Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Eazel shuts down. It's official, Eazel has shut down. The company ceased operations on May 11, after the last attempts at raising money failed. This is an unfortunate development, but it is not particularly surprising.

After all, Eazel never really has presented a convincing story on just how it was going to make money. It has been big on flash and hype - a year or so ago the press was full of stories on how the original Macintosh developers were going to save the Linux desktop. Back when Eazel was being founded, an interesting idea and the name "Linux" were enough to get a pile of investment money and get a company started. Those were fun times.

But those times are over. Now a business has to come up with ways of separating customers from their money to survive. Eazel's plans along those lines seem to include:

• The Eazel Software Catalog, which is another service providing easy software downloads and installation.

• Eazel Online Storage, making 25MB of disk space available (via Nautilus) over the net.

The online storage service seems an unlikely money maker - 25MB of space (almost enough to hold a set of RPMs for Nautilus and its support code) isn't worth a whole lot. And people like to keep their files close at hand, so that, say, if the company goes out of business, they can still get their data.

The software catalog idea has drawn more interest, to the point that a number of companies are trying to make it work. Consider the Red Hat Network, Acrylis WhatIfLinux (see below), Aduva Manager, Ximian Red Carpet, and, yes, the Eazel Software Catalog. It is not surprising that the GNOME-oriented companies are providing this kind of service: anybody who tries to track a bleeding-edge GNOME application tends to end up in a maze of twistly little shared library updates, all interdependent. So an update service may make it easier for people to play with Nautilus or Evolution, but it is a hard business proposition for a few reasons:

• A great many users don't want to update their software frequently. Surprisingly enough, people tend to be happy when they make their systems work, and are uninclined to mess with them thereafter.

• Those who do want to upgrade their software tend to learn, early on, that they can do so without having to pay for the privilege.

• Those who are inclined to pay anyway will probably go to the source of the distribution they are using - that's where the bulk of the updates come from, anyway. So, for example, the Red Hat Network has an inherent advantage over third-party services in selling to Red Hat users.

Eazel has also worked some deals with companies like Red Hat, but it is hard to see them amounting to much. A couple of years ago, a company like Eazel could count on a new round of funding to keep it going while it figured something out (...someday...), but those days are gone.

Eazel the company may have failed, but the company has left behind a legacy: the Nautilus code, which is licensed under the GPL. The code will remain free and will grow without Eazel. That is one of the benefits of using free software: you are not marooned just because the company you have been dealing with goes out of business.

On the other hand, what if you are using proprietary software? The word also went out this week that Enhanced Software Technologies (EST) has been shut down. The word, in fact, is a bit premature: EST still is operational, it has just lost most of its staff. Its future is still being worked out, and the fate of the BRU product is currently unclear. This is bad news for a company that was an early supporter of Linux, and for the users of its products as well.

EST is the maker of the well-respected BRU (Backup & Restore Utility). Work started on the Unix version of BRU back in 1985, and the first Linux version was made available in 1994, when there was very little commercial software for Linux. EST was acquired by Atipa in February, 2000.

Atipa at that time looked very much like it was trying to follow the path blazed by VA Linux Systems. It was expanding its hardware business with software utilities like BRU, and a series of web sites under the "Linsight" name. Then, of course, the bubble burst. Atipa's CEO left abruptly (and has disappeared from the Linux community without a trace), and most of Linsight was shut down - only LinTraining and LinEvents remain, and they are not operated by Atipa. The Atipa logo was literally everywhere at the 2000 New York LinuxWorld conference; it would be a lot harder to find now.

In fact, Atipa does not make hardware anymore; that business was sold to Microtech Computers back in March. The company has now decided to make its bet in the network management arena, with the OpenNMS package (see this week's Development page) as its centerpiece. But Atipa enterprise backup software is evidently not considered to be a network management issue; thus, the decision to gut EST and try to sell it off.

The ultimate fate of EST and BRU is yet to be worked out; according to Atipa Director of Corporate Communications Darrek Porter, negotiations are currently in progress and should be completed shortly. It is possible (and rumored) that it will be purchased by a competitor, who will simply remove it from the market. Mr. Porter, of course, would not comment on that possibility. But the fact that the company was gutted before a deal was worked out gives a clue of where Atipa thinks things will go.

This move leaves a lot of BRU users in an interesting position. The software they depend on for their system backups could simply vanish. Changing backup systems on a large network is a painful (and expensive) experience. There is also the issue of being able to read old backup tapes when the software is no longer supported.

Here we see the legacy of proprietary software. Companies that depend on such software can find the systems that support their business pulled out from under them at any time. Depending on the good will and longevity of a software business is a risky endeavor. A few incidents like this one, and the corporate world may begin to really understand the risks it is taking.

That said, it is worth pointing out that, as far as we know, there is still not a free, top-quality large network backup and restore system available for Linux. Numerous commercial alternatives are out there, but the available free systems just do not have the same level of features and scalability. This could be a good project for somebody...

Caldera buys WhatIfLinux. Caldera International has announced the acquisition of the WhatIfLinux system from Acrylis. WhatIfLinux is one of the package management and update services mentioned above. It can track the software on your systems, point out those that could benefit from upgrading, handle dependencies, and make it all happen.

WhatIfLinux as part of Acrylis' business raised all of the concerns mentioned above - it looked like a difficult path to take. Evidently Acrylis thought so as well, and decided to sell. This service (now "Volution Online") as part of Caldera's offerings makes a lot more sense. As Caldera tries to hang on to all of those SCO enterprise customers, it will have another management service to sell them. This is a move that may actually make sense.

SGI sets the TPC-H benchmark record on Linux. SGI has put out a press release describing a database benchmark it ran recently. The system was an SGI 1450 server with four nodes, each of which has four processors, running a 2.4.3 kernel and IBM's DB2 database. The resulting performance set a new world record: yes, Linux is now at the top of the database performance chart.

This result is important - it shows that Linux can play in the "enterprise database" arena, in a language that companies can understand. It should help pave the way for more high-profile corporate deployments. Certainly it's not for household deployments - the system that ran this benchmark lists for just under $1 million.

Of course, the really nice thing will be when a Linux system running a free database management system takes that top spot. It may happen sooner than many people think...

Inside this week's Linux Weekly News:

• Security: A worm to fix cracked hosts, new vulnerabilities in CUPS and sendfile, lots of distribution patches.
• Kernel: The device number moratorium; A Linux kernel fork?; the shape of device naming in the future.
• Distributions: HP and Debian, Linux-Mandrake ISO image policy, Linux in Argentina, Openwall GNU/Linux.
• On the Desktop: KDE runs fast, Konqueror runs clean and Eazel runs away.
• Development: OpenNMS review, new GNU Ada, Omni printer driver questions answered, Lisa first beta, Perl Exegesis 2.
• Commerce: New websites from IBM, Caldera and Nokia/CollabNet, the last word on Mundie.
• History: How to fund open source software development, the future of Linux distributions.
• Letters: RMS on PriorArt.org; ESR on back doors; bloatware; Dell.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

Good Worm, Bad Worm. The Cheese Worm is the latest Linux-based worm to make noise on the Internet. This is a worm with a difference, though. It looks for symptoms of systems that have been previously compromised, enters the system, closes the hole and then uses the host to search for other compromised hosts.

