Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

In the light of those announcements, LWN (in the July 30, 1998 issue) worried about the future of the Linux community.

So what happens when Linux really explodes, as seems (to some) inevitable? Just how weird is it going to get? Will we look back with nostalgia to 1994, when nobody knew what we were talking about? Will we want our old Linux back? For now this is still our revolution, and we can maybe shape its future. Before long, that may no longer be true.

Two years later, it is perhaps worthwhile to evaluate the situation and see where things stand.

The Linux development community may never have been healthier. Once upon a time, it took years to get an X-enabled version of the emacs editor - one of the prominent free software projects of that era. Now projects like GNOME, KDE, Mozilla, and many, many others can aspire to build systems of far greater size and complexity. The free software development process is strong, and knows it.

But what about the community? Once the Linux development community was at the core of Linux. Now it is probable that a great many Linux users could not name more than one or two people who developed the software they are using. The old Linux community is simply not present for much of the system's user base.

This community may have been pushed to the side, but some time spent on the mailing lists or at events like the Ottawa Linux Symposium (see below) will show quickly that this community is as strong as ever. Its members have, to a great extent, left their university and "day job" positions for jobs with competing Linux companies, but the way they work together has been little changed by all that. The joy of hacking, the emphasis on producing the best code, and the enjoyment of working together all remain. When you're immersed in the development community, it's almost like the good old days - except that far more is going on.

The popularity and commercialization of Linux have raised many fears. Would the developers who built the system take offense at others profiting from their work and leave? Will commercial pressures tear the development community apart? Or maybe the developers will take off looking for the next cool thing, now that Linux is mainstream. All of those things could yet happen, but, thus far, they have not. Things look good for Linux development.

The Ottawa Linux Symposium was a good place to find the Linux development community. With a program dominated by Linux developers, lots of time set aside for people to talk, access to good beer, and no exhibit floor it was truly a hacker's event. Have a look at LWN's OLS coverage for reports and pictures from the event.

The Linux community needs events of this kind. It is this sort of gathering that lets Linux hackers concentrate on the code and each other without distractions. OLS sold out well before the event began; one presumes this means that the conference was successful financially. We're looking forward to the next one.

For a different sort of event, consider the LinuxWorld Conference and Expo, to be held in San Jose on August 14 to 17. It will be much that OLS was not: garish exhibits, rock bands, suits and ties, and lots of exhibit hall swag to haul home. An example of the style of this conference can be found in this press release, which raises the hype level to new highs:

In San Jose, California, a new space race has captured the hearts and minds of geeks and nerds the world over. Would-be exhibitors at the LinuxWorld Conference & Expo are at wits' end trying to stake a claim to even the tiniest square foot of carpeting, with varying degrees of success.

Somehow one must doubt the extent to which the "hearts and minds of geeks and nerds the world over" are really "captured" by the woes of frustrated LinuxWorld exhibitors. But then, it's a strange world. Of course, the PR also puts the first release of Linux in 1994, and claims that the LinuxWorld exhibit floor has sold out for four years in a row - despite the fact that the first one was in March of 1999...

Cheap shots aside, the LinuxWorld conference is also an important event, and LWN's editors not only plan to be there, but will be giving a talk and a tutorial as well. While OLS caters to Linux hackers, LinuxWorld reaches out to Linux users, current and future. It also gives an unparalleled view of the state of the business of Linux. This, too, is the Linux community, in a different form.

Some updates from the DVD front. The 2600 case (wherein 2600 Magazine is being sued by the MPAA in the form of Universal City Studios for having mirrored the DeCSS code) has concluded testimony in New York. Some of the final developments in the trial include:

• Testimony by 2600 editor Emmanuel Goldstein.

• Testimony by DeCSS author Jon Johansen. Among other things, he further drove home the point that his activities were oriented toward the development of a Linux DVD player.

• The appearance of LiViD project leader Matt Pavlovich, who demonstrated a working open source Linux DVD player.

• Final-day testimony from David Touretzky, who talked about the free speech implications of the DeCSS injunction. His point was that the restriction of source is equivalent to a restriction on speech, and would make it very hard for everybody who works with computers.

The judge responded very well to Mr. Touretzky's testimony, saying things like "I was hoping we were going to hear something like this through the whole trial." and "I think one thing probably has changed with respect to the constitutional analysis, and that is that subject to thinking about it some more, I really find what Professor Touretzky had to say today extremely persuasive and educational about computer code."

Much of the effort in the courtroom seems intended to demonstrate that the intent of those working on the DeCSS software was not to pirate movies. In this way, they hope to get around the provisions in the Digital Millennium Copyright Act against the possession of tools for the circumvention of copy protection mechanisms. DeCSS is, they say, not a circumvention tool; it's simply a way for people to make use of the DVDs they have purchased.

Thus, there are two rights being argued here. One is that of reverse engineering - we have the right to look at things we own and figure out how they work. We even have the right to make other things that work in the same way. The other is that code is speech, that there is no way to distinguish between the two. In the U.S., of course, equating code and speech is important, because protections on speech are (still, so far) relatively strong. If code is speech, then we are in our rights to post it.

If these rights are lost, free software is in deep trouble. The free software development process works well, but that buys little if it is illegal to develop code that does interesting things, or to distribute that code. The DVD case is about fundamental freedom; let us hope that it goes well.

(See also: This Salon article about Goldstein's testimony, this Newsbytes article about Johansen's appearance, and the EFF DVD case archive which contains, among other things, full transcripts of the testimony in the case.)

Inside this week's Linux Weekly News:

• Security: A Linux Distribution Security Report, Vulnerability reporting assistance is now available, Openhack is over.
• Kernel: Alan Cox drops 2.4; Making bricks from disks with Linux.
• Distributions: A brief two-year retrospective, lots of minor news items.
• Development: Mozilla, Gnome Office, zCommerce.
• Commerce: Ups and downs at Red Hat; IDC's server OS predictions.
• Back page: Linux links, this week in Linux history, and letters to the editor.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

News and Editorials

Linux Distribution Security Report. SecurityPortal's Kurt Seifried released his Linux Distribution Security Report this week. In it, he analyzes security information released from Red Hat, SuSE, TurboLinux and Caldera, including a look at the number of security reports for each release, the time between a vulnerability report and the release of a fix and a brief comparison of the overall efforts of each distribution.

Even though he initially decides to throw Slackware and Debian out of his calculations because of their "ridiculously slow release schedules", he later includes them in his conclusion and commentary -- an unfair treatment that, not unexpectedly, produced a response. Jeffrey Baker pointed out on Slashdot that Slackware releases just as often as Red Hat does. Joey Hess responded for Debian. He also pointed out that Debian's minor releases, which are put out just for the purpose of providing an easy mechanism for installing an already patched system, were not counted. It appears that Patrick Volkerding was correct in inflating the version number for Slackware from 4.0 to 7.0 to prevent the misapprehension that Slackware was any further "behind" other distributions.

