Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

We'll start with the "PROLIN" virus which has been circulating. PROLIN is not a Linux story - it is, after all, just another Windows virus. The fact that it tells its victims to run Linux was enough for some to try to make it into a Linux story, though. Consider this article in Wired News:

"The worm's pro-Linux message isn't a huge surprise," said Pirkka Palomaki, director of product marketing at F-Secure. "Most people who are capable of programming a virus are also Linux fans. Which is not to say that all Linux users are computer crackers."

It sure was nice of them to avoid implicating all Linux users. One could actually take this quote in a positive light: people who actually know what they are doing prefer Linux. But the real intent was clearly to associate Linux with Windows viruses, which is nonsensical. Linux users who can program have no lack of cool projects that would welcome their talents; they don't have the time to write stupid stuff.

Red Hat recently made it official that a Sparc version of Red Hat 7 is not forthcoming. Here's what CNet News.com had to say about that:

The move parallels the gradual decline in the number of CPUs that can run Windows NT. Initially, Microsoft's higher-end operating system was intended to run on PowerPC, MIPS, Alpha and Intel CPUs, but minimal interest led Microsoft to cut back just to Intel chips.

The problem here, of course, is that the number of CPUs that can run Linux is steadily increasing. Finding a distribution that supports the Sparc is not hard, even in the absence of Red Hat 7. This article is a classic example of the "Red Hat = Linux" fallacy. Linux is far bigger than any one Linux company, and it is important that people understand that.

Moving on: Dell is, of course, partnering with Eazel. There are a lot of interesting things one could say about that deal, but here's what ZDNet chose to report:

The deal extends the 'holy war' between GNOME and KDE (K Desktop Environment). Dell is clearly favoring the GNOME project, with Michael Massetti, Dell's software marketing director, admitting he hoped this deal would make Dell's Linux desktop offering more competitive with KDE.

Very few people in the Linux community are interested in wars, holy or otherwise. Competition there most certainly is, but that's a different story. Holy wars are the creation of media outlets searching for a more compelling story. These creations present a poor image of our community, to say the least.

This Upside article about Plan 9 reveals another common anti-Linux theme:

In an industry where microprocessors double and quadruple their speed regularly, software seems trapped in some sort of weird development cycle reserved for electric utilities and Mexican political parties. Take a dig through the source code of most popular operating systems, from Windows 2000 to the growing crop of open source reinterpretations of Unix, and chances are you'll find artifacts of architectural and design decisions dating back to the Tet Offensive.

The author is unlikely to have dug through the Linux source, much less that of Windows 2000; yet he feels qualified to pronounce on the quality of the code there. Much that is in Linux most certainly reflects a few decades of accumulated experience; it would be foolish to throw that away. Linux is also new where it counts - where better ways of doing things have been found. Those who would portray Linux as a relic of the past are showing ignorance of both the value of experience and the real nature of Linux.

Finally...ZDNet tells us Beware Linux vendors that don't get it. The author was looking for a kernel patch to help defend against SYN flood attacks:

My trip to the Mandrake Web site was, well, interesting. I was unable to determine if this patch is available for the Mandrake version of Linux. The site was filled with self-congratulatory rhetoric and an equal amount of anti-Microsoft propaganda, but very little in the way of technical support and not a single phone number.

The "anti-Microsoft propaganda" on the Linux-Mandrake web site is rather hard to find. And those who have actually contacted MandrakeSoft know that the company tends to be very highly responsive to its users. If you want free technical support, you can certainly join one of the mailing lists and probably get your question answered. Nonetheless, this particular piece is not entirely without merit. The Linux community should work at making it easier to solve problems. Many resources are there (see, for example, the Linuxcare support database), but many things are still harder than they should be.

The above is an impressive array of negative press. Such press, however, has been most notable by its absence. Windows, after all, probably sees more attacks than this on its best days. We can probably expect to see more negative press as Linux continues to gain users and mindshare. Consider it an opportunity to see and respond to the misunderstandings of Linux and free software in general.

Bruce Perens moves to HP. Bruce Perens has announced that he has a new job - with Hewlett-Packard. In itself, this move is just another Linux personality making a career move. It is interesting, though, in what it indicates for the Linux business environment in general.

Bruce's new job at HP will involve being an activist for Linux, both internally and externally. The internal job will be the harder one; he'll have to work to promote the spread of open source throughout the company, to get it to release more software, and in general to keep HP honest with respect to free software. HP is a huge company, and this task could keep Bruce busy for a long time.

Bruce, of course, has been part of the Linux community for many years. He was an early leader of the Debian project, a founding member of the Open Source Initiative, the first leader of the Linux Standard Base project, and also the author of packages such as busybox. His contributions over the years have been numerous, even if he has managed to step on a few toes in the process.

His most recent position was at the head of the Linux Capital Group, a venture firm which made investments in startup Linux companies. The Group got into the game a little late, however, and only managed to make investments in a couple of companies; the best known of those is Progeny Linux Systems. The climate in the stock market since last April has not been particularly friendly to Linux investors, and the Linux Capital Group has stopped funding new companies. With little to do there, Bruce concluded that it was time to move on to something a little more secure.

The shutdown of the Linux Capital Group highlights an already well-known fact: the capital markets are currently an overtly hostile place. Not long ago, a company with a decent idea for a free software business could be almost sure of obtaining funding. Even not-so-decent ideas often got a warm reception. Many new Linux companies popped up in that era, and many of them are still with us.

But it is now a much harder time to start a Linux business. Getting the money to grow beyond a handful of people is a difficult proposition. What that means is that, until the situation changes, the companies that exist now are it - don't expect to see too many new ones in the near future.

What we will see, clearly, is a lot more of large, established companies like HP. Some observers have said for years that the ultimate winners in the Linux business arena will be the established computing companies. Once they wake up to Linux, their resources and mindshare will prove hard to beat. HP, by hiring Bruce, has shown that it is waking up. Many others (IBM, SGI, Dell, Compaq, Oracle, etc.) are showing increasing interest.

As the Linux market develops, those companies (and others) are going to want a piece of it. Expect to see more of them trying to hire high-profile Linux hackers before too long. There is, increasingly, real money at stake. There will be real competition to go along with it.