Many security experts were quick to point out that this does not make the worm a "good idea". After all, the worm is still illegally entering, altering and using resources on systems that don't belong to the worm writer. Besides, any "expert" that advocated the use of such worms would soon find themselves in hot water.

Meanwhile, though, the computer security community is still struggling with the issue of how to deal with the mass of unpatched, vulnerable computer systems on the Internet. In general, security issues are seen as the business of the owner of the computer; if they care about security, they'll be pro-active about security, if they don't care, they'll get cracked, end of story.

However, Internet worms and distributed denial-of-service attacks both clearly demonstrate that one person's cracked system is a piece of a larger problem that affects all of us. That system could be used to launch an attack on our own systems. Alternately, the worm that cracks that system can generate tremendous traffic, impairing the performance of the network for many or all of us.

Although the actions of the new Cheese Worm are equally illegal, it is interesting to note that this is the first effective measure being taken to counteract this problem. Essentially the hackers involved are acting as vigilantes, imposing their own "justice" on systems that pose a threat to the community as a whole. It is fortunate that this justice is in the form of repairs to the system, rather than lynchings.

Vigilantes are a common development in new communities with rapid growth, where the rule of law and official law enforcement has not developed quickly enough to match the growing need. They, in turn, quickly become their own problem because they are generally anonymous and outside the law themselves, making it difficult to impossible to make them accountable for their actions (much like crackers).

Nonetheless, their existence is a symptom of a void that needs to be filled. Given this, the technique they have used, that of a pro-active worm that repairs insecure systems, may end up under heavy scrutiny, in order to brain-storm a way in which it could be ethically and morally turned to good use.

CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for May is out. It examines the use of active defenses and counterattacks for computer security, security standards, safe personal computing; there is also a strong essay on the futility of digital copy prevention. "Digital files cannot be made uncopyable, any more than water can be made not wet. The entertainment industry's two-pronged offensive will have far-reaching effects -- its enlistment of the legal system erodes fair use and necessitates increased surveillance, and its attempt to turn computers into an Internet Entertainment Platform destroys the very thing that makes computers so useful -- but will fail in its intent"

Cylant 'victim' hack update. LinuxSecurity.com did an interview recently with Cylant (see May 3rd for our coverage), which contains an update on their "Hack This Box and Own It" contest. The box was successfully hacked. "Victim was hacked by some of my old co-workers at EarthLink/Mindspring. They succeeded in part because of a bug we found today in CylantSecure. We have fixed the bug and issued round two of the challenge".

Openwall GNU/Linux. Openwall GNU/Linux, also known as "Owl", has announced their first pre-release. Owl is a security-enhanced Linux distribution, with its primary focus being pro-active source code review, plus some security-hardening kernel patches (presumably including the Openwall patch, for example).

The system is designed to be rebuilt easily entirely from source code and supports both the Intel and Sparc platforms. It uses the RPM package manager and tries to be compatible with multiple other Linux distributions, particularly Red Hat.

Security Reports

Common Unix Printing System 1.1.7 (CUPS). The latest version of the Common Unix Printing Systems (CUPS), version 1.1.7, includes some new directives to prevent denial-of-service attacks and IP spoofing. As a result, an upgrade to the latest version would be recommended for security-conscious sites.

• Linux-Mandrake

man -S heap overflow. A heap overflow is reportedly triggerable via the man command on some Linux distributions. The problem was originally reported on Red Hat Linux 7.0; Caldera has unofficially reported that it is not vulnerable. Red Hat Linux 7.0 and 6.2 and Debian are confirmed to be vulnerable; no official advisories have been sent out so far.

The exploitability of the vulnerability has been questioned and is definitely dependent on whether or not the man command is installed setgid group man.

sendfile vulnerabilities. Exploits for two sendfile vulnerabilities were published this week. One exploits the SAFT/sendfile broken privileges vulnerability originally reported the week of April 26th and the other addresses a "serialization error combined with a lack of error checking". Both problems can be fixed by downloading the current source from the author's website and compiling it manually or, for Debian users, by applying the patch for sendfile_2.1-25 in debian-unstable.

web scripts. The following web scripts were reported to contain vulnerabilities:

• PHPProjekt 2.1 and earlier have been reported to contain a directory transversal vulnerability. Patches are available. Version 2.1a is not affected.

• PHPSlash, a PHP-based Slash clone, has been reported to be vulnerable to a directory transversal vulnerability. A patch to fix the problem is provided.

• DCForum 2000 1.0 and DCForum Version 6.0 have been reported to be vulnerable to a password file manipulation vulnerability. The vendor has issued an advisory and patches to fix the problem.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Hughes Technologies DSL_Vdns 1.0 has been reported vulnerable to a denial-of-service attack. Version 2.0 is not vulnerable, so an upgrade is recommended.

• Allied Telesyn combined DSL/Cable-Router, when configured with the Virtual-Server-Feature enabled, may leave open access to its mapped services. The vendor has been informed.

• iPlanet's Netscape Enterprise Web Publisher has been reported to be vulnerable to a buffer overflow. iPlanet has made available a patch to fix the problem.

Updates

Ramen and Adore. The Ramen and Adore worms both exploit multiple vulnerabilities. They are most widely known for attacking Red Hat machines, but they can also possibly affect other distributions that have a Red Hat base. TurboLinux is one such distribution. They have released two advisories to provide information on securing Turbolinux systems against these worms.

Note that any leading Linux distribution to which all relevant patches have been applied should not be vulnerable to either of these worms.

• Turbolinux advisory for Ramen
• Turbolinux advisory for Adore

Minicom XModem Format String Vulnerabilities. Check the May 10th LWN Security Summary for the original report or BugTraq ID 2681.

This week's updates:

• Linux-Mandrake
• Red Hat

• Caldera (May 10th)

vixie-cron crontab permissions lowering failure. Check the May 10th LWN Security Summary for the original report. Paul Vixie Vixie Cron 3.0pl1 fixes this latest problem.

This week's updates:

• Linux-Mandrake
• SuSE
• SuSE, updated URL for SuSE-7.1 Intel i386 package

• Debian (May 10th)
• Progeny (May 10th)

Zope Zclass security update. Check the May 3rd LWN Security Summary for the original report. Sites running Zope should upgrade as soon as possible.

This week's updates:

• Linux-Mandrake
• Red Hat
• Progeny

• Debian (May 10th)

Samba local disk corruption vulnerability. Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.8 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.8, of course). BugTraq ID 2617.

