[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Linux in the schools. Red Hat CEO Matthew Szulik lectured LinuxWorld attendees on the importance of getting Linux into the public schools. One might argue that his position is a little self-interested, but, in truth, he has a point. The Linux community should be working at getting free software into schools worldwide. The effort will benefit both our children and free software.

One can come up with a number of reasons why the schools should be running free software. Often it is simply the best alternative available. Schools do not need to hassle with daily crashes and ongoing security problems. What they need is stable software that runs on modest, perhaps ancient hardware and provides the capabilities that students need. For much of what's done in schools now, Linux is more than adequate.

The financial justification for scholastic Linux requires little argument. Public schools seem to operate with a chronic cash shortage; it makes little sense for them to pour large amounts of money into proprietary software licenses. Schools also should not have to deal with Microsoft software audits and other such indignities; they should be putting their efforts into teaching our children.

But the real reason to put free software into the schools is to teach our children about software freedom and taking control of our computers. Children who have seen how free software works are likely to remain interested in using it later in their lives. After all, going back to proprietary software after using the free variety is usually not very much fun. Going back to licensing hassles, corporate release schedules, and black box software after experiencing free redistribution, collaborative development, and total control can be intolerable. Children who experience free software in the schools will turn into some of its strongest advocates later in their lives.

Besides, some of those school kids will probably send in some great patches.

Of course, there are some obstacles to massive deployments of Linux in the schools. Many schools have already built infrastructures around proprietary software; school networks are often run by fairly conservative people who are not inclined to tear things out and start over again. Convincing them to give Linux a try could be hard.

Then, there is the lack of high-quality educational software. There is a whole class of software for tutoring, drilling, and entertainment of students that is simply not available for Linux. Until more software is either written or ported, Linux systems will be unable to perform a number of tasks in the classroom environment.

One thing that would help in the solution of both problems would be a higher level of hacker interest in school deployments. The number of educational projects is low; KDE has a short educational software listing; GNOME has no educational category at all. Neither desktop project appears to have an organized educational effort. A look at SourceForge's educational category turns up a more encouraging 581 projects, but only 66 are listed as being production-ready. Clearly there's some hacking to be done still.

Free software advocates also have not, as a whole, made school deployments a priority. It will be interesting to see how that changes as more free software developers get older and start having children. Having your children complain that they cannot produce a Word-compatible report tends to get your attention. Children are the future, and they will have a large effect on the future of free software as well. The sooner the two are brought together, the better it will be.

(See also: the SEUL/edu page for a comprehensive listing of educational software, regular reports, and more. Update: Thanks to Bill Soudan for pointing out the KDE Edutainment Project and the kde-edu mailing list, of which we had been unaware.)

More hard times. In case anybody still needed a confirmation that we are in a different and difficult economic climate, consider the following developments:

  • CNet has shut down the AppWatch site, which it acquired last year. AppWatch was a free software directory, along the lines of Freshmeat, but focusing exclusively on free software. It was a popular site, but that wasn't enough; CNet, citing the current economic climate, has pulled the plug.

  • According to this report in Network World Fusion, IBM and others have put $45 million into SuSE, which was, apparently, on the edge of bankruptcy. There's very little information available on this investment at this time. Combined with Dirk Hohndel's departure, this investment does indeed make it look like SuSE was in some serious trouble and is contemplating a change in direction.

  • Progeny Linux Systems has stated publicly that its Network of Workstations (NOW) project is no longer under development, and hasn't been since February.

    Shortly after we started the company, though, the financial markets took a turn for the worse. Like many other young companies, the market correction forced us to take a nearer-term view of things. Because of its long-term horizon, the NOW development efforts often took a back seat to the needs of other projects.

    Until such a time as it is once again possible to raise money for projects like NOW, Progeny is going to have to concentrate on projects that are more lucrative in the near term.

Seen together, that's a disturbing pile of bad news. The shutdown of AppWatch suggests that there is not room for more than one large free software directory on the net. After all, one presumes that CNet knows how to keep a web site going. The SuSE bailout says something similar: might there truly be room for only one large Linux distributor? In some ways, the shutdown of the NOW project is the scariest of all. If the Linux community is unable to fund and sustain long-term development projects, where will it be in a few years?

Of course, that view is overly pessimistic on all counts. We are in the middle of an increasingly severe economic downturn; of course there will be consequences for Linux businesses just as there is with all other computing sectors. The easy money boom period of the last 1990's made the problem worse by funding businesses that never had a serious chance at success before their bubbles burst. Still, it is a difficult today even for well-run companies with solid business plans to find profitability.

This, too, shall pass. When it is over, Linux will still be there, getting stronger, and attracting more users. That much is easy to predict. The success of Linux says little for the prospects of any individual Linux company, however. The Linux business community will certainly see more changes before things pick up again, and they will not all be pleasant.

GFS is no longer free software. The Global Filesystem (GFS) is a clustered filesystem developed by Sistina. It is meant for the implementation of high-performance, high-availability filesystems on "storage area networks." It has long been available under the GPL, and was considered as a candidate for inclusion into the Linux kernel if and when the 2.5 series comes into existence.

That was until version 4.2 came out under the new "Sistina Public License." This license looks somewhat like a free software license, in that source is available. The similarity ends there, however. Redistribution requires that a license fee be paid to Sistina; one must also pay if GFS is used to offer a commercial service, even if the software is not redistributed. The SPL is certainly not a free software license. It has more of a "shared source" smell to it.

One can certainly argue that Sistina, as the copyright holder, has the right to change the licensing on its code. It is yet another business that is trying to find a way to make money, after all. One would think that only those who think that proprietary software should be illegal would complain about this license change.

It is not quite that simple, though. GFS, after all, must be linked into the Linux kernel to be useful. And linking GFS is not just a matter of inserting a binary module; it requires some extensive patches to the kernel source itself. By reaching past the module interface, GFS exceeds the GPL exemption granted by Linus to binary modules. With the 4.2 release, Sistina has separated the kernel patches into a separate, GPL-licensed file, but that is unlikely to satisfy many people.

There is already a challenge out there: Alan Cox believes that GFS violates his copyright, and has sent Sistina a letter to that effect.

If they were simply doing a non-free release that used existing kernel API's I'd be annoyed but not bothered, as it is they seem to be doing dirtier things and more blatantly than any company before. I'm hoping they will resolve this sensibly, we shall see.

For now I think the best approach is to be quiet and reasonable. They've done something that seems wrong and silly, they should have a few days to resolve it.

A few days have passed, but Sistina shows no signs of budging.

Meanwhile, the OpenGFS project has started up, using the last GPL release of GFS as a starting point. Sistina may well find itself in a position similar to that of SSH Communications Security - a free version of an early release could overtake its more recent, proprietary products.

See also: the Sistina Public License FAQ.

Dmitry Sklyarov update. The Sklyarov story is moving into a slower mode as the U.S. Justice system grinds along. A few developments:

  • As expected, Dmitry and Elcomsoft pleaded 'not guilty' at the arraignment on August 30.

  • Dmitry's family has come to the U.S., and will stay through much of September.

  • Adobe has published a new FAQ on the Sklyarov situation. It has, one might say, failed to mollify those who see Adobe as being at least partially responsible for Dmitry's arrest.

  • The U.S. Copyright Office came out with its required study of the effects of the DMCA; it concluded that, with regard to the anti-circumvention provision, "the actual impact on consumers appears to be minimal." The full report is very long; see this Salon article for a more manageable read.

  • OpenBSD and OpenSSH hacker Dug Song has pulled his web site, citing a fear of the DMCA.

Inside this LWN.net weekly edition:

  • Security: Apache SQL authentication vulnerabilities; the X.C worm.
  • Kernel: MODULE_LICENSE, block ioctl numbers, page aging doesn't work?
  • Distributions: Embedded distributions: Hard Hat Linux, BlueCat Linux, and REDICE-Linux.
  • On the Desktop: Hancom merges with theKompany, KDE Best of Show and KMail "B2K"?
  • Development: Red Hat's embedded Linux and Mozilla minus Netscape.
  • Commerce: HP to buy Compaq; Books, Books, Books!
  • History: American Concrete Cutting Corporation; Oracle announced its first set of marketing partnerships; Trolltech releases Qt 2.2 under GPL.
  • Letters: VA Linux and SourceForge; fighting the DMCA.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


September 6, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Security page.

Security


News and Editorials

Trouble with Apache SQL authentication modules. The Apache web server supports several modules which can perform user authentication from a relational database. They are certainly widely used; a site does not have to grow very large before the classic htpasswd mechanism becomes unusable. So this advisory pointing out "SQL insertion" vulnerabilities in several of these modules is worthy of some concern.

SQL insertion happens when a hostile user, through a clever request to the web server, is able to pass arbitrary SQL code through to the underlying database. This code can disclose or modify data, or corrupt the integrity of the database in a number of ways; it can also, usually, be used to allow unauthorized access to the web site.

This type of vulnerability comes about as a result of the combination of inadequate checking of user-supplied data and the passing of that data across module boundaries. It is an easy sort of mistake to make, and it is certain that numerous other, database-driven web applications have similar vulnerabilities.

Fixing this sort of problem is relatively easy, once the programmer thinks of it. A "white list" of allowed characters filters out most such attacks without trouble. But, when passing user strings between modules, filtering in one module can require a knowledge of what strings can cause problems in the other. This kind of knowledge goes against the information hiding techniques that are usually seen as good, modular programming. As a result, programmers can be surprised, even if they are thinking about properly sanitizing user-supplied data.

As applications become more component driven, the chances are that this sort of cross-module interaction will be seen more often. Security is hard, and it's not getting any easier.

