their findings secret. A number of people called for a boycott of this challenge, thinking that SDMI was really just trying to find obvious problems before deploying an expensive new system.

A group lead by professor Edward Felten at Princeton succeeded in a number of attacks against SDMI, but then chose not to claim the prize; instead, they decided to release their findings publicly. Not surprisingly, the SDMI crowd is not much pleased; thus this letter sent to Professor Felten by Matthew Oppenheim, Secretary of the SDMI Foundation:

Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material. Such disclosure is not authorized in the Agreement, would constitute a violation of the Agreement and would subject your research team to enforcement actions under the DMCA and possibly other federal laws.

Here, "the Agreement," is one of the click-through variety that accompanied the challenge.

Even the DVDCCA, in its challenge against the DeCSS code, has not tried to go this far. The DVD people have acknowledged that a textual description of the DVD content scrambling system is protected speech, and its distribution can not be restricted. The DVDCCA has limited its efforts to stamping out the code - an effort which gets going again next week. There is no "DeSDMI" code in circulation, and no immediate threat to SDMI-protected music. But the SDMI people aren't waiting for that to happen; they are out to shut down the distribution of information at a much more basic level. They will run into some interesting first amendment issues if they continue to pursue this case.

All this is happening, of course, in an attempt to protect technology which is already in commercial use. Rather than admit that they adopted a worthless protection scheme, they are trying to sweep the issue under the rug with legal threats. This, of course, will prove difficult to do, especially since Professor Felten and company have already published a paper describing how they attacked SDMI. Their conclusions are worth reading:

Certainly, the technical details of any scheme will become known publicly through reverse engineering. Using the techniques we have presented here, we believe no public watermark-based scheme intended to thwart copying will succeed. Other techniques may or may not be strong against attacks. For example, the encryption used to protect consumer DVDs was easily defeated. Ultimately, if it is possible for a consumer to hear or see protected content, then it will be technically possible for the consumer to copy that content.

The SDMI is fighting a losing battle. Unfortunately, it is still a battle, and a great deal of damage could be done before it is finished.

The EFF Open Audio License. So maybe digital watermarking and other copy protection schemes are a lost cause. And maybe the content industries will eventually wake up to the fact that treating their customers as if they were criminals is not the best marketing tactic. How, then, can a sustainable industry be built that better fits reality?

The software industry is ahead of music in this regard. Copy protection schemes were tried in the 1980's, with no more success than audio and video is seeing now. Much of the industry has moved on to hardcore legal bullying techniques; it still treats its customers like criminals. But proprietary software is increasingly threatened by, of course, free software. Free software licenses recognize that copying will happen, and that the users of software deserve a little more respect.

How a sustainable free software industry will look is still unclear - many companies trying to work in this area are having difficulties now. But it is reasonably evident that, when the intellectual property itself is not making money, companies need to look to performance for their revenues. Digital Creations founder Paul Everitt once justified the open-sourcing of Zope by saying (in paraphrase) "the ability to create Zope is far more valuable than Zope itself." Having shown how it can perform, Digital Creations is making money by applying its abilities to the needs of its clients.

Can this model work in the audio world? Consider, for a moment, the Grateful Dead. The Dead placed its live performances under an informal open license - its customers were empowered to tape Dead shows and make copies for their friends. One of the results is that the Dead was one of the top-grossing concert bands for decades. It worked for them, and for a number of other groups that have followed the same model.

The Electronic Frontier Foundation has just released version 1.0 of the EFF Open Audio License, which may well form the basis of a performance-based audio business model. This license looks very much like the GPL: unlimited copying, modification, and distribution are allowed, but you can not restrict the rights of others to further redistribute the result. There is an attribution requirement as well. The EFF has clearly taken a cue from the free software world:

As in the software communities, this license is intended to help foster a community of creators and performers who are free to share and build on each others' work while freeing their audience to share works that they enjoy with others, all for the purpose of creating a rich and vibrant public commons.

The presence of a new license does not, in itself, create a new music industry. It remains to be seen what level of interest this license will find in the music industry. It is true, though, that a great many musicians are not particularly happy with the current arrangement; things could change faster than many of us would expect.

Inside this week's Linux Weekly News:

• Security: Pre-release advisories, OpenSSL update, new vulnerabilities in KFM, NEdit, SAFT/sendfile, and innfeed.
• Kernel: Security modules; block drivers and plugging; non-GPL firmware in the kernel; Eric in KernelLand.
• Distributions: Linux-Mandrake 8.0, FreeBSD 4.3, ASPLinux 7.1, Think Blue Linux for the 64-bit Zseries, RTLinux goes BSD.
• On the Desktop: A first look at Ximian GNOME, KDE 2.2Alpha1, and KDE/GNOME put Linux on the desktop...almost.
• Development: DirectFB - abstracting the Linux framebuffer for embedded devices, interview with the Simputer team and biology and open source.
• Commerce: IBM: New AIX and Informix acquisition; Layoffs at Caldera.
• History: Three years ago - proposed changes to the Uniform Commercial Code; Two years ago - gcc and egcs projects merge.
• Letters: Italian web site registration; social research with Google; Bonobos are not unique.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

A new trend in security reporting? Pre-release advisories. This week marks the first time that we've seen "pre-release" versions of security advisories issued. In this case, "pre-release" advisories of vulnerabilities that are being discussed at this week's Black Hat briefings in Asia were issued by Asher Glynn from Secure Reality Pty in Australia. The vulnerabilities discussed impacted:

• WebCalendar 0.9.26 and earlier, a PHP-based calendar system [BugTraq ID 2639],
• phpSecurePages 0.23 and earlier, a PHP module for securing pages with a login name and password and
• phpMyAdmin 2.1.0 and 2.2.1, a PHP-based tool for managing MySQL administration over the web [BugTraq ID 2640 and 2642].

Fortunately, patches to fix the reported problem are provided and the pre-releases indicate that the authors were notified.

So are "pre-release" advisories a good thing or a bad thing? What was the motivation for issuing the pre-releases?

It can certainly be viewed as a good thing that a warning of the vulnerability, complete with patches, was shared with the entire community before it was divulged as part of a conference proceedings. On the other hand, the pre-release also serves as a nice advertisement for the upcoming talk.

Withholding details of the vulnerability might draw ire among many, but because patches for the problem have already been provided, anyone who wishes to figure out the vulnerability has all the material they need to examine it themselves. So the only value withheld was the full description of the vulnerability, how it was found, how it was fixed, etc.

Overall, we are happy to see a pre-release, rather than no information at all, before details of new vulnerabilities are discussed in a conference setting. On the other hand, it is essential that such pre-releases provide patches or links to fixed versions of the vulnerable software, both to allow people to secure their systems and to provide a means of verifying the existence of the vulnerabilities.