Inside this week's Linux Weekly News:

• Security: Carnivore reviewed, ptrace, Postaci, pam_localuser and ezmlm-cgi vulnerabilities, plus more updates.
• Kernel: Network device configuration; the end of tq_scheduler; nullfs first release.
• Distributions: Debian's new maintainer system; MandrakeSoft's second birthday party.
• Development: Kascade project, Ken Manheimer, Dennis Ritchie
• Commerce: Distribution market shares, Eazel and Dell, Sun's Java APIs and Solaris 8.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and Editorials

Carnivore Reviewed and Re-Reviewed. On November 17th, a draft version of a review of Carnivore, the FBI tool for monitoring Internet traffic, was made available to the public. This review was performed by members of the ITT Research Institute in Lanham, Maryland and is 127 pages long. In the Executive Summary, the review makes several recommendations for ways in which Carnivore must be improved, in order to protect individual privacy and assuage concerns about the potential for unauthorized use. Their recommendations include:

• Continue to use Carnivore rather than other possible techniques because it can be configured to reflect the limitations of a court order.
• Provide separate versions of Carnivore for gathering email To/From information versus full content collection (currently, moving from limited to full collection can be done with a simple radio button selection).
• Add full audit trails and logs in order to provide full accountability for all Carnivore actions.
• Enhance the physical control of Carnivore, where deployed, to prevent tampering.
• "Explicitly bind collected data to the collection configuration by recording the filter settings with each collected file and add a cyclic redundancy check (CRC) to the recorded file".
• Employ a formal development process (current development appears to be fairly ad-hoc).
• "Provide checks in the user interface software to ensure that settings are reasonable and consistent".
• "Work towards public release of Carnivore source code by eliminating exploitable weaknesses. Until public release, continue independent evaluation to assess effectiveness and risks of over and under-collection".

They did, however, state that they were confident that Carnivore could not be used to disrupt network traffic, either by adding packets to the network, blocking traffic, removing information, seizing control of traffic or shutting down the communications of a person, website, company or ISP.

Another group of researchers, this time from several organizations, including AT&T Laboratories, the University of Pennsylvania and Purdue University CERIAS are less sanguine. "Although the IITRI study appears to represent a good-faith effort at independent review, the limited nature of the analysis described in the draft report simply cannot support a conclusion that Carnivore is correct, safe, or always consistent with legal limitations. Those who are concerned that the system produces correct evidence, represents no threat to the networks on which it is installed, or complies with the scope of court orders should not take much comfort from the analysis described in the report or its conclusions".

The security of the Carnivore code itself is one issue; the draft report does not include any actual auditing of the code itself for even basic security problems such as buffer overflows. The lack of accountability from non-modifiable audit trails or logs was mentioned in the draft report, but not, they feel, given enough emphasis. Most of all, they feel strongly that the current implementation could allow just about any file on the Carnivore server to be replaced, including audit logs and the software itself. This would certainly make the potential uses of Carnivore infinite; once installed, simply upload new capabilities, use them, delete them and move on.

Their concerns indicate that Carnivore, in its current form, is potentially subvertable both by law enforcement agents to use it beyond the scope of a court order and, potentially, by malicious attackers not associated with law enforcement. As a result, they push even more strongly for the release of the Carnivore code, so that its deficiencies can be addressed with the widest possible scrutiny.

Of course, given an atmosphere of distrust, which all of this publicity and review process validates, Carnivore will never be trustable. Even if the code is made available, even if all the recommendations of both the official review and this unofficial commentary are implemented, who will guarantee that the code installed on a particular Carnivore has not been modified? If you don't trust the watchers, who can you trust to watch them?

Perhaps the eventual consequences of Carnivore are best summed up by this suck.com article. "By demonizing the FBI (or by just sitting back and letting the FBI demonize itself), privacy advocates could go a long way towards stoking the public's interest in - and demand for - electronic privacy, including software to avoid the Bureau's prying eye". They perceive the existence of Carnivore as the necessary incentive to put easy-to-use cryptographic functionality in email and other Internet applications at the top of everyone's wish-list.

Interview with Kurt Seifried of SecurityPortal.com (LinuxSecurity Brazil). Kurt Seifried, author of the Linux Administrator's Security Guide, was interviewed by LinuxSecurity Brazil this week. "Security is a process, ongoing and never ends. If you choose shoddy software that is prone to problems then administering it will be that much more difficult. You need a solid foundation to build on, this is the OS and related software. Once you have this you need to keep it up to date, modify configuration info as needed and so forth. You are only as strong as the weakest link in your entire security chain."

A Portuguese language version of the interview is also available.

Security Reports

ptrace non-readable file vulnerability. ptrace, a system call which is used to analyze running processes, does not allow setuid or non-readable executables to be examined. Lamagra Argamal, however, pointed out that ptrace does not properly check the disk image for readability when tracing a child process. This could allow information that was assumed to be protected to be retrieved from the memory of a running process. Linux 2.2.17 through 2.2.10 is known to be vulnerable; earlier versions may also be impacted.

For more information, check BugTraq ID 2044.

Postaci Webmail password vulnerability. Postaci Webmail is a GPL'd software package that provides a database and platform independent web interface to mail. Michael R. Rudel pointed out that hostname, username and password variables for the MySQL database can be easily retrieved, under the default configuration. Configuration-based workarounds are available, described in both Michael's post and this followup from Stanislav Grozev.

There is no indication that the author of the package has been officially notified and no response or followup to this problem was found on the website.

For more information, check BugTraq ID 2029.

pam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module. This module is included with the Red Hat Linux distribution, though it is not used by default.

This week's updates:

• Red Hat

ezmlm-cgi potential arbitrary command execution. ezmlm-idx is a mailing list manager designed to work under qmail. ezmlm-cgi is shipped with ezmlm-idx to allow for archiving and viewing lists via the web. Instructions for installing ezmlm-cgi recommend that it be installed setuid root. This week, vort-fu reported potential problems with ezmlm-cgi, if installed setuid to a user other than root. These are derived from the fact that the software will read its configuration file from the local directory if not installed setuid root. As a result, it can be manipulated to execute arbitrary code under the uid of the ezmlm-cgi owner.

Note that Frederik Lindberg, author of ezmlm-idx, posted this response contesting portions of the original report.

For more information, check BugTraq ID 2053.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

• phpweblog, João Gouveia reported a vulnerability under which the administrator authentication can be bypassed. He also provided a patch to correct the problem. This patch has gone into the the development tree and will be incorporated in the next development snapshot (this is a beta product). Check the phpweblog home page for more details.
• MoinMoin, a Python WikiClone (WikiWiki is a collaborative hypertext environment), has been upgraded to version 0.7 which uses __import__ instead of exec(), in order to improve its basic security. Anyone using MoinMoin 0.5 or 0.6 is strongly recommended to upgrade.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Cisco 675 DSL router, reported last week, Cisco has responded and fixes are available.
• Nokia IP440 Firewall-1/IDS, reported last week, Nokia has responded with some configuration suggestions and a promise that the vulnerability will be fixed in the next release.
• Sonicwall SOHO firewall, reported last week, a fix is now available.

Updates

bash tmpfile vulnerability. Check last week's LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.