The X.C worm is apparently loose. This work takes advantage of the buffer overrun vulnerability in telnetd (see updates, below) to infect new systems. So far, this worm does not appear to have caused a lot of problems; many systems are no longer running telnet services, and, hopefully, most of those that still do have applied the updates. Nonetheless, for those who are concerned, a X.C discovery and removal tool has been made available by William Stearns.

Security Reports

A security audit of xinetd. Solar Designer has performed an extensive audit of xinetd looking for certain types of security vulnerabilities. So many problems were found in the code that the resulting patch weighed in at over 100KB. This patch was only fully merged as of xinetd 2.3.3.

The patched xinetd will certainly be safer, but Solar Designer's disclaimer is worth noting:

To summarize the results, xinetd may be reasonably safe to use with these patches, but the code remains far from clean and certain bugs are there by design.

Distributor updates seen so far include:

Fun with Bugzilla Users of the Bugzilla bug tracking system should upgrade to the new 2.14 release, which fixes several security holes. The worst of these vulnerabilities could lead to the disclosure of "confidential" bugs, or the compromise of the Bugzilla server as a whole.

A new lpr vulnerability. A new buffer overrun vulnerability in lpr has been reported. This time around, an attacker crafts a special, incomplete print job; a subsequent request to view the printer queue causes the overrun to happen. The advisory only mentions BSD systems, but numerous Linux distributions run BSD lpr as well. Stay tuned for updates...

An HTML injection vulnerability with gnut. The "gnut" Gnutella client is vulnerable to the injection of arbitrary HTML (including scripts) if a hostile user shares a file with HTML tags embedded in its name. This bug is compounded by the fact that gnut, apparently, loads a lot of files from the local drive; browsers impose fewer security restrictions in this situation. Upgrade to gnut 0.4.27 for a fix.

POP3Lite message processing vulnerability. The POP3Lite POP server fails to escape leading dots in mail messages, opening it up to denial of service attacks and the creation of untraceable forged messages. Upgrading to version 0.2.4 fixes the problem.

SuSE updates screen. SuSE has issued a security update to screen fixing a local root exploit vulnerability in that package. It seems that, if screen is installed setuid root, a clever user can engage in some /tmp trickery to get root privileges. SuSE's fix deals with the problem in the code, and also removes the setuid bit. That, in turn, reduces the functionality of screen slightly; see the advisory for information on whether you might need to restore the setuid bit after applying the update.

web scripts. The following web scripts were reported to contain vulnerabilities:

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

  • A problem in PGP's key validity display has been discovered; given enough assumptions, it could be used to fool users into accepting keys that are not valid. Fixes are available.

  • The Informix-SQL application has a vulnerability which allows local users to create any file with root privileges.

Updates

Buffer overrun vulnerabilities in fetchmail. (Found by Salvatore Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. See the August 16 Security page for the initial report.

Previous updates:

OpenSSL Pseudo-random number generator weakness A weakness has been discovered in the OpenSSL Pseudo random number generator that can allow an attacker to discover the PNRG's state and predict future values. (First reported July 12).

Previous updates:

Input validation problem with sendmail. An input validation error exists in versions of sendmail prior to 8.11.6 (or 8.12.0Beta19) which may be exploited by local users to obtain root access. See the August 23 Security Page for the initial report.

This week's updates:

Previous updates:

Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.

This week's updates:

Previous updates:

Buffer overruns in Window Maker A buffer overrun exists in Window Maker which could, conceivably, be exploited remotely if the user runs a hostile application. This problem initially appeared in the August 16, 2001 LWN security page.

New updates:

Previous updates: Buffer overflows in xloadimage This problem was first covered in the July 12 Security page.

Previous updates:

Resources

The LinuxSecurity.com Weekly Newsletter for September 3 is available.

Events

Computer Security Mexico will be held November 24 to 30 in Mexico City. The call for papers has been issued; with submissions being due by October 12.

Upcoming Security Events.
Date Event Location
September 11 - 13, 2001New Security Paradigms Workshop 2001(NSPW)Cloudcroft, New Mexico, USA
September 28 - 30, 2001Canadian Association for Security and Intelligence Studies(CASIS 2001)(Dalhousie University)Halifax, Nova Scotia, Canada.
October 10 - 12, 2001Fourth International Symposium on Recent Advances in Intrusion Detection(RAID 2001)Davis, CA
November 5 - 8, 20018th ACM Conference on Computer and Communication Security(CCS-8)Philadelphia, PA, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Jonathan Corbet


September 6, 2001

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Kernel page.

Kernel development


The current kernel release is still 2.4.9. The latest prepatch from Linus is 2.4.10-pre4, which was released on September 3; it contains the usual array of fixes and updates. Also included is a new set of functions for access to the PCI configuration space; how this access is done has changed somewhat, but the API visible to drivers and such remains the same. A large PowerPC update is also part of this patch.

Linus has kept a relatively low profile on linux-kernel since this patch came out.

Alan Cox's latest is 2.4.9-ac9. It contains a merge of 2.4.10pre4 and many more changes, including a set of knobs for virtual memory tuning, a new MODULE_LICENSE tag (see below), a big PowerPC-64 merge, and more.

Andrea Arcangeli has released 2.4.10pre4aa1, which contains some direct and raw I/O fixups and User-mode Linux.

License tagging in modules is now a part of the "ac" kernel series. A new macro has been added, and all loadable modules should specify their licensing with a line like:

    MODULE_LICENSE("GPL");
The next version of the modutils package (and the insmod command in particular) will complain when presented with modules that lack the license metadata. People who maintain modules will probably want to add these tags soon.

Some people have, reasonably, asked what the purpose of this information is. The answer is that there's a few things one could do with licensing information; for example, one can imagine a tool that verifies that a particular system is running only free code. The Lineo GPL Compliance Toolset could make use of this information.

The real purpose, however, is that Alan Cox is tired of receiving bug reports from people who are running proprietary modules in their systems, and wants an easy way to throw them out.

Unfortunately I get so many bug reports caused by the nvidia modules and people lying when asked if they have them loaded that some kind of action has to occur, otherwise I'm going to have to stop reading bug reports from anyone I don't know personally.

In other words, the loading of a proprietary module will "taint" a running kernel, and greatly reduce the user's chance of getting help from the core kernel hackers. This has always been the case; the only change is that it has, evidently, become necessary for the kernel to track its own taintedness.

This tracking will happen via a sysctl flag like /proc/sys/kernel/tainted; the loading of a non-GPL module (or one lacking license information) will cause that flag to be set. Once set, the tainted flag can not be reset without rebooting. The tainted flag will be printed whenever the system panics, and post-mortem tools (i.e. ksymoops) will recover it as well. So anybody trying to track down a kernel problem will be able to see quickly if proprietary modules have ever been loaded.

Of course, if users lie about which modules they load, they could conceivably mess with the tainted setting. But people aren't too worried about that happening; most users who would be able to do that are probably not the type who actually would. And, besides, as Alan points out, in the U.S. such an act could be seen as defeating a digital rights management scheme, and subject the guilty party to a five-year prison sentence, plus extra for conspiracy...

The case of the conflicting block ioctls. How do you access the last sector on a odd-sized disk? The Linux kernel (normally) likes to deal with a 1K block size, which (normally) gets mapped into two contiguous, 512-byte sectors on a disk drive. But, if the drive contains an odd number of sectors, this scheme leaves the last sector unreachable. That is not normally considered to be a big problem; one missing sector does not make a very large dent in the capacity of a modern disk drive.

It turns out, however, that the IA-64 architecture has defined a new partitioning scheme which stores a copy of the partition table in the last sector on the disk. With this scheme, it matters if that sector is not reachable - there is no way for an administrator to change the partition table when running under Linux. This kind of limitation can lead administrators to do irrational things, like install Windows. Clearly a fix was required.

So, back in February, Michael Brown created a new ioctl call specifically to provide access to the last sector on a disk; that call is now part of the IA-64 port. It is not, however, to be found in the mainstream kernel at this time, which is part of the problem.

Ben LaHaise, meanwhile, needed an ioctl call that would retrieve the size of a device as a 64-bit quantity - disks are getting big, after all. So he put together a patch with the new ioctl call. Part of his patch was to the ext2 utility programs; that patch was accepted and distributed as part of the e2fsprogs distribution a little while back.

The problem: both new ioctls needed a new ioctl number. The block I/O ioctl numbers are defined in linux/fs.h, and it is a natural thing to do to pick the next one in series. There is no central registry for these ioctl numbers other than the source itself; if you have not put in a patch reserving a given ioctl number, it's not really yours. Unfortunately, Michael Brown did not put in any such patch. Ben LaHaise also failed to do so before (accidentally) getting the ioctl number included in the e2fsprogs distribution. Of course, both chose the same number.

This week, Ben put in a patch to reserve the number for his ioctl. His reasoning: renumbering the IA-64 ioctl will be less disruptive than changing e2fsprogs. He also believes that the ioctl is the wrong solution to the problem; it should have been fixed for all systems in the general block code, rather than being an IA-64-specific ioctl.

Michael has also sent in a patch trying to reserve the same ioctl number. Just asking for a number is not enough, though, as can be seen from Alan's reaction to Michael's patch:

Rejected. I still think this is an ugly evil hack and want no part in it

Ben, meanwhile, gave up on the old ioctl number and put in a new patch using a higher number. That one, too, turned out to be problematic, causing BLKGETSIZE64 to move up one more time...

A new 64-bit PCI interface has been posted by David Miller. This iteration is different from previous versions in that it looks a lot more like the standard, 32-bit interface. All of the pci64_ calls have gone away, and the dma_addr_t type can be used in all drivers again. There is a new set of pci_dac_ functions for drivers needing (and able to support) a 64-bit DMA space.

