Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Dmitry Sklyarov: geeks learn political activism. Last week, Dmitry Sklyarov, a PhD computer science student from Russia, came to the United States to share knowledge and information regarding serious security flaws in Adobe software (see last week's Front page) with fellow developers. He was promptly arrested.

This week, a broad-based gathering of individuals within the computer science/IT/security community came together to protest this arrest and the Digital Millenium Copyright Act (DMCA) under which he is being charged. For those of us within the United States, the basic freedoms we were brought up to believe in are being challenged: the Fair Use rights of the individual (the ability to use that which we have purchased), the pursuit of knowledge, even freedom of speech.

The software program that Dmitry helped develop performs a necessary step to allow the blind to read one of Adobe's eBooks: it takes a legally purchased eBook and translates the file into PDF format, which can then be processed by a speech generator. Once the file is in PDF format it could be illegally shared, making the program, even though it has legitimate uses, illegal under the DMCA. The Fair Rights lost in this case are the rights the disabled have to legally purchased copies which they cannot use unless modified.

Since the only action Dmitry performed within the United States was to give a talk describing the weaknesses in Adobe's security system, his arrest clearly signals that none of us can safely raise our voices about security issues. While the arrest may signal the beginning of unprecedented damage to our basic rights, it will also have a deleterious impact on research into computer security within the U.S., potentially forcing such research (and future associated revenues) outside the United States.

It is to these injustices that members of the free software community have begun to react. The individuals that comprise this community, both within the United States and internationally, don't often fit the standard profile for "political activist". Most are modestly private individuals, trying to do their job, to feed their families, and enjoy the creative feeling of developing software that gets used. Nonetheless, when faced with the clear injustice that touches so closely to their own expertise, they can and have spoken out.

Dmitry Sklyarov does not deserve to be jailed. Adobe Software touted its eBook Pro software as "virtually 100% burglarproof". They should be ashamed of attacking a researcher that exposed this claim to be false, that their software was not secure and, in fact, can easily be compromised by existing software tools. Such compromises do not require the use of the software developed by Dmitry Sklyarov (check this week's Security page for details).

The free software community organized quickly to protest Dmitry's arrest. The following protests were staged in the United States in Dmitry's support this week:

Austin, TX	Boston, Massachusetts	Chicago, Illinois
Denver, CO	Los Angeles, CA	New York City
Reno, NV	Salt Lake City, UT	San Jose, CA (Adobe Headquarters)
Seattle, WA	St Paul, Minnesota	Washington, D.C.

Add to that list an international protest held Wednesday, July 25th, in Moscow, Russia.

The protests had an impact on Adobe, who has withdrawn their complaint but stands still in support of the DMCA. Unfortunately, Dmitry is not the subject of a civil charge from Adobe, but a criminal charge from the US Justice Department. Adobe's letter is no guarantee that Dmitry will go free.

So the fight continues, with two goals: the first, to free Dmitry, and the second, to educate the citizens of the United States on the issues at stake, rousing support for the repeal or modification of the Digital Millenium Copyright Act.

In another form of protest this past week, Alan Cox resigned from the board of the ALS conference and encouraged non-US participants to boycott US conferences until the DMCA has been removed or modified enough to make attending such conferences safe for participants. His action was noticed by the major news media outlets, indicating that such a boycott may, indeed, draw needed attention to the issue. New Scientist reports that other scientific organizations are following suit. If you choose to boycott US events as a result of Dmitry's arrest, we only ask that you speak up loudly to make sure that people know you are choosing to boycott and why.

If you're moved by all this there are a number of things that can you do. First, check out the Community Declaration: Free Speech, Free Sklyarov and consider signing it. Then keep an eye on the Electronic Frontier Foundation's site. And subscribe to the Free Sklyarov Mailing List to get contacts for upcoming protests, letter campaigns, etc. It will take hard work to keep media - and legislative - attention on this issue.

Meanwhile, we do have a recent report on Dmitry's status. "As on today's morning (25 Jul 01) Dmitry is still in Las Vegas. He has spoken a few times to his wife via the lawyer. Dmitry is in a good health and spirit. He was also cheered up by the news coverage on TV and thanks everyone for the support".

In addition, the EFF has announced a scheduled meeting with the US Department of Justice to try to convince them to drop the charges against Dmitry.

Richard Stallman inaugurates FSF-India. Here's a press release from the Free Software Foundation; Richard Stallman is in India for the opening of the FSF's first Asian affiliate.

As RMS once put it, using non-free software where there is no free alternative is no valid option for a member of the free software community. If it's not free it is of no use to us, whatever added value it may contain.

This sort of opinion is common among certain types of free software advocates, and it can be very forcefully expressed. When a long-time Linux kernel hacker has to step around the issue with a comment like:

P.S. I'm sure that the Church of the FSF will no doubt excommunicate me and declare me a heretic for daring to advocate the use of proprietary software, but if so, so be it. You heard it here first --- this Linux kernel developer has absolutely no problem paying money for at least some proprietary software.

it seems clear that a certain type of "political correctness" is in the air.

Let's leave aside the little fact that Richard Stallman and the GNU project developed much of its early code on proprietary Unix systems. Is it truly "no valid option" for a member of the free software community to use proprietary software? What, exactly, is the harm in doing so?

The biggest fear that is overtly expressed seems to be that use of proprietary software reduces the motivation to write a free equivalent. At its worst, proprietary code could somehow block the development of a free package entirely. Take, for example, Richard Stallman's level of discontent three years ago when Oracle finally announced its support for Linux. While many users saw Oracle's move as an important step in the wider recognition of Linux, Stallman complained that Oracle brought nothing to the free software community and that people should be working on free alternatives instead.

At that time there was really only one free relational database management system available: PostgreSQL. It was a solid system but it lacked some key features and was not that widely recognized. Many free software users based database solutions instead on MySQL, which while not free software does provide source.

Three years after Oracle's arrival, the free software community has two solid, thriving, free database management systems, both of which have proved themselves in demanding deployments. And that doesn't count InterBase, a recently freed system which is still establishing its development and user communities. It would be very difficult to make the claim that the presence of Oracle (and Informix, and Sybase, and DB2, ...) has impeded the development of PostgreSQL and MySQL. The world of free database systems has never looked better.

Looking back even before Oracle's arrival, GNU emacs competed for some years with multiple proprietary emacs editors. The GNU version emerged from that conflict in rather better shape than the proprietary variants.

Can one really argue that ApplixWare, WordPerfect, and StarOffice have discouraged the development of free office suites? Did Netscape's browser slow down the development of free alternatives? Has the development of Linux in general been hurt because some people use dual-boot systems?

The truth of the matter is that free software tends to quickly achieve the capabilities of its proprietary competitors and push them aside. LWN has frequently trumpeted the advantages of free software and the importance of freedom in this space; there is no need to repeat those arguments now.