This week's updates:

• Immunix
• Conectiva

• Caldera (November 30th)
• Red Hat (November 30th)
• Linux-Mandrake (November 30th)

ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript last week. Both could potentially lead to elevated privileges.

This week's updates:

• Immunix

• Red Hat (November 30th)
• Conectiva (November 30th)
• Debian (November 30th)
• Linux-Mandrake (November 30th)
• Caldera (November 30th)
• Red Hat, Alpha packages added for RH7 (November 30th)

joe symlink vulnerability. Check the November 23rd LWN Security Summary for the original report.

This week's updates:

Debian, the original update didn't work

• Linux-Mandrake (November 23rd)
• Red Hat (November 23rd)
• Immunix (November 23rd)
• Debian (November 23rd)
• Red Hat, Alpha packages added for RH7 (November 30th)

Two CUPS problems. Two problems were reported with CUPS, the Common Unix Printing System in our November 23rd LWN Security Summary.

This week's updates:

• Linux-Mandrake, additional instructions required

• Linux-Mandrake (November 23rd)
• Debian (November 23rd)

Local root exploit problem in modutils. Check the November 16th Security Summary and Kernel Page for the original report and details. Note, however, that the updates listed below include either modutils 2.3.19 or modutils 2.3.20. As mentioned above, modutils 2.3.21 has been released with still more fixes.

This week's updates:

• Immunix, 2.3.21

• SuSE (November 16th, partial fix only)
• Red Hat (November 23rd)
• Linux-Mandrake (November 23rd)
• Debian (November 23rd)
• Immunix (November 23rd)
• Red Hat, error in previous package updates for Red Hat 6.2 and 7.0 (November 23rd)
• Kondara (November 23rd)
• Conectiva (November 30th)
• Debian (November 30th)
• Linux-Mandrake (November 30th)
• Red Hat, updates for 2.3.20 (November 30th)
• Red Hat, Alpha packages added for RH7, modutils 2.3.21 included (November 30th)

Hostile server vulnerability in OpenSSH. Check the November 16th LWN Security Summary for details. Upgrading to 2.3.0 is recommended.

This week's updates:

• Conectiva, Conectiva 6.0

• Linux-Mandrake (November 16th)
• Linux-Mandrake, correction to package updates (November 16th)
• Kondara (November 16th)
• Trustix (November 16th)
• Debian (November 23rd)
• Red Hat (November 23rd)
• Conectiva (November 30th)
• SuSE (November 30th)
• Red Hat, Alpha packages added for RH7 (November 30th)

Netscape 4.75 buffer overflow. First spotted via this FreeBSD advisory and reported on November 9th, a buffer overflow in Netscape 4.75 enables a client-side exploit. Check the November 9th LWN Security Summary for our original report. Netscape 4.76, which was released on October 24th, fixes the problem.

This week's updates:

• SuSE
• Kondara

• FreeBSD (November 9th)
• Red Hat (November 23rd)
• Immunix (November 23rd)
• Conectiva (November 30th)
• Red Hat, Alpha packages added for RH7 (November 30th)

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

• Red Hat
• Caldera

• Debian (November 16th)
• Linux-Mandrake (November 16th)
• SuSE (November 16th)
• FreeBSD (November 23rd)
• Conectiva (November 30th)

ncurses buffer overflow. Check the October 12th LWN Security Summary for the initial report of this problem.

This week's updates:

• Immunix

• Caldera (October 19th)
• SuSE (November 2nd)
• FreeBSD (November 16th)
• Debian (November 30th)
• Red Hat (November 30th)
• Red Hat, Alpha packages added for RH7 (November 30th)

diskcheck 3.1.1 symlink vulnerability. Check the August 10th LWN Security Summary for the original report of this problem.

This week's updates:

• Red Hat, 6.x Powertools only.

• Conectiva (August 17th)

Resources

Argante project announcement. The Argante project was announced this week, with Michal Zalewski as project leader. Argante is a virtual operating system. It is designed to run on top of Linux, BSD and other Unix operating systems, but to provide an environment where security has not been compromised in order to provide functionality. "Argante is supposed to be a system with no compromises. That is why always when in the traditional system we would face choice "security or functionality", instead of choosing one variant we concluded the choice itself is bad and created its outline from scratch or changed the model in order to reconcile our requirements with expectations."

Check the Argante project website for more details.

Events

Upcoming security events.

Date	Event	Location
November 26-December 1, 2000	Computer Security 2000 and International Computer Security Day (DISC 2000)	Mexico City, Mexico
December 3-7, 2000.	Asiacrypt 2000	Kyoto, Japan.
December 3-8, 2000.	LISA 2000	New Orleans, LA, USA.
December 10-13, 2000.	INDOCRYPT 2000	Calcutta, India.
December 11-15, 2000.	16th Annual Computer Security Applications Conference	New Orleans, LA, USA.
December 20-21, 2000.	The Third International Workshop on Information Security	University of Wollongong, NSW, Australia.
December 27-29, 2000.	Chaos Communication Congress	Berlin, Germany.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

Also in the pre7 prepatch is a fix for an "embarrassing" USB error which will likely fix a lot of known USB problems and the removal of the tq_scheduler task queue (see below).

The current stable kernel release is still 2.2.17. No new 2.2.18 prepatches have been released this week.

The demise of tq_scheduler. The kernel is, in theory, in a code freeze preparatory to the release of 2.4.0. That does not mean, however, that fundamental changes will not happen. With 2.4.0-test11 came a new function called schedule_task. It works like the familiar task queue interface in that it allows the kernel code to "set aside" a task to be executed soon, at a time when nothing more pressing is going on.

In particular, schedule_task works like the tq_scheduler task queue, in that the tasks will always be run in process context. With tq_scheduler, however, the process context used is arbitrary - it is whatever process is being scheduled out of the CPU at the moment. Running code in the context of random processes was never, perhaps, the most elegant thing to do, even if it has worked for years. So, with schedule_task, comes a new kernel thread called "keventd." Its only job is to run the scheduled tasks, so that they all run in a well-known context.

2.4.0-test12 will finish the job by removing all references to the tq_scheduler task queue. It's a far-reaching change, touching 29 files in the source tree. As such changes go, it is relatively safe, but it may well create incompatibilities with drivers and other modules that are maintained outside of the mainline kernel. And it is a surprising change to see this late in the development process.

A standard interface for network interface configuration? Ivan Passos started off an interesting conversation with this posting pointing out that Linux has no standard interface for configuring many of the parameters relevant to synchronous network interfaces. These parameters include the media type (v.35, T1, whatever), link-level protocol (PPP, HDLC, ...), clock source, etc. He expressed an interest in helping to implement an interface which would make it possible to configure all interfaces in a consistent manner.

It was quickly pointed out that this problem is not just limited to synchronous interfaces. Consider the choices available for the "standard" Ethernet interface:

• Media type: can be any of AUI, coaxial cable, twisted pair, or fiber. Many interface cards support more than one.