Linux Security Module Project update. On this week's kernel page, Jonathan Corbet takes a look at the Linux Security Module Project, why it exists and how it is implemented. "This work is proceeding quickly; people who have an interest in how security modules hook into the system may want to make their views known before too long".

Researchers face legal threats over SDMI hack (News.com). News.com reports on the threats against Edward Felten and company, who are planning to release the information on how they cracked the Secure Digitial Music Initiative watermarking scheme (as covered on this week's front page). "'Your contemplated disclosure appears to be motivated by a desire to engage in scientific research that will ensure that SDMI does not deploy a flawed system,' the letter says. 'Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material.'"

Finding Fences in Cyberspace: Privacy and Open Access on the Internet (Journal of Technology Law and Policy). Ethan Preston has published a long article in the Journal of Technology Law and Policy which recommends that the term "Cyberspace" move from its current ad-hoc usage in language to being used in a legal sense, to provide a metaphor around which new legal language can be developed to address Cyberspace issues. "Law is based on language; law that diverges from the language that forms its base risks incoherence. Incoherent law is unpredictable. At the same time, facts develop and evolve much more rapidly than language, but injustice ensues if the law does not respond to changing circumstances". [From ISN].

CERT: The Next Generation (InfoWarrior.org). Richard Forno has published an article that takes a look at the changing face of CERT. "The CERT-EIA Internet Security Alliance will fail to be effective for several reasons, not the least of is that this new organization is charging for services found for free (or cheaper) elsewhere".

Also addressing the recent changes at CERT is this article at The Register. "That said, CERT still has its detractors among Internet security specialists, many of whom question the fairness of making current threat information which affects all Net users and systems administrators available to a select few, while everyone else must wait over a month for the free abstracts".

Security updates for Linux-Mandrake 7.0 and earlier discontinued. Simultaneous to announcing the release of Linux-Mandrake 8.0, MandrakeSoft also announced that security updates for Linux-Mandrake 7.0 and earlier would no longer be provided. They recommend that you upgrade your system to Linux-Mandrake 7.1, 7.2 or 8.0 (though obviously they would prefer 8.0).

Security Reports

Multiple security fixes in OpenSSL-0.9.6a. Jim Knoble dropped a note to BugTraq this week pointing out that OpenSSL-0.9.6a was announced this week and contains fixes for four security issues.

• Security fix: change behavior of OpenSSL to avoid using environment variables when running as root.

• Security fix: check the result of RSA-CRT to reduce the possibility of deducing the private key from an incorrectly calculated signature.

• Security fix: prevent Bleichenbacher's DSA attack.

• Security fix: Zero the premaster secret after deriving the master secret in DH ciphersuites.

Expect to see new packages from the distributors once they've had a chance to test the new release. Presumably new versions of OpenSSH, compiled against the new OpenSSL, will also be forthcoming.

KFM Insecure TMP File Creation Vulnerability. KFM is the KDE File Manager, provided in versions of KDE prior to KDE 2.X. KFM has been reported to create and use a directory in /tmp in an insecure manner. As a result, an attacker could use this vulnerability easily to overwrite or replace any file owned by the KFM user. We checked with Kurt Granroth at KDE and confirmed that no patch for this problem is currently available or planned. "We no longer support KDE1 in any way. The recommended 'patch' for this is to update to KDE2".

Unfortunately, the version of KDE currently installed on many (if not most) Linux systems is KDE 1 (witness the popularity of the Red Hat 6.2 implementation). Upgrading to KDE 2, while it can be done without upgrading the entire operating system, will likely be postponed until an operating system upgrade is performed, which leaves a lot of people with a security vulnerability and no quick fix. Fortunately, the severity of this particular vulnerability is somewhat limited, requiring local access and not providing root privileges (unless someone is unwise enough to be running kfm as root).

NEdit temporary file link vulnerability. NEdit, also known as the "Nirvana Editor", has been reported to contain a temporary file link vulnerability. Browsing through the NEdit.org website and mailing list, we did not see any official patches or updates for the program, so the patches provided by SuSE appear to be the first ones made available, to the best of our knowledge. BugTraq ID 2627.

• SuSE
• Linux-Mandrake

SAFT/sendfile broken privileges. Sendfile is a Simple Asynchronous File Transfer (SAFT) implementation. SAFT is a relatively-new Internet protocol designed to allow people to asynchronously send files to someone without using mail attachments and MIME. This past week, Colin Phipps and Daniel Kobras discovered and fixed several serious bugs in the saft daemon `sendfiled' in which privileges were dropped incorrectly. These bugs could be exploited locally to gain root privileges. BugTraq ID 2631 and .

• Debian
• Progeny

innfeed command-line buffer overflow. A buffer overflow in innfeed was reported this week. It is exploited via the "-c" command-line option, which can be run locally. Intel-based exploits have been published. Versions of INN prior to 2.3.0 include the vulnerable innfeed. An upgrade to INN 2.3.0 or later is recommended to resolve the problem.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Lotus Domino R5 Server is reported to contain multiple HTTP-based denial-of-service vulnerabilities. An upgrade to Lotus Domino 5.0.7 should fix the problem. See also BugTraq ID 2565, 2571 and 2575.

• Cisco Broadband Operating System (CBOS) on the Cisco 677 ADSL router contains a telnet vulnerability. Cisco has confirmed the problem and is working on a fix. They also indicate that they don't believe the vulnerability can be exploited to either grab the router's configuration or execute commands without authorization. Only the "sh nat" command is affected. BugTraq ID 2635.

• Oracle 8 Server has been reported vulnerable to a denial-of-service attack. One unofficial report confirms the attack against a Linux system running 8.0.5.

Updates

Samba local disk corruption vulnerability. Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.8 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.8, of course). BugTraq ID 2617.

This week's updates:

• Progeny
• Conectiva
• Debian, updated advisory with corrected Sparc packages
• Linux-Mandrake
• FreeBSD
• Slackware (from the changelogs)

• Trustix (April 19th)
• Debian (April 19th)
• Immunix (April 19th)
• Caldera (April 19th)

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19th LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found.

This week's updates:

• Red Hat, custom configurations of Red Hat Linux 7.1 only

cfingerd format string vulnerability. Check the April 19th LWN Security Summary for the original report. This can be exploited remotely to gain root privileges and execute arbitrary code.

This week's updates:

• Progeny

• Debian (April 19th)

Hylafax format string vulnerability. Check the April 19th LWN Security Summary for the original report. Hylafax has released patches to fix the problem.