Note that last week, Andrew Tridgell has released Samba 2.0.9, stating that the fix in 2.0.8 did not really resolve the problem. So expect another wave of distribution updates dated May 10th or later for this problem as the fix from 2.0.9 gets distributed. Samba 2.2.0 users are not affected by this problem.

This week's updates:

• Progeny
• Red Hat

• Trustix (April 19th)
• Debian (April 19th)
• Immunix (April 19th)
• Caldera (April 19th)
• Progeny (April 26th)
• Conectiva (April 26th)
• Debian, updated advisory with corrected Sparc packages (April 26th)
• Linux-Mandrake (April 26th)
• FreeBSD (April 26th)
• Slackware (from the changelogs)
• Immunix (May 10th)
• Debian (May 10th)
• Conectiva (May 10th)

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19th LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found.

This week's updates:

• Progeny

pico symbolic link vulnerability. Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

This week's update:

• Linux-Mandrake, minor package corrections

• Red Hat (April 19th)
• Immunix (April 19th)
• Linux-Mandrake (May 10th)

Resources

Events

Upcoming Security Events.

Date	Event	Location
May 21 - 22, 2001	Computer Privacy, Policy, and Security Institute conference	(Rocky Mountain College)Billings, Montana
May 29, 2001	Security of Mobile Multiagent Systems (SEMAS - 2001)	Montreal, Canada
May 31 - June 1, 2001	The first European Electronic Signatures Summit	London, England, UK
June 1 - 3, 2001	Summercon 2001	Amsterdam, Netherlands
June 4 - 8, 2001	TISC 2001	Los Angeles, CA, USA
June 5 - 6, 2001	2nd Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop	United States Military Academy, Westpoint, New York, USA
June 11 - 13, 2001	7th Annual Information Security Conference: Securing the Infocosm: Security, Privacy and Risk	Orlando, FL, USA.
June 17 - 22, 2001	13th Annual Computer Security Incident Handling Conference (FIRST 2001)	Toulouse, France
June 18 - 20, 2001	NetSec Network Security Conference(NetSec '01)	New Orleans, Louisiana, USA.
June 19 - 20, 2001	The Biometrics Symposium	Chicago, Illinois, USA.
July 11 - 12, 2001	Black Hat Briefings USA '01	Las Vegas, Nevada, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Alan Cox has released 2.4.4ac9, with a rather longer set of fixes. Included therein is a set of user-mode Linux patches, presumably a result of the wider exposure that UML is getting as part of the "ac" series.

Andrea Arcangeli has also gotten in the act with 2.4.5pre2aa1, which has a number of performance and bugfix patches. Mr. Arcangeli is also working with the 2.2 series, and has released 2.2.20pre2aa1 with a number of additions to that kernel.

A moratorium on device number assignments. It all started with this note from the "Linux Assigned Names and Numbers Authority," otherwise known as H. Peter Anvin:

Linus Torvalds has requested a moratorium on new device number assignments. His hope is that a new and better method for device space handing will emerge as a result.

Major numbers, of course, are part of the device files that Unix has implemented since the beginning. The major number encoded within any particular device file serves as an index into an array within the kernel; it is used to find the device driver which is responsible for managing that device.

These numbers have traditionally been assigned in a static manner. For example, block major number 3 (among others) belongs to IDE disks. Given the static assignment, distributors can set up their systems with a full set of /dev/hd* files, knowing that they will work with all systems. People (and, especially, vendors) who add new drivers to the kernel like to get static device numbers for the same reason - it is easier to make things work everywhere.

There are some problems, however. The kernel is running out of available major numbers (see the March 29 LWN kernel page), and an expansion will be required. Management of the /dev directory is increasingly difficult; a quick check on your author's system shows over 6000 entries there. And devices are increasingly dynamic - many can be attached and removed while the system is running, making static naming difficult.

Linus has evidently decided that it is time to deal with the device numbering problems, and is trying to force the issue by making it hurt. There are two very different aspects of this development that are worth a look. The next item examines the effect of Linus' tactics on kernel development; then we'll take a more technical look at what shape a solution might have.

A fork of the kernel? Not everybody is pleased with the device number moratorium. Those who wish to support new devices under the 2.4 kernel will now have to manage without static numbers. Working with dynamic major numbers is not all that hard, but it does require some work and some boot-time support. Not everybody believes that the static numbering scheme is a problem, but even those who do see a problem would, in general, have preferred that Linus wait until 2.5 to impose his moratorium. Stopping number registration before the stable series is truly stable changes the rules at an inconvenient time, and seems rather heavy-handed.

In response, Alan Cox has stated that he will still accept static device number registrations in his "ac" series of kernels:

And on that issue I'm so convinced you are wrong I'm prepared to maintain sensible Unix device behaviour in the -ac pretty much indefinitely.

H. Peter Anvin will continue to maintain a device number registry for the "ac" kernels. Given Alan's position, it is almost certain that future kernels distributed by Red Hat will follow this behavior and honor any new device numbers. It is also quite likely that other distributors will take a similar approach.

In other words, Linus has made an unpopular decision and the kernel has been forked as a result. The behavior that most users will see in future 2.4 kernels from distributors will probably not be what Linus has decreed.

This is an interesting development, to say the least, but it is also not quite as big a deal as one might think, for a couple of reasons. The first is that Alan still does not plan to go his own way with his kernels:

One thing I absolutely refuse to do is to let a disagreement over some specific device implementation turn into an excuse for a wider difference in the trees. So yes -ac might have static majors but the rest of it I intend to keep merging with Linus and tracking closely to his tree.

The other important reason has to do with how kernel development is done. The Linux kernel is often pointed out as being the unifying factor that keeps Linux systems roughly in sync. But the fact of the matter is that the kernel is probably the most heavily forked free software package in existence. Consider:

• The "ac" series has always been a fork - it is more than just a staging area for patches on their way to the Linus kernel. Alan's approach is to get the fixes in more quickly, while simultaneously being more pragmatic about what users of the kernel really need.

• No distributor ships a standard Linus kernel - all apply patches. For example, the 2.4.2 kernel shipped with Red Hat Linux 7.1 includes over 200 patches, including 2.4.2ac3, numerous performance and bugfix patches, zero-copy networking, TUX, and much more. See the 2.4 kernel spec file for the gory details. Not all distributors patch this heavily, but they all ship kernels which differ significantly from the Linus standard.

• Every port to a different processor is a fork of the kernel which is only resynchronized occasionally. There is currently quite a bit of divergence between the port development trees and the official 2.4.4 kernel.

• Projects like RTLinux, RTAI, etc. are also forks.

The thing that makes all this work is that all of these forks sync up with the official Linus kernel occasionally. Thus, while a only small percentage of Linux users are actually running a Linus kernel, that kernel serves as the Linux "standard" which charts the course for all the others. As long as the forked kernels follow Linus's flagship, the differences between them will remain relatively small.