• Speed: 10/100/1000, or "let the card figure it out."

• Transceiver: some cards offer more than one.

• Duplex: Ethernet is normally half duplex, but full duplex offers a very nice performance enhancement if the system is talking to a switch that can handle it.

Anybody who has had to configure more than one type of Ethernet interface in a situation where it didn't "just work" knows that there is very little consistency in how this configuration is done. Even the ifconfig media option is not implemented by all drivers. Often it comes down to a "use the source, Luke" approach to figure out just what the boot/load-time parameters for a particular driver are.

Of course, designing this interface is easier said than done. It's probably a matter of designing a set of ioctl calls around each networking technology, and trying hard to be sufficiently general to catch all of the important cases. Then there is the small matter of making all of the network drivers actually support this interface. It's a daunting task, but also an important one. Expect to see somebody take a shot at it sometime in the 2.5 development series.

Progeny releases nullfs. Progeny Linux Systems, as part of its NOW project, is creating a new network filesystem called "Pelican." As part of that process, the Progeny hackers have created a separate filesystem called "nullfs," which is intended to be used as a way of learning and understanding how filesystems interact with the Linux VFS layer. The first nullfs release is now available for download, and may well prove useful for others who would like to work with Linux filesystems.

Essentially, nullfs will allow a suitably privileged user to mount one directory on top of another, creating an active link between the two. Operations on the mounted filesystem generate a bunch of logging information, providing a window into how the VFS is calling the nullfs operations. Some more information, including a simple session log, can be found in the README file packaged with the nullfs release.

Other patches and updates released this week include:

• Greg KH has announced the 1.0 release of usbview, a GTK program which graphically displays the topology of the USB bus(ses) on a system.

• Scott Rhine at HP has announced a set of updates to the "Plug-in Scheduler Policies" patch, which allows a system administrator to change process scheduling policies on a running system without rebooting.

• Putting a face behind a name: if you're curious about what kernel hacker Jeff Garzik looks like, here's a picture from the MandrakeSoft two-year party.

• Stephen Tweedie has released a new set of kiobuf/raw I/O patches which "really should kill all known bugs, dead." If you are working with kernel I/O buffers or raw I/O, these are probably worth a look.

• A user-space serial port driver was released by Patrick van de Lageweg. It is intended for use with remote ports, such as those provided by RAS servers.

• Aaron Grothe has taken over leadership of the Linux Kernel Audit Project. As a start, he has posted a kernel audit manifesto describing how he thinks the project should succeed.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

The process itself is anything but straightforward. As can be seen on the New Maintainers Corner page, there are several steps which must be executed before an aspiring developer can join the Debian brotherhood:

1. The first step - application - is relatively straightforward. The would-be maintainer need only send in a note saying that they would like to be a developer.

2. The applicant is then assigned an "application manager" (AM). The AM serves as a sort of tutor and examiner; getting through the process requires convincing the AM that the applicant should be admitted.

3. The first thing the AM does is to carry out the identification step. The Debian project wants to be sure it really knows who you are. A GPG key signed by an existing Debian developer is sufficient; failing that, a copy of some sort of official identification document will be required.

4. Following that is the Philosophy and Procedures step. The applicant must convince the AM that he/she understands and believes in the principles in the Debian Social Contract and the Debian Free Software Guidelines. The applicant must outline goals for participation in Debian and show how they fit in with those principles. The applicant must also show an understanding of the (voluminous) Debian policies and procedures, and agree to abide by them.

5. Then comes the Tasks and Skills step. Here the applicant describes what tasks are of interest, and must demonstrate the skills required to do that job. The demonstration can include the creation of a Debian package, writing a man page, fixing bugs, etc.

6. Finally, the AM sends a report and recommendation to the New Maintainers Committee, which makes a final decision.

The new maintainer statistics page shows how the process is working. Over 300 applicants are in the process currently, with (as of this writing) 54 waiting to have an AM assigned, 148 in the evaluation process, 42 waiting in the final approval process, and 54 "on hold" for some reason or another.

Getting through the process can take a very long time. The applicant in the processing stage for the longest time has been there for 250 days; the final approval candidate needing the most patience has been waiting for 171.

There has been some grumbling that the process takes such a long time, and requires so much of the applicants. The feeling among the established developers, however, seems to be that things are well as they are. The Debian Project needs developers who are committed, reliable, in agreement with Debian's philosophy, and in it for the long haul. The long process tests a lot of things, including the applicant's determination to join the project. Making the process easier will, it is said, just result in the admission of people who will not help Debian in the long term. There is also a quite frank desire among some to keep the number of developers to a minimum. More developers means more coordination problems and more time lost to administrative overhead.

The situation can probably be expected to remain much as it is, with lots of grumbling and little change. (See also: this note on how much harder things were in the early days of Debian, and this one from a current applicant who is satisfied with the process).

Should I stay or should I go? (ZDNet). Evan Leibovitch takes a critical look at Corel in this ZDNet opinion piece. "Corel also hasn't maintained its Linux very well. Its first release has been out for more than a year, and to date its Web site lists a total of just one security patch. While most other distribution vendors have been scrambling to ensure that they keep up with open source patches and updates, Corel users are left to fend for themselves."

BSD community learns to get along (Upside). Upside looks at the burgeoning BSD community and how it has learned to work together. "Officially, OS X would become the fifth official version of BSD, alongside FreeBSD, OpenBSD, NetBSD and BSDi. The number of versions shows the fractured nature of the community, though there are now signs that the community is learning to work together. For example, organizers of the 1999 FreeBSDcon decide to change the event's name to BSDcon giving other BSD developers, and Apple representatives, a chance to participate."

Distribution Reviews

iPAQ goes to Linux-land (Brighthand). Brighthand plays with PocketLinux on the iPAQ. "The Pocket Linux image we loaded was not really a shipping product but was created specifically to demonstrate the potential of Pocket Linux at the Comdex 2000 show. So there were a number of limitations to the image, including a lack of support for the hardware buttons, no screen brightness controls, and no file manager app. But it did have some interesting features, like themes and multimedia, and we were impressed by what we saw and are now anxious to see it used in a production implementation." There are a number of nice screenshots as well.

General-Purpose Distributions

Connectiva News. Conectiva has released version 6.0 of their Linux distribution. This release includes an RPM-capable apt-get, KDE 2.0 and XFree86 4.0.1.

Debian News. Debian 2.2r2, an update to the "potato" release with a number of security and important bug fixes, was released this week.