It has been pointed out that the PCI interface still lacks one important capability - peer-to-peer DMA transfers. There are situations where it would be helpful to move data directly between two PCI devices; for example, moving an image from a video capture device directly to video memory. There is some interest in supporting this sort of operation; an API will likely be developed in the near future.

Page aging is broken? Much work is going into the improvement of the virtual memory system in 2.4 - one of the biggest remaining problems. It would be hard to summarize everything here, but one development stands out: Jan Harkes has discovered that the page aging algorithm in the kernel does not work at all.

Page aging is the process of tracking the usage of pages in memory in the hopes of identifying those which have not been used in the longest time. The "oldest" pages are the first candidates to throw out when memory is tight. The 2.4 kernel, however, is aging pages so aggressively that almost all pages on the system look ancient. So a significant part of the VM system is essentially inactive, and nobody noticed until now.

Alan Cox responded with a claim that the "ac" series has better VM performance due to a more disciplined approach to VM patches. Jan Harkes pointed out that the "ac" series has serious page aging problems as well. "I guess it is just more carefully papering over the existing problems."

The solution, according to Rik van Riel, is to be found in the "reverse mapping" patch that he is currently working on. The current page aging scheme looks at virtual memory, via process page tables. It would be far more efficient to look at physical memory, since that is, in the end, the resource that is being managed. But it is currently difficult to find the page tables that reference a given physical page. Once reverse mapping is in place, a lot of page aging (and VM in general) problems should become easier to manage. Of course, reverse mapping looks like a fairly serious patch to be considering for the 2.4 stable series... (Those interested in trying out the reverse mapping patch should look at this posting for the latest version and a changelog).

Other patches and updates released this week include:

  • The min/max discussion continues; Peter Breuer has submitted a version of the macros which addresses the worst of the type issues that Linus was trying to solve with the three-argument version. Linus has indicated that he likes this solution. The min/max macros may not have yet reached their final form. Of course, it has also been shown that things can be taken too far...

  • Yves Rougy has announced yet another set of filesystem benchmarks.

  • Joe Thornber is working on a new LVM implementation; there is a test version available, and he is looking for comments from interested parties.

  • Release 1.2 of the 2.5 kernel build system is available from Keith Owens.

  • Release 1.0.4 of IBM's journaling filesystem is available.

  • Peter Braam has released version 1.0.5.1 of the InterMezzo filesystem.

  • Version 1.1.2 of the Rule Set Based Access Control patch has been released by Amon Ott.

  • Jari Ruusu has announced version v1.4d of the loop-AES encrypted filesystem.

  • Greg Kroah-Hartman has released a new version of the Compaq Hotplug PCI driver.

  • Greg has also posted a new security module patch.

  • The Stanford Checker has found a new set of potential security problems in the kernel.

  • Andreas Gruenbacher has posted a new access control list patch.

  • Version 0.8.5 of the PCTEL "linmodem" driver has been announced by Jan Stifter.

  • Harald Welte has released iptables-1.2.3.

Section Editor: Jonathan Corbet


September 6, 2001

For other kernel news, see:

Other resources:

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions


Please note that security updates from the various distributions are covered in the security section.

News and Editorials

Embedded Distributions in the news. Embedded Linux is hot stuff right now. Now that Linux has a strong foothold in the server market, the embedded market is the next obvious target and bundled tools, such as Red Hat's Embedded Linux Developer Suite (covered on this week's Development page), will make all the difference between a superior OS and a superior OS that gets used. Consider MontaVista Software's announcement of VisualAge Micro Edition 1.4 (VAME) for Hard Hat Linux 2.0. VAME is a development and deployment solution from IBM/OTI, used for building multi-modal Java applications and the embedded devices that run them. This package combines the J9 Virtual Machine and Hard Hat Linux.

Having your embedded OS run on more platforms is always helpful as well. To that end MontaVista and Tensilica disclosed a technical and marketing agreement that puts Hard Hat Linux on to Tensilica's Xtensa processor architecture. The Xtensa platform has a configurable processor core so the devices which could be built would have more flexibility than the average embedded device. MontaVista Software Hard Hat Linux support for Tensilica's Xtensa processor architecture will be available in second quarter 2002 and will be included in Hard Hat Linux Professional Edition.

LynuxWorks Inc. also understands this as can be seen in this announcement of a new series of "bundle options" to include service and support with enhanced tools for the BlueCat Linux operating system platform. At the core of the bundle options is LynuxWorks BlueCat Linux 3.1, which supports architectures including Intel IA-32 and XScale micro-architecture, MIPS, ARM family (including Thumb extensions), StrongARM, PowerPC (including PowerQUICC) and Hitachi SuperH.

REDSonic is expanding into the industrial control and automation market. Soon REDICE-Linux will be running a variety of automation projects.

Distribution News

Debian News. The Debian Weekly News for September 3 reports on German use of Debian by professionals with Linux experience and incompatibilities with Red Hat C++ binaries.

Anyone interested in integrating Kerberos into Debian should probably join this mailing list.

The Kernel Cousin Debian Hurd #105 For 28 Aug discusses available jobs and fixing stat, CD GRUB extras, Hurders Unhappy As Lookup Of "" Must Fail (differing symlink semantics), and other topics.

Mandrake News. This week's newsletter from Mandrake-Linux (issue #12) covers updates in Mandrake 8.1 Beta 2, the U.S. Air Force's use of Mandrake for public Internet access, and MacWorld coverage of Mandrake for the PPC.

The Mandrake Cooker Weekly News - September 3rd, 2001 contains the latest news about Mandrake Linux 8.1 (Raklet) beta (bugs found and why two betas); Cooker is frozen - new versions and features are banned from cooker, now its just bug fixes and more testing; there are tips on reporting bugs; and more.

OpenBSD drops qmail, djbdns. Those of you who enjoy licensing flamewars may want to wander into this incendiary discussion on the OpenBSD list. It seems that OpenBSD has dropped Daniel Bernstein's software due to licensing concerns - the same concerns that have kept qmail and djbdns out of most Linux distributions as well. (Found on LinuxFR.org).

Minor Distribution updates

Coyote Linux. The primary archive for Coyote Linux is being changed from ftp.vortech.net to ftp.coyotelinux.com.

ttylinux. ttylinux released version 1.12 on August 31. See the ChangeLog for details.

Section Editor: Rebecca Sobol


September 6, 2001

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.


Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's On the Desktop page.


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop


HancomLinux merges with theKompany
Back at the end of June, we covered some of the office suites available for Linux. One of the ones that took us by surprise was a rather complete suite from Korean based HancomLinux. This company is firmly established in the Asian market but had little penetration in the U.S. or Europe. This week, Hancom took major moves to change all that.

Hancom announced the merger of its product line with long time KDE stalwart theKompany. Shawn Gordon, CEO and founder of theKompany, was appointed the CEO of the U.S. division of the combined operations, to be known as HancomLinux, USA. Gordon is currently staffing the new Orange County offices of HancomLinux USA.

"The word processor started out as a Windows application which was ported via Wine initially," said Gordon during a LinuxWorld interview with LWN.net. "The other applications, as I understand it, were written directly for Qt. The word processor has now been ported to Qt, though it's still beta quality right now." All of theKompany's products, which include the Visio-like Kivio and the PIM application Aethera, have been ported to the new Qt3 windowing toolkit. That makes them readily portable to Windows and the Mac, along with Linux. But Hancom's products still require porting to the new widget set. "We plan on starting that process next week with the completion scheduled for a November release," said Gordon.

HancomOffice 2.0 will include the standard word processor, spreadsheet, presentation graphics and raster graphics tools along with a flowcharting tool, database management package, web page designer and PIM (Personal Information Manager). theKompany brings their Aethera PIM product, renamed as QuickSilver in HancomOffice 2.0, to the table in this deal, along with Kivio (flowchart tool). With a complete package like this, KDE becomes more attractive to desktop solutions providers. Despite GNOME's strong design and energetic development effort, it still lacks production level applications of this nature.

HancomLinux, which has approximately 80 employees in 3 locations, was formed in 1999 to take the Linux product line from Korean software company Haansoft. Haansoft has been the reported market leader in the word processing market in Korea with an estimated 83% share in 2000.

We'll be posting the full interview with Shawn Gordon later, after some of the post LinuxWorld dust has had a chance to settle here.

Desktop Environments

KDE wins 'Best Open Source Project' at LinuxWorld. KDE dot News reported that the KDE project won the "Best Open Source Project" award at LinuxWorld. KDE was well represented by both developers and the KDE League, which helps promote the environment. A summary of the event for KDE has been posted, along with a fair number of related images.

KMail 1.0.x, 1.1 billionth second problems. KMail users take note: versions prior to 1.0.29.x of this email package will stop working and cause mail folder corruptions on September 9th! Users of version 1.0.29.x will only lose functionality, but no folders will be damaged. The problem stems from improper handling of the billionth second of Unix time, which started officially on January 1st, 1970. It is, essentially, a minor Y2K of Unix time, though this is the first instance of a known problem stemming from this magic date.

Interview With KDE's Konqueror Team (OSNews). OSNews is running an interview with the Konqueror development team. "No, the goal is to make Konqueror as fast as Galeon, and preferably even faster, without stripping it down. Any stripping down would have to happen in Konqueror (which provides the user-interface) because KHTML only provides the rendering engine, there is little that can be stripped from the rendering engine without sacrificing standards compliance." (Thanks to Stéfane Fermigier).

KC KDE Issue #21. The latest Kernel Cousin KDE is out. This issue is devoted to the events surrounding the start of KDE3 development and the Qt3 porting efforts.