Those problems aside, Kurt's analysis is still very useful and interesting. He ends with a detailed checklist of what a distribution ought to do to make it easier for its customers to stay secure. It is an excellent and useful list. Most of the items on it are one's that we'd like to see done for every distribution out there, not just the major distributions that normally issue security advisories. Here are a few of our favorite suggestions, paraphrased:

• Make a /security/ directory on your website (e.g., http://www.debian.org/security/), so that finding security information is easily done for every distribution.

• Have security mailing lists and use them. Spotty forwarding of your own advisories to your own security lists encourages people to ignore them.

• Monitor general Unix vulnerability reports and the updates from other distributions (this has been happening much more in the past year, but was very little done before that). We still put up some vulnerability reports on this page and then wait for updates, only to receive one or two or none for a problem we know affects some or all distributions.

• If a vulnerability has been reported and your distribution is not affected, send out an advisory to that effect and tell us why. That lets us know that the vulnerability is not being ignored.

• Issue a separate advisory for each vulnerability, rather than lumping multiple vulnerabilities/fixes into one page or advisory. This makes it easier for the multitude of security news systems (including this one) to compare distributions and determine which have or have not issued updates for a specific problem.

• Credit the source of the original vulnerability report, whether a specific author or vendor, and provide links to the original reports whenever possible. This is also important to help coordinate and determine exactly what problems are being fixed by a given update as well as to give credit to people who took the time to report the problem initially.

The management of the various distributions has started to recognize both the PR value and landmines inherent in the security field. Do the job well and you have an excuse to get your name out there constantly, reminding people of your distribution without paying for expensive press releases. Do the job poorly and you'll provide good fodder for a journalist looking for a reason to rant and rave. In the end, their ability to hire good people, treat them well and keep them, will determine the quality of their security services.

ACLU asks for FBI source code. Open source code entered the legal arena from a different avenue this week when the ACLU sent a Freedom of Information Act (FOIA) request to the FBI, asking for details on the "cybersnoop" programs, Carnivore, Omnivore and Etherpeek. The details they requested included the source code to the programs, something the FBI has denied previously on the basis of both security and the rights of the commercial software developers who produced parts of these programs.

To the ACLU's knowledge, the request for program source code is the first of its kind. But Steinhardt said that two federal appeals court rulings that computer code is a form of speech, no different from any other written document, support the ACLU's demand under the the Freedom of Information Act. The Act gives Americans broad rights to obtain written information held by the federal government.

Openhack results. The Openhack contest ended this week when the Openhack database was successfully cracked. The winner? "The crack was performed by none other than Spanish security consultant Lluis Mora, the same person who felled eWEEK Labs' previous security test site."

Three new vulnerabilities in MiniVend were found, along with a vulnerability in a Solaris add-on. Details are not being published until the vendors have an opportunity to provide fixes. The contest ended with a report on the Openhack hardening techniques used to secure their server. Note, though, that it is hardest to protect from simple errors; the latest hack was partially made possible when a simple step in the hardening process was accidentally skipped and a vendor default password was left unchanged. That gives a good example of why vendor software should not be shipped enabled with a default password.

Vulnerability Reporting Assistance. Due to recent record-levels of vulnerability reports, and the erratic quality of some of them, the folks at SecurityFocus are now offering vulnerability reporting assistance. Free of charge, and, they promise, no-strings-attached, they'll offer assistance in preparing advisories, finding vendors to contact prior to posting and more. "This is not a pay service in any way shape or form. It's actually being performed by the staff here outside of our regular work and on a volunteer basis."

An improvement in the quality of advisories and better coordination with vendors should be helpful to everyone who believes in responsible, full disclosure reporting of security problems.

GSA Rethinks FIDNet solution (FCW.com). The government will reissue their RFP for a Federal Intrusion Detection Network (FIDNet), according to this article. The new RFP will be restricted to systems staffed and monitored by the vendor. We certainly hope one or more of our open-source-community security vendors takes a crack at this offering ...

Another brick in the wall (IBM developerWorks). Subtitled "Fighting a losing battle on the front lines of security", this IBM developerWorks article addresses the basic need to build security into a network from the ground up. "It's a given that your network/security administrators are fighting a losing battle. They probably don't have the time, training, or resources to adequately secure your corporate network. I know this, because I spent the last five years being that outside consultant, working on networks like your own. For administrators, the hardest part of all this, usually, is getting management to allot you the time and resources to develop a plan. "

For your amusement. Segfault.org has issued RFC 31337, the initial draft of a new standard. "Unified Backdoor Protocol Specification. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited."

Mail server filters. Because Linux or *BSD is frequently used for mail servers at sites containing desktop systems running other operating systems that are vulnerable to a variety of e-mail based attacks, it is not uncommon to see a virus alert followed by suggestions for improved mail filters for the mail server to filter out such attacks. The following filters were posted to BugTraq in response to one of the most recent Outlook-based attacks:

• Sendmail filter
• Postfix filter

Security Reports

Netscape JPEG COM marker processing vulnerability. Netscape 4.73 and earlier and Mozilla M15 and earlier can be, under limited circumstances, used to execute arbitrary assembly code due to the manner in which they process JPEG COM markers. Solar Designer's detailed announcement of this vulnerability provides a wealth of evidence and detailed information. In the meantime, an immediate upgrade to Netscape 4.74 or Mozilla M16 is highly recommended. Distribution updates for Netscape 4.74 are likely to start rolling in very soon.

Red Hat security update to PAM. Red Hat has put out a security update to PAM fixing a problem in that module. If you are running a display manager and XDMCP has been enabled, unprivileged users can fake a console login and shut down the machine.

Multiple gpm vulnerabilities. New problems with gpm have been reported, including the ability for a local user to execute arbitrary commands with elevated group privileges and a local denial-of-service attack. Check BugTraq ID1512 for more details.

This week's updates:

• Caldera

Roxen Webserver. The Roxen webserver is a GPL'd webserver that is shipped with Debian, SuSE, Linux-Mandrake and FreeBSD. On July 21st, a report to BugTraq indicated that Roxen 2.0.46 contained a couple of vulnerabilities that could allow information such as the site administrator's encrypted password to be obtained. Subsequent tests confirmed the problems. An official advisory has also been released, recommending an upgrade to Roxen 2.0.69 (or 1.3.122) to fix these problems.

Cgi-bin/Servlet vulnerabilities.

• Snoop Servlet
• Tomcat 3.1 path revealing vulnerability
• Jakarta-tomcat information exposure vulnerability (could allow files under / to be read)
• IBM WebSphere servlet server, allows read access to all files within the web document root

Updates

NFS/rpc.statd . Check last week's Security Summary for more details.

• Debian (2.1 not vulnerable) (July 20th)
• Conectiva (July 20th)
• Linux-Mandrake (July 20th)
• Caldera (rpc.statd not shipped with OpenLinux) (July 20th)
• Trustix (July 20th)
• Red Hat (July 20th, updated this week)

dhcp. A second set of problems with the ISC dhcp client was reported in last week's Security Summary. New updates to dhcp-3.0b1pl17 (instead of pl12) are now coming out.

• ISC
• Linux-Mandrake

inn verifycancels vulnerability. Check the July 13th Security Summary for details. ISC released inn 2.2.3 this week, with an official fix.

• Conectiva (June 8th)
• Caldera (June 8th)
• Linux-Mandrake (July 13th, updated this week)

wu-ftpd. Check the June 15th Security Summary for more details. wu-ftpd 2.6.1 contains fixes for this problem.

• WU-FTPD source code patch (June 29th)
• Debian (June 29th)
• Caldera (June 29th)
• Connectiva (June 29th)
• Red Hat (June 29th)
• SuSE (June 29th)
• Slackware (June 29th)
• Linux-Mandrake (July 6th)
• NetBSD (July 13th)
• TurboLinux

openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.

This week's updates:

• Conectiva (June 1st, updated this week)

• Red Hat (April 27th)
• Linux-Mandrake (April 27th)
• Caldera (May 11th)
• Yellow Dog (May 11th)
• Independence (May 11th)
• TurboLinux (May 25th)
• Debian (June 1st)

Resources

New open source tools released by Razor. Just in time for the Black Hat conference, Bindview's RAZOR team announces the release of two new software tools, VLAD the scanner and Despoof, a spoofed-packet checker. A brief review of the license under which the tools are released reveals a probably-Open-Source license, at least in this editor's opinion.

LinuxSecurity.com weekly newsletter. For those of you who still haven't gotten enough, here is LinuxSecurity.com's weekly security newsletter.

Events

Call for Papers: Computer Security 2000 and International Computer Security Day. The Call For Papers for both Computer Security 2000 and International Computer Security Day (DISC 2000) has been released. Submissions are due by September 22nd, 2000. The two events will be held together from November 26th to December 1st, 2000, in Mexico City, Mexico. Computer Security 2000 is an annual ACM (Association For Computing Machinery) event.

July/August security events.

Date	Event	Location
July 26-27, 2000.	The Black Hat Briefings	Las Vegas, Nevada, USA.
July 28-30, 2000.	DEF CON VIII	Las Vegas, Nevada, USA.
August 14-17, 2000.	9th Usenix Security Symposium	Denver, Colorado, USA.
August 14-18, 2000.	Ne2000 (Networking 2000)	Lunteren, The Netherlands
August 18-20, 2000.	Hack Forum 2000	Ukraine
August 20-24, 2000.	Crypto 2000	Santa Barbara, California, USA
Aug 22-23, 2000.	WebSec 2000	San Francisco, California, USA

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

Secure Linux Projects
Bastille Linux
Immunix
Khaos Linux
Nexus
Secure Linux
Secure Linux (Flask)
Trustix

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara MNU/Linux Advisories LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
Linux Security Audit Project
LinuxSecurity.com
OpenSSH
OpenSEC
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.16. No new 2.2.17 prepatches have come out in the last week - Alan was too busy drinking beer in Ottawa.

Alan Cox is pulling out of 2.4 work, at least for now. He apparently just does not have the time to put into it. He made that clear with his posting of the latest 2.4 status page - "Dont mail me updates, find someone else to maintain it."

This is a problem. Alan has been a crucial part of the release process for a long time. Somehow he has managed to keep on top of the vast majority of the issues out there. His ability to track problems and to understand what is really important is perhaps unparalleled. His absence is guaranteed to make it harder to put out a stable 2.4 in a short time period.

Linus has recognized this problem in his call for a new status list maintainer.

In short: it's important. And it's something that Alan did for both 2.0 and 2.2. Nobody can quite live up to "being Alan", but hey, if you don't like long beards you may be just as heppy knowing that.

Thankfully, a candidate has actually been crazy enough to step forward and volunteer for this job - it's Ted Ts'o. Ted is an accomplished kernel hacker, but he also has a balanced and calm approach to issues and commands a good deal of respect. This issue was still developing as this page was written, and it was not yet clear that Ted would end up performing this function. But it looks like a good resolution to the problem.

Turning disks to bricks with Linux. Andre Hedrick is the maintainer of the Linux IDE/ATA subsystem; as such, he works with a piece of code that is critical to the vast majority of Linux users. He also sits on the ATA standards committee, and understands well the ups and downs of how the protocol works.

He recently discovered a significant "down." It seems that there are certain ATA commands that can be sent to a drive which will cause it to destroy itself. Andre posted a thing he called disk-destroyer.c which will use an IDE command to trash the partition table on a disk, thus rendering all data inaccessible. Apparently, however, there are other variants possible which will cause the drive to wipe out its firmware, thus turning it into a true brick.

Now, a Linux system is not normally programmed to do such things. But a malicious user program using the ioctl system call is able to bring about this sort of result. Andre saw this as a serious problem, and responded with a major patch to the IDE subsystem; essentially he put in a protocol verification layer which filters out everything that doesn't look like a proper command.

The response to the patch was largely negative. Quite a few objections were raised, including:

• Sometime soon, one hopes, the 2.4.0 kernel will be released. Now is not the time to destabilize things with a major rewrite of a crucial kernel subsystem.

• Since only root can execute the offending code, there is not a security problem here. The disk destruction code can only be run if the system is already compromised - and a root user has many other ways of destroying data. Filtering dangerous commands in the IDE driver does not even really prevent them from being issued. A truly malicious user can load a new driver, or even shove commands out the ports directly from user space.

• The root account should be able to do anything - including destroy hardware. Putting restrictions on what root can do is a step toward the "dumbing down" of Linux.

Let's take a hypothetial example (you judge on just _how_ hypothetical it actually is): imagine that you have a drive that can be made to refuse to read certain removable media based on where the drive was purchased. Imagine that this was actually done in firmware, and that there was a way of overriding it. Imagine further that you moved, and you wanted to make the drive read certain removable media in the new location, using undocumented commands..

Should the kernel block those commands because it doesn't know what they do?

Given that the example is in no way hypothetical, this is a point that should be kept in mind.

Andre did not, shall we say, take this rejection well. The exchange was long and heated, and is not worth reproducing here. While it is a stretch to say that a consensus was reached, most people seem to have concluded that the drive manufacturers have erred by implementing destructive commands with no sort of protection (a physical jumper, cryptographic verification or both). Andre has now sent a proposed standard change to address the issue. The problem is now back in the court of the drive manufacturers.

But then, according to Andre's alleged final post on the issue the standards committee is not particularly concerned by the problem. It may take a "disk2brick" virus to get their attention.

A new Linux NFS FAQ is up on nfs.sourceforge.net. It covers a number of issues regarding the current status of Linux NFS. Ironically, it was unavailable for a while due to, well, NFS problems on SourceForge...

Other patches and updates released this week include:

• Modutils 2.3.13 was released by Keith Owens.

• The Linux Kernel Source Reference has been announced by Thomas Graichen. It is an interface to a CVS server containing the kernel source, and can be used to look at the code and investigate changes between releases.

• Bartlomiej Zolnierkiewicz has released IDE-Info 0.0.4.

• Robert de Vries has posted a new version of his POSIX timer patch.

• CML2 0.7.4, the new kernel configuration and build system, was released by Eric Raymond.

• Ulrich Windl has updated his PPSkit (nanosecond timers) patch.

• Mike Phillips has released a driver for the 3Com 3C359 Token Ring PCI Velocity XL adapter.

• Claus-Justus Heine, who claimed he was done with FTape patches, has released ftape 4.04. It was quickly followed by ftape 4.04a, which fixes a problem that turned up.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Distributions

News and Editorials

In retrospect. Exactly two years ago, two new distributions were turned loose. One was "maXimum CDE/OS" put out by Xi Graphics - it integrated the AccelleratedX server and Motif/CDE, was aimed at corporate clients, and was expensive. The other announcement was for a thing called Linux-Mandrake - then a version of Red Hat 5.1 with KDE integrated. Two years later, one of those distributions is doing rather better than the other...

Debian 2.0 was also released. The Debian Project also made a last minute decision to include KDE in the release and worry about the license problems later.

Finally, SuSE 5.3 also was released this week two years ago, as was LinuxPPC release 4.

Caldera OpenLinux

Caldera Ships developer preview version. Caldera Systems, once thought of as being one of the more conservative distributors with regard to new software, has announced the availability of a "2.4 technology developer release preview" distribution. This version includes a 2.4.0-test kernel, a Java beta, a KDE 2.0 snapshot, and so on. Don't use this one on your production systems...

Conectiva

Article on Connectiva Linux 5.0 (in Spanish). Planetalinux has run this article (in Spanish) on Connectiva Linux version 5.0. English text is available via Babelfish. (Thanks to Arnaldo Carvalho de Melo).

Debian

Debian Weekly News. This week's Debian Weekly News reports that Test Cycle 3 is underway. It will end on or around August 9th. Confidence is running high that they'll be able to announce Debian 2.2 at LinuxWorld.

Debian 2.2 will also have a special dedication, to developer Joel 'Espy' Klecker, who died unexpectedly at age 21. "Almost 200 Debian developers have signed the dedication. We'll miss you Joel."

They also report that Progeny, Ian Murdock's Debian-based company, is hiring Debian developers and giving them an opportunity to work on Debian full-time. "A quick look at their staff page turns up some familiar names, including John Goerzen and Branden Robinson. Debian Weekly News has learned that other developers may be joining them soon.."

Kondara MNU/Linux

NetLOCK Technologies partners with Kondara. NetLOCK Technologies has announced a partnership with Digital Factory, the people beyond the Japanese Kondara MNU/Linux distribution. NetLOCK's security software will be integrated into future Kondara releases.

DemoLinux

DemoLinux 1.0 was based on Linux-Mandrake. The new version, 2.0, is based on Debian instead. If you try it out, like it and want to install it on your harddriver, they've now made that possible with a

Linux-Mandrake

LinuxPPC

Max OS

SuSE

XFree86 support for IBM Netfinity servers enhanced by SuSE. SuSE proudly reported enhanced XFree86 support for the IBM Netfinity server line as the result of the work of SuSE developer Harald Koenig. "'This is just another component of the very successful cooperation between SuSE and IBM', said Dirk Hohndel, CTO of SuSE Linux AG. 'We view full Linux support for all the hardware platforms that IBM has to offer as an important part of our strategy, and IBM has been very active in working with SuSE to achieve this goal. This cooperation spans from driver development for XFree86 to the recently announced version of SuSE Linux for the IBM S/390.'"

ErsterTest: SuSE Linux 6.4 PowerPC Edition (MacUp). MacUp reviews (in German) the PowerPC version of SuSE 6.4. They liked it. English text is available via Babelfish.

TurboLinux

TurboLinux launches Alpha version. TurboLinux has announced the availability of a version of its distribution for the Alpha processor.

TurboLinux's TurboCluster server powers Bikestore.com. TurboLinux has announced that BikeStore.com ("the bicycle portal super-site") is running off a TurboCluster server system.

Yellow Dog

Yellow Dog Linux Gone Home beta release. The beta released of Yellow Dog Linux Gone Home, a version of Yellow Dog Linux specifically for home users, was announced at MacWorld this week. "'Written from the ground up almost entirely in [the programming language] Python, our installer features auto-probing of the keyboard, mouse, CD, and hard drives, and contains a new partitioner. I have been demo'ng on an iBook ... the feedback is already helpful and the enthusiasm is amazing. There is a lot of interest in Linux at this show,' states Charles Stevenson, Software Engineer for Terra Soft Solutions."

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

News and Editorials

Is Mozilla a success or a failure?

It seems obvious that the Mozilla crew bit off far more than they could chew, but I think a deeper problem is that the development team reached too far. They are trying to re-invent an entire *platform* when all most people want is a good browser that doesn't crash.

On the other hand, another osOpinion piece comes to the defense of Mozilla:

Critics complain that the browser is not in release form yet, but want it to be released now. Let the project run its course, let it become the best browser on the market, then it will be released. When it is done, and not before.

What is the real story? The Mozilla project marked the first time that such a large software product was moved from a closed-source to an open-source model. It is not suprising that a few mistakes and some important lessons were learned in the process.

People are concerned that the Mozilla project is running late on delivering a reliable browser. Other complaints are that the project is producing bloatware, not sleekware. The priorities for an open source development are more geared towards producing something that works over shipping on a deadline. Combining that with a large and complex collection of programs almost guarantees a long development period.

Mozilla is trying to replace other bloated browsers; perhaps that's just asking for the same problems instead of coming up with a better way. There are complaints about the reorganization of Mozilla into components, but that may, in fact, be the one change that causes the project to produce some useful code. If the component tools that make up Mozilla prove to be easily split off into other successful projects, such as the Galeon browser, then one could say that the project has been worthwhile.

Browsers

Mozilla Status Report for July 21. The July 21 Mozilla Status Report is out. Work continues on the repair of numerous bugs.

Mozilla Party Europe. A Mozilla Party Europe is being organized, time and location are to be determined.

Databases

Borland releases InterBase 6.0 source code. Borland has announced its release of the InterBase 6.0 database source code. "InterBase 6.0 has been released under a variant on the Mozilla Public License (MPL) V1.1. Developers using InterBase under this license can modify the code or develop applications without being required to open source them. The open source license applies to all platforms."

Embedded Linux

RTAI 24.1.0 adds PPC and 2.4 kernel support (Linux Devices). The Real Time Application Interface (RTAI) development team has announced a new beta release of RTAI. Version 24.1.0 of the RTAI development platform has support for the Linux kernel version 2.4 and adds Power PC support. RTAI is licensed under the LGPL.

Looking at Microwindows (All Linux Devices). Michael Hall of All Linux Devices has written this article on the Microwindows window system and the FreePad wireless web pad. "If you're curious about the building blocks of an embedded Linux device, or just want a peek at how one works underneath the friendly interface, Microwindows is as good a place to start as any."

Interoperability

Wine Weekly News for July 24, 2000. This week's Wine Weekly News is out. The Winsock implementation, CD-ROM label information, link files, and registry implementation are discussed.

Introduction to Samba, Part 3 (IBM). Daniel Robbins has written the third article of the series on an introduction to Samba. This article wraps up the series by discussing the configuration of Samba for sharing directories and printers. For those who haven't seen them, here are the first and second articles in the series.

Network Management

OpenNMS Update Vol 1 Issue 18. The latest OpenNMS Update has been published. News includes a new web site, a recap of the O'Reilly Open Source Conference, JSDT, the Event Subsystem, and capsd.

Office Applications

AbiWord Weekly News (Jul 20). This week's AbiWord Weekly News is now available. Smart quote support won the patch award this week, but the addition of automatic backup on crashes under Unix may win more fans ...

GNOME Office, how far along are we? (Linux Orbit). Linux Orbit's John Gowin compares the Gnome Office tools to Microsoft's desktop applications in this article. "To compare Microsoft Word to Abiword is a little like comparing David to Goliath in a pre-fight analysis. Sure, you have to pick Goliath, he's just so big. Which really is a good analogy. Word has become a monster on the the Windows platform. The proverbial 400 lb gorilla. But like some people, I'm not always fond of the "bigger is better" philosophy."

Eazel does it (Salon.com). Salon.com's Andrew Leonard has reviewed Eazel's Nautilus file manager. "Nautilus, which runs on top of the GNOME GUI and eventually will be part of the default Red Hat Linux distribution, is the first piece of software I've seen that has a credible chance of luring in the masses of computer users who might be interested in Linux but don't have the time to hack text files from a command line any time they want to get some serious work done."

July LyX development news. The LyX Development News for July is out. It covers the beginning of the GTK-- port, and many other topics.

Gphoto's Scott Fritzinger (Linux.com). Linux.com has interviewed Scott Fritzinger, founder of the gPhoto digital camera download software project. The interview touches on Gphoto development, USB ports, and reverse engineering digital camera serial data streams.

On the Desktop

Gnome summary for May 30 - July 21, 2000. The latest Gnome summary is out after a long absence; news includes: StarOffice joining Gnome, an Evolution preview release, and an Inti preview release.

KDE News. The latest news for KDE includes support for GTK themes, and a feature freeze for the upcoming KDE 1.9.2 release. There is also a pre-2.0 KDE progress report. It gives a good overview of where things stand, and has a lot of nice pictures showing the slick things that will be available in the 2.0 release. Worth a look.

Science

Medical Projects at O'Reilly Open Source Convention (Linux Med News). Linux Med News has published this feature article on the medical projects that were discussed at the recent O'Reilly Open Source convention. Clinic related database software and security of patient data are discussed.

Web-site Development

zCommerce first public release. The first public release of zCommerce - a shopping cart and order processing engine for Zope, has been announced.

Border Aware Images 0.4 released for Zope 2.2.0. A new version of the Zope add-on known as "Border Aware Images" is now available. This replaces the Zope built-in-image object.

Section Editor: Forrest Cook

Project Links
Gnome
High Availability
ht://Dig
KDE
MagicPoint
Midgard
Mozilla
YAMS
Wine
Worldforge
Zope

More Information
AppWatch
Freshmeat
LinuxDev

Development tools

C/C++

Red Hat GPLs Source-Navigator IDE (Linux Devices). Red Hat, Inc announced the the release of Source Navigator under the GPL license. "Source-Navigator, along with Insight, the graphical debugger based on gdb, and gcc, the Open Source compiler, forms a fully functional graphical integrated development environment that is used by developers to edit their source code and compile, link, and debug their applications."

Perl

White Camel 2000 Recipients. The Perl mongers White Camel Awards were announced at the recent Perl conference. Congratulations go to Chris Nandor (Perl advocacy), Elaine Ashton (user groups) , and Nat Torkington (community).

yapc::Europe registration. There will be a Yet Another Perl Conference::Europe happening from September 22 through 24, 2000 at the Institute for Contemporary Arts in London, England. Registration is now open.

Python

Python-dev newsletter. Here is the first Python-dev newsletter by Andrew Kuchling. Python-dev is a hacker-oriented, detailed summary of Python development activity; if all goes well, Andrew will start writing them every two weeks.

Python-URL for July 16. Here is Dr. Dobb's Python-URL for July 26; as always, check it out for the latest in python development news.

Pikipiki cooperative web authorizing system. Pikipiki is a cooperative web authoring tool that is written in Python. Pikipiki is licensed under the GPL license.

Essential Resources for the Python Professional(InformIT). Inform IT's Boudewijn Rempt has written an article on Essential Resources for the Python Professional. The article includes an extensive list of links to all things Python related and gives an overview of the langage. Python hackers should find lots of useful pointers here. Note that the previous/next page buttons in this article are somewhat finicky, but they can be made to work.

Python Enhancement Proposals. The first set of Python PEP's are out, this is a new system that formalizes the process of development on the Python language.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

IDC predictions on server operating systems. IDC has issued this press release with its latest pronouncements on the server OS market. Shipments are expected to increase, but revenues will not follow suit. " Linux revenues will also grow faster than the rest of the market, increasing at a CAGR of over 23%. However, even with this high growth, Linux server operating environment revenues will barely exceed $85 million in 2004, and total Linux server shipments will remain second to Microsoft's Windows Server product family."

Ups and downs for Red Hat. Red Hat has put out a press release proclaiming the results of two recent surveys. The latest Netcraft web server survey shows that 72% of the Linux servers out there are running Red Hat, and a Sky Events survey of "Chinese IT professionals" shows that 56% of them call Red Hat the best distribution out there.

Also this week: Red Hat has released the source code for its Source-Navigator integrated development environment. "In addition to being a powerful tool used by developers to compile, edit and debug source code for their applications, Source-Navigator has many browsing capabilities that enable developers to do things like display class hierarchies and cross-reference relationships."

Red Hat might be riding a bit higher on all that news if it weren't for a couple of other things that have come along. For starters, Novell plans to sell 100,000 shares of Red Hat stock. The shares have an estimated value of $2.4 million. Every such sale can be expected to make another little dent in Red Hat's stock price.

The harder news, though, is the resignation of the company's chief financial officer, Harold Covert. Mr. Covert is moving on to a new job as CFO at SGI after less than five months in this position at Red Hat (his appointment as CFO was announced on March 6). It hasn't been all that long since the company lost its chief marketing officer; getting the high-level people to stick around is proving hard for Red Hat. (See also: Red Hat's announcement of Mr. Covert's resignation).