Dr. Dobb's Journal is carrying a story on Debian Hurd, including how its microkernel architecture differs from Linux's monolithic kernel. "A microkernel is one in which only the minimum necessary functionality is implemented in the kernel. This would include process creation and deletion, scheduling, memory management, and interrupt handling. Anything else, such as network protocol stacks and interprocess communication primitives, should be handled outside of the kernel in user space. Communication between the kernel and these extra kernel OS facilities is done by clean interfaces, unlike in a monolithic kernel, where components can see and manipulate each other in any ad hoc way they choose."

An interesting note was posted to the Debian News mailing list this week. It seems that Debian is being used to manage the Microship, a networked pair of amphibian canoe-scale pedal/solar/sail micro-trimarans.

Debian will be running a booth at the PLUTO meeting in Terni, Italy. The meeting is happening on December 9 to 11; Debian leader Wichert Akkerman will be there and will give a talk on the Debian package management system on December 10.

Linux-Mandrake News. Cooker (the Linux-Mandrake development version) has moved to the 2.4 kernel. This move suggests, of course, that MandrakeSoft intends to base its next release on this kernel.

MandrakeSoft turned two recently, and the company celebrated by hauling everybody up to Normandy for a big party. Two sets of pictures from the event have been posted: this set covers the party itself, while the other is a set of pictures of MandrakeSoft employees. The latter page is a good way to put faces with the names of people at MandrakeSoft.

Spiro Linux. The word we have gotten from our readers appears to be true: the Spiro Linux distribution is no more. It is a hard time to be trying to make money off a new distribution.

SuSE News. SuSE has released a set of rpm for packages containing strong cryptography. Strong cryptography is not shipped with their international package, so these rpms were left out of the international CD-set for SuSE's S/390 distribution. OpenSSH, GNU privacy guard, SSL support, etc., is included.

Trustix News. Trustix Secure Linux 1.2 has been released. It contains many new packages, and bundles some nice stuff like FreeS/Wan and iproute. As they say: "We think it is pretty stable, and would love for you to agree with us." There is also a separate announcement in press-release format available.

BSD News. Another major distribution release hit the streets this week, this time of the BSD variety. OpenBSD 2.8 comes with OpenSSH and support for Apple iMac, G3, G4, and G4 Cube machines.

With all the BSD news we've seen today, you'd think it was BSD day around the planet. The latest news comes from BSDi, who have announced the release of BSD/OS 4.2.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

News and Editorials

Education

SEUL/edu Linux In Education Report for December 4. Issue 34 of the SEUL/edu Linux In Education report has been released. Features include retrieving weather information for schools, the reappearance of KDE-EDU, and searching for the roots of words.

French translation of Freeduc FAC (Ofset). The Ofset Project has announced a French Translation of the Freeduc FAQ by Guillaume Allegre. The Freeduc project is a Free Education software database.

Games

Latest news from WorldForge games. The WorldForge project continues on its quest to make open-source "massively multi-player online roll playing games". The latest news from the site includes articles on collision research and rendering Variable Terrain Height in an isometric client.

Embedded Systems

Embedded Linux Newsletter - November 30th, 2000 (LinuxDevices.com). The Embedded Linux Newsletter is out for the week of November 30th. Topics include embedding Linux on the M-System DiskOnChip and a browser controlled MP3 player mini-howto.

AbsoluteX X Window System toolkit (LinuxDevices). AbsoluteX is an LGPL-licensed class library for use with the X window system that was introduced at the Atlanta Linux Showcase. Linux Devices has run an article that discusses AbsoluteX. The source code is now available for download.

The Embedded Linux Quick Reference Guide (LinuxDevices). LinuxDevices has published two new parts in the online series on Embedded Linux, see The Embedded Linux Overview Quick Reference Guide and The Embedded Linux Distributions Quick Reference Guide for lots of useful information on embedded Linux.

Interoperability

Wine Weekly News for December 4, 2000. The December 4, 2000 issue of the Wine Weekly News is out. News includes the release of Wine-20001202 which features a new winemaker script, new DLL import mechanism, and internationalization and portability bug fixes.

Mail Software

Mailman 2.0 released. The 2.0 release of the Mailman mailing list manager has been announced. "Mailman has most of the features that people want in a mailing list management system, including built-in archiving, mail-to-news gateways, spam filters, bounce detection, digest delivery, and so on."

Network Management

OpenNMS Update. The OpenNMS update for December 5 is out. It covers the new "Testdrive" release, which is apparently aimed at inclusion in a forthcoming release from "one of the major Linux distributions." If you're curious about what's inside OpenNMS, this update is a good place to start.

Office Applications

Free Photoshop for the people (Salon). Salon has run an article about the Berkeley eXperimental Computing Facility, where the GIMP was born. "'It's almost like it's our duty to create cool things for the world,' says Spencer Kimball, who co-wrote both the GIMP and the Unix versions of Gnutella." The article has lots of interesting trivia on the group.

On the Desktop

KDE 2.0.1 Available. The latest release of KDE, version 2.0.1, has hit the streets. This release is primarily a bug fix release with the goal of more complete documentation and language translations, so there were relatively few code updates. Some of those changes include:

• Japanese language support added, Chinese language support improved.
• KMail's compatibility problem with some POP3 servers has been fixed
• lots of fixes for the KDE web browser, Konqueror

Alpha Blending (KDE Dot News). KDE Dot News posted some screenshots of alpha-blended icons on the KDE desktop and the Konqueror web browser. The Linux desktop just keeps looking better and better.

Keith Packard is also working on the addition of anti-aliased text to KDE, the code is not ready for prime time yet, but the screenshots look good.

The People Behind KDE: Matthias Elter. This week's "The People Behind KDE" features an interview with Matthias Elter.

Programming GNOME Applications with Perl, Part Two (Perl.com). The second part in the series on programming GNOME applications with Perl has been published on Perl.com. "When designing user interfaces, we need to consider what provides users with the most useful and intuitive view of their data, without overcrowding them. What do we need to be able to get at easily when we're using the application? There are two parts to this question: actions that we can perform, and data we can see."

The Evolution of Evolution: Steady Progress (LinuxPlanet). LinuxPlanet's Michael Hall writes about his experiences with Evolution. "The last time I looked at Evolution, the hackers at Helix Code were putting it in front of the public as an actual release for the very first time. As a functioning mock-up, it showed a lot of promise, but there was no way I was letting it near my mail. Since then, we're a few preview releases down the road and it's conceivable that if you're a GNOME fan who's curious about the project, and you can put up with the rough patches Evolution will still throw at you, you could probably start using it today on at least a limited basis."

Science

Journal of Open Source Medical Computing First Call (LinuxMedNews). Linux Med News announced the existence of the Journal of Open Source Medical Computing The Journal is "an electronic forum for disseminating information on free and open source medical computing. Scholarly work on any aspect of free and open source medical computing will be considered for peer-reviewed publication." The new journal has announced its first call for papers.