This week's GNOME Summary. The GNOME Summary for September 1 is available. It covers the GNOME Accessibility Framework release, Sun's desktop division, and more.

GNOME 1.4.1 Beta 2. Another beta of the upcoming 1.4.1 point release for GNOME has been announced.

GNUstep Community site. The GNUstep project has a new web site. The site is expected to have a new user oriented editorial each Friday helping end users make use of the evolving environment.

Xfce news. A new release of XFce was announced last week. The new version, 3.8.7 adds a few new features like disabling user configuration options (for use in kiosks and set top boxes, for example) and fixes numerous bugs.

In other XFce news, the XFce developers agreed to drop their file manager, known as xftree, in favor of an independently developed file manager known as ROX filer.

Office Applications

Sun shows new version of StarOffice (News.com). News.com looks forward to StarOffice 6.0. "But the current version, 5.2, has been roundly criticized as a large and sluggish product. By default, the program tries to take over many desktop functions, coming with its own 'Start' button and file browser, and all its programs load at once. Version 6.0 will break these programs into individual applications that can run independently, said software demonstrators at the LinuxWorld Conference and Expo where the software has been demonstrated this week."

Is StarOffice ready to take on Microsoft Office? (ZDNet). This article on StarOffice is mostly targeted at the Windows platforms but is still relevant to users of StarOffice on Linux. "China views Microsoft's desktop dominance with suspicion, raising the possibility that it will adopt Linux or even StarOffice on Windows. Microsoft's recent increase in licensing fees has inadvertently helped make StarOffice more attractive to Latin America and also to extremely budget-conscious organizations."

Desktop Applications

MacGIMP reviewed. GIMP for MacOS X was reviewed this week by MacWrite.com. "As possibly the first packaged application for Mac OS X, MacGIMP opens up a new chapter in OS X's fresh history. It may well usher in a host of X11 applications meant to run locally on your Mac. This one also uses the X Window System very effectively, and sets a benchmark for other applications to reach for." (Thanks to GIMP News)

Appgen, Macmillan to launch Moneydance 3.0 and MyBooks 5.1 for Retail Vision. Are these Linux based retail editions? Yes, they are. Review them a little.

GNOME applets 1.4.0.4. A new release of the GNOME Applets package was announced this past week. The GNOME Applets are a series of small applications such as clocks, file browsers and sound mixers that can be embedded in GNOME Panels. This is mostly a bug fix release.

And in other news...

Another new Linux-based Korean PDA expected soon (LinuxDevices). LinuxDevices.com previews an upcoming Linux PDA, complete with picture. "The new PDA's application software includes PDA PIM (Personal Information Management) applications, Internet functions (web browsing, email, etc), and extensive multimedia capabilities (players for MPEG, MP3, etc.). A Korean-English dictionary and several games are also included with the device."

gdkxft 1.1 released - Anti-Aliased fonts for GTK+ 1.2. Within days of the 1.0 release, a 1.1 release of gdkxft has been announced. This package permits existing GTK+ 1.2 applications to incorporate anti-aliased text rendering in their widgets without recompiling the application. This works only with dynamically linked applications, of course. There are varied reports of success with this and the primary web site for the project presents an ominous disclaimer:

A botched install of gdkxft has the potential to make your X configuration unworkable.

Note that gdkxft only works with XFree86 4.x, with 4.1 recommended.

GTK+ 1.3.7. Owen Taylor posted a note for the release of GTK+ 1.3.7, a developers version of the pre-GTK+ 2.0 series. This one still has lots of bugs, so only developers wishing to learn more about what 2.0 will be like or who are interested in working on GTK+ itself should take the plunge.

Section Editor: Michael J. Hammel


September 6, 2001


Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Development page.

Development projects


News and Editorials

Red Hat's Embedded Linux Developer Suite. Following a relatively quiet week at LinuxWorld, Red Hat announced a new offering this week: the Red Hat Embedded Linux Developer Suite. The suite includes an embedded version of Red Hat Linux, the gcc cross-development tool suite, an embedded boot loader, and the usual set of associated services. Support is provided for several processors.

Red Hat recently announced a number of other initiatives including an e-commerce offering and a PostgreSQL based database package. But their foray into the embedded Linux marketplace, ignoring their eCOS alternative, has been rather minimal up to this point. Red Hat has supported the tools essential to embedded work (i.e. gcc, binutils, and glibc), but as avoided the creation of its own embedded distribution.

One of the few bright spots of late for computing has been the embedded space, which Linux vendors have nearly saturated. Vendors such as MontaVista, Lineo, LynuxWorks and RidgeRun already market Linux based distributions for embedded systems. The question is whether Red Hat can use it's relatively well known name to power its way into a growing but well seeded arena.

Red Hat's advantages, of course, are its long experience (by way of Cygnus) and its high-profile name. Given those, the company may just be able to muscle its way into the embedded distribution market, despite a late start.

Research Triangle Park, N.C. based Red Hat is expected to ship the new embedded product sometime in October.

Mozilla leader laid off from Netscape. Mitchell Baker, lead wrangler of Mozilla.org, was laid off last Thursday from Netscape (or rather AOL's Netscape Division). Her personal notice to the Mozilla project members states that while she is no longer with Netscape, she intends to remain active with the Mozilla project.

There have been unconfirmed reports that this may be have been part of a larger layoff, which spawned rumors that it was all part of Netscape's earlier announcements stating that company's intent to exit the browser market. However, as of press time, LWN.net has been unable to confirm the larger layoff reports.

A brief notice was posted to Bugzilla noting Baker's departure, but there has been little added discussion there. Users of Bugzilla have requested that visitors not burden the server looking for what isn't there.

The story didn't escape Slashdot's faithful. One feedback post says Baker was fired from Netscape, though Mitchell's own account says her position was eliminated. Requests for comments on this situation from various Netscape and Mozilla members has produced no additional information as yet, though we're still looking into the matter.

It should be pointed out - though it shouldn't need to be - that even if AOL/Netscape were to completely eliminate all staff actively working on Mozilla, the project wouldn't die. Therein lies the beauty of open source. The company need not continue the financial burden of such a project, but the project need not be held hostage to corporate whims or economic downturns.

Well wishes go out to Baker and any other ex-Netscape Mozilla contributors with hopes that they'll land on their feet in short order.

LSB Filesystem Hierarchy Standard 2.2 test suite. The LSB Filesystem Hierarchy Standard 2.2 test suite is now available. The FHS, of course, specifies where files should be located in a Linux distribution as part of the Linux Standard Base. This test suite may be used to verify a distribution's compliance with version 2.2 of the FHS.

Embedded Systems

A walk on the embedded side . . . of LinuxWorld SF 2001 (LinuxDevices.com). Rick Lehrbaum of LinuxDevices.com says embedded Linux is on the rise as he takes a walk on the embedded side of LinuxWorld. "In the past, Embedded Linux products and technologies accounted for roughly 10 percent of what was showcased at LinuxWorld. At this show, the Embedded Linux fraction seems to have increased to around 15-20 percent. Not surprising, given the strong growth in developer interest in Embedded Linux reported in recent months by market analysts VDC (story), Evans Data Corp (story), and others (story)."

Databases

NuSphere MySQL (Unix Review). Unix Review reviews NuSphere MySQL. "All in all, I'm disappointed that NuSphere did not do a better job of documenting their product. Remember, most of the software included in NuSphere MySQL is freely available. What a user is really paying for is convenience, information and support."

MiniSQL updates. MiniSQL, known more commonly as mSQL, has had a couple of new releases this past week. The first is the last stable release of the 2.0 series, version 2.0.12. This release fixes a security problem with the w3-auth access control. Also this week, the third beta release for the new 3.0 version was announced.

Database Gorilla Hunter (TechWeb). TechWeb reviews PostgreSQL 7.1 from GreatBridge. "If your business has hefty database requirements, it's hard to imagine an open-source option that's a true alternative to the established commercial database engines. Great Bridge, however, brings software, service and support together in a product that can be safely considered for many smaller organizations or apps."

phpMyAdmin 2.2.0 released. phpMyAdmin 2.2.0, a web administration tool for MySQL, has been released. There are security fixes in this release, so an upgrade is recommended; there's also a long list of new features.

Education

Seul/EDU Linux in Education Report. The Seul/EDU Linux in Education Report for September 3 is out; this issue has a strong emphasis on putting Linux systems in schools, and delves into the question of whether an education-specific distribution is called for.

Why should open source software be used in schools?. LinuxMedNews pointed us to an article on why open source software should be used for general education. "Students should, at least, be given the opportunity to see how their new tools work. They should be given the opportunity to examine the inner workings of software. They should be given the opportunity to extend the functions of their tools, where they see or imagine possibilities. They should not be held back by locking the toolbox of the Information Age and told they must not peer inside, must not try to discover how it works, must not share their tools with others, must not use their tools without paying proper tribute to the software overlords, under penalty and punishment of law." Plenty of links are used to back up the arguments here, making this is a useful reference for educators working on Linux in the classroom projects.

Electronics

gerbv 0.0.2 and prerelease Savant. The gEDA site pointed out the releases of two early-stage projects: gerbv 0.0.2 and Savant.

Printing Systems

CUPS Book. A book on CUPS, published by SAMS and written by Easy Software Products founder Michael R. Sweet, is now available from the Easy Software website.

Omni printer driver 0.4.2. Another release of the Omni printer driver has been made available from IBM's Linux Technology Center. This release was created to allow Omni to be used with the latest levels of Foomatic and printconf.

