Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The company made $11.3 million in revenue from subscriptions, and $14 million from the various consulting and development services. There is no separate item for "Linux distribution sales," leading one to believe that they have been folded into "subscriptions." Red Hat also earned almost $4.5 million in interest from its sizeable cash holdings. On the down side, the "cost of revenue" was $11.1 million, sales and marketing ran $10.7 million, research and development $4.3 million, and administrative expenses were $3.4 million.

In other words, Red Hat actually, using these numbers, operated at a $3.9 million loss. It was the interest income that put it nominally into the black.

This is a significant achievement on Red Hat's part. The company had not promised profitability for another year yet, but that state has been reached now. They have gotten there despite a harsh economic downturn that has savaged many other Linux companies. And Red Hat has not drifted from its commitment to free software; the company still employs a great many free software developers, and gives back a great deal to the community. Red Hat shows that it can be done.

Or so we hope. A closer look at the numbers shows a slightly more complicated story than what we have seen so far. The $600K profit comes out of the "adjusted" results. The adjustments that have been made include the omission of three sets of expenses:

• "Amortization of goodwill and intangibles": $20.8 million.
• Stock-based compensation: $3.7 million.
• Merger and acquisition costs: $3.7 million.

What about future quarters? During the company's conference call, Red Hat management explicitly refused to provide any sort of guidance regarding future results. They will not even guess, at this point, at whether they can remain profitable or not. These are uncertain times for most companies, but most are sufficiently on top of their situation to offer estimates of how things will go. Red Hat, evidently, has no clue. The company did say, however, that no significant changes in staffing were expected over the next quarter.

So it remains to be seen whether this is the beginning of Red Hat's money-making operations, or whether it is, instead, the company's high point. Red Hat appears to be doing things right in a lot of ways, to the free software community's benefit. With luck, they'll pull it off.

Red Hat to become a database company? One other detail that Red Hat let slip in its conference call was that the company would soon announce a relational database product and associated services. No further information is available from the company at this time; it is making people wait until the marketing people say it's time.

The hope, clearly, is that relational database systems will help drive the next phase of corporate acceptance of free software, and that Red Hat will be able to provide those systems and the services that go with them. It remains to be seen how well that will work; database customers are used to getting their databases and operating systems from different vendors. Red Hat will have to offer something new and compelling to attract customers in this field.

Red Hat will stick with its open source approach for its database offering. Assuming that Red Hat is smart enough not to try to implement a relational database management system from scratch, it will have to adopt one of the existing, free database systems: MySQL, PostgreSQL, InterBase, or SAP DB. Red Hat as been careful, thus far, to not tip its hand regarding its selection.

There are some rumors about, however, that PostgreSQL will be the platform chosen by Red Hat. Certainly it would be a worthy choice; the PostgreSQL team has worked long and hard to produce a top-quality relational database system. Such a move, however, could prove to be a challenge for the companies that are already providing commercial support for PostgreSQL.

The most prominent of those, perhaps, is Great Bridge, the company founded by early Red Hat investor Frank Batten Jr., and the employer of much of the PostgreSQL core team. We talked briefly with Great Bridge CEO Bob Gilbert, who was very upbeat about Red Hat's possible entry into the PostgreSQL market. "What took them so long?" Mr. Gilbert welcomes Red Hat, and looks forward to Red Hat's contribution to PostgreSQL development.

If you believe Mr. Gilbert, the PostgreSQL market is a good one to get into. The company is finding customers in each of several target areas; PostgreSQL is being received well. Larry Ellison and Oracle, he says, should start getting worried "yesterday."

Mr. Gilbert's confidence may well be justified, but Red Hat's entry into the database market still has the potential to shake things up. We'll revisit this topic once the company has made its plans public.

GnuCash and library dependencies, again. Last week's item about the GnuCash 1.6 release and its many library dependencies drew more than the usual amount of mail, including this response from the GnuCash project itself. We seem to have hit a bit of a nerve there. So this week we'll follow up with two more articles; this one looks at the library dependency issue again, and the following one is a quick review of the 1.6 release itself.

Some members of the GnuCash development community felt that the project had been unfairly singled out for criticism when they would rather have seen attention paid to the stable release that they had worked so hard to produce. So let us say it here: GnuCash, at the moment, demonstrates the kinds of problems that can come up with massive shared library dependencies, but GnuCash is not, itself, the problem. GnuCash is a high-quality application which fills a pressing need in the free software community, and it has gotten there partly because its developers have taken the greatest possible advantage of work done by others. We never meant to criticize the project itself.

There are pitfalls, however, with a reliance on large numbers of shared libraries. Especially when a number of those libraries are not widely available on common distributions. If nothing else, it makes it very hard for people to use your software.

In the proprietary world, users will expect to be able to install a new "stable" release of a web browser, mail program, file manager, or personal finance program on their current system. Most do not expect to have to massively upgrade parts or all of their system first. (What happens when the application messes with their system anyway is a different, sad story that Linux users, happily, need not experience).

The people who have reported success with GnuCash 1.6 are, for the most part, running distributions like Debian unstable ("sid") or Mandrake's Cooker. The exception appears to be the just-released SuSE 7.2 distribution. Nonetheless, many users of a personal finance application will not be pleased to have to upgrade their operating systems just to install or upgrade it. If you tell them that, not only do they need to upgrade the operating system, but they must use an unstable version of a distribution, they will simply walk away.

There may be no easy solution to this problem. One of the characteristics of free software is rapid development, and few of us would have it any other way. But fast development implies a lot of upgrades if you want to keep up, and, often, the need to run beta versions of software. These requirements may be hard to reconcile with the needs of desktop users, who just want things to work without their needing to mess with them. This will be a continuing challenge for those developing desktop applications.

About GnuCash 1.6. The GnuCash package has long had the features that one really needs to handle personal finance - see LWN's review from back in 1999. It has, however, remained far behind the proprietary packages with regard to the features offered. People who really want to run free software for everything have been able to use GnuCash for some time; just about everybody else has been inclined to wait.

With the 1.6 release, the feature gap is closing. The application as a whole has a much more finished look, and the online help is greatly improved. Quite a few important new features have been added. GnuCash still has not caught up with the proprietary packages in a number of ways, but it has gotten a lot closer. Once the distributions catch up and make GnuCash 1.6 easy to install and run, its user base should grow.

The first thing likely to be noticed by GnuCash users who upgrade to 1.6 is the new, XML database file format. The program converts older files to the new format, but must ask a number of questions in the process - especially if the file contains a lot of stock accounts. The XML format is certainly nice for a number of things, but there is a downside as well: the size of the database file grows by almost a factor of ten. Over 1KB is required for each transaction (i.e. a check) (example). GnuCash 1.6 is noticeably slower to load or save data in the new format. That's the sort of price we pay for a transparent file format.