Web-site Development

new ZODB project on SourceForge. Andrew Kuchling has announced the creation of a new Zope Object Database project on SourceForge. He followed the announcement up with this note that describes some recent changes to the code.

Feasting on life with veteran programmer Ken Manheimer (NewsForge). NewsForge takes a look at Ken Manheimer, who is currently working for Digital Creations. "Like most, he started with BASIC and FORTRAN and since has: Worked with LISP, contributed to emacs (including incorporating icomplete.el and allout.el), studied Scheme, researched and developed Knowbot, resurrected Mailman after the original was decimated in a systems crash, contributed to and administered Python, enhanced ZWiki, a Zope-based Wiki clone, and so far, while at Digital Creations, has developed an issue tracking system for Zope which passed the first round at the Software Carpentry Competition (had to withdraw after that because of lack of time). "

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

C

The future according to Dennis Ritchie (LinuxWorld). LinuxWorld has run an interview of Dennis Ritchie, one of the creators of C and Unix. "What is changing is that higher-level languages are becoming much more important as the number of computer-involved people increases. Things that began as neat but small tools, like Perl or Python, say, are suddenly more central in the whole scheme of things. The kind of programming that C provides will probably remain similar absolutely or slowly decline in usage, but relatively, JavaScript or its variants, or XML, will continue to become more central."

ERLANG

Erlang patch release R7B-1 is out. Patch release R7B-1 of ERLANG has been released. See the readme for details, the source can be downloaded here.

Perl

Perl5-porters for December 4, 2000. The December 4, 2000 issue of Perl5-porters is out. This edition covers regression testing, regular expression bugs, PerlIO news, and Dodgy Function Names, as well as other topics.

Perl Module Advent Calendar. See the Perl Module Advent Calendar to get a new Perl module each day in December through Christmas day. Now we have proof that Perl hackers are truly religious about their favorite language.

Beginner's Introduction to Perl (perl.com). Doug Sheppard has published the second and third articles in his Beginner's Introduction to Perl series on perl.com. If you have not seen it yet, you may want to start with the first article in the series.

Python

Python-dev summary. Here is A.M. Kuchling's Python-dev summary for November 16-30. It covers the need (or lack thereof) for Python standards and a few other development topics.

Dr Dobb's Python-URL!. The December 4, 2000 issue of the Dr. Dobb's Python-URL! is out. Among other things, dealing with Linux sound in Python is discussed.

Wiki Python (Python News). O'Reilly's Python News has an article by Stephen Figgins on various Python Wiki programs. Wikis are web sites which are built up from user contributions. The article gives a good overview of the various Wiki projects that are being developed.

Smalltalk

Making Smalltalk (Linux Gazette). In a recent article on Linux Gazette, Jason Steffler discusses Smalltalk and object-oriented programming in general.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

MandrakeSoft up, Red Hat ... up too?. Here in the land of fuzzy math, we've noticed that both MandrakeSoft and Red Hat grew their respective market shares this week, albeit in different parts of the planet.

According to a BCN Market View survey of 316 outlets for computer retail sales companies in Japan, Red Hat Linux 7 sales represented 40% of all Linux sales in that country. The BCN survey is conducted yearly, but Red Hat Linux 7 has only been available in Japan since October. Does this mean, at this rate, that Red Hat would have nearly total market penetration after a full year of sales? Or is this representative of only a spike in sales for a specific product and that, over the year, that spike would level out and more realistic figures would show some other distribution (TurboLinux, perhaps) as the market leader in Japan?

In the US, according to a press release from MandrakeSoft, Linux-Mandrake has edged ahead of Red Hat in retail sales from January through September 2000:

• Linux-Mandrake 28.8%
• Red Hat (RHAT) 28.7%
• Corel (CORL) 14.4%
• SuSe 9%
• Turbo Linux 6%
• Caldera (CALD) 5.8%
• Others 6.3%

While numbers like this are great for businesses, they do little for the consumer. Any set of numbers can be cooked to look just right, especially if taken out of context or applied without sufficient supporting information. Despite this apparent lack of meaning, these numbers do show us the one thing we really care about - no one distribution is in control of the Linux market place.

Sun releases Solaris 8 source. Sun Microsystems has released the source code for Solaris 8 for download. The license, of course, is not free software, and Sun will not let you near the source until you have faxed in a signed agreement. It is available free of charge, though, for those who agree to the terms.

It would be well to keep in mind the possible troubles that could arise from access to the Solaris source, since it can not be integrated into Linux. See The Solaris Trap for LWN's thoughts on that issue back in 1999.

Announcement of Eazel/Dell partnership. Here is the press release confirming the deal between Dell and Eazel. As expected, Dell will be shipping Eazel's environment on its desktop and notebook systems. Dell will also be including Eazel's software update ("Software Catalog") and "Online Storage" services. There is also an (undisclosed) equity investment in Eazel from Dell Ventures.

SuSE Linux Announces Strategic Partnership With SGI. SGI and SuSE have announced a strategic partnership. As part of the agreement, SGI has taken an equity investment in SuSE.

Lutris, Motorola in development deal for Java phones (ZDNet). ZDnet is reporting that Lutis and Motorola will sign a deal on Monday relating to Java-based phones. "The deal will integrate Lutris' Enhydra application server, which is open source, with Motorola's iDEN handsets, expected to be the first phones compliant with Sun Microsystems Inc.'s Java 2 Micro Edition."

Telia goes for Linux on the S/390. According to Reuters, Telia, the Swedish telecom and Internet service provider, is replacing 70 Sun Microsystems servers with one IBM mainframe computer running Linux.

Mountain View Data launches Intermezzo file system. Mountain View Data, the company started by Peter Braam and Turbolinux founders Cliff and Iris Miller, has announced the availability of the beta 1.0 release of the InterMezzo high availability filesystem.

VA Linux launches 'SourceForge OnSite'. VA Linux Systems has come up with a way of making money off SourceForge. Essentially, for an ongoing fee, the company will deploy a small SourceForge-like system at a customer's site, to be used for internal collaborative development. It's essentially a software development environment appliance. Agilent Technologies is an initial customer.

Terra Soft Ships Portable PowerPC Linux Cluster. Terra Soft has announced the availability of the "iDitarod," a portable, PowerPC-based cluster system. At 150 pounds, it's not quite in the laptop class, but a dedicated group of people could indeed move it around. We also have a picture of this cluster; it is a cute package.

CodeWeavers Launches Developer Web Site For Wine Project. CodeWeavers, a Windows-to-Linux software company, has introduced a new web site for Wine developers. This site is a development site providing tools, information, and other resources for programmers involved with the commercial-quality version of Wine.

VMware Announces Preferred Hardware Partner Program. VMWare announced its Preferred Hardware Partner Program this week. Founding partners in the program include Compaq, Dell, IBM and VA Linux.