This week's updates:

• SuSE
• FreeBSD
• Linux-Mandrake

Debian Security Advisory for exuberant-ctags. Check the April 19th LWN Security Summary for the initial report.

This week's updates:

• Debian, original packages incorrectly compiled against unstable instead of stable.

• Debian (April 19th)

Netscape 4.76 GIF comment vulnerability. Check the April 12th LWN Security Summary for the original report. The vulnerability can be used to embed executable Javascript in GIF comments which are then executed by the viewer when loading the GIF file. This has been fixed in Netscape 4.77, which is available for download from ftp.netscape.com.

Note that the Immunix update for Netscape, listed below, is not StackGuarded. Apparently Netscape doesn't rebuild under StackGuard easily. The Immunix team did note that they have a version of Mozilla compiled with StackGuard which required "a few hacks". They are not directly supporting it, but would be happy to turn the patches over to a Mozilla developer, if there is anyone interested.

This week's updates:

• Progeny
• Debian

• Red Hat (April 12th)
• Red Hat, includes support for new 7.1 distribution (April 19th)
• Immunix (April 19th)
• Conectiva (April 19th)

Multiple FTP daemon globbing vulnerabilities. Check the April 12th LWN Security Summary for the original report.

This week's updates:

• OpenBSD

• NetBSD (April 12th)
• FreeBSD (April 19th)

IP Filter fragment caching vulnerability. Check the April 12th LWN Security Summary for the initial report. IP Filter 3.4.17 has been released with a fix for the problem. BugTraq ID 2545.

This week's updates:

• OpenBSD

ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Exploits were released the week of March 29th for a ptrace/execve/procfs race condition in the Linux kernel 2.2.18. As a result, an upgrade to Linux 2.2.19 is recommended.

The Linux 2.2.19 release notes give the specifics on all the security-related fixes in 2.2.19 (all thirteen of them!) and give credit to the Openwall project and Chris Evans, for the majority of the third-party testing and auditing work that turned up these bugs. Fixes for the same bugs have also been ported forward into the 2.4.X kernel series.

This week's updates:

• Conectiva

• Immunix (March 29th)
• Linux 2.2.19 release notes
• Caldera, 2.2.19 security fixes (April 5th) backported to 2.2.10 and 2.2.14, the kernels used in various Caldera products
• Trustix (April 12th)
• Progeny (April 12th)
• Progeny, advisory updated due to error in update instructions. (April 12th)
• Debian (April 19th)
• Red Hat (April 19th)
• Linux-Mandrake (April 19th)

licq URL checking problem. Check the March 22nd LWN Security Summary for the original report.

This week's updates:

• FreeBSD

• Linux-Mandrake (March 22nd)
• Red Hat (Red Hat 7 only) (March 29th)
• Conectiva (March 29th)

slrn buffer overflow. Check the March 15, 2001 LWN for the original report.

This week's updates:

• FreeBSD

Previous updates:

• Debian (March 15)
• Linux-Mandrake (March 15)
• Conectiva (March 22nd)
• Immunix (March 22nd)
• Red Hat (March 22nd)

sudo buffer overflow. Check the March 1st LWN Security Summary for the original report.

This week's updates:

• SuSE
• FreeBSD

Previous updates:

Slackware (March 1st) Trustix (March 1st) Conectiva (March 1st) Linux-Mandrake (March 1st) Debian (March 1st)

Immunix (March 1st) Debian (March 8th), PowerPC packages Linux-Mandrake, new 7.1 packages due to build problem. Red Hat, Powertools 6.2 (March 29th)

mgetty tmp file race problem. mgetty was one of twelve packages reported in January to contain tmp file race problems. Check the January 11th LWN Security Summary for the initial report.

This week's updates:

• Red Hat

• Immunix (January 11th)
• Debian (January 11th)
• Linux-Mandrake (January 18th)
• Caldera (January 18th)
• Debian, updated advisory, Motorola 680x0 and PowerPC added.

Resources

Know Your Enemy: Honeynets. LinuxSecurity.com features an article this month entitled "Know Your Enemy: Honeynets. Written by the Honeynet Project, this article describes what a Honeynet is and how to build one of your own. "A Honeynet is a tool for learning. It is a network of production systems designed to be compromised. Once compromised, this information is captured and analyzed to learn about the blackhat community. This idea is similar to honeypots, but there are several differences".

The paper is also available directly on the Honeynet Project site, along with the results from the April Scan of the Month.

Perhaps most interesting, though, are these comments from Lance Spitzner of the Honeynet Team. In them, he mentions a growing trend among script kiddies: don't bother to check whether or not a system is vulnerable first, just try the exploit and move on to the next system if it fails. "We have confirmed this brute force approach with the Honeynet Project. We have several different operating systems within our Honeynet, to include both Linux and Solaris. Often both systems are attacked with the same exploit, even though the attacks are architecture dependent (such as X86 or Sparc)".

What is the impact of this change in tactics? A lot more intrusion attempts and a lot more bandwidth usage, for a start.

Common threads (IBM developerWorks). For flexible (and fun) network security, this IBM developerWorks article shows how to create and use dynamic iptables firewalls.

MaraDNS 0.5.13 released. Another entrant into the field of alternate domain name servers, MaraDNS 0.5.13 is the latest version of this new Open Source name server. "Currently, MaraDNS is an authoritative-only nameserver. In other words, she has no support for caching or for "recursive name queries". I plan on having a stable release of MaraDNS with this ability released in early June".

MaraDNS is public domain code. While this is just about as free as it can get, the lack of legal protection will make it less desirable to many who prefer not to see their contributions potentially used in non-Open Source projects. Check the MaraDNS website for more information.

Netping. Lukasz Luzar has released a tool he calls netping. "I wrote a nice tool for scanning of networks to determine whether ICMP direct broadcast addressing is enabled (old, but still dangerous "smurf attack" issue)".

Events

Upcoming Security Events.

Date	Event	Location
April 26, 2001	Infosecurity Europe 2001	London, Britain, UK.
April 26 - 27, 2001	Information Security Asia 2001	Singapore.
May 13 - 16, 2001	2001 IEEE Symposium on Security	Oakland, CA, USA.
May 13 - 16, 2001	CHES 2001	Paris, France.
May 29, 2001	Security of Mobile Multiagent Systems(SEMAS-2001)	Montreal, Canada.
May 31 - June 1, 2001	The first European Electronic Signatures Summit	London, England, UK.
June 1 - 3, 2001	Summercon 2001	Amsterdam, Netherlands.
June 4 - 8, 2001	TISC 2001	Los Angeles, CA, USA.
June 5 - 6, 2001	2nd Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop	United States Military Academy, Westpoint, New York, USA.
June 11 - 13, 2001	7th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and Risk	Orlando, FL, USA.
June 17 - 22, 2001	13th Annual Computer Security Incident Handling Conference (FIRST 2001)	Toulouse, France.
June 19 - 20, 2001	The Biometrics Symposium	Chicago, Illinois, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.3. The 2.4.4 prepatch is up to 2.4.4pre7; it continues to accumulate bug fixes. There has been no word on when a real 2.4.4 release might happen. Alan Cox's patch, meanwhile, is up to 2.4.3ac14.