Of course, for those with huge GnuCash files, taking advantage of the new PostgreSQL back-end may well prove the best way to go.

A crucial improvement in GnuCash 1.6 is in the report generator. Reports in version 1.4 were somewhat crude and could not be directly printed - one had to export the report in HTML and feed it to a web browser first. Version 1.6 reports are more tightly integrated into the system, look better, and include the obligatory bar and pie charts.

GnuCash has always had a strongly international approach and supported multiple currencies. The new version has strengthened that approach, and includes detailed support for the Euro.

Other features include: more business-oriented support (things like depreciation reports), tax preparation support, improved QIF importing, internal updating of stock prices (no more need for an external application), a loan calculator, and even a built-in web browser.

GnuCash 1.6 also includes support for the "GnuCash network." The network does not currently provide much in the way of services; the registration window doesn't even work, and will not until version 1.6.1. One can presume, however, that providing useful services through that channel is part of somebody's business plan, and that things should start showing up there soon.

What's still missing? Many users would most like to see support for scheduled transactions; this feature is apparently under intensive development and should be there for the next major release. It's still not possible to directly import information from banks or credit card companies. No budgeting tools are provided. GnuCash still doesn't really understand loans, and will not handle the amortization for you. And several other things, doubtless.

The GnuCash developers have set themselves the goal of blowing the proprietary finance packages (both personal and business) out of the water with a free alternative. It is an ambitious goal, and, as of 1.6, it has not yet been achieved. Things are clearly heading in the right direction, however; GnuCash is more than usable now. If you are still balancing your checkbook with a proprietary package, it may be time to consider making a change. (See also: the GnuCash web site).

Inside this week's Linux Weekly News:

• Security: The Danger of Posting Images, a look into the world of 13 year old hackers, new vulnerabilities in fetchmail, rxvt and more.
• Kernel: Linux Device Drivers 2nd Edition; API changes in stable kernels; FOLK.
• Distributions: Agenda-VR, Sentry Firewall CD, the Mandrake Cooker Weekly News.
• On the Desktop: Netscape 6.1, XFree86 reviewed, Ogg Vorbis and yet more on pilot-link.
• Development: GCC 3.0 announced, Ogg Vorbis decode RC1, Stallman on scientific publishing, mod_lisp 2.0, GHC 5.00.2.
• Commerce: Compaq initiatives, Goldbox, GCC 3.0.
• History: Software patents, Handhelds.org and "open sores".
• Letters: GnuCash and shared library hell; non-executable stacks.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

The Danger of Allowing Users to Post Images. A major discussion thread on BugTraq this week started when John Percival posted a note entitled The Danger of Allowing Users to Post Images. With it, he included an exploit developed by Chris 'stallion' Lambert which could be used with almost any web script that uses cookie session/login data to validate CGI forms.

Many such web scripts, including threaded discussion forums like Infopop's Ultimate Bulletin Board or ezboard allow users to post images to the forum. This means that they accept user input in the form of HTML-embedded references or URLs. They do not, however, necessarily check the input they receive to make sure it does not contain additional HTML commands, such as possible hostile query-strings. As a result, another user clicking on such as image may be unwittingly executing HTML commands. If such a user has additional privileges, such as a forum administrator, more damage can result.

BugTraq ID 2871 addresses this issue and currently lists four affected applications: ezboard, Infopop's Ultimate Bulletin Board, VBulletin and WWWThreads. Fixes for Ultimate Bulletin Board and VBulletin have been made available. However, the basic issue is not specific to the applications, but just a demonstration that input verification vulnerabilities are extremely wide-spread in current web-based scripts. Time to take a look at your web scripts and look at how you are currently verifying the user input you receive, particularly if that input is in the form of HTML or other executable code.

CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for June is out. It covers a wide range of topics, including the grc.com attacks and the Honeynet project. "The results are fascinating. A random computer on the Internet is scanned dozens of times a day. The life expectancy of a default installation of Red Hat 6.2 server, or the time before someone successfully hacks it, is less than 72 hours. A common home user setup, with Windows 98 and file sharing enabled, was hacked five times in four days. Systems are subjected to NetBIOS scans an average of 17 times a day. And the fastest time for a server being hacked: 15 minutes after plugging it into the network."

One of the links inside this month's CRYPTO-GRAM is to The Strange Tale of Denial of Service, an account by Steve Gibson of his research into the world of distributed denial-of-service attacks. In this case, the machines used to deploy the attacks were running Microsoft Windows operating systems, but the victims could be any machine. From his experiences, he learned that major ISPs were simply unwilling to take action in response to this type of problem, that the US Federal government has too many problems to handle and will not look at "small" problems, such as the disablement of a single site, and that age does indeed shield youthful offenders within the US from prosecution.

To quote Steve, "We can not have a stable Internet economy while 13-year-old children are free to deny arbitrary Internet services with impunity".

Using a Cryptographic Hardware Token with Linux: the OpenSSL Project's New Engine (Linux Journal). Linux Journal's Paul Friburg takes a look at using OpenSSL's new engine to provide support for digitally-signed emails using a hardware token. "Hardware tokens are nearly tamper proof and assure that the data are originating from a given Linux PC provided that the token is plugged into it. ... Sadly, the token we were requested to integrate, the Chrysalis-ITS Luna2 PC card, was not on the list of the three tokens implemented in the engine. This forced us to go under the hood of the OpenSSL engine code. ".

Security Reports

sysklogd denial-of-service vulnerability. Immunix reports that the Linux kernel logging daemon klogd distributed with the sysklogd is vulnerable to a denial-of-service attack because it will shut down if it receives a null byte in a log message from the Linux kernel. A patch to fix the problem is available.

• Immunix

fetchmail buffer overflow. Wolfram Kleff reported a buffer overflow in all versions of fetchmail. This is remotely exploitable and could lead to root access if fetchmail is run by root. An upgrade to fetchmail 5.8.6 will resolve the problem.

• Immunix
• Debian
• Conectiva
• Slackware, June 18th Changelog

rxvt buffer overflow. Samuel "Zorgon" Dralet reported a buffer overflow in rxvt which can be exploited to gain group utmp privileges on some systems, which could allow the utmp file to be modified. A patch is available to fix the problem.

• Debian
• Slackware, June 18th Changelog
• Linux-Mandrake

man page source buffer overflow. zen-parse reported a buffer overflow in man that, when manual pages begin with a '.so' statement, may be exploited to execute arbitrary code under the 'man' group id. No patch or update for man has been posted so far. For more details, check BugTraq ID 2872.

MDBMS query display buffer overflow. teleh0r reported a buffer overflow in MDBMS, an SQL database server for Unix which provides source code and is free for non-commercial use. The buffer overflow can be exploited to execute arbitrary code. An updated version is available, containing a fix for the problem.

BSD ptrace race condition vulnerability. The version of ptrace shipped with NetBSD and OpenBSD has been reported to contain a race condition which can be exploited to allow an unprivileged user to attach to a privileged process, elevating the attacker's privileges. OpenBSD has released patches to their kernel to resolve the problem; NetBSD has fixed the problem in their CVS tree.

ghttp buffer overflow. The Gaztek HTTP daemon, ghttpd, is a GPL'd HTTP server with a small memory footprint that is capable of handling "thousands of simultaneous connections". A buffer overflow has been reported in version 1.4 that can be exploited by a remote attacker to run arbitrary code under the privileges of the ghttpd server. No fix for the problem has been reported so far.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• WatchGuard Firebox 2500 and 4500 boxes are reported to contain a vulnerability which makes it possible for an intruder to bypass SMTP checking using attachments encoded in base64. No vendor response has been reported so far.

• ScreamingMedia SiteWare versions 2.501 and earlier and 3.1 and earlier contain a file disclosure vulnerability. An upgrade to 2.5.1 or 3.1.1 will apparently resolve the problem. BugTraq ID 2868.

• cgiCentral's WebStore shopping cart software has been reported to contain two vulnerabilities which can be used together to allow an attacker to execute arbitrary commands on a system running Webstore. The two vulnerabilities are an administrator authentication bypass vulnerability and an arbitrary command execution vulnerability. A workaround for the command execution vulnerability has been posted, but no vendor response has been seen so far.

• The Cisco Node Route Processor 2 card has been reported to allow unauthorized telnet access in its default configuration. An upgrade to Cisco 6400 NRP2 12.1DC will resolve the problem.

• NetSQL, a light-weight SQL database server for Linux and Solaris, has been reported to contain a remotely exploitable buffer overflow which can give an remote attacker root access on the server. No vendor response has been seen so far.

• Microburst uDirectory, a Perl CGI script, has been reported to contain an input validation error which can be exploited remotely to execute arbitrary commands on the host. No vendor response has been seen so far.

Updates

exim format string vulnerability. Check the June 14th LWN Security Summary for the original report.

This week's updates:

• Red Hat [Note, one user reported problems with the Red Hat 7.0 packages in this update].

• Debian (June 14th)
• Conectiva (June 14th)

xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging.

This week's updates:

• Debian
• Conectiva

xinetd default umask vulnerability. Check the June 7th LWN Security Summary for the original report. Fixing the problem simply requires that the default umask for xinetd be set to 022 instead of 000. This is also covered in BugTraq ID 2826.

This week's updates:

• Debian
• Conectiva

• Red Hat (June 7th)
• Linux-Mandrake (June 14th)
• Immunix (June 14th)

OpenSSH tmplink vulnerability. Check the June 7th LWN Security Summary for the initial report. This is also covered in BugTraq ID 2825.

This week, OpenSSH 2.9.p2 was released with a fix for the problem.

ispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.

This week's updates:

• Linux-Mandrake

• Red Hat (June 7th)
• Debian, fixed in ispell-3.1.20-8, updated January 26, 2000. (June 14th)

Webmin environment variable inheritance vulnerability. Check the May 31st LWN Security Summary for the original report.

This week's updates:

• Linux-Mandrake

• Caldera, disabling Webmin recommended, no updated packages available yet. (May 31st)
• Caldera, updated packages now available (June 7th)

gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.

This week's updates:

• Debian, official

• Engarde (May 31st)
• Progeny (May 31st)
• Linux-Mandrake (June 7th)
• Immunix (June 7th)
• Trustix (June 7th)
• SuSE (June 7th)
• Conectiva (June 14th)
• Red Hat (June 14th)
• Turbolinux (June 14th)
• Caldera (June 14th)
• Debian, unstable upgrade to 1.0.6 on May 29th. (June 14th)

gnupg. gnupg 1.0.5 was released on April 29th. Check the May 3rd LWN Security Summary for details. An upgrade to 1.0.5 is recommended.

This week's updates:

• Debian

• Linux-Mandrake (May 10th)
• Immunix (May 3rd)
• Red Hat (May 24th)
• Caldera (May 24th)

Denial-of-service vulnerability in FTP server implementations. Check the March 22nd LWN Security Summary for the original report. Affected FTP daemons include ProFTPd, NetBSD FTP, PureFTPd (to some variants of this attack), BeroFTPD, and FreeBSD FTP.

This week's updates:

• Linux-Mandrake

• ProFTPd (workaround only) (March 22nd)
• ProFTPD 1.2.2rc1

Apache directory listing error. Check the March 8th LWN Security Summary for the initial report. Apache 1.3.18 and earlier are vulnerable; Apache 1.3.19 contains a fix for the problem.

Previous reports:

• Trustix

Resources

Bastille Linux 1.2. The Bastille Linux development team announced the release of Bastille Linux 1.2, a hardening script for multiple Linux distributions.

CryptoMail 0.90. The first public release of CryptoMail, version 0.90, was announced this week. CryptoMail is an end-to-end secure email system. MySQL, Apache and Sendmail are required in order to run the server. More information is available at http://www.cryptomail.org.

Events

Upcoming Security Events.

Date	Event	Location
June 21 - 22, 2001	13th Annual Computer Security Incident Handling Conference (FIRST 2001)	Toulouse, France
June 21, 2001	PKI Forum Members Meeting	(Kempinski Hotel Airport Munchen)Munich, Germany
July 11 - 12, 2001	Black Hat Briefings USA '01	Las Vegas, Nevada, USA.
July 17, 2001	The Open Group Security Forum briefing	Austin, Texas
August 6 - 10, 2001	CERT Conference 2001	Omaha, NE, USA.
August 7, 2001	CIBC World Markets First Annual Security & Privacy Conference	New York, NY, USA.
August 13 - 17, 2001	10th USENIX Security Symposium 2001 Conference	Washington, D.C.
August 13 - 17, 2001	HAL2001	Enschede, The Netherlands

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.5; the 2.4.6pre4 prepatch came out just as LWN was going to "press"; it contains a set of fixes but nothing spectacular.

The same can not be said for Alan Cox, who has released several patches up to 2.4.5ac16. Alan has also released 2.2.20pre5 (though the last announced release was 2.2.20pre4) for those still working with the 2.2 kernel.

Some have asked why the current "ac" patches don't include the latest updates from the 2.4.6pre series. Alan's answer might make one a little nervous: "Because right now I don't consider the 2.4.6 page cache ext2 stuff safe enough to merge. I'm letting someone else be the sucide squad." There have not been a whole lot of complaints from 2.4.6pre users, however.

Andrea Arcangeli, too, has been issuing general kernel patches. 2.4.6pre3aa2 adds a number of fixes to the current Linus prepatch. There is also a 2.2.20pre5aa1 for the 2.2.20 prepatch.

The Linux kernel and gcc 3.0. Now that this major gcc release is out, people are naturally interested in using it to build kernels. Numerous fixes for gcc 3.0 are going in, but, at this point, using that compiler is still not recommended. It will take some time for both the compiler and the necessary kernel changes to stabilize before gcc 3.0 can be used with confidence.

The second edition of Linux Device Drivers is about to hit the shelves, at last. This edition, published by O'Reilly, is written by Alessandro Rubini and LWN editor Jonathan Corbet. It covers the 2.4 kernel through even most of the post-2.4.0 changes, and gives great attention to SMP and portability issues. It should hit the shelves around the end of the month - in the U.S., at least. More information can be found on the O'Reilly web site.

The really fun part, though, is the book will be released online under the GNU Free Documentation License. The exact date of the online release is unclear - some work has to be done to prepare the DocBook source for release. The hope, however, is to get it onto the net within a month of the bookstore release. At just over 550 pages, it should be a sizeable addition to the free documentation for the Linux kernel.

The FOLK project sent out an announcement of its existence on June 13. FOLK, or "Functionally Overloaded Linux Kernel," aims to combine as many interesting patches as possible into a single, integrated patch to make them all easier to try out. From the announcement:

The idea isn't to worry about quality, bloat, or any other "detail", but rather to give developers one additional way to showcase ideas and give interested users a way to try things out without having to spend a lifetime finding what's out there, another lifetime upgrading the patch to the current kernel and a third lifetime fixing all the rejected diffs.

In other words, it's probably not something you want to drop onto a production server, but the FOLK patch could be an interesting way of seeing what sort of work is being done out there.

As of this writing, the current patch is 2.4.5-folk1.4. It includes the full 2.4.5ac15 patch, the Bad Memory patch, the Linux Doors patch, the HP plugin scheduler patch, the socket registration patch (discussed in last week's LWN kernel page), IBM's POSIX threading patch, the real-time scheduler patch, JFS, and more. It should be fun to play with - but watch out for those "details."

The Linux kernel is getting too big? A recurring theme on the linux-kernel list is the complaint that the kernel tarballs have gotten too big, and that they contain far more stuff than anybody is going to use. Wouldn't it be better to split it apart, so that people could only download the code they actually need?

The answer has always been something along the lines of "feel free to set up a split kernel download site, but we're too busy." The conversation usually stops there. Now, however, Michael Bacarella has done something about it. He has set up a web page allowing a user to specify which kernel subsystems are of interest; then a tarball is created containing just the desired code.

The current setup is a bit rough - the choices on what to exclude are crude, and it's easy to request a kernel that will not build. But it's only intended to be a first step; future versions would probably hook into the CML2 configuration system and make much smarter choices on which code to include. Mr. Bacarella, of course, is looking for people who would like to help make a better system; drop him a note if you're interested.

Run Linux on your VAX. The Linux/VAX project project announced this week that it had succeeded in booting the system on a VAXStation 3100 and running a shell there. That is, of course, a crucial milestone, and the project is to be congratulated. Even if the resulting system does claim a whopping 5.4 BogoMIPs. Your editor is thinking about that old 11/780 he first learned Unix on...moving it into the basement would be a hard sell with the wife, however...

Making kernel configuration fun. Eric Raymond has evidently decided that there are not enough interfaces to the new kernel configuration system, so he has added another. This one, however, is different, being based on an ancient "interactive diagnostic" program interface:

Welcome to CML2 Adventure, version 1.6.1.
You are in a maze of twisty little Linux kernel options
menus, all different.

The main room.  A sign reads `Linux Kernel Configuration 
System'.  Passages lead off in all directions.

> n
The arch room.  A sign reads `Processor type'.
A passage leads upwards.

Choose your processor architecture.
A brass lantern is here.
There is a row of buttons on the wall of this room. They read:
	X86, ALPHA, SPARC32, SPARC64, MIPS32, MIPS64, PPC, 
	M68K, ARM, SUPERH, IA64, PARISC, S390, S390X, CRIS
The button marked X86 is pressed.

Perhaps this configuration mode should become the default for the Linux/VAX project?

Followup: the PCI suspend/resume interface change. Last week we looked at an incompatible API change that went into 2.4.6pre3, and which upset some developers. For those who are interested, here is Patrick Mochel's justification for the change. While there seems to be a consensus that the change makes sense technically, not everybody thinks it should have been now. Quoting Jeff Garzik:

Anyway I beg you -- please consider API changes more carefully in the future, even if Quick Draw Torvalds does not. The changes that occured here are immaterial: the principle of the stable series is what is at stake here.

Interestingly, Linus felt the need to deny that Mr. Mochel's employment at Transmeta had anything to do with the change being included - despite the fact that nobody had (publicly, at least) made any such allegation.

The real conclusion that should be drawn here, perhaps, is that it is past time for the 2.5 series to begin. 2.4 has not truly stabilized, but it is getting closer and a lot of the remaining problems (virtual memory being at the top of the list) are not those that can be addressed by most kernel hackers. Perhaps it is time to start the new development tree, and future API changes can go there.

Linux/PPC has a new maintainer. Cort Dougan has announced that he is stepping down as the maintainer of the PowerPC port of the Linux kernel. Mr. Dougan has filled this role for several years, and has been widely respected for his leadership with this port.

The new maintainer will be Paul Mackerras. He posted an acceptance speech of sorts; we wish him luck.

Other patches and updates released this week include:

• Rick Lindsley has released a document describing the global spin locks used in the kernel and the conventions for their use. This is a crucial piece of documentation; as the number of locks grows, it is increasingly difficult to know which locks should be taken out where.

• Andrea Arcangeli has posted a patch which is intended to make header files match up with some of the user-visible API changes in the 2.4 kernel.

• Leon Breedt released a patch which enables a non-blinking cursor on the text console. Interestingly, some people strongly disagree with this patch.

• IBM has released version 0.3.5 of its journaling filesystem.

• Rusty Russell has posted a new hotplug CPU patch.

• Anton Altaparmakov announced version 1.0.0 of the Linux NT filesystem. It still is not safe for write access, however.

• devfs v181 has been released by Richard Gooch.

• Stelian Pop has updated his Sony Vaio programmable I/O controller driver.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Agenda-VR. The addition of Agenda-VR to our distributions list marked the perfect opportunity to split handheld distributions out of the general embedded distribution lists. Given the growing popularity of PDAs, the pace of the Linux development in this field and the likelihood that playing with the OS on your Linux PDA might be the primary reason you chose to purchase it, separating out Linux Distributions for PDAs seemed like the "right" thing to do.

Agenda-VR is the Linux distribution that runs on the Agenda VR3 PDA. They've got a nice, interactive tour on their site of the product from the website and provide information on both the old and new versions of their OS. Unfortunately, when we tried to download the software, the links were not working.

Other useful resources include Russell Stuart's Agenda Development Page, which gives tips on downloading and compiling code, and the SNOW compiler for the Agenda PDA. SNOW is an application binary interface for the MIPS CPU architecture developed initially by Jay Carlson and adapted for the Agenda by Shane Nay. It produces shared libraries that are loaded at a fixed location in memory, similar to some of the older Linux shared libraries, providing enhanced performance in exchange for the time involved in tracking library location and relinking programs when libraries are modified. [Thanks to Tony Audas].

Estimating the size of GNU/Linux. David Wheeler has released More Than a Gigabuck: Estimating GNU/Linux's Size, his second white-paper to address the size and development costs of Linux. It analyzes the source code from Red Hat 7.1 to draw a number of conclusions, including:

1. It would cost over $1 billion (a Gigabuck) to develop this Linux distribution by conventional proprietary means in the U.S. (in year 2000 U.S. dollars).

2. It includes over 30 million physical source lines of code (SLOC).

3. It would have required about 8,000 person-years of development time.

4. Red Hat Linux 7.1 represents over a 60% increase in size, effort, and traditional development costs over Red Hat Linux 6.2 (which was released about one year earlier).

5. The predominant software license is the GNU GPL. Software packages using the copylefting licenses (the GPL and LGPL), at least in part or as an alternative, accounted for 63% of the code.

New Distributions

Sentry Firewall CD. Sentry Firewall CD is a Slackware-based (currently Slackware 7.1) distribution that fits on a single bootable CDROM and takes configuration information from either a floppy drive or a local hard drive. As the name suggests, it is tailored primarily to provide a basic firewall environment. In addition, it can also serve as an intrusion detection node. In both cases, the advantage of running off the CDROM is that, even if hacked, the base operating system cannot be modified. So a reboot with a backup configuration floppy, for example, should get a damaged firewall back up and running immediately. Running the configuration off a read-protect floppy, rather than the internal hard drive, decreases the vulnerability of the system one step further.

Sentry Firewall CD is also hosted on Sourceforge. Thanks to David A. Bandel for the reference.

Distribution News

Linux-Mandrake News. The second release of MandrakeFreq is now available. This is a snapshot of the still-in-development Linux-Mandrake 8.0 and is intended only for power-users that like to live life on the bleeding edge. It includes KDE2.2alpha2, Linux 2.4.5, XFree86 4.1, Evolution 0.10, Nautilus 1.03 and Mozilla 0.9.1.

This week's Linux-Mandrake Community Newsletter reports the opening of MandrakeBizcases.com, a new site where business users can share their experiences using Linux-Mandrake products. They also provide a Mini-FAQ about the PPC beta released last week, including what hardware it supports, where the files can be downloaded and how to start the installation.

We were also pleased this week to hear of the creation of the Mandrake Cooker Weekly News (this week's version is permanently archived at this address), a new weekly feature that will be following the bleeding development edge at Linux-Mandrake. It promises "concise, hot information" on what they are currently developing internally, what new packages are available, development policy issues being discussed, etc. It will be available either as an email newsletter or on the web.

Between these two new features and Mandrake Forum, the availability of information on Linux-Mandrake is starting to rival that of volunteer distributions like Debian, where almost all information is available on-line. It is a model we strongly encourage for all distributions or development projects, since such a news source can do a lot to bind a community together, as well as providing a valuable historic resource.

Red Hat News. XFree86 4.1 is in Rawhide. People using it should note, however, that Red Hat removed libXIE.so from XFree86 4.1 when they installed it because the XFree86 team deprecates the use of that library. Unfortunately, Mozilla 0.9.1 uses that library. As a result, libXIE.so will go back into the next Rawhide build. However, it will not be included in future official versions of Red Hat. Developers take note; use of that library will make your program incompatible with future releases of Red Hat and other distributions that follow the request of the XFree86 team.

SuSE News. SuSE users reported the same problem with Mozilla 0.9.1 and XFree86 4.1.0 as mentioned above. As a result, libXIE.tar.gz should now be available for download in the XFree86 4.1.0 directory at SuSE. Installing it should fix the problem.

Meanwhile, US-based SuSE users will be cheered to hear that deliveries of SuSE 7.2 in the US were reported starting on June 18th.

Slackware News. On Thursday, June 15th, the Intel Changelog indicated that current had been frozen in preparation for the upcoming release. That did not prevent, though, the addition of Gcc 3.0 on an "experimental" basis or an upgrade of Qt to version 2.3.1.

Several people commented that they have been using -current extensively and consider it to be highly stable. Meanwhile, Patrick Volkerding again stated that the official release of Slackware 8.0 will be "soon".

On the bug-fix side, a patch to lpr went in for a known problem and updates to fetchmail and rxvt went in to resolve security issues. Several ham packages were upgraded by Arno Verhoeven. A LILO configuration problem that was causing partition tables to be rewritten at boot was resolved. e2fsprogs was downgraded to 1.19.

No Changelog entries went in for the Alpha or Sparc platforms.

A new version of the Slackware Package Management System was released this week, version 0.1.3. It now supports one-step packaging, and "automagic" document copying in addition to cleanups to the code.

Caldera News. This past week, some members of the caldera-users mailing list began to speak openly of moving to alternate distributions, due to frustration with Caldera and the lack of recent releases. No specific links are provided, since members of such a list should have the right to vent a bit without becoming a media focus. Nonetheless, if Caldera is still interested in having a user community, we certainly hope they are reading their own mailing lists. These people liked OpenLinux and don't want to leave it, but felt they are reaching a point where they have no choice.

Only a day or so later, an unofficial comment was posted that OpenLinux Workstation 3.1 will be released on the 29th of June.

Debian News. The Kernel Cousin Debian Hurd shows a lot of active development over the past week. A problem with getsockopt() has been fixed.

Conflicts between packages using high port numbers for network connections became a topic of conversation this week. It was quickly agreed that Debian needed to produce a mechanism to prevent conflict between packages, even though all high numbered ports are "up for grab", as an expected part of the "integration process" that any distributor provides. The mechanism by which they will prevent conflicts has not yet been chosen. A separate port registry, additions to /etc/services, or using the IANA registration were mentioned as possibilities.

KRUD News. The next monthly release of KRUD 7.1 will contain all the library updates needed for installing gnucash 1.6.0. Sean Reifschneider reported that the libraries that needed updating all installed without problems. KRUD 7.1 is based on Red Hat 7.1, but comes as a subscription service with a new CD each month, bundled with all related security and bug fix updates, as well as additional software chosen by tummy.com.

Trustix Secure Linux 1.4.90 released. Trustix Secure Linux 1.4.90, the beta release of this distribution before 1.5 comes out, has been released. It contains a number of new features; it also has incompatibilities with the last stable release (1.2), so prospective users should proceed with care.

RTLinux News. FSMLabs announced this week that RTLinux now supports the Motorola PowerPC 860. It is currently available, along with the RTLinux Development Kit for several PowerPC 860 evaluation boards.

Coyote News. The Embedded Coyote Linux distribution is nearing a usable state. Automatically-updated ISO images are available for those that would like to check it out.

Minor Distribution updates

• Kaladix 0.3, includes major feature enhancements, but is still an early development release.

• Mindi Linux 0.22pre1, improved interoperability with Linux kernel 2.4.X.

• PKlinux-mini 2.0, Linux kernel 2.4.5 upgrade, ppp and firewall support updated, glibc 2.2.3 and bash 2.0.5 added.

Distribution Reviews

The e-smith server and gateway (Linux Journal). The Linux Journal reviews the e-smith server and gateway distribution. "In some ways, having problems while doing a review is not such a bad thing. You get to call tech support which gives you a feel for how quickly your questions and concerns will be answered. I am happy to report that not only did I not have to wait in a queue, but the person I spoke with was knowledgeable, helpful and open to the suggestions I made regarding the whole installation process."

Review: Red Hat Linux 7.1 (Duke of URL). This review of Red Hat Linux 7.1 finds, once again, that the .1 release cleans up well after the .0 version. "They have overcome almost all of the issues with the premature release of gcc 2.96 in version 7.0. They have again provided gcc 2.96 but this time it works well and can compile to the standards for both C and C++. They have also increased their currency by allowing a properly configured KDE to be included with the distribution. Thus catering to both desktop environment crowds. The inclusion of XFree86 4.0.3 and the anti-aliased xft render extension by default is also a nice touch."

Thanks to contributors. We want to thank readers who have written in to nit-pick on the categorization of various distributions, contribute new distribution links and more. This does a great deal to improve the quality of our information and it is much appreciated. Particular thanks go this week to Daniel James.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

Netscape 6.1. Late last week, right after our Weekly edition was published, Netscape officially released another version of their popular browser. C|Net reviewed this new release, Netscape 6.1PR1, and gave it a positive, though cautious, mark.

Netscape 6.1PR1 is based on Mozilla 0.9.1

This version marks the third release, and first since early February, of the Mozilla based 6.x series. While only a preview release, which most people refer to as beta releases, the stability and speed of this new release are obvious and owe their improvements to the improved Mozilla 0.9.1 based NGLayout/Gecko rendering engine. The original 6.0 and 6.01 releases from Netscape were based on the much earlier and less polished Mozilla 0.6 code.

Some of the updated features and enhancements for 6.1PR1 include:

• LDAP support in the e-mail program
• Enhanced performance - faster page loading and web browsing.
• Enhanced bookmark and history management-easier filing, sorting, deleting and editing.
• Better searching -- easier navigation and the ability to search from an autocomplete URL dropdown.
• Better security -- the Password Manager and the Cookie Manager give improved control over critical information.
• Offline capability -- use Netscape Mail 6.1 to access all server-based mail accounts offline.
• Easy account management -- centralized control and monitoring of all e-mail accounts.

Commentaries from various news sites have reported that the 6.1 release is just a bargaining chip for AOL in its current negotiations with Microsoft over cross-licensing deals. But Netscape President Jim Bankoff has been quoted as saying that in 6 months people won't think of Netscape as a browser company. Whether that means the company might be dropping the browser (which is unlikely) or simply relegating it to a lower priority (much more probable) remains to be seen. Most reports seem to think Bankoff's comments reflect Netscape's expected growth spurt, where they take the innards of the browser to make media tools for business.

Despite the advances, the PR1 release isn't quite ready for the masses. One of the known problems for Linux systems is that images are not displayed if they are either resized using the height or width attributes, or resized dynamically, from the actual image dimensions. Additionally, themes designed for the 6.0 release won't work with 6.1 due to changes in the XUL specification.

Wired reported that page loads were faster and entire pages loaded at once, meaning graphics and text displayed at the same time. This isn't exactly true - it depends on the site visited and connection speed, but image loading is definitely much faster. The same Wired story noted that the pull down menus at Sony.com didn't work at all, but LWN.net found that one set of menus worked and another didn't. A stock Mozilla 0.9.1 presented the same problem. Perhaps drop down menus can't be displayed over another drop down menu. What we did find was that Netscape 6.1PR1 is quite the resource hog, chewing up memory to the exclusion of all other applications on a Red Hat Linux 6.2 system, eventually forcing us to kill the application lest we lose our X session entirely.

Users interested in following the Mozilla/Netscape 6.x releases can find additional information from the NewZilla Web site, where tips on using Netscape 6 can also be found.

pilot-link redux. More information on the pilot-link project came to light this week. First, as soon as the new servers are moved across the US, the new pilot-link.org site will go live. This site is currently maintained at the gnu-designs web site. Additionally, a new bug database went live (at the current site) this week for reporting problems in the pilot-link package. Finally, and most importantly, a new release of pilot-link, version 0.9.5, has hit the streets.

Autoinstalling - Ximian Debian. The usefulness of Ximian's Red Carpet installer for Red Hat based systems was discussed in the May 24th, 2001 edition of On the Desktop. After that we received word that Ximian also provides a version of Red Carpet for Debian Woody and Debian Potato. In fact, there appears to be versions of Red Carpet for LinuxPPC, Mandrake, SuSE, and Turbolinux as well. (Thanks to Mark L. Kahnt)

Open-source music format ready to play (ZDNet). ZDNet looks at the upcoming 1.0 release of Ogg Vorbis, the open source music format. "The version set for release Sunday will officially be a "release candidate"--containing essentially everything that will be in the final version but still being checked by its users for last-minute flaws."

LWN.net Book Review: The New XFree86. LWN.net senior editor Michael J. Hammel reviews Prima Tech's The New XFree86, by Bill Ball. "The meat of XFree86 is in the libraries and X server and this text simply doesn't go into detail for either of these."

Desktop Environments

GNOME Summary for June 10 - June 16. The weekly summary of the GNOME world has been posted. Highlights this week include an update on the progress of 2.0, the XFree86 technical conference, and the rebirth of the eazel-hacking automated build system.

GNOME Board meeting 12 June 2001. The minutes of the latest GNOME Board meeting have been published. The most interesting note is that the X Technical Conference appears to have been revived for this years ALS conference.

People behind KDE: Kurt Granroth. Kurt Granroth, SuSE employee and KDE core developer in the US, is interviewed in another of this long running series from KDE.org. "SuSE has me on as a full-time KDE developer. They give me nearly complete freedom to work on what's necessary and pay well. All in all, it's as close to a perfect job as anybody could realistically expect."

Kernel Cousin KDE #14. This week's KDE kernel cousin covers discussions on a new keyboard shortcut scheme, design differences between the vector drawing tools Karbon and KIllustrator, and discussions on what the KDE League really is all about.

GNUStep Weekly Update. The latest GNUStep Weekly Update showed up late last week. The big news is the upgrades to gcc which will help alleviate the problems encountered which prevented using gcc to build GNUStep in the past.

Office Applications

OpenOffice releases new build candidate. The OpenOffice project (aka StarOffice) released the build 632 on Tuesday this week. The release notes say that the Berkeley DB is now included with the distribution, after they reached an agreement with the authors of that open source database.

Keeping up AbiWord. The latest edition of the AbiWord Weekly News #48 came out this week.

Focus on Infusion (KDE Dot News). KDE Dot News reviews the recently uncovered office application known as Infusion. "Infusion aspires to compete with the likes of Aethera, Magellan, Evolution, and yes, Microsoft Outlook+Exchange. Is Infusion there yet? Nope. But from what I've seen, I've certainly been impressed by Citadel/UX, and once I managed to get Infusion compiled, I was able to enjoy some neat functionality."

Desktop Applications

KDE PIM Roadmap. A project to help develop a roadmap for developers interested in working on KDE PIM, culminating in a PIM developer gathering in late 2001, has been proposed to the KDE PIM mailing list.

And in other news...

XFree86 4.1.0 (Duke of URL). The Duke of URL takes an indepth look at the recently released XFree86 4.1. "4.1.0 features support for not only new cards, but also strengthens the support for some cards. It also seems that a lot of time, the Alpha platform gets ignored along with the *BSDs, but this version changes that. With 4.1.0, Linux/PPC finally has DRI support, FreeBSD has i810/i815 support, and Alpha/Linux finally has jumped on the bandwagon with support for the ATI Radeon."

December 2001 Convergence (LinuxMedNews). LinuxMedNews creator Ignacio Valdez says that the Linux Desktop is close, but world domination won't be here till December. "My wife who is as non-technical as can be uses it also for school and documents using StarOffice 5.2. Then again, she has me to admin her machine. There are some end-user experience issues which keep Linux out of the reach of the masses: 1) Installation of video and sound as well as other installation difficulties remain an issue. 2) Anti-aliased fonts are not widely available through all the distributions. 3) A browser with the familiar Netscape name is not currently competitive. 4) Some application software is either a) not ready, b) not as good as applications such as MS-Office, or c) ready and superior to its Windows equilvalents (see my recent article on scanning) but requires more effort and knowledge on the part of the user to find and use."

If desktop Linux is viable, thank some unlikely spokespeople (ZDNet). Henry Kingman, Senior Producer of ZDNet's Linux Center, says that the only real problem for Linux is it needs a stronger mainstream media presence. "PR [from RMS, Eric Raymand and Bruce Perens] can only go so far. Without proponents among the ranks of media professionals, I wonder if desktop Linux has very much of a chance." His comments are meant to entice mainstream publishers to produce more Linux pieces, to open the publics awareness to the alternatives of open source.

My plan for getting Linux on the desktop (ZDNet). The same author that gave us 9 reasons why not to use Linux on the desktop last week, now continues with 10 issues to face to get Linux onto more desktops. "The only real way I see Linux becoming anything like a common desktop operating system would be for Microsoft to endorse it. Figure out the likelihood of this and you'll have a fairly precise measure of the chances Linux has of becoming a real desktop player."

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

Version 3.0 of GCC, the GNU Compiler Collection, has been announced. GCC, provides compilers for the languages C, C++, Objective C, Fortran, and now Java. GCC works on a wide variety of processor platforms. GCC is, of course, licensed under the GPL license.

The list of major new features in GCC 3.0 includes:

• a Native-code Java compiler for faster run times and freedom from proprietary compilers.
• Rewritten support for Intel and AMD 32 bit processors which provides faster run times on these common platforms.
• Support for the Intel IA-64 (Itanium) Processor which will allow code to be ported to this new architecture.
• Support for more CPU families including chips from Atmel, Motorola, Matsushita, Mitsubishi, Fujitsu, and Sun.
• Improved C++ support with better ISO C++ standards compatibility and numerous bug fixes as well as a new Application Binary Interface (ABI) for C++.
• Improved documentation including automated generation of man pages from Texinfo documentation.

For a complete and detailed list of the new features, see the official GCC 3.0 New Features document.

ZD Net is running an article about GCC 3.0 by Stephen Shankland which looks at some of the history behind GCC. The article points out that even Microsoft, despite its recent criticisms of the GPL, has a project known as Interix which features GCC as one of the key components.

No doubt, it will take a while for GCC 3.0 to show up in the major Linux distributions. Recompiling all of the code that makes up an entire distribution will, no doubt, take some time and will reveal new bugs in the compiler and the source code. Progress marches on.

For those of you who want to get started playing with GCC 3.0, downloads are available here.

Audio

Ogg Vorbis decode RC 1. Release candidate 1 of the Ogg Vorbis decoder library has been released. "This release is a 100% feature complete implementation of the Ogg Vorbis decoder libraries." Ogg Vorbis is an open source audio compression scheme with capabilities similar to the popular MP3 format. Work is also progressing on the accompanying encoding tools.

Ecawave 0.4.0 released. Version 0.4.0 of the Ecawave graphical sound editing tool has been released. This is considered to be a stable release. This version features bug fixes, and no more dependency on Qt.

Databases

Types of JOINs (O'Reilly OnLamp). John Paul Ashenfelter discusses the details of database JOINs in an O'Reilly OnLamp article. "One of the fundamental challenges in understanding SQL is becoming comfortable with thinking about data in terms of mathematical sets and relational algebra. This is similar to the challenge procedural programmers face when making the transition to object-oriented languages -- things are just simply different and the old rules simply don't apply. Joins force you to think in a set-oriented way."

Documentation

LDP Weekly News. The Linux Documentation Project had a busy week, with 19 updated documents, including an updated Linux Installation HOWTO from Eric Raymond. Three new documents are also available, the GNU/Linux Post-Installation Checklist, the Home Electrical Device mini HOWTO, and the Linux Loadable Kernel Module HOWTO.

Embedded Systems

Embedded Linux Newsletter for June 14th, 2001. The Embedded Linux Newsletter this week mentioned formation of an industry group to standardize embedded Linux for set top boxes. The formation of the new group, known as the TV Linux Alliance, is summarized along with many other stories in the weekly Embedded Linux Newsletter.

Interoperability

Wine Weekly News issue 22. Issue 22 of the Wine Weekly News has been published. Included is a discussion of getting ActiveX working with Konqueror, talk of building a Wine kernel module, and information on the applicability of the Stanford kernel checker to other projects, among other things.

Network Management

OpenNMS Update for June 20, 2001. The June 20, 2001 issue of the OpenNMS Update covers the announced delay of 0.7.6 due to bugs uncovered during the beta test of that release. Other project status information is also included.

Printing Systems

Omni Printer Driver version 0.3 released. Version 0.3 of the Omni Printer Driver has been released. This version features a number of new features that are documented in the Changelog.

Science

Stallman: Science must `push copyright aside' (nature). Nature.com is running an article by Richard Stallman in which he discusses copyright issues and dissemination of scientific literature. "The modern technology for scientific publishing, however, is the World Wide Web. What rules would best ensure the maximum dissemination of scientific articles, and knowledge, on the Web? Articles should be distributed in non-proprietary formats, with open access for all. And everyone should have the right to `mirror' articles; that is, to republish them verbatim with proper attribution."

Web-site Development

Zope Weekly News for June 17, 2001. The Zope Weekly News for June 17th, 2001 is available. This edition covers the upcoming EuroZope conference, a new Zope Developer's Guide, and Zope-cmf.

Midgard Weekly Summary. This week's Midgard Weekly Summary includes a note on case study plans and the new Nadmin Studio 1.4 interface.

New ZODB release. Andrew Kuchling has announced a new release of the Zope Object Database. The ZODB release contains just the object data store, without the rest of the Zope structure; it can be a most useful tool for people wanting to write Python applications with persistent objects, but who are not interested in the Zope web application framework.

mod_lisp 2.0 released. A completely rewritten version of mod_lisp, the Apache web server plug-in has been released. Mod_lisp is released under a FreeBSD style license and the code is considered to be beta level.

Window Systems

GTK+ 1.3.6 released. A new release of the GTK+ libraries is now available to developers. This release makes the set of four libraries included in the pre-2.0 line a single distribution which can be built with a single configure/make/make install sequence. Libraries included in this package include GLib, Pango (the new text rendering library), Atk (a new accessibility library) and GTK. Note that the API is mostly frozen at this point and no major API changes are expected before the 2.0 release.

Miscellaneous

IBM iSCSI and Itanium projects (IBM). IBM has published updated information for two development projects. The iSCSI project site provides CVS access to kernel updates and information on the SCSI-over-IP project.

The AlphaWorks site contains information on an updated Developer Kit for the Itanium processor with support for glibc 2.2 on Red Hat Linux 7.1 and Turbolinux..

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

C

cURL 7.8 available. A new release of cURL has been announced. "Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, http proxy tunneling and a busload of other useful tricks." A new version of the Python extension to the cURL library, pycURL, is also available.

Caml

Caml Weekly News for June 12 through 19, 2001. The June 12 through 19, 2001 issue of the Caml Weekl News is available. Topics include interfacing C threads with O'caml, ocamlweb 1.0, and several new English language introductions to O'Caml.

Haskell

Glasgow Haskell Compiler 5.00.2 released. Version 5.00.2 of the Glasgow Haskell Compiler (GHC) has been announced. This release contains a number of bug fixes. Also, version 1.06 of the York Haskell Compiler (nhc98) has been released with its own set of bug fixes and some new features.

Java

Take command of your client/server apps (IBM developerWorks). Barry A. Fiegenbaum discusses Java client/server programming in an IBM developerWorks article. "The Java language, with its easy access to TCP/IP-based sockets and its ability to stream objects over them, makes it easy to exchange command messages between clients and their associated servers".

Lisp

cCLan News debut. The first edition of the Comprehensive Common Lisp Archive Network (cCLan) News has been announced. The cCLan site is just coming together, expect to see more as time passes.

Perl

New XML-RPC suite for Perl: RPC::XML (use Perl). The first full release of the Perl XML-RPC package has been announced. "The module includes a client class, a basic server class (that uses your choice of HTTP::Daemon or Net::Server as a transport layer) and a subclass of the basic server that hooks in as a mod_perl content handler."

PHP

PHP and Java (O'Reilly's onLamp). W J Gilmore looks at the Java extension for PHP in an O'Reilly onLamp article. "Do PHP developers ever sleep? I'm starting to wonder what these caffeine-entranced insomniacs are going to think of next. I'm asking this question because I can't seem to understand how PHP always seems to have just the right extension to accomplish the task at-hand."

Python

Dr. Dobb's Python-URL! for June 18, 2001. The June 18, 2001 issue of the Python-URL! has been published by Dr. Dobb's. Topics include version 0.3 of the Quixote Web development toolkit, a new ZODB and ZEO package, PyClimate 1.1 for looking at atmospheric and oceanic data, a post from Guido about GPL issues that have been fixed since Python 1.61, and a new tutorial on floating point.

Python 2.0.1c1 released. Guido van Rossum has announced Python 2.0.1c1. While this is mostly a bugfix release, the major news is that this version is now fully compatible with the GPL license. A plan to make a GPL compatible version of Python 2.1.1 was also mentioned. That release should show up within a month.

QuantLib-Python 0.1.9 released. Version 0.1.9 of QuantLib-Python has been announced. "QuantLib-Python is the SWIG Python wrap of QuantLib. QuantLib (http://quantlib.org) is a C++ open source library for quantitative finance."

Ruby

debut of the Ruby Garden news portal. A news portal for the Ruby language has been set up. Check out Ruby Garden for the latest happenings in the world of Ruby.

Smalltalk

Squeak News e-zine. Squeak News, a new interactive online e-zine that is dedicated to the use of the open source Squeak smalltalk compiler, has been announced.

Tcl/Tk

Dr. Dobb's Tcl-URL! for June 18, 2001. This week's edition of the Dr. Dobb's Tcl-URL! is now available. Topics include availability of papers from the second European Tcl/Tk users meeting, Tcl install shell version 1.2, and a Tcl implementation of a Turing Machine simulation language.

XML

3 myths of XML (O'Reilly xml.com). Kendall Grant Clark looks at some XML myths in an O'Reilly xml.com article:

• "The first myth rests on a confusion about the meanings of words like "free" and "open" when they are applied to XML-encoded information.
• The second myth is that XML is magical, that it has some unique properties that makes impossible things possible.
• The third is that technology, including XML, is more determinative of social relations and institutions than they are of it."

Miscellaneous

Unix's lessons for component architectures (IBM developerWorks). Peter Seebach discusses component architecture and code reuse in this IBM developerWorks article.
"Unix provides a beautiful example of an architecture that achieves many of the goals of component architecture, including portability and code reuse. Some of the key benefits include:

• Shell scripts are broadly portable among Unix systems. Programs in C or Perl are generally fairly portable, too.
• No other system has ever had a component used as broadly as grep.
• Code reuse is actually practical in a Unix environment.
• Ad hoc and scripting capabilities available for Unix support rapid prototyping and testing.
• Time is spent focused on solving problems, not filling out checklists of API features."

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Compaq Announces New Linux Initiatives. Compaq is not usually perceived as a 'Linux company'. They do, after all, sell lots of PCs with 'Microsoft inside'. Compaq also sells more Linux-based servers than any other computer maker worldwide. Compaq has been a supporter of Linux and open source since the early 90s when they provided computers for Linus to work on. They are a driving force behind Handhelds.org and are a pioneer in clustering technology. They have been there, they've just been quiet.

This week Compaq made some noise, announcing