Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

FreeDesktop.org Window Manager Spec 1.0 released. FreeDesktop.org has announced the release of version 1.0 of the Extended Window Manager Hints Specification. This spec describes how the window manager interoperates with graphical applications; it is essentially an extension of the venerable ICCCM (Inter-Client Communication Conventions Manual).

The actual contents of this specification are pretty dry. Have a look if you're fascinated on how virtual desktops should best be implemented, or if you have a burning need to know how shading is handled. Most of our readers, we suspect, have little interest in the details of how these things work, as long as they work well.

What makes this specification interesting is that it was developed jointly by the GNOME and KDE projects. Both the kwin and sawfish window managers implement the conventions in this specification. We have moved one step closer toward cooperation and interoperability between the two primary Linux desktop projects.

A few more developments like this one and even the most sensationalist media outlets will have a hard time continuing to beat the drums of "holy war." There is no war, just two projects that are trying to make the best desktop they can in their own ways. There will be many times when cooperation is the best way forward, and, at least some of those times, that is what will happen. This is how the two projects will deal with each other; "holy war" has nothing to do with it.

Biting off small pieces of the open source space. Some announcements this week show that the Linux business community is more active than ever. There are a few interesting business models being tried out; sooner or later the best ways of making an open source business work will be worked out. Meanwhile, it is worthwhile to look at what some companies are up to.

The original Linux businesses tended to be based around distribution building; they had names like Yggdrasil, Red Hat, Caldera, SuSE, and Pacific HiTech, WGS. Somebody still tries to get into that business occasionally, but it's a hard place to get started in this stage of the game. What we are seeing instead is businesses that carve out a smaller piece of the free software landscape and attempt to sell services around that. Many examples exist: Sendmail Inc. (sendmail), Gnumatic (gnucash), Helix Code (GNOME), theKompany.com (KDE tools), and many others, including Cygnus (development tools), which may well be the first company to have operated in this arena.

A couple of relatively new companies made their moves this week. One is Great Bridge. This company's turf is the PostgreSQL relational database management system. Great Bridge has gone about hiring PostgreSQL hackers, including three of the six members of the "Global Steering Committee." This week Great Bridge announced the availability of its commercial, boxed version of the database. But the company's real hopes are clearly based around its service offerings, which include support contracts, developer services, consulting, and training.

Great Bridge (and PostgreSQL) are not without competition, however. NuSphere also chose this week to announce its own set of products and services, all based around MySQL. These include, yes, a boxed version of the MySQL database, developer support, consulting, and training. NuSphere's offerings appear to be aimed at a more price-sensitive market than Great Bridge's, but the idea is the same.

Great Bridge and NuSphere might just be onto something. The commercial database market is dominated by large systems with even larger price tags. If PostgreSQL and MySQL can prove themselves capable of playing in that league, they may find no end of willing buyers. That is a big "if," though. Companies tend to be conservative about their database systems.

Also this week, CodeWeavers put out an announcement of the "Preview Edition" of CodeWeavers Wine. Wine, of course, is the long-awaited utility that allows Windows applications to run on Linux. CodeWeavers, too, has been out snarfing up hackers; its team includes Alexandre Julliard and a number of other prominent Wine developers. Like Great Bridge, CodeWeavers sees Wine as the vehicle which will carry it to success.

There will doubtless be a "Wine in a box" offering once the 1.0 release is out. But, again, the real emphasis appears to be on services. CodeWeavers offers training, support, development and porting services, and even marketing. The intended customer base is not people who want to run Wine; instead, CodeWeavers is going after software companies that have a product they would like to sell to Linux users. For these customers, the available services go from basic consulting through to the "Caribbean Option":

You provide us with all of the materials we need to build your product for Linux and retire to a Caribbean Island. We evaluate the product and create a certified Linux native version. Through our partnerships, we can even arrange product sales and support. A few months later, we mail the checks to the Caribbean island you've retired on!

If the next wave of Linux users hits as expected, there's likely to be a great many companies with products to port, quickly, to Linux. CodeWeavers could find itself busy.

An entirely different approach could be characterized as "invest a great deal of money and make some high-profile sales demonstrating that you are a total Linux solution provider." Along those lines, see this week's Linux in Business page for coverage of IBM's latest moves.

Interview: Eric S. Raymond. Maya Tamiya, creator of the Japanese Linux site ChangeLog.net, recently had an opportunity to interview Eric Raymond while he was at the Linux Conference 2000 Fall in Kyoto. Maya has now graciously provided the English version of the interview to LWN as a feature article. Have a look for a far-ranging discussion on events in the Linux world, software patents, Linux on the desktop, Linux stocks, running an open source project, and more.

(Note that this feature contains a lot of pictures of Eric. For those with slow connections or a lack of interest in the photography, there is a low-image version available).

Inside this week's Linux Weekly News:

• Security: m-o-o-t, Norwegian Carnivore, cross-site scripting problems continue, CERT advisory on LPRng.
• Kernel: Disk corruptions, supporting the Pentium IV, RSBAC, and kORBit
• Distributions: Apt with an RPM backend, CClinux, NetBSD 1.5 and new releases from Coyote, e-smith, SmoothWall and Vector.
• Development: Linux PDAs, KDE Themes, QuantLib.
• Commerce: IBM's latest moves, more Red Hat news.
• Back page: Linux links, this week in Linux history, and letters to the editor

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor

See also: last week's Security page.

Security

News and Editorials

Is it moot?. m-o-o-t is an interesting security project in a nascent phase. The project is based in the UK and spurred on by the passing of the RIPAPart3 law, which gives the government broad power to demand plaintext copies or cryptographic keys for deciphering encrypted content. Between this type of law and activities such as the US FBI's Carnivore, people are quickly finding the truth of the old saying, "the only safe place is inside your head".

Well, even if the m-o-o-t project had a working prototype, we can't say it would be everyone's cup of tea for every day activity. M-o-o-t would be burned to a CD, from which the system would be rebooted in order to use it. No data would be written to the local disk, only to RAM. Transmitted information would be entirely encrypted and only stored in "off-shore havens", data storage facilities located in areas where the laws did not interfere. Even there, the safe havens would only be allowed to store portions of the data, in case a given off-shore haven is compromised. Given such restrictions, m-o-o-t is likely to be used only when you really, really care.

Some of their starting concepts should be examined closely. For example, a m-o-o-t system must connect to another m-o-o-t system in order to work. As part of this, they intend to build protection into the CD so that on this end, you can tell whether or not the remote side is really using a valid m-o-o-t CD. After all, if the remote system has been compromised, you've gained no security. That's true, but verifying that the remote CD is the real thing could be as difficult as, well, preventing a DVD from being transferred from a CD to a disk, for example.

In addition, they envision only producing a type of m-o-o-t CD every three years or more -- hmm, they aren't anticipating potential security problems or programming errors, are they? It won't be compatible with any other kind of security software -- say what? Then they'll be reinventing the wheel and using software that won't be heavily used, audited or vetted by other security experts, greatly increasing the potential for as-yet-undiscovered security flaws.