The security module project only recently got off the ground, but the people involved are not wasting any time in getting going. This project, remember, set out to define a generic security interface that could be used by any particular enhanced-security implementation to hook into the kernel without the need for further patching by the user. This interface would allow easy experimentation with several of the current offerings, and would make it (relatively) easy to switch between them. Linus has argued for this approach with the reasoning that, since there seems to be no agreement on what is the right approach to heightened security for Linux, there should be a simple way for all of them to work with stock kernels.

The interface that the group is settling on at this early stage is based on a structure called security_ops which, by way of a set of subsidiary structures, contains pointers to several dozen functions. The role of each function is to make a security decision in a particular situation, returning a value indicating whether or not a particular operation should be allowed. Thus, for example, before creating a symbolic link the kernel will make a call like:

    error = security_ops->inode_ops->symlink(dir, 
            dentry, oldname);
    if (error)
        goto nice_try_buddy;

The default implementations of these functions in the kernel simply allow anything at all. If a user wishes to impose a particular security policy, it is simply a matter of loading a module which replaces all of those functions with a new set that implements that policy.

This approach is conceptually simple, and has a very low overhead on systems where no added security policy is in use. It is relatively easy to implement; it's mostly a matter of deciding what operations need to be checked, and inserting a security_ops call for each one. A patch implementing this scheme already exists, thanks to the efforts of Greg Kroah-Hartman. It does not implement the full set of calls, of course, but it is a start which gives people something to play with.

There is one obvious limitation in this design: only one security policy can be in place at any given time. There is no way to "stack" multiple policies. That appears to be a deliberate design decision; as soon as you start playing with multiple policies you have the potential for no end of administrative problems and complicated interactions. Nonetheless, a stackable implementation would certainly allow for more flexibility in the creation and use of security policies.

There is also some discussion currently over whether one or more special system calls will be needed for the security module implementation.

This work is proceeding quickly; people who have an interest in how security modules hook into the system may want to make their views known before too long. There is now a web site available for the project, if you want further information.

Block driver API change. The 2.4.4 kernel will contain an incompatible API change that people working with block device drivers, at least, should know about.

The kernel maintains one or more "request queues" for each block driver in the system; it holds a structure for each I/O request which is waiting for attention from the device. In general, performance is improved if that queue is allowed to get reasonably long before being handed to the device itself. A long queue allows requests to be sorted to minimize disk head movement, as well as allowing the merging of contiguous requests.

The block I/O subsystem uses a technique called "plugging" to help with sorting and merging. When the request queue is emptied by the device, it will be plugged by the kernel, meaning that no more requests will be passed to the driver. The plug will be maintained for a short period of time while the queue fills, then the plug is pulled and the new set of requests will be processed.

For most devices, this mechanism works reasonably well. There are exceptions, however. RAM disk devices, for example, do not benefit from request sorting and merging; doing that work is simply a waste of CPU time. Compound devices, such as RAID arrays or disks managed by LVM, can not be sorted at that level; what looks like a pair of contiguous requests on a RAID volume will likely turn into operations on two or more separate devices later on. To accommodate these needs (and others), the block subsystem provides a function blk_queue_pluggable() which sets up a special "plug" function. Often all that function does is return, effectively disabling plugging.

At least, that's how it worked until recently. As of kernel 2.4.2, devices which simply disable plugging have not worked correctly, and, in 2.4.4, blk_queue_pluggable() is going away entirely. According to kernel hacker Jens Axboe, this change is being made because there are no longer any reasons for disabling plugging. A separate set of functions exists which allows control over sorting and merging of requests. But devices which truly do not benefit from sorting and merging probably should not be using a request queue at all. The 2.4 kernel allows drivers to provide a make_request() function which can be used to receive requests directly, before they go onto any queues.

The reasoning all makes sense, but changes of this nature make it clear that the 2.4 kernel has still not truly stabilized. When the core API is no longer changing, we can say that we have a stable kernel.

Non-GPL firmware in the kernel. Adam Richter posted a note on the Debian-legal list this week pointing out a bit of a licensing problem in the kernel source. Several of the header files in the drivers/usb/serial directory (such as keyspan_usa19_fw.h) contain the following text:

"The firmware contained herein as keyspan_usa19_fw.h is Copyright (C) 1999-2000 Keyspan, A division of InnoSys Incorporated ("Keyspan"), as an unpublished work. This notice does not imply unrestricted or public access to this firmware which is a trade secret of Keyspan, and which may not be reproduced, used, sold or transferred to any third party without Keyspan's prior written consent. All Rights Reserved.

This firmware may not be modified and may only be used with the Keyspan USA-19 Serial Adapter. Distribution and/or Modification of the keyspan.c driver which includes this firmware, in whole or in part, requires the inclusion of this statement."

Needless to say, this language is not exactly compatible with the GPL code that makes up the kernel.

The code in question is firmware for the Keyspan device; it is downloaded into the hardware when the driver initializes itself. In that sense, one can see it as not really being part of the kernel - it's part of the hardware. Certainly the kernel hackers have been willing to see it that way; the inclusion of this firmware is regarded as "mere aggregation," which is allowed by the GPL, even though the code is linked into the kernel image.

Not everybody agrees with that interpretation. But this issue came up on the Debian lists because Debian does not much care whether linking in restricted firmware in this manner is OK or not. Since the firmware is not free software, Debian does not wish to include it as part of its distribution. The Debian Project is highly inflexible in this regard, and most of its developers like it that way. While a conclusion had not been reached as this was being written, it seems likely that Debian will remove the Keyspan drivers from its kernels.

The longer-term solution has two different aspects:

• Most modern hardware has code inside it, and that code is generally not free software. Even Debian happily runs on hardware that has restricted firmware in it. Adding the ability to update that firmware does not really change anything. Some tolerance of non-free firmware will likely be required in the future - though it is also important to make vendors aware of the need for better licensing.

• In most cases, it is not really necessary to link the firmware into the kernel image itself. A solution for USB devices already exists where a user-space program downloads the firmware into the device via the hotplug mechanism. That removes this code (and its licensing issues) from the kernel, and also makes the kernel image smaller.