Standards

World Wide Web Consortium Issues SVG 1.0. W3 has issued the SVG 1.0 specification as a recommendation, meaning that the specification is stable, contributes to Web interoperability, and has been reviewed by the W3C Membership, who favor its widespread adoption.

Web-site Development

Zope News for August 31. The Zope News for August 31, 2001 is out. It covers the Zope 2.4 beta release, a new ZEO beta release, the SecurityJihad project, Paul Everitt's new son, and more.

Zope 2.4.1 released. Zope 2.4.1 has been released; it is primarily a bugfix release, which includes the recent security updates.

Section Editor: Michael Hammel


September 6, 2001


Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

   

 

Programming Languages


Lisp

LISA 1.0 released. The official release of LISA 1.0 was announced this past week. LISA is

a platform for the development of Rete-based intelligent systems in Common Lisp. The most significant new feature in Version 1.0 is full support for rule redefinition within a running inference engine.

The full announcement can be found online.

CMU CL CVS server move causes temporary service disruption. The CVS repository for CMU CL is being moved to a new server, which will keep the sources and binary distributions unavailable from their normal locations for a few weeks. Until then, backup repositories have been made available.

PHP

PHP Weekly Summary #52. This week's summary for PHP development includes talk of some new gettext additions, a fix for broken output buffering, and word of tighter Apache integration in future versions.

Python

Improving the social infrastructure of Python (developerWorks). Here's an article on Python documentation and distribution utilities on IBM's developerWorks site. "By way of background for any Python beginners reading this, Python has long had some semi-formal documentation standards. These standards have not attempted to constrain developers unduly, but rather to offer the 'one obvious way to do it.' Fortunately, Python developers, as a rule, have always been far better documenters than typical developers in other languages."

This week's Python-URL. Here is a relatively thin Dr. Dobb's Python-URL for August 30, 2001. Topics include a look at WebWare, WebDAV module progress, a look at Tinter, and file locking issues.

Tcl/Tk

This week's Tcl-URL. Here is Dr. Dobb's Tcl-URL for August 31, with the latest from the Tcl/Tk development community. This issue looks at XML and XSL, tcl plugins, and new versions of e4graph, sgxTools, ActiveTcl, and moodss.

Section Editor: Forrest Cook

 
Language Links
Caml
Caml Hump
Tiny COBOL
Erlang
g95 Fortran
Gnu Compiler Collection (GCC)
Gnu Compiler for the Java Language (GCJ)
Guile
Haskell
IBM Java Zone
Jython
Free the X3J Thirteen (Lisp)
Use Perl
O'Reilly's perl.com
Dr. Dobbs' Perl
PHP
PHP Weekly Summary
Daily Python-URL
Python.org
Python.faqts
Python Eggs
Ruby
Ruby Garden
MIT Scheme
Schemers
Squeak
Smalltalk
Why Smalltalk
Tcl Developer Xchange
Tcl-tk.net
O'Reilly's XML.com
Regular Expressions
   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Commerce page.

Linux and Business


Turbolinux releases PowerCockpit. Turbolinux, which is now evidently "the only provider of software that automates the configuration and deployment of computing power for any data processing need", has announced the release of its "PowerCockpit" network administration tool.

Trustix completes funding round. Trustix has announced the completion of a funding round, with Reitan Invest as the lead investor.

MontaVista offers embedded seminars in Europe. MontaVista Software has announced a set of half-day seminars on "Moving from a proprietary RTOS to embedded Linux" in Munich, Paris, London, and Eindhoven, all in the second week of October.

Books, Books, Books!. Ready for something serious? O'Reilly has announced the release of The Root of All Evil, the latest User Friendly comic collection.

Sams Publishing has released a new book called PHP and MySQL Web Development.

O'Reilly has announced the release of the second edition of Java & XML by Brett McLaughlin.

Sams Publishing announced Linux Performance Tuning and Capacity Planning.

Linux Stock Index for August 30 to September 05, 2001.

LSI at closing on August 30, 2001 ... 25.14
LSI at closing on September 05, 2001 ... 23.72

The high for the week was 25.17
The low for the week was 23.72

Press Releases:

Open source products

Proprietary Products for Linux

Products and Services Using Linux

Products With Linux Versions

Books & Training

Partnerships

Investments and Acquisitions

Personnel & New Offices

Linux At Work

Other

Section Editor: Rebecca Sobol.


September 6, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux in the news page.

Linux in the news


Recommended Reading

Now Showing: Dmitry Sklyarov's Las Vegas Gamble (Planet PDF). Planet PDF has posted a detailed description and commentary on Dmitry Sklyarov's Las Vegas presentation. "At that point, a voice from the darkened room shouts a question, seemingly wanting to verify whether the full commercial version of AEBPR is still available. 'Not at this time,' Sklyarov says. The voice persists, apparently seeking further explanation on the product and on ElcomSoft's intent. 'We don't make our mind up to hit publisher,' Sklyarov says. 'We must prove that eBook distribution based on PDF technology is insecure.' During the remainder of the presentation, he methodically proceeds to do so."

Senator plans anti-piracy copyright legislation (NewsBytes). As if the DMCA weren't enough: here's a NewsBytes article on the next bright idea from Washington: "Consumer electronics hardware makers, including computer manufacturers, would be required to develop anti-piracy technology to be included in their products under proposed legislation from Senate Commerce Committee Chairman Ernest 'Fritz' Hollings, D-S.C."

Commentary: Making the move to Linux (News.com). The Meta Group, via News.com, says, Linux is still a fringe player in the corporate world, however the "Meta Group now recommends that large enterprises consider a limited number of Linux server deployments or pilot projects." This is about as positive as Meta has ever been...

LinuxWorld

Linux debate focuses on future (News.com). News.com has put up a series of video clips on discussions about the future of Linux. Participants include Linus Torvalds, Dirk Hohndel, and Brian Behlendorf.

MS Hailstorm is no threat - Torvalds (Register). The Register reports from the "Future of Linux" panel at LinuxWorld. "Torvalds' genius for project management, and specifically for resolving the most acrimonious disputes amicably is often remarked upon, but here was a perfectly example of it in practice. His soundbyte incited the largely libertarian audience to an ovation, but contained the message that governments do have the power to draw boundaries around private greed." (Thanks to Dave Killick).

Linux World Starts with a Bang (IT-Director). IT-Director reports from LinuxWorld as a way of looking at the Linux industry as a whole. "As Linux begins to be significant in the Enterprise space, organisations must use suppliers that have a global presence. In this respect SuSE needs to face the challenge posed by market leader Red Hat. It will be a tough fight for SuSE."

Red Hat CEO pushes Linux in schools (News.com). Here's a report on Matthew Szulik's LinuxWorld keynote on News.com. "Linux developers must take some of the time they now devote to programming and put it toward boosting open-source software in education, Red Hat Chief Executive Matthew Szulik said Thursday."

Lawyer Lessig raps new copyright laws (News.com). News.com covers Lawrence Lessig's LinuxWorld keynote. " Lessig accused programmers of two counterproductive attitudes that will lead to the collapse of the current climate of innovation. Under the first, programmers argue that they're just writing code and that they'll leave politics to the politicians. Under the second, programmers argue that 'what goes on in Washington is a pathetic waste of life,' and that 'we should build a world of freedom that they can't penetrate.'"

Companies

Egenera to debut $250,000 Linux server (News.com). News.com reports on the new high-end server from Egenera. "Egenera hopes to succeed where other server specialists such as VA Linux Systems, Cobalt Networks and Network Engines have struggled. Analysts say Egenera's market--financial-services companies and service providers--is small but lucrative."

Compaq boosts Red Hat ecommerce suite (Register). The Register looks at the Red Hat/Compaq e-commerce offering. "One point worth considering before anyone ventures out and buys the five system cluster is that of the database. Red Hat's database is based on the PostgreSQL database which, although fine under normal loads, has little in terms of proof points when it gets into real heavy-duty work. It is, essentially, unproven at the high end which is, presumably, the kind of work it will encounter on a five node cluster."

TurboLinux Intros Automated Configuration Software (TechWeb). Here's TechWeb's take on Turbolinux' PowerCockpit. "The software lets the IT manager set up each Linux configuration separately and then collect an image from the fully configured server and put it into a repository. Later, if that configuration is need on another server, it can be redeployed. One configuration might be TurboLinux with IBM WebSphere, another might be Red Hat with Apache. "

Turbolinux tool eases provisioning of Linux servers (ZDNet). ZDNet has an article on the new, proprietary "PowerCockpit" tool from TurboLinux. "Enterprise users and manufacturers spend a lot of time configuring and deploying systems, and Linux, with its flexibility, makes that task even more challenging. The time-consuming process of upgrades and incremental adds to corporate IT infrastructures has been taking its toll, so Turbolinux focused on providng a solution that offers flexible processing power."

Sun shows new version of StarOffice (News.com). News.com looks forward to StarOffice 6.0. " But the current version, 5.2, has been roundly criticized as a large and sluggish product. By default, the program tries to take over many desktop functions, coming with its own 'Start' button and file browser, and all its programs load at once. Version 6.0 will break these programs into individual applications that can run independently, said software demonstrators at the LinuxWorld Conference and Expo where the software has been demonstrated this week."

Corel sells Linux desktop OS to Xandros (ZDNet). This ZDNet article looks at Xandros's acquisition of Corel Linux. "'In terms of the deal, we get the code to Corel's Linux distribution and all licensing rights,' [Xandros president Michael] Bego said. 'Corel has also signed an 18-month non-compete agreement. So, essentially, we have bought Corel's Linux operating system, including its as-yet unreleased third-generation software, as well as access to its channel, support and sales pipeline.'"