So this particular disagreement is not all that significant in the long run, and this particular fork will probably go away in 2.5, when the device naming issue gets figured out. But it does indicate a possible series of events in the future. Linus will, one day, no longer be the benevolent dictator of the kernel. But his departure may not be via the feared "hit by a bus" scenario, or via a high-profile passing of the scepter to an anointed successor. Instead, users may wake up one morning and realize that they have been using somebody else's kernel for quite some time, since it better suits their needs. What that Linus guy is doing just won't seem so important anymore. That day won't be here anytime soon, but, in the distant future, it might just happen.

So...now what? Now that The Word has come down that static device numbering is going away, it's time to figure out what will replace it. There are no obvious, front-runner solutions waiting in the wings; instead, a fair amount of discussion will likely be required. Actually, a tiresome, sometimes acrimonious debate extending well into the 2.5 development series seems likely. It looks a lot like a repeat of the devfs wars.

The ultimate shape of the solution is far from clear at this point, but some themes are already apparent.

• Things are going to change, and static major-number assignments are going to go away. Major numbers and device types will not be tied to each other anymore. Linus sees the current situation as an administrative nightmare, and is impatient with those who would defend it, even in the 2.4 "stable" series. Thus the intemperate, widely-quoted No more SHIT! posting.

• A system's device configuration, as seen in user space, will become simpler. Installed disks, for example, will show up as /dev/disk1, /dev/disk2, and so on, regardless of where the drives are physically installed, and regardless of whether some are SCSI and others are IDE, or just about any other concern.

  Consider, for example, this Linus posting on the naming of network interfaces. They are simply named: eth0, eth1, and so on. It does not matter where they are installed in the system, whether they are 10M or 100M cards, etc. Linus believes all devices should be named this way.

• Dynamic devices will predominate, to the point that even nailed-down devices will be treated as dynamic. Truly static devices are getting rarer, and Linus, at least, sees no point in maintaining "artificial" distinctions between static and dynamic devices.

• Device naming will get more dynamic and kernel-driven, but there is great resistance to encoding device naming policy in the kernel. There is also the issue of access control - what permissions these dynamic device files should have. If this problem can be solved to everybody's satisfaction, the rest should seem relatively easy.

As an example of how interesting device naming could get, consider the issue of ioctl calls. Some applications now actually look at major numbers to decide which ioctl commands are safe to apply to a given device. If the device numbers become dynamic, this technique no longer works. A complicating factor is that fact that, despite some effort by the kernel developers, the numbers of the ioctl commands are not all distinct. So one device's "rewind" command could potentially be another's "halt and catch fire" operation. One clearly does not want to mix these things up.

Various ideas have gone around on how to address this problem, including setting up a way to query devices to see which ioctl interface(s) they support. But Linus has proposed another idea: why not treat the device names as directories and export much of the ioctl functionality that way? Thus, /dev/fd0 might still be a diskette drive, but an access to /dev/fd0/eject would eject the disk. Many of the ioctl issues would be simplified, and it would also make it easier to do things in scripts.

And, of course, this approach would help to preserve backward compatibility by preserving the older interface for applications that have not been changed. To quote Linus one more time:

It should be a case of "Just plug in a new kernel, and suddenly your existing filesystem just allows you to do more! 20% more for the same price! AND we'll throw in this useful ginzu knife for just 4.95 for shipping and handling. Absolutely free!"

As was pointed out, sometimes it appears that Linus has been in the U.S. for a little too long already...

Other patches and updates released this week include:

• Jeff Garzik has a new Tulip Ethernet driver, and is looking for testers to find any remaining problems.

• A new single-copy pipe patch was posted by Manfred Spraul.

• James Bottomley has posted a new driver for the NCR Dual 700 SCSI card.

• CML2 1.4.3 was released by Eric Raymond.

• Heinz J. Mauelshagen has announced that write access to the CVS repository for the logical volume manager project is now enabled. This step is being taken as part of an effort to open up LVM development and to better integrate it with the rest of the kernel process.

• A document describing the use of global spinlocks has been posted on the Linux Scalability Effort site. It tries to cover all of the global locks used with the kernel, and document just what they protect.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Is Early Release Good for MandrakeSoft?. Displaying how much Linux-Mandrake users tend to care about their distribution and the health of MandrakeSoft, the company that produces it, this thread appeared on MandrakeForum to discuss whether or not MandrakeSoft's provision of free ISO downloads for upcoming releases is a good idea or not, from a financial standpoint.

For example, the Linux-Mandrake 8.0 boxed just became available for purchase this week, but the ISO version of the two CD set was made available three weeks ago. For those three weeks, the only way to get a hold of the new distribution was either by downloading it for free or buying it from a reseller like CheapBytes. Neither option generates revenue for MandrakeSoft. A lot of arguments were made in favor of schemes to encourage, reward or require people to buy the official boxed sets instead.

The official comment in return was that MandrakeSoft is confident that wide distribution of Linux-Mandrake, no matter in what manner, will boost the popularity of the distribution and eventually boost sales. In the meantime, customers that want to make sure MandrakeSoft benefits when they download the software can do that by making a direct donation.

At the current time, three of the leading Linux distributors, MandrakeSoft, SuSE and Red Hat, are each choosing very different approaches to the problem. SuSE has placed a restrictive license on their installer and, as a result, prohibits the redistribution of their ISO images by resellers like CheapBytes. Red Hat makes beta versions of their upcoming distributions available, but the final version is held back so that it can be released at the same time the boxed sets become available.

In the next couple of years, we'll get the chance to see exactly which of these business models appears to work the best, another example of competition at work.

HP selects Debian as prime distribution. HP voice for Open Source, Bruce Perens, has announced that HP is making Debian its prime target for Linux support, though the company has no plans on abandoning other distributions. "HP has already started vending Debian to customers, and will be offering Debian support and training. This does _not_ mean that HP will de-support other Linux distributions. HP certifies its hardware with several distributions. In our software production process, we will handle differences between Linux package formats and the package dependency tree. As LSB continues to develop, we hope to get out of certifying for individual distributions and producing variant packages. Thus, supporting LSB is now a priority for HP."

As with Corel's decision to base Corel Linux on Debian, HP's decision is rooted in the non-commercial nature of Debian development. Although Debian is the base for commercial distributions like Progeny GNU/Linux and LibraNet, Debian itself is not in the business of making money. That means that monetary issues will not pollute the development stream. It means that HP's engineers can earn their status as Debian developers and receive the same privileges as any other Debian developer.

In addition, HP also cited the Debian Free Software Guidelines as part of their reason for choosing the distribution. The careful (some might call obsessed) work done to separate out software whose licenses are not fully Free guarantees redistribution of Debian without restriction or fear of legal repercussions.