Eric in KernelLand. Eric Raymond has had a busy week on the linux-kernel mailing list, and not all of it has been fun. As he seeks to expand his kernel contributions from CML2 into broader parts of how kernel development is done, he is running into resistance.

Relatively uncontroversial has been Eric's taking over responsibility for the Configure.help file. This file provides help text for (in an ideal world) every kernel configuration option. Maintaining this file along with the CML2 configuration system makes some sense, and nobody has complained, even though Eric has stated that he would maybe like to convert the file into an XML-based format.

Eric then released a tool called 'kxref', which attempts to find broken configuration symbols in the kernel source. These symbols can be typos, old configuration options that no longer exist, and other types of related cruft. This tool turned up 731 apparently broken symbols out of 2096 total - seemingly quite a few. Some of them were clearly bugs, but others, as it turns out, were not.

Eric started posting patches to eliminate the dead symbols, and that's where the trouble started. It seems that quite a few of the symbols aren't quite as dead as Eric thought. Or they have already been fixed in other places. Many of the problematic symbols, as it turns out, are in architecture-specific code, and the port maintainers started to get a little grumpy about Eric posting patches for "their" stuff.

The problem is this: the official Linus kernel is not the definitive tree for ports other than the x86, and perhaps the Alpha. Almost all of the other architectures have their own development trees elsewhere; they can be found on the main kernel.org page. Development on ports tends to happen independently of the Linus kernel for long periods of time, with merges happening when things appear to be reasonably stable.

For 2.4, things aren't that stable yet, and most of those merges have not yet happened. Thus, any changes to port-specific code as found in the Linus kernel will be difficult to apply to the real port-specific tree. Cross-port changes of the type being attempted by Eric are always going to present some logistical challenges, but now appears to be an especially poor time. Later in the stable series, when the port-specific trees are more in sync with Linus's kernel, should provide a better opportunity for this sort of cleanup.

Eric then went on to propose a new scheme for the MAINTAINERS file. This file lists, in theory, who is responsible for each part of the kernel source (curious people can look at the 2.4.3 version). Eric has concluded that this file "doesn't seem to be scaling well," mostly because he has had trouble finding maintainers for code he wants to change.

The new scheme would put a "map block" into most source files, listing who is responsible for it. New tools would then be created to merge these blocks into a coherent whole, and to make it easy, in theory, to find the maintainer for a specific module.

Response to this proposal has been almost uniformly negative. Not everybody agrees that the MAINTAINERS file is not scaling; Alan Cox, for example, says that updates are the real problem; people just don't bother to update the entries in the file. There appears to be some truth to that: is Remy Card really still maintaining the ext2 filesystem? Eric's plan might help somewhat by putting the maintainer entries with the code itself, but he also has a wider goal:

However, if you think about it, you'll notice there's a common thread in all the proposals I've been making. If you still have trouble seeing it, remember that I hack social systems as much as I hack code. And consider lkml as a social machine. And consider -- carefully -- the things it is demonstrably poor at.

This kind of language tends to turn off kernel hackers, who, in general, probably feel little need to have their social system hacked. At least, not in such an overt way. Eric may yet achieve many of his goals, but a bit of a lighter touch might help.

Other patches and updates released this week include:

• Daniel Phillips posted a look at file deletion performance, as a way of figuring out why it takes so long to delete a large directory full of files.

• Jes Sorensen announced the creation of a new Logical Volume Manager (LVM) mailing list. Evidently the closed and excessively moderated nature of the old list aggravated a lot of developers; there is also some disgruntlement over coding practices and unfixed bugs in the LVM code. In response, the LVM list has been opened up, but it may have happened too late.

• Ingo Molnar tracked down a swapping performance problem and produced a patch to fix it. (There has since been an updated patch, but the original posting explains the nature of the problem).

• Herbert Valerio Riedel released a version of the international kernel patch (which provides cryptographic capabilities) in a pure-module form.

• A patch to make NFS work with ReiserFS was posted by Chris Mason. It's not presented as an optimal solution; instead, it's an attempt to produce a minimal patch that can get into the 2.4 kernel.

• Alexander Viro has released a new version of his namespaces patch.

• Tim Jansen posted version 0.2.0 of his device registry patch.

• Ulrich Windl has posted an extension to adjtime() which fixes some limitations in that system call.

• The 2001-04-24 release of the hotplug scripts was announced by Greg Kroah-Hartman.

• Jeff Garzik has announced a web page for people dealing with ECN problems (see the September, 2000 kernel page).

• D.W.Howells has released the fourth version of his R/W semaphore patch.

• Bulent Abali announced a patch for "Memory Expansion Technology" (MXT) support. MXT uses hardware support to compress data stored in main memory, thus doubling its capacity. (See also this description of the design of the Linux MXT implementation).

• Rusty Russell posted a lengthy netfilter patch intended for the 2.4.4 kernel.

• Eric Raymond's latest CML2 patch is cml2-1.2.5.

• Rejected patch of the week: somebody named Imel reached an interesting conclusion: "i found out that one of the big problem with linux and most other operating system is the multi-user thing." So he posted a patch which removes all permissions and privilege checking as a step toward the creation of a single-user kernel. Needless to say, the kernel hackers were not impressed...

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Linux-Mandrake 8.0. MandrakeSoft has released the latest version of their Linux distribution - Linux-Mandrake 8.0. This distribution uses the Linux 2.4.3 by default and includes XFree86 4.0.3, KDE 2.1.1 (with Konqueror), Gnome 1.4, Nautilus 1.0 and more. Under KDE, similar to SuSE 7.1, anti-aliased fonts become available as well.

Linux-Mandrake 8.0 is provided in three editions, Standard (desktop), PowerPack (desktop or server) and ProSuite (small to medium-size businesses). It also comes with their new on-line technical support platform, MandrakeExpert. Check their official press release for more details.

With this release, MandrakeSoft was also pleased to make available, for the first time, download locations in over 20 different countries.

An overview of Linux-Mandrake 8.0 is also available. It includes a graphical tour of their new Linux-Mandrake Control Center and a sampling of screenshots.

Congrats, guys; it is clear that a lot of thought and work has gone into this release.

CheckInstall. LinuxPlanet has put up an article about CheckInstall, an entrant into the field of potential solutions to the multiple package manager problem. "It is the coolest utility I've ever seen. If you run Slackware or any RPM-based distribution and if you ever compile your own applications, libraries, anything, it is a must-have, a really essential application".