Go.com Open Sources web development tools. Go.com has released several of their development tools under an Open Source license, similar to the Apache license. Some reports (including Slashdot) have implied that the Go.com search engine has been Open Sourced. This is not correct. The tools now available include the Tea template language, TeaServlet template engine, Kettle IDE and the Trove library (which has been Open Source for a while).

The tools are Java-oriented and some, like the Kettle IDE, currently run only under Windows. This announcement is likely to primarily be of interest to web developers on very large sites who are dealing with the issue of getting up timely content while dealing with a large pool of technical and non-technical staff. One person on Slashdot commented that the documentation alone was worthwhile, because of the information and suggestions it provides for such large sites.

Why Open Source? These tools are part of a larger commercial package, so Open Sourcing the entry-level tools can bring in potential commercial customers. The technology is over three years old, so the benefit of holding onto it is minimal. Of course, the desire to pick up some extra, low-cost publicity ...

InterBase source now available. Inprise/Borland has announced that the source for InterBase 6.0 is now, finally, available for download. The code is covered under "a variant of the MPL." Head over to the InterBase web site to grab your copy.

European Commission call for proposals. This page on Bernard Lang's site describes a call for proposals from the European Commission's Information Society Technologies program; it is looking to fund projects in the area of "distributed development of software and systems." The IST program is already known to be friendly to free software, and the topic obviously fits well with free software development methods. It may be a good opportunity for funding for some enterprising European free software businesses.

The page also describes another call that will go out in September addressing the initiation of free software projects.

Big Blue Signs Billion Dollar Deal With German Firm. IBM has struck a deal with the German technology group Metall Gesellschaft (mg) Technologies. IBM will service the internetworking needs of MG Technologies across Europe. The European program involves IBM opening seven Linux development centers in Europe, as well as working with many third-party Linux companies to establish the firm as a major Linux vendor. IBM said it has employed the services of around 600 specialized Linux experts to assist it in the task. Also see this related article from cnet News.com.

ELC welcomes EMBLIX initiative. The Embedded Linux Consortium has issued an official welcome to EMBLIX, the new Japanese consortium for embedded Linux vendors. "EMBLIX's 24 members at launch and the ELC's 91 members send a powerful message to the global embedded computing community, demonstrating the unquestionable momentum and the long-term viability of the Linux operating system for embedded applications."

Also hinted in the welcome was the ELC's preference that EMBLIX actually become part of the ELC; meanwhile, they recognized EMBLIX as their "sister organization" and EMBLIX promised "cooperation" with the ELC. (Check the Distributions Page for the EMBLIX announcement).

Zero Knowledge releases Freedom source. Zero Knowledge Systems has announced the release of the source for its "Freedom" kernel interface. This interface allows for the interception of data flowing into or out of a system, thus allowing the application of encryption or other privacy-enhancing techniques.

Collab.Net sets up jobs site for the Oracle Technology Network. Collab.Net is moving away from just handling software development activies; it has now announced that it is adding a jobs section to the Oracle Technology Network. The source isn't entirely absent, though - there will also be an "examples" area for Oracle-based systems.

O'Reilly Convention Surmounts Expectations (O'Reilly). Carmel Noah from O'Reilly has sent this summary of the just-finished O'Reilly Open Source Convention and Perl Conference. ""What was unique about this conference is that we bring together a wide spectrum of those in the open source community, and as a result unexpected, fortuitous opportunities for new developments seem to happen." It was all about "people meeting, disputing, poring over problems together," noted CEO Tim O'Reilly."

'Building Linux Clusters' from O'Reilly. O'Reilly and Associates has announced the publication of Building Linux Clusters by David HM Spector.

Flatland announces the open source release of 3DML. Flatland has announced the release of its "3DML" 3D web publishing platform under the "Flatland Public License," a variant of the Mozilla license.

Axis Communications releases embedded Linux developer board. Axis Communications has announced the release of the "Axis Developer Board." This board contains the Axis ETRAX 100 processor and an embedded version of Linux.

Press Releases:

Open Source Products.
Unless specified, license is unverified.

• Inprise/Borland (Scotts Valley, CA): InterBase 6.0 source available for download.

• SuSE (Oakland, CA): partnership with Lutris to include Enhydra in 7.0 release.

Commercial Products for Linux.

• Alias/WaveFront (Toronto, ON): will port the Maya 3D software product line to Linux. (Alias/WaveFront is owned by SGI).

• Documentum (Pleasanton, CA): Linux support in Site Delivery Services.

• Engineering Animation, Inc. (Ames, IA): availability of WorldToolKit for Linux.

• Hewlett-Packard Company (New Orleans, LA): Linux support for HP VISUALIZE fx5 and fx10 graphics accellerators.

• Integratus, Inc. (San Jose, CA): Ultra High Availability extension for EMC.

• Macromedia (New York, NY): Macromedia Flash 5 player.

• SigmaTel Inc. (Austin TX): release of "Red Hat certifiable" Linux host audio driver.

• Softimage Co (Montreal): availability of "Toonz 4.4" animation software for Linux.

• Virtio Corp. (Campbell, CA): virtual prototyping platform. "The speed of the Virtio solution was such that the development team was able to boot embedded Linux in less than three minutes."

• WAVO Corporation (Phoenix, AZ): MediaXpress Website content delivery service will support Linux and Solaris.

• Xcel Management, Inc (Tacoma, WA), availability of the "InterLynQ" internet appliance server for Linux.

Products Using Linux.

• Microtest, Inc. (Phoenix, AZ): availability of LinuxZerver application hosting server.

• Zcel Management, Inc. (Tacoma, WA): availability of IdesQ internet appliance.

Products with Linux Versions.

• Check Point Software Technologies Ltd. (Redwood City, CA): availability of Check Point 2000 service pack 2.

• Kaydara Inc. (Montreal, Quebec): FiLMBOX v2.7 will include Macromedia Flash support.

• NetDIVE (San Francisco, CA): release of WeMessage 5.0.

• Novell, Inc. (San Diego, CA): Single Sign-on Bundle and NDS Authentication Services 3.0.

• RioPort, Inc. (San Jose, CA): Media Device Manager 2.0.

• Smart Link Ltd. (Watertown, MA): its SmartRISER56 are Linux compatible.

• Smith Micro Software, Inc. (Aliso Viejo, CA): got a favorable review from InfoWorld for its WebCatalog product.

Training.

• Saba (Redwood Shores, CA), licensed Saba Learning to Red Hat for its global education services.

Partnerships.

• Computone Corporation (Atlanta, GA): distribution agreement with Wyle Systems.

• EdgeMail Technologies (Bakersfield, CA): partnership with myCIO.com to incorporate virus scanning software into Linux and Solaris servers.

• First Source Distribution, Ltd. and Enhanced Software Technologies, Inc. (Phoenix, AZ): agreement for First Source to distribute BRU.

• LinuxWizardry Systems, Inc. (Vancouver, BC): SOVO Computer Center to sell Apprentice family of Linux-based routers.

• LynuxWorks Inc. (San Jose, CA): ZNYX Networks is porting NetBlaster drivers to BlueCat Linux.

• Sangoma, Inc. (Toronto, ON): partnership with NSTEK, Inc. in Seoul to incorporate PC router cards into WAN server appliances.

• SGI and Intergraph (Mountain View, CA and Huntsville, AL), strategic alliance.

• SuSE Linux AG (Nuremberg, Germany): expansion of its business partner program to specifically target resellers and ISVs.

• SuSE Linux AG (Oakland, CA): partnership with Dynalink Telecom to provide hosting for SuSE-managed colocation clients.

• XStream Logic (Los Gatos, CA): development partnership with MontaVista Software.

Investments and Acquisitions.

• First Security Van Kasper (San Francisco, CA): initiating coverage of Caldera Systems with "hold" rating.

• Pick systems (Irvine, CA): acquisition of Just Educational Services.

• WR Hambrecht: Red Hat downgraded to "market neutral" after resignation of CFO.

Financial Results.

• Computer Associates (Islandia, NY): first quarter results. A "difficult quarter."

• eSoft, Inc. (Broomfield, CO): second quarter results.

• IDG Books Worldwide, Inc. (Foster City, CA): third quarter results. Revenues up 33%.

• Inprise/Borland (Scotts Valley, CA): second quarter results. Also this one on its annual meeting.

• PCTEL Inc. (Milpitas, CA): second quarter results. "...another quarter of record revenues and net income..."

• Perle Systems (Toronto, ON): fourth quarter results. An "inflection point" for the company.

• Rave Computer Association, Inc. (Sterling Heights, MI): second quarter results. "...record increase in sales revenue..."

• sangoma.com Inc (Toronto, ON): fourth quarter results.

• SCO (Santa Cruz, CA): third quarter results. "We are disappointed that revenues in our channel continue to be depressed from our pre-Y2K levels. Additionally, a number of large customer deals did not close as expected and were delayed past the end of the quarter."

• SGI (Mountain View, CA): fourth quarter results. Revenues down 36% from previous year.

• Splash Technology (Sunnyvale, CA): second quarter results. They brought in $22.4 million, earning $0.14 per share. Splash sells Linux-based printer servers.

Personnel.

• Extended Systems (Boise, ID): addition of John Katsaros to board.

• IBM (Armonk, NY): Samuel J. Palmisano named as president and COO; John M. Thompson as vice chairman.

• Moonlight Systems Inc. (San Francisco, CA): appointment of Eric Winner as VP of engineering.

• Sendmail, Inc. (Emeryville, CA): appointment of David Anderson as president and CEO.

• TimeSys Corp. (Pittsburgh, PA): appointment of William Grab as VP of finance.

Other.

• GraphOn Corp (Morgan Hill, CA): selected for "The Trends Report 2000".

• Graphicsland (Tinley Park, IL): output services for StarOffice users.

• Macmillan (Indianapolis, IN): "owns the retail market" with Linux-Mandrake.

• r3vis Corporation (Novato, CA): receipt of SBIR grant for enhancements to OpenRM Scene Graph graphics and visualization software.

• SecurityFocus.com (San Mateo, CA): addition of virus section to its site.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the News

Recommended Reading.

Here's a one-year retrospective on Linux IPOs in Upside. "Add the numbers together, and you quickly get the sense that last year's IPO frenzy, while disappointing from an investment perspective, has served its ultimate purpose. By giving early front-runners a chance to separate themselves from the rest of the pack, the stock market has effectively narrowed the future commercial Linux market down to four main runners..."

Coverage on the DVD/DeCSS trial continues, with this Newsbytes report that is following the current arguments. "Stevenson, who was a subscriber to a mailing list supporting the development of the LiViD open-source DVD player for Linux, said he was interested in finding out if there was a way to access the encrypted movies without already knowing one of the player "keys" used by licensed DVD technology to unlock CSS. ... He said the CSS security wasn't hard to figure out. 'It took me three days, and I expect that a person more capable than I am would possibly be able to do it in a shorter amount of time'".

Companies.

Upside reports on the departure of Hal Covert, Red Hat's chief financial officer. "This is the second major executive departure in four months for the open source software company that champions the Linux operating system."

Evan Leibovitch comments on the StarOffice source release in this ZDNet column. "In all -- again -- it appears we shall have some interesting times ahead. It's still a bit of a shock to see Sun boldly quote on its web site, 'If you love something, set it free...' (I wonder how much Sun loves Java anymore?)"

This brief ZDNet article looks at startup Moonlight Systems. "One product set will upgrade software on large Linux server farms and will support Linux, Solaris and Windows NT. The other product set will offer back-end software. The first offering is hostable e-mail that will compete against open-source offerings like Sendmail. Moonlight will follow an open-source development model where possible, using an open-source code base to develop applications and encouraging customers and partners to contribute to Moonlight's code."

Salon looks at Eazel and its "Nautilus" system. "Nautilus, which runs on top of the GNOME GUI and eventually will be part of the default Red Hat Linux distribution, is the first piece of software I've seen that has a credible chance of luring in the masses of computer users who might be interested in Linux but don't have the time to hack text files from a command line any time they want to get some serious work done."

The Red Herring has posted this article about Eazel. "As Eazel's story unfolds, its future as an independent business is open to speculation. So far, Eazel has garnered a healthy amount of attention based on the merits of its existence and its founding employees. Andy Hertzfeld and Bud Tribble, included among the founding employees, are known for their work on the original Macintosh interface. Even with its technical prowess, Eazel's changes might work better as part of a larger firm."

Intel has introduced its Dot.station web appliance , which runs the Linux operating system. The device includes a built-in telephone and will allow users to surf the web and access email. The new device will most likely be offered by ISPs as part of an overall service package.

Upside reports on the StarOffice code release. "However, whether or not the new StarOffice license is the first sign of a companywide policy of software glasnost remains to be seen."

Business.

ZDNet looks at the history of Unix, with an eye towards Caldera's rumored acquisition of SCO. "Linux, thanks to its broad open-source underpinnings, has overcome the interoperability troubles that bedeviled SCO Unix and its competitors. And, more than just that, it showed that an open-source, open-standard approach was much more successful than the proprietary ones of the older Unix vendors. So it is that Caldera, a newish Linux firm, is now taking over SCO's far older Unix business."

Here's a News.com article about the latest IDC report. "In fact, shipments of server operating systems will grow at a compound annual rate of 17 percent from 1999 to 2004, IDC said. However, revenue growth will increase at an anemic 1 percent during the same time period. That discrepancy is explained by the ascendance of low-cost Linux, according to IDC."

Forbes asks where the money is in the business of Linux. "It's a strange paradox. Shipments of the Linux operating system have already surpassed Novell's venerable NetWare. And at a projected growth rate of 17%, Linux will outpace all other server operating systems through 2004. But revenue growth will be barely noticeable at only 1%, compounded annually."

Here's The Register's take on the latest IDC server numbers. "But again, you could see the dynamics of this changing - .NET is essentially the future of the Internet translated into Microsoftspeak. If Microsoft hadn't invented it (which it didn't) it would still happen anyway. You can expect rival services based on Linux and Unix servers to compete here, and given that the services will be Web-based, where Linux and Unix are the servers of choice, you can see Microsoft having a tough time of it, and again coming under price pressure." (Thanks to James Cownie).

Open Game Source takes a look at Battalion, a source-available (but somewhat restricted) game. Battalion dates back to 1995 and has some crufty code to support the SGI workstations of that era. Dennis Payne takes the opportunity to use Battalion as an example of how to recode the sound system for a game using the Open Source SDL library. "Coding the SDL implementation was relatively simple and straight forward. I mainly copied the Linux SoundIt implementation and modified the functions to use the SDL_mixer equivalent." He has, of course, made his patch for the game available.

This week's edition of LinuxDevices's Embedded Linux Newsletter is now available. Check it out for a round-up of this week's Embedded Linux news.

Resources.

Here's an osOpinion piece pointing out Mozilla's mistakes. "It seems obvious that the Mozilla crew bit off far more than they could chew, but I think a deeper problem is that the development team reached too far. They are trying to re-invent an entire *platform* when all most people want is a good browser that doesn't crash."

This osOpinion piece comes to the defense of Mozilla. "Critics complain that the browser is not in release form yet, but want it to be released now. Let the project run its course, let it become the best browser on the market, then it will be released. When it is done, and not before."

Linux Orbit's John Gowin has published a feature article on GNOME Office. "Like many (or few, depending on who you ask) I believe that Linux can compete in the desktop computing marketplace. To see how far the Linux community has come in this space over the past 12 months is truly remarkable. As both GNOME and KDE move toward their version 2 releases, the importance of an office-like suite of applications can't be over emphasized."

Linux Devices is running an Ongoing Poll that asks "What do you value most about open source?" "The picture is now starting to come into focus -- and the results are surprisingly different from what many have probably assumed."

Interviews.

News.com talks with SuSE CTO Dirk Hohndel. "We (were) profitable in 1998. We started very aggressive growth in late 1998. Aggressive growth obviously means that your revenues are somewhat behind your growth on your cost side. We currently are not profitable, but we are optimistic to become so again. Our revenue was $23 million euros ($21.4 million) in 1999."

Finally.

Here's a Wired News article about the EuroLinux Alliance and its fight against software patents in Europe. "Jürgen Siepman, attorney and legal adviser of Linux-Verband, a German association that represents numerous Linux companies, is accusing the European Patent Office of inventing its own rules in order to grant more software-related patents. Siepman points out that more than 75 percent of the approved patents were filed by non-European companies." (Thanks to Cesar A. K. Grossmann).

CNN has run this IDG article about the O'Reilly open source convention. "The O'Reilly Open Source Software Convention here has become the meeting place between the informality of geek culture and the buttoned-down business world. For example, at last week's event, information technology vendors and user companies came to learn how to develop open-source projects without incurring the ire of the community. At the same time, open-source guru Eric Raymond explained how to talk about the free source-code market to business executives."

Upside reports on the O'Reilly Open Source convention. "If the bloom is off the open source rose, somebody forgot to tell the attendees at the O'Reilly Open Source Convention in Monterey this week. With no Red Hat (RHAT) IPO to elevate the media buzz and no bandwagon-jumping venture capitalists looking to be parted from their money, this year's conference still managed to outdraw last year's event."

AboutLinux.com, which may have run more reviews than any other site, has put up this article on how there has been no pressure to write only good things about the distributions it reviews. "If I encounter a problem during one of my reviews you can be sure I will report it - but don't be surprised if I mention liking or disliking certain features or utilities! Don't be surprised if I don't find some problems you may have run into - you have to remember that I probably have a different hardware setup, and may not have tried to use the program you have a problem with. I can only report on problems I experience."

CNN.com's Joe Barr looks at various game programs under Linux. "This week's column is all about having fun with your Linux desktop. I promise nothing more serious than tips on finding and installing fun new games. The only bad news is that my quest for fun turned up a few potential time sinks you might want to avoid, at least if you're the productive type."

Section Editor: Rebecca Sobol

See also: last week's Announcements page.

Announcements

Resources

Fighting Font Frustration. Steve Coile finally got fed up with font problems using Netscape and other tools on his Red Hat Linux System. "If you use Netscape for Red Hat Linux to visit as many Web sites as I do in a day, you've probably found yourself frequently frustrated with how Netscape renders many of them. In some cases, sites are almost unusable because of the horrible appearance and size of fonts. Well, I delved into the matter last weekend and managed to find solutions to most of these problems."

Here is the extremely valuable result of his efforts. Most of the information in his three-part article is fairly portable between distributions.

Dual Booting (DukeOfURL). There is a tutorial on setting up dual-boot systems on the DukeOfURL site. "When dealing with Windows, there's always one thing that must be followed. Install Windows first."

Events

Registration open for yapc::Europe. Registration has opened for yapc::Europe, a "Yet Another Perl Conference" being held in London on September 22 to 24, 2000. The call for participation is also still out there, with abstracts being due on August 11.

The Linux Business Solutions Demo Day Event. The Cerritos Linux Users Group (CLUG) has announced the Linux Business Solutions Demo Day Event, to be held Sunday, August 27th, 2000, in Los Alamitos, CA, USA. "Following up on our successful Linux Demo Day I, Cerritos LUG will be holding a Linux Business Solutions Demo Day for Professional Services to include real estate professionals, attorneys, dentists, doctors, accountants, small to medium sized companies interested in harnessing the power of Linux and learning what the Linux buzz is all about!"

Major Events, July/August.

Date	Event	Location
July 30-August 6, .	Linux Beer Hike 2000	Coniston, Lake District, UK.
August 14-17, 2000.	LinuxWorld	San Jose, CA, USA.
August 14-17, 2000.	Usenix Security Symposium	Denver, CO, USA.

Additional events, including local LUG events, can be found in the LWN Event Calendar. Event submissions should be sent to lwn@lwn.net (plain text only, please).

Web sites

Kuro5hin off the net. The news site Kuro5hin, which had been attracting an increasing number of readers with its user-selected news stream, has been forced off the net by a sustained series of denial of service attacks. Kuro5hin was an interesting place, LWN is sad to see it go. We encourage Rusty and the others to make another shot at it, and not let this sort of vandalism succeed. You are missed. (Thanks to Lenz Grimmer).

Software Announcements