Perhaps most of all, this reflects HP's status as an engineering company. They have chosen the distribution that, for them, is best for their purposes. They are not worried about having a distribution that has been enhanced to appeal to novice users; they are concerned about one that their own engineers can work with and collaborate on freely.

In fact, one might speculate that if Debian GNU/Linux did not exist, HP would have felt compelled to develop their own distribution, in order to guarantee that their own developers would have full access and privileges in the development process. Given the number of distributions we already track, it is nice to see multiple companies able to support a single distribution with confidence.

Argentina Embraces the Penguin (Wired). Wired News covers the influx of a penguin (Tux) in Argentina. "... the penguin named Tux is starting to draw a lot of attention, because a professor at the Universidad Nacional de Salta (UNSa) is distributing the Linux OS -- whose mascot is Tux -- throughout this region. The distribution is called Ututo, named for a fidgety local lizard that pokes its nose into every hole and is never at rest."

Check the February 8th LWN Distributions Summary for our coverage of Ututo. It is designed to run directly off of a CD, in order to eliminate the installation hurdle for new and inexperienced computer users.

New Distributions

Openwall GNU/Linux. Openwall GNU/Linux, also known as "Owl", has announced their first pre-release. Owl is a security-enhanced Linux distribution, with its primary focus being pro-active source code review, plus some security-hardening kernel patches. The system is designed to be rebuilt easily entirely from source code and supports both the Intel and Sparc platforms. It uses the RPM package manager and tries to be compatible with multiple other Linux distributions, particularly Red Hat.

Distribution News

Debian News. The Debian project has announced it will be attending two shows in Germany this month: Internet World Berlin and Magdeburger Linuxtage.

Meanwhile, this week's Debian Weekly News is out, with more news on plans for the upcoming release of Woody. In addition, a first mention is made of plans for the release after Woody. A whole new design is planned for the Debian-installer.

Bill Bennet has written an article on using rsync to get a Debian CD image file. The goal is to spread the load among all the Debian mirror sites instead of hammering just the Debian ISO mirrors.

The May 15th Kernel Cousin Debian Hurd is out and available, displaying fairly strong development activity.

Linux-Mandrake News. MandrakeSoft announced the immediate availability of boxed sets of Linux-Mandrake Version 8.0 (Standard, PowerPack and ProSuite Editions) in retail outlets.

SuSE News. SuSE announced this week that SuSE Linux is ready to run on the IBM iSeries, the hardware series previously known as AS/400. According to their press release, SuSE is the first Linux distribution to run on this platform, which is aimed at enterprise-level ecommerce customers.

Slackware News. The version of mc in slackware-current has been downgraded due to complaints about the latest version combined with a belief that the problems were not likely to get fixed any time soon.

Other upgrades include WindowMaker, proftpd (including a fix for the globbing security vulnerability), Samba, OpenSSH, mysql and a number of other minor updates.

The Sparc port was also upgraded to Linux 2.2.19.

Yellow Dog News. TerraSoft put out a press release announcing their development freeze for the upcoming Yellow Dog Linux 2.0 release. As a result, Yellow Dog Linux should be available on-line and via resellers within roughly two weeks.

SuperRescue CD News. SuperRescue CD 2.0.0 was released on Friday, May 11th. The new release is based on Red Hat 7.1.

Hard Hat News. MontaVista Software announced this week Hard Hat Linux support for the IBM NP4GS3 network processor. "IBM's PowerNP reference platform is an integrated hardware, software and services platform, featuring a packet routing switch module along with a PowerPC control point microprocessor. It allows equipment manufacturers to configure a 'real world' network switch or router environment to conduct thorough development, integration and testing before building their products".

MSC.Linux News. MSC has announced the release of a new version of its MSC.Linux distribution, which is oriented toward cluster deployments.

DSPLinux News. DSPLinux is an interesting distribution from a marketing perspective. Their press releases sometimes almost miss our screen for distribution news because they market DSPLinux as a software development kit (SDK) rather than an operating system or distribution. Nonetheless, it comes complete with kernel, so it is a Linux distribution.

This week, RidgeRun, the company behind DSPLinux, announced DSPLinux SDK Release 1.0. It uses the Linux 2.4 kernel, standard GNU development tools and their Appliance Simulator. "The Appliance Simulator allows developers to run the DSPLinux OS within a simulation environment that models a real embedded device. Developers can create, debug, and fully simulate a host of embedded appliances, all before target hardware development systems are required".

The Appliance Simulator is one of four proprietary products that are included with DSPLinux. The resulting bundle is sold for $5,000 per developer seat, a wee bit more than the cost of the average Linux distribution.

Minor Distribution updates

• Linux From Scratch 3.0-pre3 (Development), minor bug-fixes.

• Minimalist Linux-My-Way 0.24, minor feature enhancements.

Distribution Reviews

Progeny Debian (ZDNet). ZDNet Reviews examines the Progeny GNU/Linux distribution. "Progeny's installer isn't perfect, but it gives Red Hat's a run for its money, offering both text and graphical modes. The installer works equally well when booted from a floppy or a CD, and it supports network installations. Hardware detection was passable; mouse, video, and USB detection was good; but sound and PCMCIA devices were problematic."

Progeny Debian 1.0 Linux (LinuxLookup). LinuxLookup reviews Progeny Debian 1.0. "Progeny did a great job on their distribution. They take pride in their quote 'Leading edge, not bleeding edge'. Basically they chose not to package all of the latest program versions. Instead they used the 'tried and true' method and created a very stable Linux distribution, one that beginners can install with little trouble."

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

Eazel closes its doors. Although we talked about this on the Front Page this week, I can't help but mention it here. Eazel had all of the right things going for it - a strong team, a good product, and excellent exposure. Everything except income. The closure came after the official announcement from Bart Decrem on the GNOME Hackers mailing list. While I hate to see the company go, Miguel de Icaza says not to fret about the future of Eazel's main product, Nautilus.

Nautilus is licensed under the terms of the GNU GPL, which means that the code base will be forever free (Open Source). Some of the programmers at Eazel involved in Nautilus will continue to work on it even without the company.

As for Ximian and Nautilus: Nautilus is an integral part of GNOME, we will contribute to maintain, improve, enhance and extend the code. We will not be picking up the product completely, but we will continue to contribute to it, as we did in the past. Besides, Nautilus and its related modules and plug-ins have over a hundred contributors at different capacities, most of them not working for Eazel.

In summary: open source saved the product, even when the company couldn't continue.

KDE: Runs fast, updates slow. Since returning from my honeymoon (thanks to Forrest Cook for filling in for me for the past two weeks) I've done two things to become more KDE aware in this column: I subscribed to a number of KDE mailing lists and set up a KDE user on a test machine so I can whack away at the environment without fear of trouncing my beloved FVWM layout on my production systems. These actions are due in no small part to the numerous emails claiming my apparent stock position in Ximian - which is untrue, by the way.