Distribution News

Linux-Mandrake News. Bill Henning has put up an article covering "Running Apache / SSL / PHP / PostgreSQL" on the new Linux-Mandrake 8.0. "Mandrake 8 looks good so far (more in my upcoming review); it looks like it will make a great Apache/PHP/PostgreSQL development/deployment platform - and having the server prebuilt with https support is *much* appreciated. There are still some rough edges (as shown above) but I've yet to run into any show-stoppers".

Also for new Linux-Mandrake users, troels.rsync is a tool offered to help speed up download of the distribution. Check MandrakeForum for additional Linux-Mandrake 8.0 gotchas, tips, etc.

Debian News. Time to bash more bugs. The number of release-critical bugs listed on April 20th was 329. Focusing specifically on release-critical bugs, the famous Debian Bug-Squashing Parties have been making progress. The third party was held the weekend of April 13th through the 15th and over 190 bugs were squashed. The fourth Debian Bug-Squashing Party has been scheduled for the first weekend in May.

As part of an effort to decrease the total number of bugs in Debian, particularly in the base system, all of next week (April 30th - May 6th) has been designated Base Bug Week. During the week, the focus moves from just release-critical bugs to all bugs in the base Debian system. That includes writing patches for problems and writing or fixing documentation, something that allows more than just the developers to participate. A summary of the bugs in the base system is also available.

Too many kernel packages? One heated discussion from debian-devel this past week focused again on a split in philosophy between many developers. Is Debian just for those who want to learn all about the system? Or is it for everyone? In this particular case, the focus of the discussion was the number of kernel packages included with each kernel -- a total of 25 packages and over 110MB of space per kernel. The reason for the large number of packages was primarily the number of pre-built kernels optimized for various hardware platforms.

The advantage of the pre-built kernels is the goal of providing improved performance to the end-user without requiring that they learn how to build their own custom kernel.

The disadvantage is the size of the combined kernel packages, particularly given the load they place on debian mirrors around the world (many of which are highly constrained as far as bandwidth, speed, etc.)

Those that believe that every person that uses Linux should learn to build their own kernel were more likely to be concerned about the impact on the debian-mirrors. Others with a stronger priority on making Debian more accessible to a wide variety of people were more likely to consider the custom-built kernels essential. This underlying cultural rift was amusingly described by Vince Mulhollon.

The basic philosophical disagreement won't ever go away, but in the meantime, the number of custom kernels provided is being pared down to reduce the required disk space. Some suggestions have also been made about how to make creating custom kernels simpler and easier.

Meanwhile, on the HURD front, we were pleased to see a new Kernel Cousin Debian Hurd this week, after a three-week hiatus. Progress from the Turtle Autobuilder was reported and a new Most Wanted page has been created, to track tasks that people would like to see get done.

In other good news, Jeff Bailey has provided a patch to get Python to compile on the HURD and Douglas Hilton has had success using the Hurd on his dual-CPU system using the oskit SMP sample kernel.

SuSE News. SuSE Linux announced that the SuSE Linux 7.1 package is now available as a free download with full support in Japanese.

Slackware News. Presumably as a result of Wind River's purchase of BSDi and corresponding decision not to continue to support Slackware, ftp.slackware.com has moved and is now hosted at Sourceforge. Better access times, availability and rsync access are promised as a result. It appears to be popular; it took a few tries to get into the download area. (Thanks to David Killick).

The Slackware site also contained a rare summary of recent changes, so we'll take the opportunity to pass it on to you verbatim: "There is also another batch of updates to slackware-current, the ongoing development branch. The changes are mostly rearrangements of existing packages, but there's also a major Samba update. We're getting closer to a beta freeze...". Check the changelog for more details.

Yellow Dog News. Yellow Dog Linux 2.0 is still on the way "soon". Meanwhile, Terra Soft has announced that they will be bundling the LXP Applications server with the new distribution. The LXP Applications server was created by CommandPrompt.com and is distributed under the QT Public License (QPL). It is an Apache module "designed to broker and parse content through intelligent server-side inclusion".

Although LXP is Open Source, we did not find a current download site from which the source code could be accessed.

Think Blue News. Millenux, the distributors of Think Blue Linux for the IBM S/390, now have support for the 64-bit IBM zSeries as well. The work was done in cooperation with IBM. Note that the announcement is in German. The new version of Think Blue is based on Red Hat 7, with the Linux 2.4 kernel and is "mostly" compatible with the version of Think Blue for the S/390. (Thanks to Fred Mobach).

RTLinux News. The folks at FSMLabs, makers of RTLinux, have gotten into the BSD business as well, with the announcement of RTL/BSD, a version of RTLinux that uses NetBSD instead of Linux for its non-real-time component. "While standard RTLinux uses Linux as its general purpose OS, RTL/BSD uses NetBSD, providing the identical POSIX threads API and many of the same development tools. FSMLabs customers in instrumentation, communications, factory automation and other areas now have the option of working with the BSD OS".

ASPLinux News. ASPLinux 7.1 was announced last week, literally on the same day as the release of Red Hat Linux 7.1. ASPLinux strives to provide 100% compatibility with Red Hat, so their choice in releasing ASPLinux 7.1 at the same time as the Red Hat Linux 7.1 release underscores this commitment. It is currently available for download, but it will be a while before box sets of the new distribution are made available.

ASPLinux is based in Singapore and provides support, development and consulting services for Linux in Russia, the Ukraine and the Asia/Pacific region. For those of you who remember the Black Cat Linux distribution, that company merged with ASPLinux fairly recently. Check our ASPLinux coverage from the Singapore Linux Conference/LinuxWorld Singapore in March for more information on the ASPLinux distribution.

FreeBSD News. FreeBSD 4.3 was announced on Friday, April 20th. The new release includes bug fixes, security updates and many new features. Check the release notes for all the details. (Thanks to David Magda).

Distribution Reviews

Libranet Linux 1.90 (Duke of URL). Libranet Linux is a Debian GNU/Linux-based distribution from Canada. The Duke of URL has done a fairly thorough review of the installation and package set of this distribution, including plenty of screenshots. "This is a release that is worth trying and perhaps keeping. If you have ever wanted the stability of Debian and the newest major software packages then this is it. The trick is to survive the install".

SuSE 7.1 Professional: An Embarrassment of Riches (LinuxNovice.org). LinuxNovice.org has put out a review of SuSE 7.1 Professional. As usual, the report on SuSE's included documentation is glowing. He reports modifications to SuSE in order to adhere to the Linux Standards Base (covered in the file /sbin/init.d.README, explaining the new initialization system). The review also explores the menu system and the available applications a bit more than the average review, which produces some useful comments (and criticisms).