VMWare also announced its Professional Services Organization (PSO), which includes customer support, education and consulting services.

Letter from the Chairman and the CEO of EBIZ. EBIZ has released a letter to its shareholders telling them about how things are going to be better in the future. It covers the LinuxMall and Jones Business Systems acquisitions, investments from Caldera, and more. "With the recent purchase of SCO UNIX by Caldera Systems Inc., a major Linux software company, many of those UNIX VARs see Linux as the natural migration path for their business. The EBIZ acquisition of JBSi turns that migration path into a superhighway and will dramatically increase the number of VARs providing Linux solutions."

China Netcom Makes Long Term Commitment to Adopt Bluepoint Linux. Bluepoint Linux Software Corp. announced the signing of an agreement with China Netcom, one of the largest telecommunications companies in China. China Netcom is owned by the Chinese Academy of Sciences, the State Administration of Radio, Film & TV, the China Ministry of Railroad, and the Shanghai City Government. According to the agreement, China Netcom will use Bluepoint Linux Operating System on its servers nationwide.

Sun Microsystems Announces Early Access To Java Technologies for XML. Sun Microsystems announced the early access availability of two Java technology API's for the Extensible Markup Language (XML): the Java API for XML Messaging (JAXM) and the Java API for XML Parsing (JAXP). Both APIs are downloadable free of charge through Sun's Java Developer Connection Connection at http://java.sun.com/jdc/.

Wing IDE For Python. Archaeopteryx Software, Inc. announced the release of version 1.0 of its integrated development environment, Wing IDE, for Python. The proprietary package includes a graphical debugger, code browser, source code editor, and a project manager.

Multicast Technologies Releases Multicast Player. Multicast Technologies, Inc., has released the MCT Player, a multicast MP3 player. The MCT Player is available for Linux as a free download from the company's audio station.

Press Releases:

Open Source Products

• IBM (ARMONK, N.Y.) and its subsidiary Tivoli announced a new technology initiative, code-named Storage Tank(TM), designed as a universal storage system capable of sharing data across any storage hardware, platform or operating system. Tivoli plans to provide an open source Linux version of the Storage Tank client technology.

• Imperial Software Technology (PALO ALTO, Calif.) announced the launch of a new Web site, http://www.motifdeveloper.com, a free resource for programmers building graphical applications using the Motif(R) toolkit on the X Window System.

• OpenNMS.org released version 0.4.0, the first public release of its network open source management softare. Features include a graphical "Drag and Drop" administration interface, event Management, TCP/IP-based discovery and monitoring, and a graphical rule builder.

• Turbolinux, Inc. (SAN FRANCISCO) announced the release of UNICON 3.0 to the Open Source community.

Commercial Products for Linux

• 3Com Corporation (SANTA CLARA, Calif.) announced the 3Com(R) EtherLink Server 10/100 PCI dual port network interface card. Linux 32 and 64 bit drivers are available.

• AbriaSoft (FREMONT, CA) announced its release of Abria SQL Standard 2.1 for Redhat Linux and Microsoft Windows platforms. The product integrates a secure 'SSL' flavor of Apache, the world's leading web server with MySQL, the most popular open source database.

• Dell (NEW YORK) announced the PowerEdge 1550, which comes with the option of factory installed with Red Hat 7.

• Interphase Corporation (DALLAS) announced the availability of its 2 Gigabit Fibre Channel Host Bus Adapter (HBA) with advanced clustering capabilities, which includes Linux driver support.

• Micromuse Inc. (SAN FRANCISCO) announced the availability of its Netcool/Internet Service Monitors (Netcool/ISMs) version 2.0 software suite for the RedHat Linux(R) operating system platforms.

Products and Services Using Linux

• BakBone Software (TOKYO) announced that its NetVault software supports Miracle(TM) Linux.

• Maxspeed (PALO ALTO, CA) announced the latest generation of its MaxStation ultra-thin client, the PGX 2000.

• NetMAX, (ANN ARBOR, Mich.) a division of Cybernet Systems, announced the general availability of the NetMAX VPN Server Suite.

• Strategic Concepts, Inc. (BENTONVILLE, Ark.) released its advanced vehicle monitoring system interface. This new interface allows Strategy5 users to download state line crossing odometer readings, driver and vehicle performance statistics and vehicle fault codes from tracking system providers including MOTIENT and QUALCOMM.

• Turbolinux, Inc. (SAN FRANCISCO) announced that Mega Co., Ltd., an independent Internet service provider (ISP) based in Tokyo, has adopted Turbolinux Cluster Server for its clustered server system featuring total disk storage capacity of 1.5 terabytes and serving more than 100,000 corporate customers. The new clustered server system was designed and implemented by Hitachi Engineering Co., Ltd., a Turbolinux partner in clustering technology.

Products with Linux Versions

• eVault, Inc. (WALNUT CREEK, Calif.) announced the release of VytalVault 3.1, the newest version of its Internet-based server backup solution. Support for Red Hat 6.2 is provided in this release.

• InstallShield Software Corp. (SCHAUMBURG, Ill.) announced the availability of three new InstallShield(R) Multi-Platform Edition products: InstallShield Express(TM) -- Multi-Platform Edition, InstallShield Professional(TM) -- Multi-Platform Edition, and InstallShield Enterprise(TM) -- Multi-Platform Edition. Versions are available for Red Hat, Caldera OpenLinux, SuSE Linux, TurboLinux.

• JetForm(R) Corporation (OTTAWA) introduced JetForm Output Pak(TM) for SAP(TM) R/3(TM) 5.3. Support for Linux has been added to this version.

• Kinecta Corporation (WASHINGTON) announced plans to deliver its free content distribution tool, Kinecta Syndicator Lite. Kinecta Syndicator Lite, based on the ICE (Information and Content Exchange) standard, allows for automating ongoing business-to-business content delivery instead of relying on e-mail or FTP.

• Novadigm, Inc. (EMERYVILLE, Calif.) announced the release and availability of Internet-based Radia(R) Inventory Manager. Versions are available for Red Hat and Debian Linux distributions.

• Omegon Ltd. (LEBANON, N.J.) announced the addition of new web server and dial-up tests to its flagship product, the NetAlly(R) solution. The tests are currently available for NetAlly Traffic Agents running on a Linux platform.

• Progress Software Corporation (BEDFORD, Mass.) announced it has begun shipping Progress SonicMQ(TM) Version 3.0, the next generation of its E-Business Messaging Server for scalable and secure transport of business-critical data over the Internet.

• VMware, Inc. (PALO ALTO, Calif.) announced two new software products: VMware GSX Server and VMware ESX Server. VMware will ship a version of the GSX Server that runs on servers with Linux operating systems in January 2001. ESX Server does not require a host operating system.