The first thing I should let KDE readers know is that, like it or not, Ximian and the GNOME project do a good job keeping me up to date on new releases and features. KDE Dot News is my primary source for such things about KDE, but if you have news on KDE products and projects, primarily information that would be of value to ordinary users (although I'll certainly look at developers releases as well), please do send them my way. I do keep tabs on the following sites as well:

• KOffice
• Apps.KDE.com
• Konqueror
• KIllustrator

Also, while anti-aliased font support in KDE is terrific, without an installation mechanism as simple as Red Carpet (Ximian's automated update facility) or Red Hat's Network, KDE won't get as far on the average user's desk. That doesn't mean that more sophisticated users won't use KDE, but upgrading using Red Carpet, as I discovered this week, is absolutely fantastic.

All that aside, I did start to dig into the environment this past week. While Forrest mentioned some issues with KDE and Gnome slowness last week, I found KDE to work rather well in 64MB of RAM on a 200MHz K6-2 box. Granted, the video card is a bit newer than that - it's an ATI RAGE XL. Though initial startup is a little slow, applications seem to start rather briskly. My first look (after digging around for ways to automatically keep the environment up to date) was at Konqueror, the integrated Web browser for KDE.

Konqueror. Looking at Konqueror in comparison to both Netscape 4.77 and Opera 5.0, I found that the interfaces on all three programs were about the same: navigation, bookmarks, pretty much what you would expect. The rest of the Opera interface is rather complex in comparison, due to how it embeds secondary browser windows. But Konqueror works like Netscape by opening multiple top level windows for each new browser instance. Konqueror offers zoom features, but zooming in only appears to increase the size of some fonts. I assume that user defined fonts should override site specific fonts in order to zoom all text in a page but I couldn't find where to change this particular setting. Images are unaffected by the zoom operation.

The nicest thing about Konqueror is that the display is very crisp. It handles fonts better than Netscape. I'm not sure if anti-aliasing is embedded in the browser - I know I don't have anti-aliasing enabled in my XFree86 server or in the version of the KDE libraries I'm running. Still, the display of fonts appears much cleaner than the Netscape display.

That's the good side. Now for the bad. I've found, mostly by accident, that the best test site for browsers is my own Graphics Muse site. While I haven't updated the site in about a year (priorities - feed the family, then play on the net), it was built as a training exercise to learn both Perl and CSS/DHTML. I don't pretend to think the site is compliant with the latter, but Netscape certainly renders it correctly. Opera comes close. Konqueror doesn't. In fact, in Konqueror the site is unusable. Since Netscape is the standard bearer on Linux systems (until the 1.0 Mozilla comes around and/or KDE has a wider audience) I'll continue to expect browsers to work with the sites I visit at least as well as Netscape currently does.

One other note for both GNOME and KDE: would someone please explain to me how to remove those icons on the root windows for both KDE and GNOME! Those silly things were introduced by Microsoft years ago and are, in the humble opinion of one old timer, an abomination.

Desktop Environments

KDE taskbar grouping feature added to CVS. A new feature has been added to the CVS (i.e. developer versions) of KDE - grouping of windows to a single taskbar button. The example shows a set of GIMP Canvas windows all connected to a single taskbar button (which pops up what appears to be a menu from which to select a particular window). This feature won't show up in public releases until the first 2.2 beta for KDE is released later this month.

How to configure your Anti-Aliased desktop (KDE Dot News). KDE Dot News posted a brief Howto-style article with a Q&A section on configuring the Xft extension that provides, among other things, for the use of anti-aliased fonts.

Q: Why do my KDE programs start now soooo slow?
A: Currently, the Xft mechanism in XFree 4.0.3 has to parse the XftConfig file each time a program is started. And the info of all these fonts has to be read. Newer versions (in CVS) will use a cache and are much faster.

Bonobo 1.0.4. GNOME's Bonobo got another minor update this week, primarily to fix window manager focus issues, but also to address a number of other problems.

Ximian Setup Tools 0.4. A new release of the Ximian Setup Tools package has been announced. This tool package is a replacement for LinuxConf that provides an administrative interface to user and NFS administration, network management, and swap partitioning.

GNUStep Weekly Update. The GNUStep Weekly Update came out on time, as usual. Because GNUStep is still in moderately early stages, these updates are more for software developers than end users.

Office Applications

KOffice. The KOffice 1.1 feature freeze went into effect on May 10th. The Beta 2 release goes out Wednesday, May 16 with a public announcement due on May 21st.

Evolution 0.10. Another minor update came for Evolution, GNOME's mail, calendar, and adressbook application. Ximian has made version 0.10 available through their Red Carpet installation program.

Desktop Applications

Opera releases version 5.0 of Linux browser. Opera Software announced the official release of their Linux browser. This release marks the end of the beta cycles for this product. The Opera Linux browser has been tested on 9 different distributions : Corel 1.0, Caldera 2.2, Debian Potato 2.2, Mandrake (6.0, 7.1 and 7.2), NetBSD 1.5_BETA/i386, RedHat (6.1, 6.2 and 7.0), Slackware 7, SuSE 7.0 and YellowDog 2.2.

Sketch 0.6.10. A new stable release of Sketch was released this past week. This version adds some language and SVG support along with various bug fixes.

Gabber 0.8.3. A new developer's version of Gabber, the open source Jabber client for GNOME was released this week. Version 0.8.3 is primarily a bugfix release that includes numerous user interface changes.

Pan 0.9.7pre, a GNOME newsreader, released. While not a stable product, it's interesting to note when I run across a package I hadn't heard about previously. Pan is a newsreader for the GNOME environment. This release is a developer's release, but stable pre1.0 releases are available for end users.

SolarWolf, a Python-based game. The first game to be produced with the new pygame Python interface to the SDL libraries, Solar Wolf 1.0, has been released.

PDA News

Review: Agenda VR3 Linux powered PDA(LinuxMedNews). LinuxMedNews posted a review of the new Agenda VR3 Linux based handheld. "The most exciting thing for me is that Tcl/Tk is ported already to it, as is a version of PERL, PYTHON, and RUBY. You can also use the FLTK - fast light toolkit when programming in C or C++.Over 100 Linux applications are already ported to it by the Agenda community."

Linux on Your PDA (O'Reilly Network). In part 1 of a 4 part series, the O'Reilly Network compares 3 Linux-based PDA offerings: the Agenda VR3, the Compaq iPAQ, and the G. Mate Yopy.

And In Other News...

4 questions to Sven Neuman (en) (LinuxGraphic.org). LinuxGraphic.org has posted an interview with Gimp hacker Sven Nuemann. "The problem with the current Gimp codebase is that most parts of it originate back to a time when Gimp was based on Motif and the GTK object system did not exist. Since then only parts of the core have been rewritten to make use of the benefits the object-oriented approach gives. Also, user interface and core functionality is totally mixed up. When trying to add new features to the Gimp-1.2 codebase, it is very easy to get lost and very likely that you break things."