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

After installing the latest version of KRUD, a Red Hat Linux 7.0 variation with added security, and configuring the box to run through my home network, I grabbed the latest version of Ximian's GNOME 1.4 distribution. This is my first serious look at this environment even though I've grown up with GTK+ (I was around when GIMP was a Motif application).

I started by going to the Ximian web site and following the instructions listed there. Installation gets started through the Lynx browser; you are told to run the following as root:

	lynx -source http://go-gnome.com/ | sh

Once you make that leap of faith, this operation eventually opens a graphical interface to query you about what to install and to show progress of the installation. Since I already had GNOME installed from the KRUD installation I wasn't sure if the update would work properly. It did. At one point installation of Ximian's GNOME stopped due to a lost network connection, but I didn't have to leave the installation program to restart it. I just went back (using the Back button in the graphical interface) and restarted it. This took a couple of attempts before it continued, but eventually the network problem cleared and installation proceeded just fine.

Installation requires root access so I was logged into GNOME as the root user initially, but after installing I logged back in as a normal user. The login screen provided the first time you log in with Ximian's GNOME 1.4 is very professional (and cute with the little monkey splash screen) and allows you to interactively configure your desktop for the new GNOME environment. This is a new feature for GNOME which Ximian calls Doorman.

The default GNOME environment I used with KRUD (Red Hat 7.0) had a different appearance than the Ximian desktop. First, the default GNOME setup with my KRUD/Red Hat Linux 7 installation provided a panel (a status bar with extra menus) that ran only across the bottom of the screen. With Ximian, the appearance is more Apple-ish, with a menu panel across the top and the status panel across the bottom. The pager stays on the bottom right. This setup is much more usable, in my opinion, because it separates out status from menus. The old way was a bit too crowded, even on relatively large displays.

With 64MB of memory the GNOME Control Center was a bit sluggish. Switching between configurable options (background, screensaver, and so forth) caused noticeable delays. While the question might be "why were you only running with 64MB?" the response would have to be "What happened to Linux running on older, cheaper hardware?" Well, the truth is Linux still runs just fine on such hardware, but the desktop portion of Linux may not. That said, the rest of GNOME seemed to function fine on slightly limited hardware. So the sluggishness may be isolated to the Control Panel itself.

There were few problems with my initial encounter with this new environment. According to the GNOME Hints window, the Global menu should be displayed with an Alt-F1 keystroke, but that didn't work with my keyboard. There are a whole host of terms here that need investigation. I suspect KDE will be the same way. Since I grew up with minimalist Unix environments, where my biggest concern was making sure ksh was available on Solaris, this will be a bit of a new experience. But my first impression says that with GNOME it will be a comfortable one.

This wasn't meant as a review of Ximian's GNOME 1.4 release by any means, just an introduction, a way of saying I'm now prepared (well, after my honeymoon next week, that is) to do some real probing of GNOME - and KDE as well. Expect better coverage as the year progresses.

Desktop Environments

Ximian releases Red Carpet, GNOME 1.4. The official press releases for Red Carpet and GNOME from Ximian hit the ether this week.

Ximian GNOME 1.4 heads out the door (ZDNet). Prior to the official releases on Tuesday, ZDnet examined Ximian's newest version of GNOME. "Nat Friedman, Ximian's president and co-founder, said his firm has been working around the clock since the GNOME (GNU Network Object Model Environment) 1.4 release to ensure that its offering would be easy to install and provide users with a robust desktop environment."

KDE Project Releases KDE 2.2alpha1. The KDE project also had a release this past week, KDE 2.2 Alpha 1 for bleeding edge users who aren't quite ready to compile from CVS.

Kernel Cousin KDE #6. Also released this week was the latest issue of the KDE Kernel Cousin. This week's developer discussions included a lengthy thread on KOffice, KDE 2.1 and duplicated code.

Office Applications

KOffice 1.1beta1 Released. The KDE Project announced that KOffice 1.1beta1 was available for testing. KOffice is an integrated office suite for KDE. The official release of KOffice 1.1 is scheduled for later this summer.

AbiWord 0.7.14. The AbiWord team released a new version of the AbiWord word processor. It's not a 1.0-release but it's getting pretty solid.

Desktop Applications

Websphere Homepage Builder for Linux (LinuxLookup). LinuxLookup briefly reviewed Websphere Homepage Builder 4.0 for Linux. "As I suspected it took awhile to load, due to the Wine interface and I really don't have a slow system. Other than the slow loading everything ran smoothly. I fiddled around with some of the wizards and found them relatively easy to use. I was able to create a basic site and publish it to my test Apache Web server in 20 minutes. It didn't look half bad for a test site." Note that this is the product for personal use, not the Java-based applications server known as Websphere 4.0.

GNOME applications for kids. Dov Grobgeld posted a link to some software he's written for his kids that makes use of the GNOME Canvas widget. While not quite production quality, these games do show some of the quality you can achieve with this widget.

Other...

GNOME Summary April 15 - April 21, 2001. Absent for a time, the GNOME Summary returned to publication this week. This week's summary includes news of Ximian's new CEO, news of the GNOME and KDE camps approaching a truce, and the release of GTK+-1.3.4.

Loki: 'I'm not dead yet' (ITWorld). LWN.net interviewed Scott Draeker last past week about Loki's rumored troubles. This week ITWorld interviewed Draeker about cutbacks and the future of Loki. "Not that Loki wouldn't benefit from a sudden surge in users of the Linux desktop, you understand. But certain things are needed before that can happen, Draeker believes, and not only are they not present today, he doesn't see them appearing anytime in the near future. What are those things? According to Draeker, before Linux can become mainstream, it must have a basic suite of applications and interoperability among them."

Advanced Theming Tutorial: Programming in *Style. This developer-oriented discussion explains how to program Qt widget styles, something akin to user themes but which requires actual programming to achieve.

Telsa Gwynne, the Bug Mistress, talks to Linux.com. Linux.com interviewed GNOME bug mistress Telsa Gwynne during GUADEC2. "Telsa Gwynne: I never tried KDE. When the KDE project started, I wasn't using X, and I was introduced to GNOME very soon after I got a machine that would run X. And I'm too busy trying to break GNOME to try KDE. (laughs)"

GNOME, KDE put Linux on the desktop--almost (ZDNet). ZDNet reviewed both GNOME and KDE, stating that KDE "comes much closer to delivering the sort of smooth interface that users have come to expect from the Macintosh and Windows operating systems." But both environments still need polishing. "In a few weeks, Ximian Inc. is expected to come out with its own distribution of GNOME 1.4, along with an easy installer program. We recommend that most sites interested in installing GNOME wait for the Ximian release to do so."