We repeat again, though, that this project is in a design phase, prior to the development of a prototype. They're asking for feedback and we certainly hope that the community will provide it. Whether it is this tool or another, software to enhance the privacy of people's communication is a good thing.

Cross-site scripting issues exemplified. This week, an alert went out regarding security problems with Charles Schwab's on-line trading system. The security issue at hand is an application of cross-site scripting, a security problem that we've discussed several times this past year. Although Apache and other web browsers have provided patches to make cross-site scripting more difficult, security experts have always known that this security issue has not gone away.

The current example at Charles Schwab can result in an attacker taking control of a user's on-line trading session or possibly tricking a user into taking an action they did not intend to take. Charles Schwab should not be singled out in this case; similar problems were reported with E*Trade's system in the recent past. The likelihood is high that other systems will eventually be found vulnerable as well.

So what is a cross-site scripting vulnerability and why is it so difficult to prevent? A cross-site scripting vulnerability is based on the unsanitized use of provided input. A server is vulnerable to cross-site scripting when it runs programs that generate dynamic webpages without checking their data sources carefully enough. As a result, the server can be tricked into generating malicious HTML. CERT provided an advisory on this problem in early February.

Prevention of cross-site scripting vulnerabilities lies upon the applications programmer, someone who may or may not be trained to thoroughly understand security issues. As a result, every dynamic web-based application has the potential for problems, if not properly designed and implemented. In this case, however, it appears that Charles Schwab took close to five months to respond to the initial security report. Given the large sums of money involved, this is totally unacceptable. Just like any bank, on-line brokerages will fail if they cannot maintain the trust of their customers. The security of their web-based systems is a growing portion of that trust.

Meanwhile, everyone developing a web site of any kind needs to be aware of this issue and program defensively to handle it.

For those interested, here is some commentary from Elias Levy on the topic.

Norwegian Carnivore. Norway is facing its own "Carnivore-style" controversy as information surfaced recently that Norwegian military, police intellicence and the country's top 15 companies have been cooperating in internet surveillance for some unknown length of time -- without the knowledge of the Norwegian National Assembly.

As usual, the initial claims about the purpose and capabilities of the system are relatively benign, but the secrecy of the collaboration and the potential capabilities are wide enough to have generated demands for review of the system. Yet more fun ... and another spur for international cooperation to enhance individual privacy.

CERT advisory on LPRng. Format string vulnerabilities in LPRng were first reported in this Security Summary in September. Now, CERT has issued an advisory about the problem. As usual, this means that they are continuing to see active exploitation of this vulnerability.

If you have not yet upgraded your version of LPRng, don't put it off any longer. Updates are available for most flavors of BSD and Linux. Check our October 19th edition for our most extensive list of updates.

Security Reports

Zope security update. All Zope versions up through 2.2.4 have a security vulnerability that could allow anonymous users (i.e. anybody on the net) to do things inside the server that they should not be able to do. A security update has been issued by Digital Creations; it is highly recommended that people running Zope apply this fix.

This week's updates:

• Red Hat

KTH Kerberos vulnerabilities. Multiple vulnerabilities have been reported in KTH Kerberos, the implementation of Kerberos used in FreeBSD and OpenBSD. Note that one of these vulnerabilities may also impact the MIT version of Kerberos, popular in Linux distributions, but that has not been confirmed. An upgrade to KTH Kerberos 4 version 1.0.4 should resolve the problems. Check BugTraq IDs 2090, 2091, 2092 and 2093 for more details.

DNS-based IRC server denial-of-service vulnerabilities. Multiple IRC clients, including BitchX 1.0c17-2 and earlier, are vulnerable to both a denial-of-service attack and possibly remote access by someone in control of their own reverse DNS mapping, due to a buffer overflow in the resolver code included in the clients. Check the original report or BugTraq ID 2086 and BugTraq ID 2087 for more details.

This week's updates:

• Caldera
• Red Hat Powertools

rp-pppoe denial-of-service vulnerability. Roaring Penguin Software's PPPoE client (a user-space PPP-over-ethernet client) contains a boundary condition exception that can be exploited to cause the connection to drop when a malformed TCP packet is received. rp-pppoe 2.5 has been released to fix the problem. Check the problem report, BugTraq ID 2098 or the Roaring Penguin home page for more details.

• Conectiva

APC apcupsd denial-of-service vulnerability. apcupsd is a daemon provided by APC with its UPS products. It is used to monitor the UPS and start system shutdowns upon power failure. Its key configuration file is world-writable by default, allowing a local user to modify it and use it to crash other portions of the system. An upgrade to apcupsd Version 3.8.0 will fix the problem (as will, presumably, modifying the permissions on the configuration file).

Check the original problem report by Mattias Dartsch or BugTraq ID 2070 for more details.

This week's updates:

• Linux-Mandrake

pico symbolic link vulnerability. Joining the ranks of joe, tcsh, bash and other long-time Unix/Linux commands, this week pico was found to contain a symbolic link vulnerability as well. Pico is a very basic text editor from the University of Washington. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.

ssldump format string vulnerability. ssldump is an SSLv3/TLS network protocol analyzer. A format string vulnerability in ssldump was reported to BugTraq on December 8th. This vulnerability could be exploited to execute arbitrary commands. No fix for this has been reported, as of yet. Using tcpdump to capture packets and then running ssldump off-line was recommended unofficially as a workaround.

Oops buffer overflow. Oops is a GPL'd proxy server. A buffer overflow in oops 1.4.22 and earlier was reported this week, which can be exploited to execute arbitrary commands under the uid of the oops server. Version 1.5.1 has been released with a fix for this problem.

Multiple vulnerabilities in bftpd. Both a format string vulnerability and multiple additional buffer overflows were reported in the bftpd server this week. bftpd 1.0.13 was released with many bug fixes, including, hopefully, fixes for all of these problems. An upgrade is strongly recommended. Check BugTraq ID 2120 for more details.

Lexmark MarkVision printer driver local root vulnerability. Secure Reality Pty Ltd put out an advisory warning of a local root vulnerability introduced via buffer overflows in the Lexmark MarkVision printer drivers. Note that, though these are distributed by Lexmark, they are included automatically in a number of Linux distributions, such as Red Hat and Caldera (as well as other Unix systems). An upgrade to version 4 of the drivers will resolve the problem. Check BugTraq ID 2075 for more details.

cgi-bin scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

• phpGroupWare, a suite of php scripts that provide group support for email, calendars, etc., makes insecure calls to the include() function of PHP, which can be exploited to execute arbitrary commands on the remote server. phpGroupWare 0.9.7 has been released to resolve the problem. An upgrade is strongly recommended. Check BugTraq ID 2069 for more details.

• MailMan WebMail 3.0.25 and earlier can be exploited to execute arbitrary commands on the server. Version 3.0.26 of these Perl-based scripts is now available and an upgrade is strongly recommended.

• simplestmail.cgi contains a remote command execution vulnerability. No vendor response or fix so far.

• everythingform.cgi contains a remote command execution vulnerability. No vendor response or fix so far.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• IBM DB2 Universal Database is shipped with a known default password; no vendor response as of yet. Change your passwords.

• Cisco Catalyst Memory Leak leaves Cisco Catalyst systems open to denial-of-service attacks. The link is a full advisory from Cisco; fixes are available. Check BugTraq ID 2117 for more details.

• VPNet VPN devices authentication can be circumvented, allowing access by a remote user via the use of source routing. This can allow access to hosts within the private network. No response from the vendor has been reported so far.

• Allaire Cold Fusion 4.5.x, the example search engine script can be exploited to execute a denial-of-service attack. Check this Allaire web page for a workaround or BugTraq ID 2094.

• Inktomi Ultraseek Search Engine vulnerabilities (see also BugTraq ID 2062) disclose additional, unauthorized information about the system which may be useful to attackers. Note that this server can run on a Linux system with a 2.3 kernel. No vendor response so far.

• Watchguard SOHO 2.2 denial-of-service vulnerability, originally reported by Securax.

Updates

pam_localuser buffer overflow. A buffer overflow was reported in the pam_localuser module last week.

This week's updates:

• Immunix
• Conectiva

• Red Hat (December 7th)

ezmlm-idx cgi vulnerability. Reported last week, ezmlm-idx contains a script, ezmlm-cgi, which, if installed setuid to a user other than root, can be exploited to execute arbitrary code under that user id.

This week, ezmlm-idx author Frederik Lindberg posted a security advisory for the problem, which includes a patch for ezmlm-cgi for those who wish to run it setuid to a user other than root. Note that it disables support for the execution of banner programs. Alternately, run ezmlm-cgi in its default mode, setuid root.

ed symlink vulnerability. Originally reported on November 30th, Alan Cox noticed that GNU ed, a basic line editor, creates temporary files unsafely. The problem has subsequently been fixed in ed 0.2-18.1.

This week's updates:

• Linux-Mandrake
• Red Hat
• Immunix
• Conectiva

• Debian (November 30th)

bash tmpfile vulnerability. Check the November 30th LWN Security Summary for the original report. This is similar to the tmpfile problems reported in /bin/sh and /bin/tcsh.

This week's updates:

• Immunix
• Caldera

• Caldera (November 30th)
• Red Hat (November 30th)
• Linux-Mandrake (November 30th)
• Immunix (December 7th)
• Conectiva (December 7th)

ghostscript vulnerabilities. Two vulnerabilities were reported in ghostscript the week of November 30th. Both could potentially lead to elevated privileges.

This week's updates:

• Conectiva

• Red Hat (November 30th)
• Conectiva (November 30th)
• Debian (November 30th)
• Linux-Mandrake (November 30th)
• Caldera (November 30th)
• Red Hat, Alpha packages added for RH7 (November 30th)
• Immunix (December 7th)

cons.saver/mc file overwrite vulnerability. Maurycy Prodeus reported a problem in cons.saver which can be used to write a NUL character to the file given as its parameter. This was originally reported in our November 30th edition. The problem has been fixed in mc version 4.5.42-11.

This week's updates:

• Linux-Mandrake

• Debian (November 30th)

joe symlink vulnerability. Check the November 23rd LWN Security Summary for the original report.

This week's updates:

• Conectiva

• Linux-Mandrake (November 23rd)
• Red Hat (November 23rd)
• Immunix (November 23rd)
• Debian (November 23rd)
• Red Hat, Alpha packages added for RH7 (November 30th)
• Debian, the original update didn't work (December 7th)

tcsh symlink vulnerability. A /tmp symbolic link vulnerability was reported in tcsh on October 29th. Check BugTraq ID 1926 for more details.

This week's updates:

• Conectiva

• Debian (November 16th)
• Linux-Mandrake (November 16th)
• SuSE (November 16th)
• FreeBSD (November 23rd)
• Conectiva (November 30th)
• Red Hat (December 7th)
• Caldera (December 7th)

diskcheck 3.1.1 symlink vulnerability. Check the August 10th LWN Security Summary for the original report of this problem.

This week's updates:

• Red Hat, updated to also fix a problem sending mail. Recommended for 6.x and 7.x.

• Conectiva (August 17th)
• Red Hat, 6.x Powertools only. (December 7th)

Resources

Real World Linux Security: Intrusion Prevention, Detection and Recovery. Bob Toxen kindly dropped us a note announcing the publication of his book, "Real World Linux Security: Intrusion Prevention, Detection and Recovery", by Prentice Hall PTR. "Most of the problems raised in Bruce Schneier's new book, "Secrets and Lies: Digital Security in a Networked World", are addressed in my book and solutions are offered and explained".

Eric Raymond has reviewed the book and written the foreword for it: "You have in your hands a book I've been waiting to read for years -- a practical, hands-on guide to hardening your Linux system which also manages to illuminate the larger issues in Unix security and computer security in general."

We're looking forward to the chance to review it ourselves. Best of luck, Bob.

Overwriting the .dtors section. Juan M. Bello Rivas posted a description of a new technique for exploiting buffer overflows based on overwriting the .dtors section of gcc-compiled programs. This technique has the advantage of getting past stackguard-style non-executable stacks, but has a strong disadvantage: an overwrite that severe is very likely to put an end to the attacked process before it gets far enough to run the destructors.

Events

Upcoming security events.

Date	Event	Location
December 11-15, 2000.	16th Annual Computer Security Applications Conference	New Orleans, LA, USA.
December 20-21, 2000.	The Third International Workshop on Information Security	University of Wollongong, NSW, Australia.
December 27-29, 2000.	Chaos Communication Congress	Berlin, Germany.
February 7-8, 2001.	Network and Distributed System Security Symposium	San Diego, CA, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Unfortunately, on this page, for those millions of loyal readers of Jon's weekly summaries and analysis - and for those who know it really did have color - it does matter. And so I'll taste the Quiche (and check which bits have been twiddled) once again. Bleck.

The current development kernel release is 2.4.0-test12. Linus posted 2.4.0-test12, the latest in the pre-2.4.0 series, on Monday. The first prepatch for 2.4.0-test13 is out; it is a small patch consisting entirely of makefile changes.

The current stable kernel release is 2.2.18. Alan Cox has posted the release notes for the 2.2.18 kernel release. The major thrust for the i386 line has been support for processors running in excess of 2GHz, support for the CyrixIII processor and also basic support for the Pentium IV. A slew of memory leaks were also cleaned up, including some in the popular bttv driver (the primary driver used for PC-based TV cards). That driver was also updated to allow subwindow clipping.

Looking forward to 2.2.19, Alan Cox has indicated that he will look at incorporating some virtual memory fixes. Evidently the (much improved) 2.4 VM has impressed him, but he plans to make 2.2 be even faster. Linus took the challenge: "You and me. Mano a mano." It should be fun...

Disk corruption problems found? Andre Hedrick, maintainer of the IDE subsystem, has evidently found the cause of occasional disk corruption reports. It appears there is a "feature" in the IDE DMA implementation that stops a DMA operation if there is a delay of one microsecond or more. The current crop of large drives may be more inclined toward this sort of delay, and may be behind some of the current complaints.

Fixing the problem may take some work; Andre has three possible alternatives. The third one, however, is "give up and go to bed," which may not appeal to all users...

Pentium 4 and Linux Distributions. An article posted on C|Net News.com (from an original posting on LinuxGram) noted that support for Intel Pentium 4 processors was not being included in most current Linux distributions, with Red Hat and TurboLinux being the exceptions. The problem wasn't with Intel, however - that company had provided the appropriate CPUID information to the major distributors some time back. Instead, the distributors had decided, for one reason or another, not to include support for that processor.

Caldera's [vice president of engineering Darren] Davis basically agreed with [Intel's P4 spokesman George] Alfs' characterization, noting that "Intel gave us all the (Pentium 4) information we needed."

Interestingly enough, the release notes for the 2.2.18 release from Alan Cox included this bit of information about the Pentium IV:

Unfortunately Intel chose to ignore all precedent in model numbering via cpuid and report a family of '15'. This sudden jump broke assumptions in the kernel tree without any warning. Intel have failed to provide good reasons for their change. We have chosen to continue to report the Pentium IV as a '686' class processor. The full family data is provided via cpuinfo.

This sort of makes you wonder just who had the information, who actually wanted the information and why, if it really was available, it really wasn't used.

Not long after noting the C|Net News.com article on the LWN.net Daily Page, we received the following note from a SuSE employee:

SuSE provides an updated installation floppy image at

ftp://ftp.suse.com/pub/suse/i386/update/7.0/kernel/pentium4/

Just dump this on a boot floppy using rawrite.exe or "dd" as stated in the manual and use this [floppy] for the inital installation. After installing the system, replace the file /boot/vmlinuz with the file "linux" on the floppy disk and rerun LILO.

In fact, we have sent this floppy image and RPM patches to Intel about three weeks ago.

It was unclear whether News.com had contacted SuSE (or any other distributions) to clarify the issue.

Rule Set Based Access Control (RSBAC). On Monday, Amon Ott posted the announcement of the release of version 1.1.0 of the Rule Set Based Access Control (RSBAC). RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. Essentially, RSBAC interposes a central decision maker between an application and the system calls it makes; rules may be applied to any system call which determine whether the call is actually allowed to execute or not.

In the current RSBAC version (1.1.0), eight modules are included:

MAC	Bell-LaPadula Mandatory Access Control (limited to 64 compartments)
FC	Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators.
SIM	Security Information Modification. Only security administrators are allowed to modify data labeled as security information
PM	Privacy Model. Simone Fischer-Huebner's Privacy Model in its first implementation.
MS	Malware Scan. Scan all files for malware on execution (optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected.
FF	File Flags. Provide and use flags for dirs and files. Only security officers may modify these flags.
RC	Role Compatibility. Defines (up to) 64 roles and 64 types for each target type (file, dir, dev, ipc, scd, process). For each role compatibility to all types and to other roles can be set individually and with request granularity.
AUTH	Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities are controlled by other programs/processes.
ACL	Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types.

More information on this new facility are available at the RSBAC Web site.

kORBit - the Linux kernel CORBA ORB. Here is one of the more interesting kernel patches we have seen go by for a while: kORBit is a CORBA object request broker (ORB) which runs in the Linux kernel. It allows kernel extensions to be written as CORBA objects. Possible applications, from the announcement, include:

• Through the use of a LD_PRELOAD'd syscall wrapper library, you can forward system calls through CORBA to an arbitrary local/remote machine.

• We can now write device drivers in perl, and let them run on the iMAC across the hall from you.

Other patches and updates released this week include:

• Gary Lawrence Murphy has posted another in his monthly calls for assistance with his "KernelWiki" documentation project.

• Keith Owens has released modutils 2.3.22. Among other things, it includes support for persistent module data. Note, however, that this version of modutils breaks with some 2.2 kernels, and should probably not be used by people running 2.2.

• Peter Braam has announced version beta 0.93 of the InterMezzo high-availability filesystem.

• ext3-0.0.5c, the latest development version of Stephen Tweedie's journaling filesystem, was released.

• Eric Raymond has released version CML2-0.9.0. This release uses Python 2.0 instead of 1.5.2, which according to Eric saves him close to 600 lines of code. Also included is automatic deduction of correct side-effects whenever a configuration symbol is changed.

• Chris Norris released a patch to the libraw1394 library that provides a single set of handlers per 1394 port for FCP, BusReset, Tag, and Iso receive events. It also includes a function which retrieves the port number a handle was set to.

• The international crypto kernel patch 2.2.18.3 was released (versions .1 and .2 had some compatibility problems). This is simply a port of 2.2.17.10 to the new upstream kernel release. It contains none of the changes in 2.2.17.11pre1, but patches cleanly against the new kernel.

Section Editor: Michael J. Hammel

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Conectiva ports apt to RPM. Apt is the Debian package management tool. Although it was developed for Debian GNU/Linux as a front end to Debian's dpkg package installer, the design was deliberately made independent of the underlying package manager. After reviewing the alternatives, Conectiva chose to write an RPM backend for apt, rather than to support alternatives such as autorpm, rpmfind, drake or other RPM-based alternatives. As a result, both rpm-based and .deb-based systems now have the option of using the same front-end package management tool.

The article itself does a great job of explaining the reasons for their choice. There are some good comments as well; if you want more, check out the Slashdot coverage as well. In the meantime, we rejoice to see the free software working the way it should, providing free choice between multiple alternatives and the possibility for both diversification and unification.

New Distributions to the LWN Distribution Lists

General-Purpose Distributions

Debian News. The Debian project will be running a booth at this year's LinuxFEST in Belgrad, Yugoslavia. LinuxFEST 2000 takes place from December 15th to December 18th at the main hall in Dom Omladine in Belgrad, Yugoslavia.

The latest issue of the Debian Weekly News covers the release of Debian GNU/Linux 2.2r2, which includes security fixes and other high-priority bug fixes. The main Debian archive is now in a package pool; the move of non-US went smoothly, but this move is expected to be more challenging. Joey Hess provided an FAQ about package pools, for those that are interested.

Red Hat News. The silkhat 2.2.18 rpms are a set of kernel RPMS based on Red Hat 7.0's kernel, with a few modifications. The large memory patch has been pulled and some other patches have been added, including Andre Hedrick's IDE drive update patch, the alsa sound card drivers 0.5.10, reiserfs 3.5.28, Lennert Buytenhek's bridging patch and a few others. This is probably mostly of interest to people who have been following kernel development closely, want to use one or more of these patches on a Red Hat 7.0 system, but would prefer not to patch the kernel themselves.

Slackware News. An on-line archive has been added for the slackware-announce and slackware-security mailing lists.

BSD News. NetBSD 1.5 has been released. This release includes several new ports (NetBSD's specialty), much of the groundwork for SMP support in the future, loadable module support, IPv6 support, filesystem performance improvements, ext2 filesystem support, a transition to the ELF executable format, and much more.

FreeBSD 4.2 is reviewed comparatively with Linux and FreeBSD 4.1.1 in this article from the Duke of URL. "While FreeBSD isn't exactly as easy to use as Windows, it's pretty darn close to Linux at least. One big advantage it has over Linux is how the directories are structured, because Linux tends to spread source and other files all throughout the system. Adjusting to FreeBSD just may be easier than Linux because things like this are simplified."

Hurd News. The December 13th issue of the Kernel Cousin Debian Hurd is out. Activity seems to be increasing and tips were posted this week on installing the Hurd from either SuSE Linux or FreeBSD.

Embedded Distributions

Lineo and Transvirtual Technologies announce alliance. Lineo and Transvirtual have announced an alliance based around Transvirtual's PocketLinux distribution. Lineo will begin distribution of PocketLinux early next year.

MontaVista Offers Easy VxWorks-To-Linux Transition. MontaVista Software, Inc., developer of the Hard Hat Linux operating system for embedded applications, announced the availability of a "virtual machine" environment for porting of VxWorks code from Wind River Systems to a Linux platform. For more information, LinuxDevices also put out a an interview with Jim Ready, CEO of MontaVista, to talk about this new product. "Emulating and/or translating all of the approximately 1500 API (application program interface) functions of VxWorks would have presented a severe challenge. However, MontaVista developers determined that it would be sufficient to limit their focus to roughly fifty of the most commonly used VxWorks APIs."

Mini/Special Purpose Distributions

Coyote Linux v1.23 released. A new stable version of Coyote Linux, v1.23, was announced yesterday. The new edition has been upgraded to Linux 2.2.18, plus a new PPPoE client and other bugfixes. Check this week's security section for information on a security issue with rp-pppoe; we do not know whether or not this is the PPPoE client that has been upgraded.

Coyote Linux is a single floppy distribution that turns a PC into a simple masquerading router/firewall in order to share an Internet connection among computers on a LAN.

e-smith 4.1-beta now available. The beta version of the latest e-smith distribution is now available for the intrepid and/or foolhardy (otherwise known as developers). The official announcement indicates that e-smith 4.1 is based on Red Hat 7.0. "e-smith 4.1 contains several new features, including SSL, SSL-enabled Webmail, OpenSSH, better anti-spam protection, and improved packet filtering on the external interface. It also includes new support for PPP over Ethernet for ADSL via the external interface, and includes support for many additional ethernet cards."

SmoothWall Linux 0.9.6. A new development release of SmoothWall Linux has been announced, version 0.9.6. "This release includes a revised front-end with new menu access, multiple ISP support, additional Windows DHCP domain support, code and functionality changes, and also SSH access and admin via the SmoothWeb interface added."

SmoothWall takes a 486 PC and turns it into a fully-operational firewall with support for ISDN, ADSL, Cable, and more.

Vector Linux 1.8. A new version of Vector Linux has been released, version 1.8. Vector Linux is a small, disk-based Linux distribution, requiring 16MB of memory and no more than 200MB of disk space. "This distribution of VectorLinux should be of interest to many MS Windows users who want to try Linux using a minimal amount of system resources. The results will be a dual-boot environment with the ICEwm windows manager providing a multi-desktop environment, and the revered multi-user, multi-processing, high uptime OS, Linux."

Thanks to Gene Schiavone for forwarding the announcement to us. He also passed on the news that Vector Linux has now been translated and mirrored in Poland, Russia and China.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

News and Editorials

Palmtop Linux Machines

A welcome addition to the playing field is the MyLinux PDA project, which is putting together an open PDA hardware platform that is designed to run Linux from the start.

Featuring PCMCIA and CompactFlash slots, an HR-TFT Active Matrix LCD panel capable of displaying 64K colors and a whopping 256 MBytes of super fast SDRAM, this unit aims to fulfill the needs of even the most demanding Linux Advocate. Scheduled for early release to Linux Developers worldwide in April with full production planned in August 2001, this project brings the full power of 32-bit RISC processing home in this incredibly portable form factor. With a list of big-name sponsors including Hitachi, Xilinx, Sharp, Micron and Epson, this completely Open Source project seeks your active involvement.

A limited number (200) of the units will be made available to developers.

Along those same lines, LinuxDevices.com is starting a new series by Jerry Epplin on Exploring Linux PDA software alternatives. The series explores the use of Linux on PDAs and handheld devices:

For several years, Linux advocates have predicted that Linux will become a significant factor in the embedded market. In addition to its virtues as a full-featured modern operating system, it is inexpensive to duplicate, an especially important factor for embedded systems. Others, coming from a more traditional embedded device development background, have been more skeptical, contrasting the compactness of older, more primitive software environments like VxWorks, QNX, or Lynx, to the relative bloat of Linux.

One of the biggest challenges that PDA based Linux systems designers face is zeroing in on a common graphical user interface that application designers can rally around. Despite all of its complexities, the X Window System has been a major unifying force in the Unix world. The Linux PDA arena needs a similar unifying platform. Hopefully, as time marches on, the best of the palmtop GUIs will rise to the top and get adopted by the masses. A situation where there are several competing systems, as with Gnome and KDE, would probably make for some healthy competition and keep the designers on their toes.

LinuxDevices.com recently published a large list of possible choices for embedded window systems. There are currently ten open source projects and six commercial projects listed. In the long run, it is likely that only a few of those will ever see wide use. Several of the projects are X Window System derivatives, those will certainly have a big advantage in being able to use existing applications with little or no modification. X Window System based systems would also have the advantage of remote displays. Imagine plugging your palmtop into your LAN, connecting to it from your desktop via ssh, and running full-sized applications from your desktop machine using a real keyboard. The idea is not that far-fetched.

The lightweight window systems would have advantages in the form of a smaller memory footprint, more speed, and possibly better battery life due to lower computational requirements. If only there were a standard system with a big pile of applications to go with it.

Fortunately, in an open-source environment, it may become possible to choose from both X and a smaller GUI on the same PDA. These new toys will certainly be fun to play with.

Browsers

A browser renaissance (ZDNet). Mozilla is not the only option in the open source browser market, according to this opinion piece from ZDNet. "Open-source software invites developers to dive in to address weaknesses. Browsers such as Galeon and SkipStone have jettisoned the mail-reading and page-making cruft in favor of smaller and faster browsers that still have most of Mozilla's browsing strengths. Rounding out this category of speedy browsers we have the Opera browser, now free, and the Links browser (not to be confused with its predecessor Lynx), one of ZDNet's most popular open source downloads."

Mozilla 0.6 released. Version 0.6 of the Mozilla browser has been released. See the Release Notes for more info. "Mozilla 0.6 is a milestone release based on the same branch as Netscape 6. It is aimed at developers who wish to create products that extend Netscape 6 or who wish to port it. "

Embedded Systems

Embedded Linux Newsletter - December 7th, 2000. The latest issue of the Embedded Linux Newsletter has been published. New features include updates to the Embedded Linux Quick Reference Guides, an interview with Greg Haerr and the usual assortment of device profiles.

Interoperability

Wine Weekly News for December 11, 2000. The December 11, 2000 edition of the Wine Weekly News is out. News includes a large DLL / X11 separation effort, Linux joystick input, and fixing game startup deadlocks.

Network Management

Fully automated installation for Linux clusters. Version 1.4.1 of a package called FAI (Fully Automated Installation) has been released. This package permits the unattended installation of a cluster of Debian GNU/Linux systems.

OpenNMS Update, Volume 1, Issue 38. The latest edition of the OpenNMS Update has been published. Topics in this issue include updates on project status, documentation problems, and a wish list.

Office Applications

Gimp 1.1.30 developer release. Version 1.1.30 of the Gimp is available for download. This is a developer's release.

On the Desktop

KDevelop 1.3 Released (KDE Dot News). The KDevelop Team announced the release of KDevelop 1.3, an Integrated Development Environment (IDE) based on KDE for the C and C++ Programming languages.

KDE Gets Digital Camera Support (KDE Dot News). The Digital Camera application gPhoto2 has been integrated with KDE by theKompany.com. The integration added kio_slave to gPhoto2, allowing any application that uses the kio facilities to access a digital camera through gPhoto2.

Linux Online interviews David Faure. KDE's David Faure talks about KDE2, Konquerer and more in this Linux Online interview.

Linux Online: You've just released KDE 2. If you've been using the KDE 1+ builds, what important improvements are built into KDE 2?

David Faure: KDE 2 has been under development for 18 months. It's a major release, very different from KDE 1.1, so there are too many improvements to list them all. The most important improvement for the user is probably the full-featured web browser, Konqueror, which has reached a level where it can honestly compete with the other major Web browsers out there. The first release of KOffice is a major step forward too, although it may not yet be as fully-featured as the well-known commercial office suites. The KDE 2 desktop is also much more configurable than KDE 1 used to be, and it's also less memory-hungry, thanks to a better design.

KDE.themes.org Needs Your Help! (KDE dot News). KDE dot News reports that the kde.themes.org site needs help to maintain the site. They are looking for people with intimate knowledge of the KDE theme system.

OSF/Motif bug database. ICS has placed the OSF/Motif bug database online at their MotifZone web site.

Balsa 1.0: Mail in the GNOME Environment (LinuxPlanet). LinuxPlanet reviews Balsa 1.0. "Balsa is stable, configurable, and integrates well with the overall GNOME environment. It's very easy to use and configure, and if there's any feature that I'd complain about missing, it's the as-yet-to-be-completed filtering tools, which would give the project parity with kmail, Netscape Messenger, and others."

Gaby 1.9.95 released. Version 1.9.95 of the personal database manager, Gaby has been released. "Gaby is a small personal databases manager for Linux using GTK+ and Gnome (if available) for its GUI. It was designed to provide straight-forward access to databases a 'normal' user would like while keeping the ability to easily create databases for other needs."

Web-site Development

Zope 2.3.0 Alpha 1. Zope 2.3.0 Alpha 1 is now available. New to this release are built-in Python scripts, a fixed initial-user account process, and a security assertion system. An online Zope Book has also been released, this version of the book is up to date with the current release. Finally, a new cache management system for Zope has also been announced, it requires either the CVS version of Zope or the upcoming 2.3 Alpha 2 release.

Take the Free Way (ZDNet). ZDNet has published a quick look at Zope, PHP and Tomcat - three open source solutions for web site development. "Zope, from Digital Creations, is another open-source application server project, with strengths in content management. In fact, some of the technology in Zope is used for online versions of major newspapers. Internally, it's built in an object-oriented language called Python, but you develop for Zope using its Document Template Markup Language (DTML) scripting tags."

Midgard Weekly Summary, December 6th, 2000. The December 6th issue of the Midgard Weekly Summary has been published. Features include a holiday season release for version 1.4 and the early stages of Midgard 2.0.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

C++

A C++ open source library for quantitative finance. The QuantLib project is working to build an open-source library for financial calculations. " The QuantLib project is aimed to provide a comprehensive software framework for quantitative finance. The goal is to provide a standard free/open source library to quantitative analysts and developers for modeling, trading, and risk management in real-life.

QuantLib plans to offer tools that are useful for both practical implementation, with features such as market conventions, solvers, PDEs, etc., and advanced modelling, e.g., exotic options and interest rate models." Python language extensions will be included.

ERLANG

Stand Alone Erlang. Stand Alone Erlang is an add-on to the current Erlang R7B release that allows ERLANG applications to be condensed into as few as two files. This allows code written in ERLANG to be distributed to non-development machines.

Perl

Two-Way Telephone Interaction (Webreference.com). Jonathan Eisenzopf writes about using Perl to talk to a voice modem. The article covers dialing, sending voice messages, recognizing touch-tones, and dialing extensions. Interesting stuff with lots of potential uses.

Fun With Jabber. DJ Adams has written several articles on working with the NET::Jabber Perl module. He includes code for mail notifiers and an RSS Headline delivery program.

Perl 5 Porters for December 10, 2000. The December 10 issue of Perl 5 Porters has been published. Topics include implementing Unicode on EBCDIC machines, Unicode on hash keys, and Unicode and PerlIO.

Python

Dr. Dobb's Python-URL! - December 12th, 2000. Dr. Dobb's weekly Python-URL! has been posted. Featured topics this week included mutual dependencies between modules, a C version of the Weak Reference Module, and the introduction of PyHTML.

Ninth International Python Conference. The Ninth International Python Conference will happen March 5-8, 2001 in Long Beach, California. The keynote speakers will be Guido Van Rossum and Bruce Eckel, the conference includes tracks on Zope and Python applications among other things. Conference Registration is now open.

Python Programming Tutorial. Richard G. Baldwin has published an online Python Programming Tutorial. Check it out for a tour of the Python language.

Boost C++ Python Library. The py_cpp project has been renamed the Boost C++ Python Library. With the new name comes a new web site, www.boost.org. The library allows C++ code to be integrated into Python.

Python 2 Efficiency. Eric Raymond posted this letter to the Kernel mailing list concerning code reduction and Python 2. "Using Python 2.0 rather than 1.5.2 lets me cut close to 600 lines out of the CML2 system, a bit more than 10% of the 5334 lines of code in this version."

Tcl/tk

Dr. Dobb's Tcl-URL! - December 12th, 2000. Dr. Dobb's weekly Tcl-URL! has been posted. Featured topics this week include using Tcl to manage X.25 channels and FIFOs, an example of the BWidgets notebook in use, and the case for a new nroff-based documentation standard.

Tix 8.1.1 released. Version 8.1.1 of the Tix widget set has been released. This version fixes some Python integration bugs.

Moodss Version 12.1 released. Version 12.1 of the Moodss system monitoring tool has been released. This version adds threshold alerts via email, and includes various other features and bug fixes.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Now, of course, IBM is embracing Linux and all things open source. Irving Wladawsky Berger, IBM's vice president of technology is quoted in this News.com story as saying that the company already has invested about $1 billion in Linux, "and you can expect that to grow in 2001." Its worthwhile to keep in mind at this point that IBM is not a philanthropic organization. What they invest now they expect to get back many times over. Clearly in May 1998 the company did not see how to make money in the open source arena. Just as clearly, now they do.

People have worried that VA Linux might suffer from competition by companies like Dell and Gateway. IBM is going after the sorts of Linux server sales that VA lives on. This makes IBM much more of a threat to companies like VA Linux. From the 1960's into the early 1980's IBM dominated the computing arena in the same way that Microsoft does today. It didn't always play nicely with others in the past, and although it is playing nice now, that could change in the future. For now, at least, Linux and the open source movement are basking the largesse of an enormous company with resources far beyond the dreams of most developers.

So far IBM is sticking to a multi-distribution approach. IBM used SuSE on the IBM S/390 for the the Telia installation (covered last week.) An informed source told us that the company will use Red Hat Linux for the Shell International Exploration & Production B.V. facility's new supercomputer. Will IBM decide to write its own distribution? Probably not. The company undoubtedly realizes that Linux is not a "one-size-fits-all" sort of operating system, and distribution's alone are not money makers. As long as IBM can pick and chose among distributions and find one that works for the company and its customers, there is little incentive for them to write a distribution of their own.

IBM's Linux offerings can be found at the Linux at IBM page. Here's another new announcement detailing the company's latest "e-infrastructure software for Linux." The most interesting part may be the announcement of a version of the DB2 database management system for Linux clusters. Also announced was DB2 and WebSphere for the S/390.

Keio University Network To Use Red Hat Linux, IBM's Netfinity Servers. For now at least, Red Hat, Inc. and IBM are working together on several fronts. We already mentioned the Shell project. This announcement from Red Hat about the Keio University project is another example. Red Hat is supplying the operating system and the support and service. IBM is suppying IBM Netfinity 4500R servers, from Japan IBM Corporation. The servers will run Red Hat Linux 7, each having minimum capacity of 5 terabytes.

Other Red Hat News. Red Hat has announced an expansion of its e-commerce offerings, centered around Apache and the Stronghold web server.

The US Army, through Rymic Systems, will be using Red Hat's uClinux for a prototype Internet devices that will diagnose ground vehicle performance for the US Army.

Kasenna MediaBase Available for SGI Linux Servers. SGI announced that Kasenna MediaBase is now available for Linux OS-based SGI servers. Kasenna MediaBase provides streaming, content management and content transfer supporting formats such as MPEG-1, MPEG-2, RealVideo, RealAudio, QuickTime and MP3.

New Opera beta available for Linux. Opera Software has released a new beta version of their Web browser for the Linux operating system. It uses Qt for its interface, but statically linked versions are available so you won't need to download Qt itself if you don't have it or want to get it. The feature set for this release appears more complete than the last one, with far fewer listed annoying problems.

One annoying problem remains, however: the release is a timed beta. The package remains fully functional only for 30 days.

LPI certificates ship. It has taken far longer than anybody might have expected, but the Linux Professional Institute is finally sending out certificates to people who have passed both of the Level I exams. At this point, less than 100 certificates have gone out, but they are widely distributed: there are recipients in the USA, Germany, Austria, the UK, Belgium, Taiwan, Italy, and Ethiopia.

More Than 400,000 Linux Fans Choose Oracle. Oracle is reporting in a press release that over 400,000 users have downloaded Oracle products for Linux over the past three months.

Linux-based Browser Development Kit For Embedded, Non-PC Applications. ACCESS Co., Ltd. introduced the NetFront 2.6 Linux Software Development Kit (SDK) for the integration of ACCESS' NetFront browser into Linux-based Internet appliances and other non-PC applications.

Sun completes acquisition of Cobalt. According to a press announcement on the Cobalt web site, Sun's acquisition of the server maker has been completed. Cobalt shares were exchanged 1 to 1, adjusted for the upcoming 2 for 1 split of Sun shares. (Thanks to Steven C. Den Beste)

Press Releases:

Open Source Products

• Progress Software Corporation (BEDFORD, Mass.) announced plans to release the source code of its Application Development Environment (ADE) under an open source licensing model.

Proprietary Products for Linux

• Fox on Linux is a graphical, accounting software package.

• Macadamian Technologies Inc. (OTTAWA, ONTARIO) announced the availability of Syndeo Collaboration Suite version 2.2.

• MSC.Software Corp. (COSTA MESA, Calif.) announced that MSC.Patran, part of the MSC.visualNastran enterprise family, is now available on the Linux platform.

• MSC.Software Corp. and SGI (COSTA MESA and MOUNTAIN VIEW, Calif.) announced that MSC.Nastran on Linux will be available with SGI Itanium based servers.

• Trend Micro Inc. (NEW ORLEANS) announced its InterScan VirusWall gateway virus protection and content filtering solution will be available soon, for Red Hat, SuSE, and Turbo Linux.

• Xi Graphics Inc. (DENVER) announced the release of version 6 of its line of Accelerated-X Display Servers for laptop, desktop and multi-head use. Runs on Linux or Solaris 8.

Products and Services Using Linux

• Extended Systems (BOISE, Idaho) announced that its XTNDConnect Server data synchronization and management solution now supports industry-standard Internet e-mail, calendar and directory access protocols; IMAP4 (Internet Message Access Protocol), SMTP (Simple Mail Transfer Protocol), iCAL (Internet calendar), and LDAP (Lightweight Directory Access Protocol).

• Lineo, Inc. (LINDON, Utah) announced the availability of Lineo Embedix UI, a simple HTML interface and micro Web browser that integrates with the Embedix SDK.

Products with Linux Versions

• Computer Associates International, Inc. (ISLANDIA, N.Y.) announced the availability of the Service Level Management Option for Unicenter TNG and NetworkIT 2.0.

• Enlighten Software Solutions, Inc. (SAN MATEO, Calif.) announced the general availability of EnlightenDSM 4.2, with versions for both Linux and FreeBSD.

• Evoke Communications (ANAHEIM, Calif.) announced the launch of Evoke Collaboration 4.5, an interactive collaborative meeting tool.

• Group 1 Software (LANHAM, Md.) announced the release of MailStream Plus 6.3, its Presort Accuracy, Validation and Evaluation (PAVE)-certified software solution.

• Interstar Technologies Inc.(MONTREAL, Canada) announced the release of LightningFAX 7.0, an enterprise fax server solution.

• MediaQ, Inc. (SANTA CLARA, Calif.) announced the MQ-1100, a device that combines a 64-bit 2D graphics engine, LCD display interface and USB device controller into a single device designed for handheld platforms that require long-battery life.

• NEON Systems, Inc. (SUGAR LAND, Texas) announced the general availability of the J2EE compliant JDBC access for Shadow Direct, an iWave Solution data access and legacy application renewal software product, for use with IBM WebSphere.

• Oracle Corp. (REDWOOD SHORES, Calif.) announced the general availability of Oracle9i Dynamic Services.

• Paradigm3 Internet Software, Inc. (SAN JOSE, Calif.) announced an agreement wherein Paradigm3 is licensing and integrating IBM's WebSphere(1) Transcoding Publisher business-to-business integration software in Paradigm3's next-generation browser-based application for license management and e-commerce infrastructure.

• PyBiz (SAN JOSE, Calif.) announced a change of policy that makes the use of XDisect, their high-speed XML indexing and search engine free during the development phase of customer projects.

• Reef (NEW YORK) announced the launch of Internetware 2.1 at the E-Business Conference and Expo.

• UniComp Inc. (MARIETTA, Ga.) announced the launch of its freeware version of UPSwin transaction processing software.

• Verisity Ltd. (MOUNTAIN VIEW, Calif.) announced the latest release of SureLint, version 2.0, which features faster, more accurate race detection and finite state machine (FSM) analysis capabilities and a new category of built-in Reuse Methodology Manual (RMM) checks. The price is $15,000 U.S. for a floating LAN license.

• Zero-Knowledge Systems Inc. (MONTREAL) unveiled its newest version of Freedom Internet Privacy Suite. Freedom 2.0 offers five standard privacy and security features as a free download in addition to enhanced paid premium services of untraceable private email and anonymous private browsing and chat.

Java Products

• Inxight Software, Inc. (SANTA CLARA, Calif.) announced Table Lens Server, a Java version of its Table Lens technology, a new paradigm for graphical data analysis.

• Sun Microsystems, Inc. (PALO ALTO, Calif.) announced Forte for Java, release 2.0, the latest version of its cross-platform development environment for building Internet services-based applications.

• Tower Technology Corporation (NEW YORK) announced the availability of its TowerJ Java Virtual Machine (JVM) for Intel's family of Itanium processors for server-class computers.

Books and Training

• O'Reilly (Sebastopol, CA) announced JavaServer Pages, by Hans Bergsten.

• Turbolinux, Inc. (SAN FRANCISCO) announced a partnership with innominate training gmbh to offer Linux seminars on Turbolinux enterprise products in Austria, Switzerland and seven education centers around Germany starting in January, 2001. The three-seminar series, (Linux Fundamentals, Linux Network Administration and Linux System Administration) is designed to prepare participants for the LPI (Linux Professional Institute) certification.

Partnerships

• Forlink Software Corp. (BEIJING) announced the formation of an alliance to deliver solutions and Internet applications deployed on Intel Itanium architecture and Linux systems.

• Highlander Technologies (ROCKLEDGE, Florida) and Eloquent Systems (Lamar, AR) have entered into an agreement under which Highlander will distribute Eloquent's software for boat manufacturers, which runs on Red Hat Linux.

• Intrusion.com (RICHARDSON, Texas) announced it has entered into Premier and Authorized Partner Reseller agreements with eight major Latin American security product resellers to support sales of its security product line, including its Linux-based PDS 2100 appliance.

• Linux2order.Com (PROVO, UT) announced a partnership with the U.K.-based open source services provider SlashTCO, Ltd.

• PalmPalm Technology (SANTA CLARA, Calif.), SK Telecom Central R&D Laboratory, and Seoul National University announced plans to release a beta version of the IMT-2000, a CDMA smart phone based on the Embedded Linux operating system.

• Rappore Technologies (SAN JOSE, Calif.) announced the formation of a strategic relationship with Lineo to port Bluetooth technology to Lineo's Embedix embedded Linux operating system.

• Red Hat, Inc. (RESEARCH TRIANGLE PARK, N.C.) announced that Cradle Technologies, Inc. is leveraging a broad set of Red Hat's embedded technologies and services. The Cradle contract includes consulting services and porting of Red Hat's GNUPro embedded development tools, eCos and embedded Linux operating systems, to Cradle's Universal Microsystem platform (UMS).

• RedWire Limited (LinuxUser Conference, Chelsea Village, London, UK), an International IT Systems Integrator with focus on Linux / Open Source Solutions, announced that MPT Data Products Limited, has appointed RedWire as official Cyclades E-Commerce Distributor for the UK and Ireland.

• Streambox, Inc. and e-Appliance Corp. (SAN JOSE, Calif.) announced a Business Partnership to provide an integrated high speed video on demand solution based on the StreamboxTV ACT-L3 CODEC, Streambox Carrier delivery system and e-Appliance's Linux-based SuperScaler appliance server technologies.

• TurboLinux Japan (BOSTON and TOKYO) and Infoteria Corporation, the XML Software Company, announced an agreement to bundle Infoteria's XML development platform, iPEX 2.0, with Turbolinux Developer Edition.

Personnel

• Ariel Corp. (CRANBURY, N.J.) announced the appointment of Robert F. Burlinson as a member of the Board of Directors.

• Linux NetworX, Inc. (SALT LAKE CITY, UTAH) named Robert Dunoskovic vice president of manufacturing.

• Sendmail, Inc. (EMERYVILLE, Calif.) announced the appointment of John Stormer to vice president of marketing.

Linux At Work

• Fastlane Software Systems (SAN JOSE, Calif.) announced they have won a Federal Procurement award to deploy realtime network monitoring systems at the Federal Aviation Administration. Fastlane's proposal featured a turnkey approach which integrates their Xni software, various (unspecified) open source elements, the Red Hat Linux Operating system and Intel based hardware from Compaq Computer Corporation.

• Inpharmatica (London, U.K.) is using a 1,100 processor Linux cluster which is now involved in discovering the drugs of tomorrow and in analysing the enormous amounts of data now generated by the Human Genome Project.

• RigSupplies.com (EDMONTON, ALBERTA) is a new website built by CSM Systems Inc. for Western Canada's oil industry. The MIRAWRE-LX, to be launched early in 2001, runs on Linux.

• Turbolinux, Inc. (SAN FRANCISCO) announced that Liderar Seguros, an insurance company in Argentina, has deployed a Turbolinux solution for secure business communications on the Internet linking its 40 branch offices nationwide.

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Why software still sucks (Upside). Jaron Lanier, pioneer in the field of virtual reality and general supporter of the open source movement, laments the state of software today in this interview from Upside, and wonders how Unix - repackaged as Linux - could be the saving grace it is. "How I hated Unix back in the '70s -- that devilish accumulator of data trash, obscurer of function, enemy of the user," he writes. "If anyone had told me back then that getting back to embarrassingly primitive Unix would be the great hope and investment obsession of the year 2000, merely because its name was changed to Linux and its source code was opened up again, I never would have had the stomach or the heart to continue in computer science."

IBM

IBM to spend $1 billion on Linux in 2001 (News.com). News.com looks