When VA was the news (NewsForge). NewsForge looks at VA Linux Systems. "Whatever the deficits of VA's business plan, it was brilliant compared to businesses that decided that the Internet was the ideal way to sell broccoli or Kibbles n Bits. Unfortunately for VA, by the time the company had fully ramped up to sell to this market it had disappeared."

Business

A month Microsoft won't forget (ZDNet). ZDNet looks back at a hard month for Microsoft. "All you need to do is scan the headlines for the last 30 days to see that Linux and open source have gained significant momentum, beautifully leveraging the turmoil in which Microsoft now finds itself. In all its life, IBM OS/2 never achieved the popularity Linux has in just the past month. Fortunately, for IBM, the company couldn't have picked a more precise moment to announce its big customer wins that include Linux running on a range of systems that span low-end servers to big iron."

Reviews

LSP: migrate from Windows NT to Linux (ZDNet). ZDNet reviews DAS Technology's LSP, a utility that automates migrating file and print sharing services from a Windows machine to a Linux box. "LSP's NT to Linux migration process happens in four stages, alternating between the NT and Linux servers. The first stage involves running a data collection program on the NT server--this process obtains the server information--such as share names, directory and file structures, Internet Information Server configuration data, and so on--that LSP will migrate."

Miscellaneous

Leave Linux to the Geeks (TechTV). TechTV has a unique take on the 10th anniversary of Linux. "Linux is not for the masses. Trust me, we'll just screw it up. If you don't believe me, look what we did with the Internet. Happy birthday Linux. Now please keep it to yourself."

Chipmakers angle for Linux support (News.com). C|Net's News.com says Linux leads with support for new chips. "Linux--with a strong developer community and a flexibility that allows the Unix clone to run on numerous chips--has become an asset the chipmakers want on their sides as they prepare future chip designs. Linux has become a tool to secure quick support for a new chip."

Red Hat Weighs Nonprofit Group To Promote Open-Source Software In Schools (TechWeb). Red Hat CEO Matthew Szulik is advocating Linux and other open source software in the US school system. "Szulik says he's traveled to poor rural and urban school districts in North Carolina, Massachusetts, and Missouri, and spoken with former North Carolina Gov. Jim Hunt and other elected officials about his plan to promote open-source software as an alternative for public schools. "Someone from the open-source industry had to step forward, and that's Red Hat's responsibility," he says. "

Jean Louis Gassée on The Antitrust dog that never barked (Register). Be Inc founder Jean Louis Gassée offered to testify in the Microsoft antitrust trial, regarding the Microsoft boot loader, but the DoJ wasn't interested. "Now for the interesting bit, and listen up you folks who dream of Linux booting on machines from CompUSA.

Gassée offered to testify on behalf of the Department of Justice on the boot loader question, reports Hacker, but the prosecution was only interested in browser integration."

The State of Corporate IT: A case for Linux (AnandTech). Here is a lengthy article on AnandTech tracing a company's move from legacy systems to Windows NT and finally to Linux. Linux is not mentioned until the end of page 4, but the article is well worth the read. "Linux was not the right tool for every job, but it certainly had proved its mettle as a cost effective alternative and helped give them some breathing room as they worked to bring soaring IT costs under control and reduce TCO (Total Cost of Ownership). It was ironic that only by turning to an alternative operating system were they able to realize some of the cost savings promised them when they initially switched over to NT. Linux had not only given them tangible benefits, it had increased confidence in their ability to manage their own systems." (Thanks to Paul Hewitt and Walter Smith)

Wireless Hype Chugging Along (TechWeb). According to this TechWeb article companies are spending too much on deployment of wireless networks, and not enough on development. "And let's not forget wireless's real problem: security. Just this week, software called AirSnort hit the Internet. Utilizing nothing more than a Linux system with an 802.11b wireless card installed, AirSnort specializes in breaking the WEP encryption that protects an 802.11 network. Once inside, AirSnort offers convenient packet-reading features that let hackers manage operations, such as password grabs, quickly and easily."

FBI Warns of New Worm, Says No Code Red Suspects Yet . NewsBytes is carrying a story on the FBI's efforts toward a worm-free Internet. "Separately, the FBI today issued a caution to operators of systems based on the Unix operating system. According to the agency, a new worm dubbed 'X.C.' has been targeting a vulnerability in the telnet daemon that ships with Sun's Solaris, IBM's AIX, and several versions of Linux."

Protesters declare war on copyright law (News.com). News.com reports from the Sklyarov fund-raiser in San Francisco. "Almost 200 Linux enthusiasts, programmers and digerati attended the fund-raiser, held by 2-month-old start-up AllSeer in a five-story warehouse on the edge of the now depopulated Multimedia Gulch in San Francisco."

Section Editor: Forrest Cook


September 6, 2001

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Announcements page.

Announcements


Resources

Linux Gazette issue #70. The Linux Gazette issue #70 for September is now available. Topics in this issue include the usual features and articles such as "How to use an Atari ST machine as a Linux terminal", by Matthias Arndt and "GNOME Programming in Linux using GTK+", by Subhasish Ghosh.

Linux Unicode programming. IBM developerWorks has an article on how to incorporate and utilize Unicode for worldwide language support within Linux. "Unicode allows programmers to provide software that ordinary people can use in their native language. The prerequisite of learning a foreign language is removed and the social and monetary benefits of computer technology are more easily realized. It is easy to imagine how little computer use would be seen in America if the user had to learn Urdu to use an Internet browser. The Web would never have happened."

Tip Of The Week - Scheduling Commands with "at" (Linuxlookup.com). Sometimes you want a program to run when no one is around, including you. This week's TOTW shows how to use "at" to do just that.

Events

LinuxWorld Coverage. Another LinuxWorld has come and gone, leaving a wealth of press releases and articles in its wake.

From IDG World Expo, the organizers of the event, comes a press release listing the various award winners. The Community Award went to the Free Standards Group; the "best of show" was the IBM eServer iSeries. See the PR for the full list.

The Open Source Development Laboratory has announced that its first "Enterprise Achievement Award" has gone to Heinz Mauelshagen, the author of the Linux Logical Volume Manager.

NuSphere had its own announcement about winning the Open Source product excellence award and NuSphere PHPEd Advantage was named best developer tool.

Marc Merlin has posted his report from LinuxWorld. As with all of Marc's reports, this one is detailed, comprehensive, and with lots of pictures.

Some of LWN's coverage is still in progress, but here is [LW picture] LWN's Tuesday coverage. Have a look for coverage of the keynote, the DreamWorks feature presentation, and more.

KDE dot News looks at LinuxWorld from a KDE perspective.

Jonathan "Jonny5" Buset reports on LinuxWorld for LinuxLookup.com, with a seperate report for Day 1, Day 2 and Day 3.

CNN covered the Penguin Bowl.

LinuxDevices.com asks and answers How many attendees were at LinuxWorld in SF?

Jabber, Inc. Recaps a Highly Successful Inaugural Conference. Jabber partners, commercial developers and the Open Source Community participated in JabberCon.

Linux.conf.au call for papers. The 2002 version of linux.conf.au will happen February 6 to 9 in Brisbane, Australia. The call for papers has just gone out; the submission deadline is the end of October. This should be a good event, and Brisbane is a nice place...

Events: September 6 - November 1, 2001.
Date Event Location
September 6 - 7, 2001Embedded Systems Conference(Hynes Convention Center)Boston, MA
September 6 - 7, 2001Open Source Health Care Alliance(OSHCA)(The Posthouse Hotel Kensington)London, UK
September 11, 2001Cirrus Logic and LynuxWorks technical seminar and luncheonAddison, TX
September 12, 2001Cirrus Logic and LynuxWorks technical seminar and luncheonArlington Heights, IL
September 13, 2001Cirrus Logic and LynuxWorks technical seminar and luncheonSanta Clara, CA
September 17, 2001XML Information DaysAmsterdam
September 17 - 21, 2001O'Reilly P2P & Web Services ConferenceWashington D.C.
September 18 - 21, 2001O'Reilly Peer-to-Peer ConferenceWashington, DC.
September 18, 2001XML Information DaysBrussels
September 19, 2001XML Information DaysMunich
September 20, 2001XML Information DaysZurich
September 21, 2001XML Information DaysMilan
September 23 - 28, 2001Australian Unix User Group's Annual Conference(AUUG 2001)Sydney, Australia
September 24, 2001XML Information DaysParis
September 25, 2001XML Information DaysCopenhagen
September 26, 2001XML Information DaysOslo
September 27, 2001XML Information DaysStockholm
September 28, 2001XML Information DaysHelsinki
September 29 - 30, 2001Linux Network Services BootcampCupertino, California
September 30 - October 4, 2001XML OneSan Jose, California
October 1, 2001XML Information DaysBudapest
October 2 - 5, 2001Federal Open Source Conference(Ronald Reagan Building)Washington DC
October 8 - 12, 2001IBM pSeries and UNIX Technical University(Hotel Munchen)Munich, Germany
October 9, 2001Moving from a Proprietary RTOS to Embedded Linux by MontaVistaMunich, Germany
October 10, 2001Moving from a Proprietary RTOS to Embedded Linux by MontaVistaParis, France
October 11 - 13, 2001Wizards of OS 2(House of World Cultures)Berlin, Germany
October 11, 2001Moving from a Proprietary RTOS to Embedded Linux by MontaVistaLondon, UK
October 12, 2001Moving from a Proprietary RTOS to Embedded Linux by MontaVistaEindhoven, Netherlands
October 22 - 25, 2001XMLEdge International Developer Conference & Expo 
October 22 - 26, 2001The Open Group Quarterly ConferenceAmsterdam, Netherlands
October 30 - November 1, 2001LinuxWorld GermanyFrankfurt, Germany
October 30 - 31, 2001tech-u-wear 2001(Madison Square Garden)New York City

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net in a plain text format.