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

The need for such hardware abstraction may not be obvious - after all, what is the framebuffer but an abstraction for the graphics hardware (according to the Framebuffer HOWTO). Both provide hardware independence (required by platforms like PowerPC and Sparc which gave rise to the original Linux framebuffer work). The real difference between the generic Linux framebuffer and DirectFB is that the latter provides graphics primitives not currently available to the former, not the least of which is alpha blending, otherwise known as transparent windows.

DirectFB provides access to various media formats using external modules to allow applications to load images, video and fonts. At the moment, PNG, JPEG and GIF images are directly supported. AVI movies can be read using the avifile module and other video devices are supported using the Video4Linux (V4l) interface. FreeType2 is used to render all fonts and provides antialiased font rendering to DirectFB.

While DirectFB provides its own window layering functions, it also has a backend version of GDK, the platform specific layer of the GTK+ library stack. That means that GTK+ programs can run on DirectFB (screenshot), and thus embedded devices, without the overhead of X. At the moment, however, only one application can access the framebuffer at a time.

Just recently the open-sourced version of DirectFB was added to the Debian unstable branch, meaning that it has found at least a potential home in the open source Linux distribution world. Whether or not this means DirectFB will find wide spread acceptance has yet to be seen. In the meantime, Sven and friends will continue their work, hoping for an embedded solution for graphics tools.

Noted in passing.  The KDE team is planning on releasing kdelibs-2.1.2 early next week after discovering that the just-released KOffice 1.1beta1 was having problems with the current libraries.

Documentation

LDP Weekly News for 2001-04-24. This week's Linux Documentation Project Weekly News includes two new documents: the MP3 Player Box HOWTO and the Connecting to MS SQL 6.x+ via Openlink/PHP/ODBC mini-HOWTO

Electronics

Simputer team interview (O.C. News). The Simputer team, designers of a GPL hardware platform, took some time this week for an interview by Open Collector News. "Our design is very different to the Intel reference design. Where the two designs might look alike, as in how the Flash is connected to the SA1110 for example, there is only one way to do it and this is clearly indicated in the data sheets, apart from the reference design."

Embedded Systems

Embedded Linux Newsletter for Apr. 26, 2001 (LinuxDevices). The weekly summary of the Embedded Linux world came this week by way of LinuxDevices.com. Features included a developers view of the new Agenda V3 Linux-based handheld system and an open camera server project.

Embedded Linux Newsletter (LinuxDevices). Too late for last week's Weekly Edition of LWN.net, the previous week's summary of the Embedded Linux marketplace was also posted at LinuxDevices.com. Topics that week included Inder Singh's view of the ELC Platform Specification and a sneak peek at Linux based cellphone/PDAs.

Interoperability

WINE Kernel Cousin returns. Brian Vincent wrote with news that he has taken over the WINE Kernel Cousin production, with his first issue already out and another due soon.

New Samba improves Windows mimicry (News.com). C|Net reports on the latest release from the Samba team. "The software offers cost savings not only because customers don't have to pay for the server operating system, but also because they don't have to pay "client" license fees for all the computers that use the server." (Thanks to Cesar A. K. Grossmann)

Samba 2.2: your way to Windows file/print services (ZDNet). Excited by the better integration with Windows, ZDNet reviewed the latest release from the Samba team. "Samba has always done exceptionally well at enabling MS-DOS and Windows systems to use Unix file/print servers exactly as if they were NT servers. This new version enhances its basic abilities by enabling a Samba server to act as an authentication source for both W2K and NT clients."

Network Management

OpenNMS Update, Vol 2., Issue 17. The OpenNMS Update for the week of April 24, 2001 includes a quick tip on process dependencies and SNMP threshold configuration.

New EVMS released. The Enterprise Volume Management System Project released a new snapshot of their project this past week.

Science

Biology Yearns to Be Free (Wired). Wired News compared closed source and open source models in the world of molecular biology. "Applications in biology -- which include technologies from operating systems to gene databases -- in an open-source environment would give the best minds access to the information they need to invent new technologies and improve those that exist."

Software Development

Guikachu, resource editor for PalmOS files. A new release of Guikachu, a GNOME application for graphical editing of resource files for PalmOS-based pocket computers, has been made available from the project web site.

Standards

Khronos Group Completes OpenML 1.0 Specification. The Khronos Group, a consortium of digital media and graphics companies consisting of 3Dlabs, ATI, Discreet, Evans & Sutherland, Intel, NVIDIA, SGI and Sun Microsystems Inc., announced the delivery of the OpenML 1.0 specification. OpenML is a software environment that is complementary to the peer OpenGL API designed for digital content authoring across multiple operating systems and hardware platforms.

Commercial implementations of OpenML 1.0 are expected on Linux and other OS environments with shipments starting later this year.

System Administration

Omni 0.1. Following in line with the past two weeks, a new release of the Omni package was made available by the Omni Project this week. Omni is the package of printer drivers designed to work within the Ghostscript framework.

Web-site Development

Zope 2.3.2 beta 2 released. Zope.org released the second beta version of the 2.3.2 release this past week. Changes for this release have also been posted. If no other serious problems are found they expect to make the final release on Friday, April 27th.

A new dictionary interface, ZDictionary, has also been released. A sample implementation has been placed online.

Zope Newbies for Aprl 25th. A new issue of Zope Newbies has been published at the Zope Newbies website. News of note includes a fix for using Konqueror with Zope, a link to a Zope Talk of particularly good quality, and news on using Zope on OpenBSD.

Zope and MySQL e-book. Beehive has announced the release of an English language version of its e-book titled Zope and MySQL.

Generic Sort External Method for Zope. Oleg Broytmann has written a generic sort external method for Zope, as posted to their discussion site.

Window Systems

The Linux GFX project. A group of developers has decided that XFree86 is never going to produce the graphics environment they want, so they have gone off and announced the Linux GFX project. Its plan is to develop a new X server from scratch which is oriented around performance and have "a faster development cycle." People are already questioning whether it makes sense to start a new, competing project of this magnitude, but the Linux GFX folks seem to be determined. See the announcement if you would like to join their mailing list.

Section Editor: Michael J. Hammel

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Caml

Caml Weekly News. The latest release of the Caml Weekly News has been published.

Perl

If You Don't Know Perl, You Don't Know Dick (Linux.com). Linux.com talks with Dick Hardt, founder and CEO of ActiveState. "A great deal of our revenue so far has been around the 'bottled-water' business model, where we provide quality-assured versions of Perl for vendors that want us to have Perl work well or better with a particular technology of theirs. In this case we almost always invariably roll that out as open-source