Kernel Cousin KDE #9. This week's Kernel Cousin KDE #9 looks at the need for adding system configuration tools to KDE, the need for a Quality Assurance Team, and the recent problems associated with Kivio.

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

According to Mr. O'Donnell, maintenance of proprietary network management software is considered to be a thorn in the side by many of the larger hardware vendors who provide such code. Much effort has to go into keeping the code current and it tends to get passed to different programmers over time, which results in the production of a lot of spaghetti code.

Hardware vendors often support network management code only because it is a purchasing requirement put in place by larger organizations who buy networking hardware. Network management software is typically a loss-leader product that does not make money on its own.

Much proprietary network management code also runs only on expensive, proprietary hardware, making it out of reach for medium-sized shops.

This situation provides a fertile environment for open-source projects such as OpenNMS to grow in. The open-source world has many advantages for such a project including the ability to track quickly evolving technology, short times to market, high quality code, the ability to run on inexpensive hardware, and an all-inclusive hardware perspective.

Some of the problems facing older open-source network monitoring tools include a lack of professional support, scalability problems, performance problems, distribution problems, and open source project management problems. The people who are working on OpenNMS intend to address all of these issues. A problem facing open-source networking tools is that many big shops don't currently want to get into non-standard platforms such as a system running Linux, although that is changing as Linux matures and becomes more widely accepted.

OpenNMS is being touted as a next generation network management tool, building upon the success of older, more focused tools such as MRTG, RRDTool, Cricket, GxSNMP, Cheops, Mon, Net Saint, and Big Sister to name a few. Other open-source network tools tend to have a narrow focus and provide a sub-set of monitoring capabilities compared to commercial network monitoring systems. The OpenNMS project is positioning itself as a tool for enterprise-wide use with monitoring, notification, statistics, and report generation capabilities.

OpenNMS aims to bring a nice feature set to the table including:

• A packaged system that is easy to install and upgrade
• Extensibility through integration with other tools
• A built in trouble-ticket system
• Email and pager based notification for detected fault conditions
• Full commercial support with the 1.0 release

Current features of OpenNMS include:

• Adaptive configuration
• Service based polling
• Configurable device grouping or views
• Automatic SNMP ID and optimized date collection
• Performance data reporting and graphing based on RRDtool
• Web based and command line interfaces
• PDF report generation for high quality summary output

• Java2 based code with native thread support
• XML based configuration files for manual and GUI configuration
• A PostgreSQL/JDBC database
• SNMP for discovery and event receipt
• Apache Jakarta's Tomcat JSP servelet engine
• An ICMPD process to solve some of the thread limitations of Java

One of the more important concepts used by OpenNMS is that of Synthetic Transactions which, for example, replace the simple pinging of a machine to test its connectivity with more functional tests such as successfully loading a web page or a conversation with a mail agent. Synthetic transactions will solve the blue screen of death syndrome where a machine may respond to ICMP (ping) packets, yet is not functioning at a higher level. Release 1 of OpenNMS is scheduled to include synthetic translation software that supports the following protocols: FTP, HTTP, SMTP, DNS, ICMP, TCP, SNMP, and Routing via SNMP. Three layers of synthetic translations are planned, the currently working Discovery layer and the future predefined poller and custom poller and XML layers.

Configuration of OpenNMS looks to be fairly easy with the nearly complete Java based GUI software. The majority of system functionality can be controlled with the GUI, but importantly, experts can also get to the real guts of the configuration information by hand-editing XML based files.

The 1.0 release is currently scheduled for release in September of 2001, the recent 0.7.3 release is functional, but not all of the features are fully implemented. The latest OpenNMS Update includes an announcement for a brand new release, version 0.7.5, which features graphical PDF report generation, better filtering capabilities, bug fixes, a new event calendar, and new availability calculations.

Hopefully, the project leaders will take the time to observe the installation and configuration process as performed by novice users and perform any necessary modifications to the code and documentation to ease the process. This step is often neglected in open-source development projects, careful attention to this detail will help to build a wide user base.

Audio

Alsa driver 0.5.11 released. Version 0.5.11 of the Alsa Sound System has been released. This version features IA64 support, and updated drivers for a number of sound cards.

Databases

From DTDs to Databases (O'Reilly's xml.com). O'Reilly's xml.com site features an article by Ronald Bourret on mapping DTDs to databases. "A common question in the XML community is how to map XML to databases. This article discusses two mappings: a table-based mapping and an object-relational (object-based) mapping. Both mappings model the data in XML documents rather than the documents themselves. This makes the mappings a good choice for data-centric documents and a poor choice for document-centric documents. The table-based mapping can't handle mixed content at all, and the object-relational mapping of mixed content is extremely inefficient."

Documentation

Linux Documentation Project Weekly Updates. This week's updates to the Linux Documentation Project include an update to the Linux Hardware Compatibility HOWTO, as well as a brief discussion on the use of a document tracking database at the LDP based on PostgreSQL.

Education

SEUL report for May 14, 2001. The May 14, 2001 edition of the SEUL/Edu report is out. Topics include new projects for putting Linux into schools in Britain and Thailand, discussions on Squeak, a Smalltalk derived language from some folks at Disney, and a list of new educational applications for Linux.

Electronics

Mentor Graphics commits to Linux for PLD front ends (semiconbay). Semiconbay covers the Mentor Graphics move to support PLD design front end tools for Linux. "Mentor's HDL Design Division will provide the initial set of design tools to support Linux. In addition to MicroSim, Mentor will offer on Linux LeonardoSpectrum for high-performance synthesis, HDL Pilot for design management, HDL Detective for analysis and documentation, HDL Author for text and graphical creation, and FPGA Advantage for a complete programmable logic environment." While this is not an open-source project, it is encouraging to see companies working on development tools that run under Linux. (Thanks to Conrad Sanderson)

Embedded Systems

Embedded Linux Newsletter for May 10, 2001. This week's Embedded Linux Newsletter has been published. Topics include Memora's Servio Personal Server, Hard Hat's China venture, a ready to use Java stack for embedded Linux devices, and the free vs patented software debate.

Interoperability

Wine 20010510 available. The flow of information from the Wine Weekly News has stopped due to the need for a new WWN editor, however, development continues on the Wine project. Wine Version 20010510 has been released and is available for download. The release announcement states that this version contains improvements to printer support, graphic driver restructuring, and bug fixes.

Printing Systems

Version 0.2.0 of the Omni Print driver released. A new version of the Omni printer driver has been released. Omni developer Mark Hamzy was kind enough to answer some of our questions about Omni.

Standards

IEEE releases 802 standards. The IEEE has started the "Get IEEE 802" program to make the IEEE Local and Metropolitan Area Network (802) networking standards available for download to the public for free. (Thanks to Theo de Raadt)

Web-site Development

Zope Weekly News for May 12th. The Zope Weekly News for May 12, 2001 is available. The coming of Zope 2.4, Core Session Tracking, ZShell for the CLI lover and other topics are covered this week.

Bug-fix version of PHP Review. A bug-fix release of the PHP Review book reviewing software has been announced. Work has also started on a PHP Review manual.

Window Systems

This week's GNOME Summary. The GNOME Summary for May 12, 2001 is out. Topics covered include the Nautilus 1.0.3 release, the addition of SOAP to GNOME, Galeon 0.10.6, and a small note to the effect that Eazel will shortly be closing its doors.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Ada

New version of GNU Ada. A new version of GNU Ada has been released, along with a a new project package RPM called GNADE (GNu Ada Database Environment). (Thanks to Juergen Pfeifer.)

Caml

Caml Weekly News for May 8-15, 2001. The May 15, 2001 edition of the Caml Weekly News is available. This week's edition discusses Caml on MacOS X and a new Caml book.

Java

The historical collection classes -- Arrays (IBM developerWorks). In an IBM developerWorks article that features an excerpt from the book Java Collections, John Zukowski writes about Java Arrays "Arrays are the only collection support defined within the Java programming language. They are objects that store a set of elements in an order accessible by index, or position. They are a subclass of Object and implement both the Serializable and Cloneable interfaces. However, there is no .java source file for you to see how the internals work. Basically, you create an array with a specific size and type of element, then fill it up."

Lisp

Lisa first Beta released. A preliminary version of the first Beta release of LISA, the Lisp-based Intelligent Software Agents, version 0.9, has been announced. "The main new feature of this version is support for running multiple inference engines, or for making multiple threads interact with a single inference engine, on multithreaded Lisp implementations."

ILISP version 5.11 released. Version 5.11 of ILISP has been announced. "ILISP is an Emacs major mode for interacting with Lisp listeners running as inferior processes. It provides commands for editing forms, compiling and executing Lisp code, getting documentation, etc."

Perl

Exegesis 2 (use Perl). Damian Conway is writing a series of Exegesis articles on Perl 6 to parallel Larry Wall's Apocalypse series. The first Exegesis article, number 2, starts off with a quick example of some Perl 6 code.

Perl articles on Dr. Dobbs' (use Perl). Dr. Dobbs' has a few new Perl tutorial articles by Brian d Foy. Included are articles on Creating Perl Code Graphs, profiling in Perl, and more.

PHP

PHP Weekly Summary for May 14, 2001. The May 14, 2001 edition of the PHP Weekly Summary is out. Topics this week include PHP on OS390 Unix, an upcoming expat upgrade, logging Apache peak memory use, and more.

Python

python-dev summary April 26 through May 10, 2001. The summary of traffic on the python-dev mailing list has been posted for the period of April 26 through May 10, 2001. Topics include the Smalltalk metaclass system, decoding string objects, and the move of MacPython to Sourceforge.

Dr. Dobb's Python-URL! (May 14). Dr. Dobb's has posted their Python-URL! summary for this week. Topics include an interview with Mark Lutz, the first game based on Pygame, and the inevitable discussion on what happens to Python if Guido meets an unfriendly bus.

Python 2.0 Quick Reference. A new version of the Python 2.0 Quick Reference has been made available.

Python Imaging Library 1.1.2 announced. Version 1.1.2 of the Python Imaging Library has been announced. "Version 1.1.2 is a maintenance release, which fixes a couple of problems caused by incompatible changes in Python 2.1. It also fixes some other bugs."

Tcl/Tk

Dr. Dobb's Tcl-URL! - weekly Tcl news and links. The May 14, 2001 weekly summary of the Tcl world has been posted from Dr. Dobbs. Topics include a discussion on interfacing Tcl/Tk to custom electronic hardware and support for 3D graphics.

Miscellaneous

Otters with rocks (ZDNet). Old timers know the struggle well - to learn a new programming language and decide if it really makes life more productive. In this ZDNet opinion piece, the author looks at a plethora of languages and tries to decide if any makes his life any better. "Moore's Law and clever developers have bestowed upon us high-level languages that allow us to concentrate on the problems we need to solve, rather than spending the effort to sure we've initialized all the necessary subsystems of the OS appropriately before we even begin. With the abundance of compute power, the overhead involved in interpreted languages has shrunk down to negligibility for many tasks, and the amount of time gained by being able to use these languages instead of lower-level ones is huge."

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

New websites from IBM, Caldera and Nokia/CollabNet. IBM's new Linux Web portal provides an easy way to get to all of the company's Linux products and services, and find out all the latest IBM/Linux news.

Caldera launched the Caldera Developer Network, a web site for Caldera developers, including Independent Software Vendors (ISVs), Independent Hardware Vendors (IHVs), corporate in-house developers and members of the Open Source developer community. Members will have early access to UNIX and Linux technologies.

Nokia teamed up with CollabNet to launch ostdev.net. The site will support developers in the open source community and help to promote the collaborative development of the Open Standards Terminal (OST). The OST is a platform for home entertainment applications. It is based on Open Source technologies, such as Linux, XFree86 and Mozilla, and provides a platform for developing applications for a variety of electronic devices including: broadcast and digital TV, digital video recording, web browsing, gaming etc.

Nokia, Loki in Agreement to Distribute Linux Games with Nokia Media Terminal. Nokia and Loki Software announced an agreement to make Linux games from Loki available on the Nokia Media Terminal. As part of the agreement, Linux-based games from Loki will be pre-installed on the Media Terminal.

Free Software Leaders Stand Together. Bruce Perens has written what he (and probably everyone else) hopes is the final response to the recent ramblings of Craig Mundie from Microsoft. "If you do choose to incorporate GPL code into a program, you will be required to make the entire program Free Software. This is a fair exchange of our code for yours, and one that will continue as you reap the benefit of improvements contributed by the community. However, the legal requirements of the GPL apply only to programs which incorporate some of the GPL-covered code - not to other programs on the same system, and not to the data files that the programs operate upon."

It's signed by many of the biggest names in the Free Software and Open Source world.

MSC.Software installs cluster at Boeing. MSC Software has announced the installation of a Linux cluster at Boeing. It does fluid dynamic computations, was up and running in three hours, and, they say, has already saved Boeing a bunch of money.

American Megatrends Inc. Introduces PC Diagnostic Solution for Linux. American Megatrends Inc. (AMI) announced the development of AMIDiag for Linux. AMIDiag for Linux supports all major Linux distributions including those from Red Hat, SuSE and Mandrake.

FileMaker adds Linux platform support. FileMaker has announced support for Linux for their FileMaker Server 5.5 database server package in a company press release. The package will be Red Hat Certified, though no other distributions are specifically mentioned.

Nevrax Unveils Free Software-Based Persistent World. This press release notes the release of the NeL, the Free-Software-based platform for massively multi-user online persistent