Java Products

• The Apache Software Foundation has released a beta version of Batik, the Scalable Vector Graphics toolkit for Java.

• ParaSoft (MONROVIA, Calif.) announced the release of Jtest for Linux, a unit testing tool for Java.

Books and Training

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C. & SAN FRANCISCO, Calif.) announced the availability of a complete e-learning curriculum for the Red Hat Certified Engineer certification (RHCE). The curriculum was built according to Red Hat specifications in partnership with DigitalThink.

• Wave Technologies (ST. LOUIS) announced that the Japanese translation of its Linux Career Pack has been completed as part of a master distribution agreement with Information Quarry Systems (IQS), a custom software solution provider in Tokyo. In addition, translation of SAIR's instructor-led training and testing curricula is also nearing completion. Under terms of the agreement, IQS will deliver the vendor-neutral programs to a worldwide network of Japanese-speaking IT professionals.

Partnerships

• Ariel Corp. (CRANBURY, N.J.) announced that it has signed a reseller agreement with RLM Group, a provider of build-to-order white box systems, computer components and peripherals.

• MontaVista Software, Inc. (SUNNYVALE, Calif.) developer of the Hard Hat(TM) Linux operating system for embedded applications, announced the start of subscriptions and professional services for Hard Hat Linux in Korea. These subscriptions and services are being offered through Adelinux, Inc.

• Lineo, Inc. (LINDON, Utah) announced they will form a strategic partnership and will sign a global distribution agreement. Under terms of the agreement, Lineo will be a preferred embedded Linux vendor for Espial TotalIA.

• PartnerAxis (OREM, Utah) , a wholly owned subsidiary of EBIZ Enterprises Inc., announced its partnership with NeTraverse. In the newly created alliance, PartnerAxis will consult with NeTraverse on its recently released Win4Lin 2.0 Desktop solution to build awareness in the Linux channel.

• V-ONE Corporation (GERMANTOWN, Md.) announced a distribution agreement with Tech Data Corporation, a provider of IT products and logistic management services.

• Xybernaut Corporation (FAIRFAX, Va., and RIO DE JANEIRO, Brazil) announced the first of twelve foreign educational seminars on wearable computing.

Investments and Acquisitions

• BSDi announced that the company has received an investment totaling $4 million from several Japanese strategic partners, including GLQ Entrepia Inc., the venture capital arm of Nissho Iwai American Corporation.

Financial Results, Stock News

• Caldera Systems, Inc. finacial results for the year are in. The reported revenue of $1.2 million for the three months ended October 31, 2000, a 34% increase over the comparable three months of the previous fiscal year. For the year ended October 31, 2000, revenue was $4.3 million compared to $3.1 million for the previous year, an increase of 40%.

• Eon Communications Corp. lost 9 cents a share the quarter ended Oct. 31, compared with net revenue of 4 cents a share in the same quarter of 1999. eOn also announced on Wednesday the addition of E-mail queuing capabilities to its Linux-based communications systems for remote customer contact agents.

• LinuxWizardry Systems, Inc. (VANCOUVER, British Columbia) announced that the Board of Directors has approved a share dividend of its wholly owned subsidiary, LinuxWizardry, Inc.

• Quintalinux Limited (KOWLOON BAY, Hong Kong) reported receiving favorable comments about the company's outlook from Stockprowler at www.stockprowler.com.

• SSH Communications has filed for a listing on the Helsinki Exchanges in preparation for their IPO.

Personnel

• Caldera Systems, Inc. (OREM, Utah) named Edgie E. Donakey to the position of vice president and chief of staff.

• DevelopOnline Corp. (TEMPE, Ariz.) announced the appointments of additional executives. Joining the staff as chief technology officer (CTO) is David Mandala, who most recently was senior engineering director of Linuxcare.

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) named Dr. James Neiser chief marketing officer.

• VMware, Inc. (PALO ALTO, Calif.) announced that three new executives have joined the company in key management positions. Mike Everett is the company's new Chief Financial Officer, Bill Rudiak assumes the newly created position of Vice President, Professional Services, and Susan Thomas is the new Vice President of Marketing.

Linux At Work

• Dirig Software (NASHUA, N.H.) announced that Cass Information Systems, Inc. has selected the Dirig Linux SMART Plug-in (SPI) for OpenView Express to manage their Linux systems used in the company's infrastructure. Dirig also announced the official certification by Hewlett Packard of the Dirig developed Linux SPI.

• NetNation Communications, Inc. (VANCOUVER, B.C.) a web hosting, domain name registrar (DNR) and application service provider (ASP), and Stormix Technologies Inc. have been chosen by Tribal DDB Canada, a member of DDB Worldwide for its Intranet for internal and client communications.

Other

• BSDi announced the release of BSD/OS 4.2.

• Lineo, Inc. (LINDON, Utah) announced the shipment of the Lineo Embedix software development kit (SDK) for Windows(R), the software that allows Windows developers to develop embedded Linux solutions in their familiar Windows NT 4.0 or Windows 2000 hosted environments.

• Linuxcare, Inc. (SAN FRANCISCO) added the following 10 companies to its customer base: Adaptec, Digital Island, Ecrix Corporation, Ivenue.com, Maxtor, SGI, Espial, 3ware, VERITAS Software and WSE/Honeywell.

• LinuxWizardry Systems, Inc. (BOCA RATON, Fla.) announced that the company reached six million people during their activities at the Comdex Computer Expo in Las Vegas, NV during the week of November 13, 2000.

Section Editor: Michael J. Hammel.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Researchers Say Independent Review Of Carnivore Flawed (Newsbytes). According to a Newsbytes story, a team of researchers and academicians has deconstructed the findings of an independent review team charged with evaluating the FBI's e-mail surveillance tool "Carnivore," saying the team's findings gloss over some serious legal and technical concerns.

Open source policy (Business 2.0). Business 2.0 asks whether a net-oriented company can run completely on open source software. "Most key enterprise-class components such as database software and transaction processing tools remain proprietary products. Even with the January release of Borland/ Inprise's InterBase database to the open source community, there has not been an open source kernel available for long enough-nor a developers' community large enough, such as the one Linux enjoys-to create a full-featured product to handle online business needs. Still, the March release of the Enhydra application server brings businesses one step closer."

Inside The KLAT2 Supercomputer (Ars Technica). Ars Technica is carrying a detailed article on the KLAT2 Beowulf cluster, with an emphasis on its networking design. "In the end, we didn't design KLAT2's Flat Network Neighborhood. Instead, we built a genetic search algorithm (GA) that does it for us. In fact, it not only finds solutions to the aforementioned interconnect problem, but it optimizes the solutions so that the additional bandwidth is placed where it will improve the most important communi