User Group News

Sacramento Installfest. Three Sacramento-area clubs, the Linux Users' Group of Davis (LUGOD), the Sacramento Linux Users Group (SacLUG), and the Roseville Area Linux Users Group (RoseLUG) will be holding a free 'Linux Installfest' workshop on September 16, 2001 at the Coloma Community Center in Sacramento, California.

Hazelwood MO Linux Users Group. The Hazelwood LUG will meet on September 25, 2001 at the Prairie Commons Branch Library in Hazelwood, Missouri.

LUG Events: September 6 - September 20, 2001.
Date Event Location
September 6, 2001Edinburgh LUG(EDLUG)Edinburgh, Scotland
September 6, 2001St. Louis Area Computer Club Linux workshopSt. Louis, MO
September 6, 2001
September 20, 2001
Gallup Linux Users Group(GalLUG)(Coyote Bookstore)Gallup, New Mexico
September 6, 2001UNIX/Linux Special Interest Group of the Dayton Microcomputer Association(DMA office at 119 Valley St)Dayton, OH, USA.
September 6, 2001SSLUG: Hyggemöte på Malmö HögskolaDenmark
September 6, 2001Ottawa Canada Linux Users Group(OCLUG)(Algonquin College Rideau Campus)Ottawa, Ontario, Canada
September 6, 2001Portland LUG(Portland State University)Portland, Oregon
September 8, 2001Consortium of All Bay Area Linux(CABAL)Menlo Park, CA
September 8, 2001Route 66 LUGLa Verne, CA
September 8, 2001Sheffield Linux User's Group(ShefLUG)(Sheffield Hallam University)Sheffield, UK.
September 8, 2001NJLUG: BillUNIXiumDenmark
September 8, 2001SSLUG: UNIX fylder 1.000.000.000 sekunder og Linux fylder 10 år (næsten)Denmark
September 8, 2001LinuxDK: uptime(1) konference - 1.000.000.000 sekunder siden 1/1 1970Denmark
September 10, 2001Haifa Linux Club(Technion CS dept. bldg.)Haifa, Israel
September 11, 2001Victoria Linux Users Group(VLUG)(University of Victoria)Victoria, British Columbia
September 11, 2001Long Island LUG(LILUG)(SUNY Farmingdale)Farmingdale, NY
September 11, 2001
September 18, 2001
Kalamazoo Linux Users Group(KLUG)(Western Michigan University)Kalamazoo, Michigan
September 11, 2001K-LUGRochester, Minnesota
September 12, 2001Toledo Area Linux User's Group(TALUG)Toledo, OH
September 12, 2001Columbia Area LUG(CALUG)(Capita Technologies Training Center)Columbia, Maryland
September 12, 2001Silicon Corridor LUG(SCLUG)(Back of Beyond pub in Kings Road)Reading, UK
September 12, 2001St. Louis Unix Users Group(SLUUG)St. Louis, Missouri
September 12, 2001Linux Users Group of Sacramento(sacLUG)(Calweb)Sacramento, California
September 13, 2001Boulder Linux Users Group(BLUG)(Nist Radio Building)Boulder, CO
September 13, 2001Phoenix Linux Users Group(PLUG)(Sequoia Charter School)Mesa, AZ.
September 13, 2001Kernel-Panic Linux User Group(KPLUG)San Diego, CA
September 15, 2001SVLUG InstallfestSilicon Valley, CA
September 15, 2001North Texas Linux Users Group(NTLUG)(Nokia Centre)Irving, Texas
September 15, 2001GalLUG Installfest(Connecting Point Computers)Gallup, New Mexico
September 15, 2001KPLUG Installfest(National City Adult Center)San Diego, CA
September 15, 2001TALUG InstallfestToledo, Ohio
September 16, 2001Beachside LUGConway, South Carolina
September 16, 2001Mesilla Valley Linux User Group(MVLUG)(Village Inn on El Paseo Rd.)Las Cruces, New Mexico
September 16, 2001Linux InstallfestSacramento, CA
September 17, 2001Linux User Group of Davis(LUGOD)(Z-World)Davis, CA
September 18, 2001Bay Area Linux User Group(BALUG)(Four Seas Restaurant, Chinatown)San Francisco, CA
September 18, 2001Phoenix Linux Users Group(PLUG)(Glendale Community College)Glendale, AZ
September 18, 2001Kansas City LUG Demoday(KCLUG)(Kansas City Public Library)KC, Missouri
September 18, 2001Linux Stammtisch(Bandersnatch Brew Pub)Tempe, AZ
September 19, 2001Central Iowa Linux Users Group(CIALUG)West Des Moines, IA
September 19, 2001Linux User Group in GroningenThe Netherlands
September 19, 2001Washington D.C. Linux User Group(DCLUG)(National Institute of Health)Bethesda, Maryland
September 19, 2001New York Linux User's Group(NYLUG)(IBM Building)New York, NY
September 20, 2001St. Louis LUG(SLLUG)(St. Louis County Library, Indian Trails Branch)St. Louis, MO.
September 20, 2001Omaha Linux User Group(OLUG)Omaha, Nebraska
September 20, 2001South Mississippi LUG(SMLUG)(Barnes & Noble)Gulfport, Mississippi
September 20, 2001Linux Enthusiasts And Professionals of Central Florida(LEAP-CF)(DeVry Institute)Orlando, FL.
September 20, 2001New Orleans Linux Users' Group(NOLUG)(University of New Orleans (UNO) Mathematics Building)New Orleans, Louisiana

Additional events can be found in the LWN Event Calendar. Event submissions should be sent to lwn-lug@lwn.net in a plain text format.

Section Editor: Rebecca Sobol.


September 6, 2001

   

 

Software Announcements


Here are this week's Freshmeat software announcements. Freshmeat now offers the announcements sorted in two different ways:

The Alphabetical List and Sorted by license

 

Our software announcements are provided courtesy of FreshMeat

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Linux History page.

This week in Linux history


Six years ago: "bob@acc-corp.com," otherwise known as Bob Young at Red Hat's precursor company, announced the Linux events at New York's Unix Expo; included was a panel with Matt Welsh, Michael K. Johnson, Eric Troan, and Marc Ewing. (For those who are interested, "acc-corp.com" is now owned by American Concrete Cutting Corporation...)

Three years ago (September 10, 1998 LWN): industry journalists complained in a big way about being flamed by Linux zealots - a problem that still comes back to haunt the community at times.

Prediction of the week:

Linux will never go mainstream. But it will have a powerful influence nonetheless.
-- Jesse Berst, ZDNet.

Perhaps it depends on your definition of "mainstream"...

The development kernel was 2.1.121. A fair amount of controversy surrounded the addition of the QNX filesystem, since the kernel was alleged to be in a feature freeze at the time.

Oracle announced its first set of marketing partnerships, with Red Hat, VA Research (now VA Linux), Pacific HiTech (now TurboLinux) and S.u.S.E. (now SuSE).

Dell, it was revealed, had been selling Linux-installed systems to a few big customers for a year, despite its public denials that there was even interest in such systems.

Two years ago (September 9, 1999 LWN): Licensing problems turned up with some of the code distributed with Bind 8.2, a crucial piece of network infrastructure. In the end, all was worked out, but it showed the kind of difficulties that licensing conflicts can cause.

SCO distributed a brochure in northern Europe:

Linux at this moment can be considered more a play thing for IT students rather than a serious operating system in which to place the functioning, security and future of a business. Because Linux is basically a free-for-all it means that no individual person/company is accountable should anything go wrong, plus there is no way to predict which way Linux will evolve

They certainly failed to predict how things would evolve...

Quote of the week:

Any time you're sort of slacking off or saying you're thinking of taking a day off our president says, 'You know, I'll bet Bill Gates is working today.'
Marc Ewing on Red Hat's relaxed corporate culture.

Ah, the good old days:

Red Hat's stock continued its climb today, soaring by nearly 15 points to reach 122.8125 in mid-morning trading, making Red Hat founder and chief technical officer Marc Ewing and CEO Robert Young billionaires as well, at least on paper
-- News.com.

The latest, greatest NFS patches were withheld from the 2.2.12 (and later) stable kernel release, due to fears that they would destabilize things.

Caldera 2.3 was launched this week. MandrakeSoft announced the opening of its Chinese offices, in cooperation with a little-known (at the time) company called LinuxOne. That partnership did not last long. Red Hat, meanwhile, announced "Lorax", the beta version of its 6.1 release.

One year ago (September 7, 2000 LWN): Trolltech announced that Qt 2.2 would be released under the GPL and QPL giving developers a choice of license. This was a move that should have brought an end to more than two years of controversy centered around the Qt license. However some people are never satisfied. Richard Stallman felt that the legal status of KDE remained clouded.

Qt 2.2 provides the basis to solve this secondary problem, but a certain amount of cleaning up will be needed to fix it thoroughly. Misusing a GPL-covered program permanently forfeits the right to distribute the code at all. Such situations have occurred in KDE, and now they ought to be cleaned up.
-- Stallman on Qt, the GPL, KDE, and GNOME - LinuxToday.

A company called Digital Convergence came up with an interesting idea. They would give away a cheap barcode reader (called the ":CueCat") and some (Windows) software. People could plug the reader into their computer, then use it to read a special code printed with advertisements and such. Naturally Linux hackers starting creating drivers for the :CueCat -- something Digital Convergence didn't like. See, in the original software each use of the :CueCat would send in some personal information, along with the serial number of the device. Every code scanned would get tied together with your information, building a nice little profile. The Linux drivers circumvented that profile building. The FBM site put together this page documenting it all, from the first release of :CueCat to the demise of Digital Convergence.