Today's argument is different: free software is not threatened by the presence and use of proprietary software. There may be a strong moral purpose in an individual or corporate decision to use only free software, but there is no moral need or purpose in trying to prevent others from using the tools that work best for them. No member of the free software community should be made to feel an outsider just because the programs they need to get their work done now are not available under a free license. Free software will succeed because of the liberty and technical superiority it provides. Ostracizing those who use (or sell) proprietary software is neither appropriate nor helpful.

Inside this LWN.net weekly edition:

• Security: NT-based Code Red worm, Adobe PDF security model, new vulnerabilities in procmail, BSD telnetd, Horde IMP, squid, and more.
• Kernel: Finding single-use pages, what's that new process in 2.4.7?
• Distributions: DeMuDi, MandrakeSoft's IPO, new distributions Tomukas and Sorcerer GNU Linux.
• On the Desktop: More on Java, the GNOME Installation Guide, and open source tools for guitarists.
• Development: Open Source Directory in XML, Linux guitar apps, Evolution 1.0b1, Choosing a database type, Python 2.1.1.
• Commerce: O'Reilly Conference, HP and Sun; new president at LPI.
• History: The future of the Linux community; rumors of IBM support; Ted Ts'o takes over (as kernel status list maintainer).
• Letters: Adobe and the DMCA; failed applets; history; The GPL and Commercial Development, redux.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

NT-based Code Red Worm. Last week, an NT-based worm by the name of Code Red showed up on the Internet. We neglected to cover it at the time, because it does not exploit Linux computers. Of course, given the state of today's Internet and the normal model of a worm, that was an error. No matter what operating system your computers are running, they were likely impacted by this worm at some point.

On Thursday, July 19th, approximately one day after the worm was first sighted, reports started coming in of crashes on Cisco equipment, 3Com LANmodems, and HP JetDirect printers. This is because the worm did not try to determine the operating system of the machine it attacked first. Instead it immediately attempted to initiate the buffer overflow on port 80. Since many devices run services on port 80 to allow connections by administrators, they were impacted by the worm even though they were not vulnerable to the worm itself.

Note that the worm actually did skip multicast addresses, so it did not cause the same damage to multicast networks that have been seen with some previous (Linux-based) worms.

The purpose of the worm was to infect as many hosts as possible within a limited time span, then use those hosts to stage a denial-of-service attack on www.whitehouse.gov.

Infected hosts numbered, by several different counts, in the hundreds of thousands. It was called by some "the most successful Internet worm so far", though it failed to take down www.whitehouse.gov. Its lack of success, in the end, was in part due to the security community's successful detection and analysis of the worm, which allowed the administrators of the www.whitehouse.gov site to know that the attack was coming and to be able to find a flaw in the attack pattern. In this case, the attack was launched against the IP address of www.whitehouse.gov rather than against the domain name. By moving www.whitehouse.gov to an alternate IP address, the site was kept on-line without difficulty.

As with the Linux worms, Code Red used well-known vulnerabilities, for which patches have been available for some time. There were some kinks in the system, of course. Apparently the description of some of the patches did not make it clear that they also resolved security issues. As a result, even some security-conscious sites (including some Microsoft sites) had not applied all the required patches.

In the long-term, better solutions are required than to trust millions of individuals to track and apply myriad patches. As long as we are doing so, we can always count on hundreds of thousands of machines to be vulnerable to this type of attack and, as a result, for all of us to be impacted.

In the short-term, do what you can to make the Internet a better place: apply your own patches and help those less knowledgeable than you to improve their own security as well.

You may also find Bruce Schneier's essay on Code Red of interest (from the Red Rock Eater News Service). It also contains links to other, related reports.

Adobe eBook security model. So, what is the security model for Adobe's Ebook computer which was compromised by Russian software company ElcomSoft, thereby landing Russian PhD computer science student Dmitry Sklyarov in jail? (Check last week's Front Page and this week's Front Page for the story).

If you're interested, Dmitry's presentation, entitled eBooks security - theory and practice is available on-line. It would be better, of course, with the accompanying talk, but it does a good job of showing how thin the Adobe PDF security is, pretty appalling given marketing quotes like these:

"eBook Pro", the only software in the universe that makes your information virtually 100% burglarproof! It comes with a lifetime, money-back guarantee

"At Last, You Can Sell Information Online (And Make Thousands Of Sales Per Day) - Without The Danger Of Having Your Information Stolen And Resold By Others."

All HTML pages and supplementary files are compressed with deflate algorithm from ZLIB

Compressed data are encrypted by XOR-ing each byte with every byte of the string "encrypted", which is the same as XOR with constant byte.

In addition to Dmitry's presentation, Bryan Guignard has written a whitepaper (from the Gallery of Adobe Remedies) that discusses Adobe's security as well. "Adobe make it clear that it 'expects' software developers to 'respect the intent' of its PDF security system. So as it is clearly seen from Adobe's own specification, PDF security is not based on sound technology, rather, it is based entirely on 'respect'".

He also mentions that ghostscript can similarly be used to bypass Adobe PDF security. Don't tell the Justice Department, or we'll end up losing access to that valuable tool as well!

The Black Hat Conference in Vegas (Linux Journal). The Black Hat Conference in Vegas completed last week and Linux Journal fills us in on the details. Bruce Schneier reported on his Senate testimony, attrition.org gave people an overview of what they do, who listens to them and who doesn't, and security experts in general ripped the media for poor reporting of security issues.

Security Reports

multiple procmail race conditions. Procmail uses several different signal handlers. Race conditions exist in some of these handlers which can be exploited locally to gain root privileges. Versions of procmail prior to 3.2.1 are vulnerable; an upgrade to procmail 3.2.1 will resolve the problem.

• Red Hat

Multiple vendor telnetd vulnerability. Multiple vendors, including BSDi, FreeBSD, NetBSD, OpenBSD (prior to 2.9), and Linux distributions using Netkit telnetd (derived from BSD telnet) prior to version 0.14, are using a telnet daemon that contains a buffer overflow. This is reportedly being actively exploited on BSD systems.

• Caldera, patch released for OpenLinux 2.3 and eServer 2.3 back in March. Patched systems and later versions are not affected.

Multiple Horde IMP vulnerabilities. The Horde team announced the availability of IMP 2.2.6, which fixes several security issues. It is strongly recommend that all sites running IMP 2.2.x upgrade to this version. Check also BugTraq IDs 3066, 3079, 3082, and 3083.

Squid httpd acceleration ACL vulnerability. A bug in squid's httpd_accel mode was reported by Paul Nasrat. Because squid does not properly use ACLs, squid can be used by an unprivileged account as a portscanner (similar to ftp bounce scanning). Squid 2.3STABLE4 is affected; earlier versions are not. Red Hat 7.0 is reported to be vulnerable, while earlier and later versions are not. Debian is reported not vulnerable. A patch to fix the problem is available.

• Immunix
• Trustix
• Red Hat

Tcl/tk and expect unsafe library searching. Tcl/tk and expect, as installed on some Linux systems, will search the current working directory for certain libraries. As a result, a malicious library could be created that would be unwittingly invoked.

• Conectiva

xman MANPATH environment variable overflow. xman is a component of XFree86, used for viewing man pages. A buffer overflow in xman can allow a local user to execute arbitrary code. If xman is installed with setuid or setgid privileges (it is setgid on some systems), then elevated privileges can be gained, possibly including root. Check BugTraq ID 3030 for more details. No patch or update has been provided so far.

FreeBSD exec() inherited signal handler vulnerability. FreeBSD issued an advisory on July 10th warning of a vulnerability in the FreeBSD signal handler in which an exec'd setuid program can inherit a user-supplied signal handlers set. This can be used locally to gain elevated (possibly root) privileges. An upgrade to 4.3-STABLE dated after July 9th, 2001, will resolve the problem. Check BugTraq ID 3007 for additional details.

NetBSD sendmsg kernel vulnerability. NetBSD has issued an advisory warning of a vulnerability in the 1.3 through 1.5 releases of the NetBSD kernel (including -current). "Due to insufficient length checking in the kernel, sendmsg(2) can be used by a local user to cause a kernel trap, or an 'out of space in kmem_map' panic". This can allow a local denial-of-service attack. An upgrade or patch to the kernel and a kernel rebuild and install is required to resolve the problem.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• SSH Communications SSH Secure Shell 3.0.0, remote system compromise. Note that OpenSSH is not impacted.

Updates

OpenSSL Pseudo-random number generator weakness. Check the July 12th LWN Security Summary for the original report or BugTraq ID 3004.

This week's updates:

• Linux-Mandrake

• Engarde (July 12th)
• Trustix (July 12th)
• Red Hat (July 19th)

Tripwire temporary files. Check the July 12th LWN Security Summary for the initial report. This vulnerability can allow a local root compromise.

This week's updates:

• Linux-Mandrake

Buffer overflow in xloadimage. Check the July 12th LWN Security Summary for the original report.

This week's updates:

• SuSE

• xloadimage (July 12th)

OpenSSH tmplink/cookie vulnerability. Check the June 7th LWN Security Summary for the initial report. This is also covered in BugTraq ID 2825.

This week's updates:

• NetBSD

• OpenSSH 2.9.p2 (June 21st)
• Caldera (July 12th)

BSD ptrace race condition vulnerability. Check the June 21st LWN Security Summary for the original report or BugTraq ID 2873.

This week's updates:

• NetBSD, official advisory

• OpenBSD, patches released (June 21st)
• NetBSD, CVS tree patched (June 21st)

multiple imapd buffer overflows. Check the March 15th LWN Security Summary for the original report. This is also covered in BugTraq ID 2856.

This week's updates:

• Red Hat

• Caldera (March 15th)
• Conectiva (March 22nd)
• SuSE (March 29th)
• Linux-Mandrake (June 14th)

Resources

Know Your Enemy: Statistics. The HoneyPot has released a new whitepaper entitled "Know Your Enemy: Statistics". Note that statistics aren't the enemy; they have collected statistics on the aggressiveness of current attacks and a proof of concept for predicting future attacks. "In an effort to predict trends, two members of the Honeynet Project took two different approaches. However, their findings were the similar, almost all attacks could be detected two to three days ahead of time".

Xprobe 0.0.1p1. Xprobe, written by Fyodor Yarochkin and Ofir Arkin, is a newly available fingerprinting tool based on Ofir's research in ICMP Protocol Usage in Scanning.

Snort signature for BSD/TESO telnetd exploit. Marty Roesch and Brian Caswell have made Snort signatures available for the Multiple Vendor Telnetd Buffer Overflow Vulnerability.

Events

Upcoming Security Events.

Date	Event	Location
August 6 - 10, 2001	CERT Conference 2001	Omaha, NE, USA.
August 7, 2001	CIBC World Markets First Annual Security & Privacy Conference	New York, NY, USA.
August 10 - 12, 2001	Hackers at Large 2001(HAL2001)	Enschede, Netherlands
August 13 - 17, 2001	10th USENIX Security Symposium 2001 Conference	Washington, D.C.
September 11 - 13, 2001	New Security Paradigms Workshop 2001(NSPW)	Cloudcroft, New Mexico, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current kernel release is 2.4.7. See the changelog for the list of fixes in this release. As of this writing, there are no 2.4.8 prepatches, 2.4.7 "ac" patches, or signs of 2.5.0 out there.

Linux Device Drivers, Second Edition, available online. The full text of the second edition of Linux Device Drivers by Alessandro Rubini and LWN editor Jonathan Corbet is now available online on the O'Reilly web site. The book is freely redistributable under the terms of the GNU Free Documentation License.

Finding single-use pages. Daniel Phillips has, for the moment, turned his attention away from directory indexes, and is working on ways to improve Linux's virtual memory performance. To that end, he has attacked the problem of single-use pages - pages in memory that will only be used once. Such pages are often, but not always, associated with file I/O. Single-use pages, clearly, should be the leading candidates to be thrown out when memory is tight; after all, they will not be used again.

The hard part, of course, is figuring out which pages are of the single-use variety. Daniel's approach involves, essentially, initializing a new file I/O page in the "inactive" state. Only on the second access will new pages go into the regular management scheme. With luck, single-use pages will never become truly active, and will get flushed out quickly.

As usual for Daniel's patches, there is an attached description which discusses what's going on far more clearly than we could do it; a reading is recommended for anybody who is interested in how VM works now, and how the change works. Linus really likes the patch, and is looking to integrate it quickly if it holds up in wider testing.

What's that new process in 2.4.7? Sharp-eyed users of 2.4.7 may have noticed one or more new entries in their ps listings that look like:

    3 ?        SWN    0:00 [ksoftirqd_CPU0]
    4 ?        SWN    0:00 [ksoftirqd_CPU1]

The Linux kernel, like many others, incorporates a "soft interrupt" (or "softirq") mechanism. A softirq is similar to a hardware interrupt, in that it can be delivered asynchronously and is intended to handle events which may not be related to whatever process is running at the time. A softirq, however, is set up by the software itself, and it is delivered at a time that is relatively convenient for the kernel code.

Softirqs exist to enable asynchronous processing that is too large to be handled during a hardware interrupt. An obvious example is the networking code. A hardware interrupt is generated when a packet arrives, but it would be highly inappropriate to perform all of the protocol handling at that time. Instead, the (hardware) interrupt handler performs the minimum possible work; things like acknowledging the interrupt, and, maybe, handing the packet over to the networking subsystem. Then a softirq is requested to actually do something with the packet. Many other device drivers (and other kernel subsystems) use softirqs for deferred processing, often in the form of tasklets and "bottom half" processors.

About a month ago, Andrea Arcangeli pointed out some problems with how softirqs are handled. Up through 2.4.6, there were two places where a softirq would generally be run: (1) immediately after the handling of a hardware interrupt, or (2) in the scheduler. Due to the way things were done, there could be a significant passage of time before a softirq would actually run. More seriously, softirqs could be invoked within softirqs, leading to stack overflows. It was also possible, in some situations, for softirqs to saturate a CPU, starving the rest of the system. For example, a high-bandwidth network stream could bury the system in networking softirqs, making the system unusable.

Andrea's fix was to create a separate kernel thread for the processing of softirqs. In this way, the softirqs are guaranteed to be serialized on each processor (since the thread handles one at a time), and they are unable to take over, since the 'ksoftirqd' process is scheduled like any other (albeit at a high priority). The patch, after some tweaks, seems to handle the problems well and was incorporated into 2.4.7pre5.

Not everybody is happy with the fix - some think that compute-intensive processing, such as network protocol handling, should be moved into its own thread rather than moving the entire softirq mechanism. But those arguments are moot, since the patch has been incorporated. Instead, the real debate now seems to be over how the process should be named: it seems that some people find ksoftirqd_CPU0 to be excessively ugly. Names like kirq0 are being proposed instead. This issue, however, does not look like the kind that reaches a simple, quick resolution...

Filesystem performance compared. Denis Lackovic and colleagues have posted a set of performance comparisons for six different filesystems. The results are surprising at times, and distressingly inclusive. You'll not know which filesystem to use after reading the results, though you'll have learned quite a bit. They were able to determine, however, that people who are concerned about performance should not be using VFAT.

Other patches and updates released this week include:

• Jeff Dike has released an update to User-mode Linux with a number of new features, including I/O memory emulation.

• devfs v183 was released by Richard Gooch.

• The sixth beta of ALSA 0.9.0 has been released.

• Keith Owens has released a version of the new kernel build system for 2.4.7.

• Greg Kroah-Hartman has released a new Compaq PCI hotplug driver for 2.4.7.

• Heinz J . Mauelshagen has released version 0.9.1beta8 of the logical volume manager.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

DeMuDi GNU/Linux. DeMudi is a proposed new Debian-based GNU/Linux distribution focused on Multimedia work.

Multimedia, and specifically multimedia production, has only recently become well integrated into the Linux kernel. If one wants to use the power of Linux to do multimedia and artistic work, one has to fight through self-compiling the recent programs, with incompatibility of interfaces, availability of hardware drivers and several other related topics, lowering to a considerable amount artistic productivity.

DeMuDi is an effort to overcome this dilemma by providing a customized distribution specifically for this kind of user.

DeMuDi is, as a result, a perfect example of why there will always be new Linux distributions. As long as there are sufficient people (sometimes it only takes one) with a common interest that do not feel their needs are met by any of the existing distributions, new distributions will come into being to address these needs.

Someday, of course, support for Multimedia may be widespread enough that a specialized distribution may not be required. On the other hand, if the community supporting it is large enough and the quality of the distribution is high enough, loyalty and common interest could keep this entry in our distributions list indefinitely.

Note that DeMuDi is at an initial phase, building a list of packages they want to include, but has no packages for download. The Computer Music Institute, in Firenze, Italy, and FSF Europe are listed as partners in the endeavour.

MandrakeSoft IPO. MandrakeSoft, creators and producers of the Linux-Mandrake distribution, proudly announced this past week that they have received formal approval from the COB (Commission des Operations en Bourse - the french regulatory organisation) to be listed on the Euronext european stock market "March Libre". The listing should start on the 3rd of August.

This is the first IPO for a Linux distributions company in over a year and also the first we know of outside of the USA stock markets. We wish them the best of luck.

Initial reports indicated that involvement in their IPO process would require French, or at least European, citizenship. That is apparently incorrect, though getting an account setup with one of the approved on-line brokers was required. Note, however, that the deadline for involvement is Friday, July 27th, on which date the opportunity to purchase fixed price shares will be ended. The fixed price is 6,2 euros per share (around $5.50 US).

Check also this CNN article on the IPO. It has some useful information, such as the total amount of money MandrakeSoft could raise, when they hope to be profitable, etc.

Slackware Sparc discontinued. Many people have written in to point out that Slackware announced last week that its Sparc port will be discontinued. A community-based version entitled Splack version appears to be taking the code base and making their own version. (Thanks to James A Morrison)

Correction to last week's edition. Last week, we listed AppuntiLinux as a new distribution. It is not, as several people pointed out to us. Simone Lazzaris commented, "AppuntiLinux is not a distribution, but a huge collection of documentatation about Linux, covering every aspect of installation, configuration, programming and daily working with our beloved penguin. AppuntiLinux, written by Daniele Giacomini, is one of the best source of information for every user, written in plain langage that can be read with ease even by a newbie; in fact, I've started my adventure with Linux reading AppuntiLinux".

Our apologies for the error. Due to time constraints, this editor failed to run the site by our Italian language resource, Jonathan Corbet. Many thanks to all of you who wrote in to correct us.

New Distributions

Tomukas mini-distribution. Tomukas is a Debian-compatible mini-distribution that can run on a 386 with as little as 4MB of memory. (Thanks to Fred Mobach).

Note that, although tiny, this is not a floppy-based distribution. It installs directly onto a partition on a hard drive. The author, Radovan Garabik, uses a Debian rescue disk and an existing MSDOS partition to get started.

Sorcerer GNU Linux. Sorcerer GNU Linux is a new entrant into the distributions list that is a source-based distribution. The distribution is created by downloading source tarballs that are then compiled and installed directly on the local machine. The initial release, 20010721, has only been out for a few days.

Distribution News

Red Hat News. For anyone interested in helping translate Red Hat Linux documents for non-English languages, this note from Trond Eivind Glomsrød covers new procedures for translators. It also provides some brief information on how to become a translator.

Debian News. The Debian Project issued a note voicing their opposition to the DMCA and urging people to read and sign (if they agree) the Community Declaration that calls for the release of Dmitry Skylarov.

The One Hundredth edition of the Kernel Cousin Debian Hurd was released on July 24th. It reports progress with PPP, F3 CDs that are "nearly" ready, the release of GRUB 0.90 and more.

Linux-Mandrake News. This week's Linux-Mandrake Community Newsletter indicates that the release candidate for Mandrake Linux PPC should be released soon.

It also talks about the Clara OCR project, which MandrakeSoft is sponsoring. "Clara OCR is a free (GPL) Optical Character Recognition program for Linux/Unix. It features a powerful GUI and a web interface for cooperative digitalization of printed materials. Clara OCR development started in 1999 and is approaching production level".

Coyote Linux News. A new Coyote Linux FAQ was published on July 17th.

DragonLinux News. The DragonLinux website has been freshly re-done and a new version, based on Slackware Linux 8.0, is promised "soon". DragonLinux is customized to install on top of Microsoft Windows or DOS and co-exist with that environment. " New in this version of DragonLinux is the Loopback file-system. This allows for installation on Windows and DOS partitions, while utilizing the Native Linux (ext2) file system with almost no performance loss."

Redmond Linux News. Redmond Linux is actively seeking channel partners for their distribution.

Minor Distribution updates

• Astaro Security Linux 1.824, includes minor bug fixes. Astaro is a firewall solution.

• Mindi Linux 0.33, has been tested with Linux 2.4.7 successfully and now handles NFS mountpoints more gracefully. Larger kernels will now work as well. Mindi creates a bootable CD from your existing distribution.

• Timo's Rescue CD Set 0.7 was released on July 24th. It contains major feature enhancements, including elimination of the limitation on kernel and/or initrd size, Linux 2.4.6, DHCP support and more.

Distribution Reviews

SuSE Linux 7.2 Professional (Linux in Brazil). Although there is no Portuguese version of SuSE Linux 7.2 (the last version was for SuSE Linux 7.0), the quality of the distribution has made it of interest to Brazilian and other language-speaking Linux enthusiasts. As a result, Linux in Brazil has published this review of SuSE 7.2 (in Portuguese). A (very poor) translation into English can also be procured from Babelfish. Their overall impression seems very positive, despite the lack of up-to-date translations for the documentation.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

In your article you make the observation that Blackdown's Java implementation and IBM's appear to come from different code bases. This is indeed the case. IBM's jvm on Linux Intel is ported from our AIX jvm. Our AIX jvm was ported from Sun code, with IBM contributing many bug fixes and code back to Sun. Our JIT is entirely our own code. It was originally written by a team of IBMers in Tokyo on Windows, and this JIT was then ported to Linux.

He then goes on to say that the reported "floating stack" problem that affects Java on Red Hat 7.1 systems is already handled by the IBM JRE, something we reported (although we didn't state it quite that clearly). The workaround provided in the current releases that addresses this issue won't be necessary in future versions as IBM has a fix for the problem already working in the labs. One final note from Kacur:

The RPMs should be relocatable, so you aren't forced to install them in /opt. You can read the rpm man page for more information about installing relocatable RPMs.

Okay, we knew that one. Win a few, lose a few.

Sun's Java for Linux  The other note we received was from Sun, who felt a little left out of our review. In fact, they were left out, but not intentionally, so we'll include them this time around.

You can always find the most up-to-date information about Sun's releases at http://java.sun.com/j2se. That page has links to the 1.3.1 release as well as to the 1.4.0 release, which is now in beta.

Sun's Java Runtime Environment includes their own browser plug-in, making for a total of at least three alternatives (Blackdown, IBM, and Sun) to the builtin Java support in Netscape.

Choice is good.

Desktop Environments

GNOME Installation Guide 07/2001 published. The latest version of the very useful GNOME Installation Guide has been published. This guide provides a complete listing of libraries and applications associated with GNOME, how to build them and what they do. It's a good reference point if you can get past some of the funky colors (yellow letters on black background, for example - ouch!).

The Omnivore - KDE's flexible I/O architecture (C'T). C'T magazine has published an English translation of an IOSlave tutorial written by Carsten Pfeiffer and Stephan Kulow. "The KIO library itself is modular. Individual I/O modules are called 'kioslaves'. Each slave is responsible for at least one protocol. They do not just deal with network protocols either: they may also implement the reading and writing of compression formats such as tar or gzip, or may extract tracks from an audio CD. "

Proposed Timetable for KDE 3. In order to set some expectations for the post 2.2 release, Waldo Bastian posted a proposed schedule for KDE. The upshot: KDE 2.2.1 in September, KDE 3.0 in January 2002.

GNOME Summary for2001-07-09 to 2001-07-22. This week's GNOME Summary covers the release of Sun's GNOME usability report, the release of the first Evolution 1.0 beta releases, and information on using Galeon in a kiosk.

GNOME at LinuxTag 2001. From the much-too-late dept. at gnome.org comes this look at GNOME participation at LinuxTag 2001.

GNUStep Weekly Update. GNUStep's Weekly Update this week includes updates for MacOS-X interfaces.

Office Applications

KOffice API Reference Available. The API documentation for KOffice has been posted to the KOffice web site for developers to review.

AbiWord Weekly News. The 53rd edition of AbiWord Weekly News is now online. This week saw DocBook importer fixes, the addition of Galician speller files and stomping out of some long standing image cut and paste issues. GNOME Print was also improved, with better memory management and fixes to enable the print preview.

Gnumeric 0.68. A new release of Gnumeric is out, mostly to cover bug fixes but with a few new features, such as frozen panes.

Desktop Applications

WorldForge News: Acorn 0.4. The WorldForge team has released a new version of its second game, Acorn. This release includes a number of new features, including goal-motivated artificial intelligence and a richer collection of artwork, sound effects, and music.

Gimp-Print 4.1.99a2. A new version of Gimp-Print was released this past week. Updates include crash fixes for Epson and Lexmark printers, fixes for preview updates, and the stp driver has been qualified against GhostScript 6.51.

Rockin' in the Free Software World (O'Reilly). This article from O'Reilly examines the breadth of open source tools available to guitarists from tuning, to writing musing, to adding sound effects. "Instrument tuners come in two flavors: fixed-pitch tuners made for a specific instrument, such as a guitar or bass; and chromatic tuners which can tune any instrument. A chromatic tuner can come in handy, even for a guitarist, but we'll stay focused here on some of the better Linux guitar tuners."

And in other news...

GNOME Usability study released. The full report on the Sun's first GNOME Usability study is now available online. Calum Bensom reported that the report expands on his preliminary results presented at GUADEC2.

TheKompany's Shawn Gordon Responds In Full (Slashdot). Here's an interview with Shawn Gordon of TheKompany.com. "Shawn Gordon: When we started 2 years ago we had one product in mind and a very specific goal. Since that time our products have expanded dramatically and so have our goals. Basically we are trying to provide developer software and desktop software on Linux, specifically using KDE. The idea is that you can't have critical mass for users on the desktop without there being some core software available, and you can't necessarily attract developers for specialized software and vertical market applications without there being a critical mass of users. By addressing these two ends of the spectrum we hope to get people on the platform."

City of Largo Adopts KDE 2.1.1. The City of Largo, Florida has migrated to 400 thin client systems running KDE. "The City of Largo is a thin client/X shop. We have 400 thin client devices that support X, 800 total users, and run about 230 concurrently during the heaviest part of the day. For the last 7 years, we have always built one large 'desktop' system that everyone logs into and gets their desktop. ... Previously, this function was done by the IXI Desktop on SCO OpenServer... The Friday cutover was moving all of these users off of Unixware to RedHat Linux 7.1 and KDE 2.1.1 "

.comment: The Desktop? The Desktop! (LinuxPlanet). Here's a rambling LinuxPlanet article on various desktop topics. "KWord, zoomed to 150 percent and entering text in Serifa-12 with anti-aliasing on and a screen resolution of 1600x1200 is just about as pleasant an experience as I've had since my days of DeScribe under OS/2. I'm starting to really like it, and have the feeling that it will be my word processor of choice until further notice. I'll write more about it when I've dug deeper into it, but for now I think it's safe to say that KWord is just about there."

Linux "upgrade" unveiled for Palm III (LinuxDevices). A new embedded Linux distribution is available for Palm IIIx and IIIxe users, according to this LinuxDevices.com report. "Leung said Linux DA's graphical user interface (GUI) is home grown, so it is not based on any of the other available handheld computer Linux GUI and windowing environments, and there is no browser available in the demo version currently available for download."

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

The database consists of nearly 400 stable applications. The News Forge article quotes OSD co-founder Steve Mallett: "'We're following the dmoz model', says Mallett. 'Put the directory information out there for any and everyone to use; not just at OSD. The chances that people will try and use a stable, open-source application increases with the amount of people/websites presenting it.'"

If your application could use such a software list, now is a good time to incorporate the feature. The O'Reilly xml.com resource sites page lists a large number of tools for helping to get the job done.

Audio

Alsa 0.9.0 beta 6 released. A new beta version of the Alsa sound card driver and library has been released. There is not much information on what fixes and features are included in this version besides a mention of some compilation bug fixes, but then, it's only a beta release.

WaveSurfer 1.0.4 released. Version 1.0.4 of the WaveSurfer multi-platform soundfile editor has been released. This edition adds Ogg/Vorbis support, Transcription support, localization, and new functionality for HTK/MLF files.

Browsers

Evolution 1.0 Beta 1 announcement. Ximian announced the release of Evolution 1.0 Beta 1. The Beta 1 preview release begins the countdown to the 1.0 release this fall. Check it out, and don't forget to send bugs to bugzilla.ximian.com!

Databases

Choosing a database management system (IBM developerWorks). Uchi Ogbuji looks at the issues involved in choosing a database in an IBM developerWorks article. "The study of databases is a battleground of ideas. The database community is one of the oldest in the computer world, and it is almost as famous as the application programming community for the diversity of its ideas and the sharpness of the debates between its gurus. Lately events have conspired to expose these concerns to a wider audience. For instance, the seemingly inexhaustible march of the Web revolution has exposed more and more developers to database issues because of the desire for ever more dynamic Web sites." The article provides a good overview of the current database technologies that are available, while avoiding discussion of specific databases.

Integrating database access into Linux applications (IBM developerWorks). Alex Roettler looks at the use of MySQL for a web based database application in an IBM developerWorks article. "This article describes MySQL, a useful tool for developing e-commerce and other complicated, dynamic Web sites that make use of third-party databases. MySQL is a fast, multi-threaded, and fully functional SQL server. In addition to describing the basic architecture of the MySQL system, this article offers simple examples in both Tcl and C++ that can start you down the path to developing database-aware Web applications."

Education

SEUL/Edu Linux in education report #49. The July 23, 2001 edition of the Linux in Education Report is available. This issue covers a discussion on how Microsoft anti-piracy measures are boosting Linux acceptance in schools. A bunch of new open source educational software is also reviewed.

Interoperability

Latest Samba News. The latest Samba news includes the addition of Motonobu Takahashi to the Samba team as the local Japanese language expert. Samba 2.2.1 and 2.2.1a are also discussed.

Mail Software

Gypsy Mail 0.6.3 beta released. Version 0.6.3 beta of Gypsy Mail has been released. Gypsy Mail is: " A Python clone of the well-known cgiemail script, with added features and flexibility. This script allows you to set up an HTML form on your website, to collect information from your site's visitors, and send a very nicely formatted e-mail to yourself, or other e-mail addresses." This version adds a customizable success page.

Science

The Open Source Operating System (MD Net Guide). MD Net Guide looks at Linux from a medical professional's point of view: "One problem with this philosophy comes immediately to mind: Just rewrite the code? Are you kidding? Who knows how to do that? While users with the technical know-how can certainly rewrite to their heart's content, most do not possess the necessary knowledge and abilities. Programmers all over the world, however, are constantly working on Linux software, creating a steady stream of updates. Users can also hire programmers to customize programs."

Standards

LSB-FHS2.2beta release. The Open Group has released beta 2.2 of the LSB-FHS test suite. The test suite exercises filesystem hierarchy aspects and is aligned with FHS version 2.2.

System Administration

Transitioning from Windows to Linux (IBM developerWorks). IBM has posted a 50 page technical FAQ on transitioning from Windows to Linux. The document is in PDF format and availble for free download.

Web-site Development

Midgard installfest on Aug 14th 2001. Nemein Solutions has organized a Midgard installfest for August 14th, starting at 17:00, in Finland.

Zope 2.4 released, and Digital Creations changes name. The company formerly known as Digital Creations has announced the release of Zope 2.4. Check out the announcement for the list of new features.

In keeping with its focus on Zope, Digital Creations has also announced that it has a new name: Zope Corporation.

Zope Weekly News for July 20, 2001. The July 20, 2001 edition of the Zope Weekly News is available. This issue covers a new CVS update, a new Zope Book, a Zope Developer's Guide beta release, and more.

Apache: Aid From APR (ZDNet). ZDNet examines the Apache Software Foundations library of C functions called APR (Apache Portable Runtime). "These programs will run equally well on Apache on any platform. CGIs written in C will run faster than scripts in languages such as Perl or Python because C programs are precompiled, while Perl and Python must be interpreted on the fly."

Miscellaneous

Sony survey for U.S. based PS2 Linux developers. Sony has posted a very short survey on their PS2/Linux site to gauge interest from U.S. developers.

Nemein names new board member. Nemein's, a Midgard solutions provider, has named Timo Syrjänen to their board of directors.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Lisp

Gnu CLISP 2.27 released. Version 2.27 of Gnu CLISP is available. "This version adds a SETFable EXT:GETENV, optional hostname resolution in EXT:SOCKET-STREAM-PEER and EXT:SOCKET-STREAM-LOCAL, new arguments to EXT:SOCKET-STATUS and more ANSI-compliant pathname handling. It also fixes some FFI and binary I/O bugs."

cCLan News for July 18, 2001. The July 18, 2001 edition of the cCLan News has been announced. This issue contains a list of new and updated packages and covers the effort to add cCLan support to OpenMCL.

PHP

PHP Weekly Summary for July 23, 2001. The July 23, 2001 edition of the PHP Weekly Summary is out. Topics include bug system changes, an SID/gzip bug, revisiting the autocasting bug, new XSLT extensions, an SRM beta, and a fix to the cURL extension.

Python

Python 2.1.1. Guido van Rossum has announced the release of Python 2.1.1. This release fixes bugs from 2.1; it also features a GPL-compatible license.

PyWebLib 1.0.4 released. Version 1.0.4 of PyWebLib has been announced. This version features several bug fixes.

PyChecker 0.7.5 released. Another release of PyChecker, the Python language code checking program has been announced. This version adds the ability to suppress various warnings, has several new command line options, and fixes several bugs.

Last File Manager 0.4. A replacement for Midnight Commander in Python/curses has been released. LFM (Last File Manager) is usable but still under development.

Dr. Dobb's Python-URL! (Jul 25). This week the Python world covered discussions on using Python with XML (and WSDL), how Python fits in a .Net world, and issues with combining Python with C++. See Dr. Dobb's Python-URL! for more details.

Tcl/Tk

Dr. Dobb's Tcl-URL!, July 23. The Dr. Dobb's Tcl-URL! for July 23, 2001 points readers to ActiveState's release of ActiveTcl, the TSIPP Workbench and back to LWN for Conectiva's security advisory on Tcl's default runtime library.

Miscellaneous

Combining Python and C++ (O'Reilly). Stephen Figgins looks at various tools for combining C++ and Python programs in an O'Reilly ONLamp.com article. "Python and C++ easily compliment each other. Python gives you rapid development and flexibility, C++ gives you speed and industrial strength tools. While there is no standard tool for extending Python with C++, there are many Python wrappers to C++ libraries, particularly GUI toolkits. The developers of these interfaces haven't just given us the wrappings, they have given us the wrappers as well, tools to give any C++ object a Python interface."

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Announcements from O'Reilly Convention. At this writing the O'Reilly Open Source Convention is in full swing. Now O'Reilly Con isn't one of those big commercial events like Comdex or LinuxWorld where you can see all the latest toys and snappy apps and the press releases swell this section to two or three times normal size. The O'Reilly conference is a place where developers go to talk about new technologies and open source projects. This year's conference, however, has been generating a buzz in the commercial world.

Perhaps it started with the debate between Red Hat CTO Michael Tiemann and Microsoft Senior Vice President Craig Mundie. The topic: "Shared Source vs. Open Source". Interesting, no doubt, but most developers have already made up their minds on the topic, and they are not likely to be swayed by any arguments given here. What is more exciting are the open source announcements from Hewlett Packard Company and Sun Microsystems.

HP Labs created cooltown, a developer's community with a "vision of a technology future where people, places, and things are first class citizens of the connected world, wired and wireless". The CoolBase open source project, launched at O'Reilly Con, provides the initial set of building blocks for researchers and advanced developers to create cooltown services and environments, and to participate in a community of like-minded experts. So CoolBase isn't really the sort of product usually covered here, but it may well be used to develop those future products that will drive the crowds at Comdex wild. LinuxDevices also has more information on CoolBase.

Sun Microsystems first introduced the Sun(TM) Grid Engine software in September 2000. The Sun Grid Engine is a resource management system. It makes systems more productive by putting idle resources to work. The program has always been freely available, but this week Sun announced the release of the source code for the Grid Engine. CollabNet will be helping Sun to manage the code which will be licensed under the Sun Industry Standards Source License.

LPI Announces New President And Director. The Linux Professional Institute (LPI) announced the appointment of Chuck Mead as President and of James Lacey to the LPI Board of Directors. Mead is LPI's second President, replacing Dan York who has held the position since the Institute's inception in 1998. Mead is a co-founder of LPI, the CEO of Moongroup Consulting and former CTO of LinuxMall.com. James Lacey has been involved with LPI since 1999 and is CEO of Bradford Learning, a company formed by the spinoff of Linuxcare University.

A new boss at SuSE. SuSE has announced that Johannes Nussbickel, previously chief financial officer at the company, will be taking the chief executive officer position. Former CEO Roland Dyroff is taking a seat on the board of directors.

Sleepycat Releases Berkeley DB version 3.3. Sleepycat Software, Inc. announced Berkeley DB version 3.3, which provides features for high availability and support for the Lineo Embedix embedded Linux operating system.

Sair Linux and GNU Newsletter #9. Here is the ninth Sair Linux and GNU Newsletter. Sair will once again be offering Linux certification at LinuxWorld; Sair self-study kits are available; and other topics are covered.

Linux Stock Index for July 19 to July 25, 2001.

LSI at closing on July 19, 2001 ... 28.08
LSI at closing on July 25, 2001 ... 28.09

The high for the week was 28.09
The low for the week was 28.01

Press Releases:

Open source products

• Borland Software Corporation (LONG BEACH, Calif.): Borland Delivers Kylix Open Edition for Linux Community.

• OpenLink Software, Inc. (BURLINGTON, Mass.): OpenLink Software Unleashes ODBC SDK Update for Mac OS..

Proprietary Products for Linux

• AppWorx Corporation (BELLEVUE, Wash.): AppWorx Enterprise Job Scheduler Now Available for Linux.

• Borland Software Corporation (SCOTTS VALLEY, Calif.): Borland Drives Rapid Application Development for Linux with Kylix Evaluation Program; Borland Kylix Now Available for 60-Day Free Trial Download.

• Computer Associates International, Inc. (ISLANDIA, N.Y.): Unicenter Wins Editors' Choice Award From CNET Linux Magazine.

• Extended Systems (LONG BEACH, Calif.): Extended Systems' Advantage TDataSet Descendant Client to Support Kylix.

• Oracle Corporation (REDWOOD SHORES, Calif.): Developers Can Download Oracle9i Database on Linux Today.

• Total Impact (Camarillo, CA): Total Impact's New BRIQ Provides Lightweight, Energy Efficient and Affordable PowerPC Linux Computing.

• Xi Graphics Inc. (DENVER): Xi Graphics Announces Support For New ATI Radeon VE Card.

Hardware with Linux installed

• Dell Computer Corporation (): Dell PowerEdge 7150 (Itanium) with Red Hat Linux 7.1 now available!.

Products and Services Using Linux

• Intrusion.com, Inc. (RICHARDSON, Texas): Intrusion.com Offers Four New Integrated, ''Secured by Check Point'' Appliances.

• Total Impact (Camarillo, CA): Total Impact announces Centricity Render Engine.

Products With Linux Versions

• Agere Systems (ALLENTOWN, Pa.): Agere Systems Makes It Easy to Set Up and Manage Wireless Networks for Homes, Small Businesses and Enterprises.

• Aladdin Systems (New York, NY Macworld Expo): StuffIt Engine(tm) Software Developer Kit (SDK) for Linux and Solaris shipped.

• BCC Technologies (IRVINE, Calif.): BCC Launches First iSeries 15K RPM Disk Drive.

• Ensim Corporation (SUNNYVALE, Calif.): Ensim Introduces First Hosting Reseller Automation Suite.

• GraphOn Corporation (MORGAN HILL, Calif.): GraphOn Announces GO-Global Next Generation Software for Web Enabling Windows, UNIX, and Linux Applications Instantly.

• MSC.Software Corporation (SANTA ANA, Calif.): MSC.Software Integrates MSC.Patran With MSC.Engineering-e.com Internet Infrastructure.

• ORINCON Corporation International (SAN DIEGO): ORINCON Launches New Company Focused On Growth in Network Security Market.

• Rolland Virtual Business Systems Ltd. (MONTREAL): RVBS Launches the New Version of Fractal Commerce.

• The MathWorks, Inc. (NATICK, Mass.): The MathWorks Announces New Curve Fitting Toolbox for MATLAB.

• The MathWorks, Inc. (NATICK, Mass.): The MathWorks expanded Filter Design Toolbox links with DSP Blockset and Developer's Kit for TI DSP.

• Xi Graphics Inc. (DENVER): Xi Graphics Announces UNIX(R) Graphics Support for Satellite Pro 4600.

Java Products

• Borland Software Corporation (SCOTTS VALLEY, Calif.): Borland Drives Java with JBuilder 5 Personal; Free Download Offers New Users Fast and Easy Way to Learn Java Technology.

• Borland Software Corporation (LONG BEACH, Calif.): Borland Announces New Version of Enterprise Studio for Java.

• Headway Software (DENVER and SAN DIEGO): Headway Software Extends Headway reView's Reach with the Release of reView Publisher and freeView.

• Headway Software (DENVER and SAN DIEGO): Headway Software Releases Beta Version of Pure Java Headway reView With Initial Support for Windows, Solaris and Linux.

• SmartMode (San Francisco, CA): SmartMode Releases Version 1.0 of Rapid JavaServer Pages (JSP) Development tools.

Partnerships

• EdgeMatrix (SINGAPORE): EdgeMatrix and Red Flag Ride the Linux Platform to Capture the Wireless Multichannel Market in China.

• Stratabase (ABBOTSFORD, British Columbia): Stratabase Announces Hewlett-Packard Relationship and Expanded CRM Solutions.

Investments and Acquisitions

• Lok Technology, Inc. (CORAL GABLES, Fla.): Lok Technology, Inc. Receives Funding.

Personnel & New Offices

• Caldera International Inc. (SANTA CRUZ, Calif.): Caldera International Inc. Boosts Marketing Efforts; Dr. Timothy Ashby named executive vice president of worldwide marketing..

• everStor Inc. (ANAHEIM, Calif.): everStor Appoints Jamie Broadbent as Director of Sales. everStor software is designed for Linux and Sun Solaris Sparc and X86 platforms. everStor software

• Open Source Development Lab (PORTLAND, Ore.): OSDL Recruits Linux Community Notables; Lab Announces New Hires to Facilitate Projects Using OSDL.

Financial Results

• MSC.Software Corp. (COSTA MESA, Calif.): MSC.Software Reports 41% Growth in Earnings.

Linux At Work

• IBM (Darwin): Northern Territory Department of Education Selects Linux and IBM.

• Wincor Nixdorf, Inc. (AUSTIN, Texas): The Home Depot Rolls with Wincor Nixdorf's Linux-based Mobile POS Systems for Expo Design Centers.

Other

• NuSphere (BEDFORD, Mass.): NuSphere President to Outline Market Landscape and Comment on the Parallel Universe of Open Source.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Open-source brouhaha: Missing the point (ZDNet). Collab.net founder Brian Behlendorf offers an commentary on how the meaning of open source may have been lost recently. "What the open-source community has proven is that individuals--and, by extension, companies--can work together on a much more discrete, iterative level...It may seem chaotic at times; for programmers, balancing the requirements of their employers with that of the other participants may be a constant challenge. But it can work."

mySQL vs. mySQL (VarLinux). Nicholas Petreley looks at the NuSphere/MySQL disagreement. "Now, if I -- as a fan of mySQL -- am tempted to replace mySQL with PostgreSQL, don't you think a lot of other folks are, too? Well, what do you think would send them packing for the PostgreSQL hills faster than Fear Uncertainty and Doubt? That is exactly what is produced by an ugly court battle and a contentious fork of the mySQL database."

DMCA and Dmitry Skylarov

Congress No Haven for Hackers. Wired is carrying a story on the DMCA which quotes the chief sponsor of the act as saying it was working as they'd hoped. "As far as I know there have been very few complaints from intellectual property holders," Coble, the chief sponsor of the DMCA, said in an interview Tuesday. "I am also encouraged by the Department of Justice's actions in this matter to enforce the law."

Computer scientists boycott US over digital copyright law (New Scientist). New Scientist reports on the Sklyarov affair, and, in particular, the concerns that many hackers may now have about going to the U.S. "[Alan] Cox is not alone in his concerns. The organizers of one conference that concentrates on testing the security of data protection systems, the International Information Hiding Workshop, have already decided to no longer hold the event in the US."

FBI Arrest of Russian Software Developer May Trigger Copyright Fight (law.com). Law.com is running an article about the arrest of Dmitry Sklyarov. "But the controversy has caught the attention of some in Congress. Rep. Rick Boucher, D-Va., has said he intends to introduce legislation to modify the [DMCA]. His office did not return phone calls seeking comment. But [EFF attorney Robin] Gross said Boucher has talked about making it legal to circumvent blocking devices when one owns the material that is being blocked."

Free Dmitry Sklyarov! (Linux Journal). Here's a look at the DMCA and how it has turned the life of Dmitry Sklyarov into a nightmare. "Let's say you're having a nightmare. You're living in a dictatorship, a police state. The Leader's younger brother runs a State-owned factory that makes nails and screws. However, the State's engineers have been unable to figure out how to make nuts and bolts that, as fasteners go, are technically superior. To protect his younger sibling from nuts-and-bolts competition, The Leader announces a new Law that makes nuts and bolts illegal. Of course, this is stupidity writ large, because The Nation's economy needs nuts and bolts. But The Leader and his sibling could care less. They're out to enrich themselves, not the people."

Boycott Adobe campaign launches (Register). The Register covers the Dmitry Sklyarov case. " The affidavit in the case states that Advanced eBook Processor would allow anyone to read an eBook on any computer without paying the fee to the bookseller. ElcomSoft denies it is involved in facilitating copyright piracy and said its program only increases a purchaser's control of legitimately purchased eBooks."

Hacker Arrest Stirs Protest (Wired). Wired loo