The first public release of the TUX web server happened.

Perl 5.7.0 was released, as were Python 1.6 and Python 2.0 beta 1.

A company called "iRobot" announced a new product: the "iRobot-LE", a Linux-powered robot aimed at household use. It could be monitored and controlled from anywhere on the net via a web browser. It climbed stairs, and had sonar and infrared systems for avoiding obstacles. Suggested uses include monitoring the babysitter, home security, and so on. LWN editors met iRobot at COMDEX.

Section Editor: Rebecca Sobol.


September 6, 2001

LWN Linux Timelines
1998 In Review
1999 In Review
2000 In Review
2001 In Review

   

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.

September 6, 2001

   
From:	 Torsten Howard <torsten@inetw.net>
To:	 letters@lwn.net
Subject: SourceForge
Date:	 Thu, 30 Aug 2001 20:33:16 -0500

Dear Editor:

I read with some concern your subtopic, " VA Linux goes proprietary?"

It is a critical failure to concenctrate too much power in the
hands of a few.  Good systems are engineered without such a single
point of failure.  Politics has usurped power from dictators.  Microsoft
has bore the condemnation of the courts for abuse of its power.

And thus the saying, "Power corrupts.  Absolute power corrupts
absolutely."  Dr. Albert Einstein defined insanity as doing the same 
thing over and over, and expecting different results each time. 

At some point, I begin to wonder.  Exactly when do we learn from
the mistakes past?  From the politics of GPL radicals, one would 
take a look and realize there is a huge concentration of power in the
sourceforge website.  The same company owns two of the most visible
advocacy sights, Freshmeat and Slashdot.org.

In addition, sourceforge is abusing their power.  Let me explain.
When I download non-sourceforge GPL software and wish
to communicate to the author or mailing lists, I do so.

Sourceforge has hidden all communication to its projects behind
a "login."  It is the attempt to control communication, mailing lists,
and access to emails which is an abuse of power.  It is this very 
communication which is the lifeblood of open-source contributive 
projects.   Now we see the insanity of repetition, and failure to
change the way things are done.

We have not learned that concentrating power is a poor choice.

So what does this topic have to do with SourceForge.net adding
proprietary extensions?  Only that they have the power to do so - 
the power to undermine the ideas upon which they stand without 
falling over - because nobody is pushing.

And one final quote - "Power concedes nothing without demand."

Thank you for your time.

Sincerely,
Torsten Howard
   
From:	 Michael Carniello <mlcarn1@home.com>
To:	 <letters@lwn.net>
Subject: VA Linux
Date:	 Thu, 30 Aug 2001 21:18:32 -0500

To The Editor,

Your recent piece on VA Linux (8/30/2001) was interesting, as most of your
leading items are ... and it reflects a fact which you and most of this
community truly believe, yet with a strange duality, fail to recognize. And
that fact, reflected in a quote from your article, is this: "VA is ... just
finding a way to more readily sell its free software..."

Somebody may think of a clever of selling free stuff in the future, but it
hasn't worked in the past. I'm not saying that free software isn't good or
right, I'm saying that (right now, with current business models), it's
impossible to make money off that which can be had for free.

Mike Carniello
mlcarn1@home.com


   
From:	 "jacob navia" <jacob@jacob.remcomp.fr>
To:	 <letters@lwn.net>
Subject: Selling free software
Date:	 Sat, 1 Sep 2001 14:04:17 +0200

Dear Sir:
I would like to point you to this sentence in your magazine:

"According to Eric, VA is not changing its focus as an open source company in
any way, it's just finding a way to more readily sell its free software"

Excuse me but if it's free of charge it can't be sold, and if it is sold, int
can't be free of charge. I am sorry but I think logic should at least play a
part in this discussion. VA Linux is beginning to fail financially, because
there is no way around logic, no matter how many lengthy explanations you come
up with.

Yours sincerely

---
Jacob Navia Logiciels/informatique
41 rue Maurice Ravel
93430 Villetaneuse
France

   
From:	 Seth David Schoen <schoen@loyalty.org>
To:	 letters@lwn.net
Subject: LNX-BBC and LBT
Date:	 Wed, 29 Aug 2001 23:57:57 -0700

Thanks for the nice review of the LNX-BBC project!  We've also enjoyed
the reaction from people at LinuxWorld who came by to pick up copies.

Your article says that Linuxcare is no longer developing a bootable CD
project.  Although we thought that might be the case when we sent our CD
to press, it turns out that Linuxcare has done a new version of their
project, now called LBT (Linuxcare Bootable Toolbox).  They have been
giving these out at LinuxWorld; that means there are now two maintained
projects derived from the Linuxcare Bootable Business Card, their
project

http://lbt.linuxcare.com/

and our project

http://www.lnx-bbc.org/

-- 
Seth David Schoen <schoen@loyalty.org> | Its really terrible when FBI arrested
Temp.  http://www.loyalty.org/~schoen/ | hacker, who visited USA with peacefull
down:  http://www.loyalty.org/   (CAF) | mission -- to share his knowledge with
     http://www.freesklyarov.org/      | american nation.  (Ilya V. Vasilyev)
   
From:	 "Toni SOUEID" <djt2000@inco.com.lb>
To:	 <letters@lwn.net>
Subject: Fighting the DMCA and the Like.
Date:	 Thu, 30 Aug 2001 18:04:13 +0200

Dear reader,

It is with sorrow and anger that I read the news about Dmitry Slyarov's
case.  What a shame for all of us if researchers and developers will begin
to be threatened just for writing a good paper or publishing a good piece
of software.  Some of us think the DMCA is good (especially governments and
big corporations) and some think is it bad.  Those who think it is good are
enforcing it by every mean imaginable.

So what can we do, we who think the DMCA is bad ?  The answer is pretty
simple. Fighting fire with fire. Fighting law with law.  We all need to get
involved in Free/Open Source software and/or in Free/Open Content
documentation movements.  While donating money for such initiatives is fine
and necessary it is not enough.  Contributions should be made by writing,
using and reviewing such software and documentation.  People should be
educated about the GPL, the FDL, the OPL and other similar licenses. They
should also be encouraged to use such licenses.  Who will need to buy
copyrighted material protected by a restrictive license when Free
alternatives exist ?  If just everyone of use could write a little piece of
software or a little piece of documentation in one of his areas of
interest, and release it under Free/Open licenses we could build a huge
alternative library of software and documentation that could benefit all of
Humanity and at the same time protect it's rights.

I've decided to release all of my own written tutorials under the OPL and
all of my own written software under the GPL to help protest against what's
happening out there.  On another hand I've decided to erase every piece of
proprietary file formats from my website and replace them with standards
compliant ones.

Can you do the same ?

Toni SOUEID,
Beirut - LEBANON.



   
From:	 rjh@world.std.com
To:	 letters@lwn.net
Subject: Financial customers are not conservative
Date:	 Thu, 30 Aug 2001 15:30:55 -0400 (EDT)


The financial marketplace is "conservative" in their financial
attitudes, not their computer purchasing.  They have long been Unix
strongholds.  Sun workstations, Thinking Machine supers, and other
leading edge hardware has a long history of penetration of these
financial markets.  The IBM sale to SIAC is signficant for Linux, not
for the Unix family.  Several major stock market functions are Unix
based.  More than 10% of the world stock settlements traffic has gone
through SCO Unix based systems for several years.

So while the SIAC sale is important and worth publicizing, do not read
too much into it.

R Horn

   
From:	 Vulture <t.sippel-dau@ic.ac.uk>
To:	 letters@lwn.net
Subject: Terabyte disks and Linux kernels
Date:	 Mon, 03 Sep 2001 18:51:11 +0100

Hello,

some weeks ago I got my sweaty palms on one of the Barracuda-180 disks
and fitted it into a system. However, I see a problem lurking on the 
horizon: SCSI commands have a 32 bit block address in the command, and 
can be formatted for blocks of size of any power of 2 bits, up to 2**35. 
However, Linux systems (and many others) have so far used "sector" sizes 
of 4096 bit (512 bytes), and aggregated these into "blocks", typically
2, 8, or 16 sectors per block.

File systems and paging work in these block sizes, but at the device 
driver level it will go down to the smaller sectors again.

Now 4 billion blocks times 4000 bit gives 16 Tb or two Terabytes, and 
that is only 12 times as big is as currently available disks, and will 
probably be surpassed in 4 years or so. We could start making the 
sectors bigger, up to 32 kb (8 kilobytes) for 64 bit systems with an
8 kilobyte page size, but how many disks will take kindly to a format-unit
command specifying anything but 4096 bit blocks is anybodies guess.

Disk manufacturers could also start to subdivide their disks into up to
8 "logical units" for another 4 year's leeway or so. However, it might
be a good idea to start thinking now about that particular limit and
how to handle it in the kernel. A quick Google search yielded many articles
on "Terabytes", but I found none that discussed it as a problematic limit.

N.B. IDE drives have their next limit at 137 Gigabytes (according to 
http://support.microsoft.com/support/kb/articles/Q114/8/41.ASP), which
should become a problem in weeks rather than months. 

                                Thomas

*   Why not use metric units and get it right first time, every time ?
*
*   email: cmaae47 @ imperial.ac.uk
*   voice: +4420-7594-6912 (day)
*   fax:   +4420-7594-6958
*   snail: Thomas Sippel - Dau
*          Linux Services Manager
*          Customer Relations Group
*          Information and Communication Technology
*          Imperial College of Science, Technology and Medicine
*          Exhibition Road
*          Kensington SW7 2BX
*          Great Britain
   
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds