Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Weiss said he could see a day when "80 per cent of the revenues, indirect or direct, attributed to Linux will go into IBM coffers unless companies like HP, Red Hat and VA Linux smarten up their act. IBM will have a stranglehold on the community"

Mr. Weiss also says:

The biggest problem IBM has is that it appears to the Linux community that it is trying to take over the Linux momentum and grab what this OS has to offer

It is interesting that Mr. Weiss has such sense of the Linux community - Gartner has, in general, kept its distance from that community. From LWN's viewpoint, IBM has not yet frightened all that many people. One can always find those who will complain about corporate involvement in Linux, of course. But, in general, IBM's Linux moves have been seen as good news.

The more interesting question, though, is this: should we be scared of IBM? Those who look can certainly come up with reasons to worry:

• IBM dominated the computing industry for much of its history; the company really only lost its grip around the beginning of the 1980's. For much of the time before then, it owned the market in a way that Microsoft can only dream about. And, needless to say, IBM did not always play nice.

• IBM is clearly interested in Linux and free software. A company does not publicly commit to investing a billion dollars in a field without seeing some commercial potential there.

• The existing players could prove highly vulnerable to an IBM offensive. An IBM Linux distribution, if well done, could be a powerful contender in the corporate market. IBM already has service offerings and preinstalled Linux systems aimed at that market. It also has a large array of add-on proprietary software (WebSphere, DB2, etc.). IBM, if it wanted, could look much like the IBM of old, whose customers bought everything they needed from one source.

IBM, thus far, has taken great care not to upset the Linux community. It is careful about free software licenses, has been careful to work with multiple Linux distributors (and has not created a distribution of its own), and, in general, has avoided looking like it wants to take the whole pie. These efforts have paid off; IBM's image in the Linux community is pretty good.

But IBM is a company like any other, beholden to its shareholders. IBM executives have been very clear that they see free software as a disruptive technology. One can be sure that, given that they believe free software will be highly successful, they want to own a large part of that success. If other Linux companies look like they are threatening IBM's success, IBM will certainly respond in a competitive manner. Companies can not ignore competitive threats and survive.

So IBM is likely to work harder, compete harder, and do its best to own a large part of the Linux market. Should the Linux community be worried about a future that is more blue? Certainly Linux companies should be worried - they will face no end of threats over the next few years. But even they could find themselves better off: IBM, in seeking its piece of the Linux pie, has a good chance of making that pie much larger. Billion dollar investments and high-profile deployments will grow the market for everybody. In a few years, many Linux vendors could find themselves with a smaller market share, and a lot more business.

The Linux community should have little to fear, as long as IBM continues to play by the rules. Free software will remain free, and nobody will ever be forced to do business with IBM, or any other company, to use it. IBM bears watching, as do all companies working with free software. But it is not a particular threat, even if it is big and blue.

Zend launches its PHP products. For years, the PHP language (once "Personal Home Page," now "PHP: Hypertext Preprocessor") has been the engine behind a great many web sites. Its C-like syntax, performance, and database interfaces have all combined to make it, arguably, the most popular server scripting language available.

Also for some time now, a company called Zend Technologies has been contributing to the PHP project. Among other things, the high performance "Zend engine" powers the (relatively) recent PHP 4.0 release. Zend has done much to advance the PHP state of the art.

Now it's time for Zend to make some money from all this. The company's plans became clear with this press release, which came out on January 23. Zend is offering a whole range of products and services oriented around PHP, including:

• The "Zend Cache." This product, aimed at very high volume web sites, caches the intermediate, compiled versions of PHP scripts. If your traffic is high enough, this caching can make a real difference.

• The "Zend Encoder" works like a Java bytecode obfuscator. Using the encoder, a proprietary software vendor can distribute "PHP scripts" in an unreadable form that is resistent to reverse engineering.

• The "Zend IDE," an integrated PHP development environment. Among other things it includes a debugger which allows the debugging of PHP scripts remotely. One can only hope they have thought through the security implications of remote server script debugging.

• The "Zend Launchpad," which appears to be an FTP site allowing the download of "Zend certified" versions of PHP.

• A subscription plan which provides regular PHP updates, access to technical support, and "special offers and exclusive offerings throughout the year."

• A web-oriented support offering.

A couple of aspects of these offerings jump out at the reader. The first is that the support offerings are clearly not at the core of what Zend is up to. The offerings are minimal, and, at the given price levels ($50/year for "non-commercial" customers, $70/month for the rest), will not generate large amounts of revenue. There are no expensive "we'll do your web site with PHP" offerings, consulting services, or PHP enhancement services. Unlike Great Bridge, NuSphere, and others, Zend is not centering its business around services for free software.

Instead, Zend is a proprietary software business which is supporting PHP as the loss-leader platform on which to base its (expensive) products. Those who are in doubt can check out Zend's software license which has the usual proprietary stuff in it - including a prohibition on reverse engineering of the product.

It is, of course, entirely within Zend's rights to offer its work as a proprietary product. And even if Zend has not embraced the "all free software" view, the company has certainly done much to support a highly successful free software product. It will be interesting to see if this approach to running a (partially) free software business is successful.

Meanwhile, the all-free competition is not standing still. Digital Creations has just put out a press release announcing the (forthcoming) release of Zope 2.3. Among other things, this version of Zope includes its own caching system for dynamic content. It also includes a number of ease-of-use improvements that are intended to mitigate the notorious Zope learning curve. Digital Creations has done well with the pure services model, and thus continues to put its developments under a free software license.

LinuxPPC goes non-profit. LinuxPPC, the organization behind the popular LinuxPPC distribution for PowerPC computers, was originally founded in 1997 as a for-profit company. However, their intent was always to become a non-profit organization, with the goal of supporting Linux on the PowerPC platform. Filing as a for-profit company was initially just easier and less expensive.

Then came the Linux stock phenomena and the "dot-com" craze. The hoopla distracted them from their original purpose for a while. They turned down a lot of offers, listened to people who told them a non-profit couldn't survive in that kind of environment and slowly build a solid, small business.

Once the stock market hype died down, their original plans looked more promising than ever. As a result, LinuxPPC is moving ahead to file as a non-profit corporation. Why? In a word, "Control". No venture capitalists, angel investors or stockholders to drive the mission of the company. The control rests with the users and developers of LinuxPPC.

For more details, please check out our interview with Jason Haas, who, along with Jeff Carr, founded LinuxPPC.

And don't worry, the LinuxPPC distribution will be here for a long-time to come.

On the joys of copy protection. For those who haven't seen it, this posting from John Gilmore on copy protection is certainly worth a read. It is a clear discussion on how numerous companies are attempting to use technology to take away rights that are otherwise guaranteed, and how there's a better way.

It's no coincidence that the open source, free software, and Linux communities are among the first to become alarmed at copy protection. They are actively making their livings or hobbies out of eliminating scarcity and increasing freedom in the operating system and application software markets. They see the real improvement in the world that results -- and the ugly reactions of the monopolistic and oligopolistic forces that such efforts obsolete.

The full posting is long but worth the trouble.

LinuxWorld and Linux Expo Paris happen next week. The LinuxWorld Conference and Expo is happening next week in New York. Expect the usual: suits and ties, loud music, corporate hype, wild parties, and, of course, lots of Linux. LWN.net editors Liz Coolbaugh and Michael J. Hammel, as well as LWN.net team member Dennis Tenney will all be there. Stop by and see our talks or look for us in the Exhibit Hall. And keep your browser tuned to LWN, of course, for news from the event.

Also happening next week is Linux Expo Paris in, well, Paris. LWN, alas, will not be there, a mistake that we intend not to make again next year.

Meanwhile, if SuSE CTO Dirk Hohndel looks tired, be nice to him: he is currently listed as a speaker at both shows...

LWN turns 3. The very first LWN weekly edition came out on Thursday, January 22, 1998. Three years later, we're still here - though, hopefully, we've improved a little on the way. We're looking forward to many more years...

Inside this week's Linux Weekly News:

• Security: Real damage from the Ramen worm, MySQL, sash, micq, webmin, kdesu, crontab, icecast and bing vulnerabilities.
• Kernel: Ways of speeding up data copies; 2.4.0 and USB module autoloading; moving kbuild to SourceForge.
• Distributions: Good news for SPARC, Microwindows 0.89pre7 packed with new features.
• Development: The Open Source Development Lab opens, GIMP flurry, MySQL 3.23 MSQL 3, Bind and Python updates.
• Commerce: Linuxcare Managed Services, LinuxWorld announcements.
• History: bob@redhat.com's new web site, the Netscape source release, and more.
• Letters: Dell laptops, Linux pronounciation, NFS and journaling filesystems

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

Multicast impacts from the Ramen Worm. Last week, in our coverage of the Ramen Worm, we mentioned the network impacts of the Ramen Worm, but like many other news reports, we glossed over them quickly. That did not do justice to the most-likely unintended consequences of the Worm; its impact on multicast networks.

The Ramen worm was designed to use a binary called "randb" to generate a list of class B networks to scan. That causes the impact of the worm to be somewhat randomly scattered. However, the first byte of the IP addresses generated ranged from 13 to 242 -- a range that includes multicast addresses. On other words, the Ramen worm is also scanning multicast networks, and the results are far from pleasant.

What is multicast? Where most Internet traffic is much like a telephone call, directly from one IP address to another, multicast traffic is more like radio or television. All sites that have "tuned in" to the multicast broadcast will receive it - and can broadcast to all other participants as well. The multicast network is designed such that data need cross any network segment only once, even if it is being broadcast to many recipients on the other side. Example uses of multicast include the broadcasting of real-time audio and video from conferences or tuning in on the space shuttle. Check the Multicast over TCP/IP HOWTO for more details.

The IP address range for multicast is 224.0.0.0 through 239.255.255.255. This range is thus included in the address space attacked by the Ramen worm. Each scan packet sent by the multicast scan generates a Multicast Source Distribution Protocol (MSDP) Source Availability (SA) message. Bill Owens reported:

Unfortunately the scanner being used is very efficient and can cover a /16 in about 15 minutes, generating 65000 SA messages. The SA messages are flooded throughout the multicast backbone and the resulting load on the routers has caused degradation of both multicast and unicast connectivity

For the past nine days, this has resulted in repeated storms of network traffic on multicast networks. The graph reporting statistics over the past month is particularly telling -- the level is flat for the first two weeks, then shows tremendous peaks of traffic, each reprenting a multicast storm.

All of this tells us that multicast has been proven vulnerable to a denial-of-service attack. That problem is being heavily discussed on the Internet2 multicast and MBONE mailing lists.

As a result, though, the damage from the Ramen worm is much higher than we originally reported.

As a side note, Crispin Cowan from Immunix reported that FormatGuard, used by Immunix to prevent format string vulnerabilities, successfully blocked all three of the vulnerabilities exploited by the Ramen worm.

French hackers break SDMI, publish results. Two French hackers, Julien Stern and Julien Boeuf, have broken the Secure Digital Music Initiative's watermarking scheme. However, being French, they (1) have declined to sign SDMI's nondisclosure agreement, and (2) are not subject to the Digital Millennium Copyright Act. So they have published their findings, both in French and in English. (Found on Da Linux French Page).

Linux Gets Stateful Firewalling (SecurityPortal). SecurityPortal covers Netfilter, the packet filtering system provided by the new 2.4 kernel release, in this article by Jay Beale. "The 2.4 kernel's packet filtering system, Netfilter, is Linux's first stateful firewall. Stateful firewalls represent a major technological jump in the intelligence of a firewall and are present in all serious Enterprise firewalling products. Among many enhancements, this "statefulness" allows Netfilter to block/detect many stealth scans that were previously undetected on Linux firewalls."

Security Reports

MySQL buffer overflow. Nicolas Gregoir reported a buffer overflow in the MySQL server that can be exploited remotely to gain access to the system under the uid of the mysql server. MySQL 3.23.31 and earlier are affected. MySQL 3.23.32 fixes the problem. Check BugTraq ID 2262 for more details.

• Debian
• Linux-Mandrake, including new PHP packages
• Red Hat
• Red Hat, new PHP packages

sash readable file vulnerability. Debian released an advisory this work for sash, reporting that versions of sash prior to sash 3.4-4 did not properly clone /etc/shadow, leaving a fully readable file as a result. They have provided updated packages for stable.

micq remotely exploitable buffer overflow. Micq is a public domain ICQ clone. Micq 0.4.6 is reported to contain a remotely exploitable buffer overflow that can be used to execute arbitrary code. micq 0.4.6p1 contains a backport of the fix provided by Debian. Check BugTraq ID 2254 for more details.

This week's updates:

• Debian

webmin tmpfile vulnerability. Webmin, a perl-and-web-based systems administration interface, is reported to insecurely create temporary files in several instances. webmin 0.84 contains a fix for this problem.

This week's updates:

• Caldera

kdesu password sniffing. Caldera issued an advisory for kdesu, a KDE2 program that is used to run systems administration commands under the root account. They report that a bug in kdesu will allow any user on the system to steal passwords entered at the kdesu prompt. Sebastian Krahmer (SuSE) and Waldo Bastian (KDE) are also acknowledged for their part in helping to track down this problem. Presumably, any other system shipping KDE2 may also be affected.

FreeBSD-specific ipfw/ip6fw vulnerability. FreeBSD issued an advisory reporting a problem with ipfw/ip6fw that is specific to FreeBSD. The ECE flag is incorrectly treated, potentially incorrectly allowing some traffic through the IP filters. Updates for the problem are provided.

crontab file access vulnerability. FreeBSD put out an advisory and updates for a problem with crontab(8) which can allow any file on the system that matches a crontab file in format to be read. This also includes any file where every line either begins with a "#" or contains only whitespace.

This problem is not FreeBSD-specific. No related reports have been seen.

icecast format string vulnerability. A format string vulnerability was reported this week in icecast 1.3.8beta2 and prior. This can be exploited remotely to execute arbitrary code. Exploits for Slackware and Red Hat have been published. icecast is an MP3 server. So far, an updated version of icecast has not been published.

This week's updates:

• Red Hat

bing local root exploit. Paul Starzetz reported a buffer overflow in bing that can be exploited locally to gain root access. bing is a tool designed to help calculate the network bandwidth between two points. bing 1.04 and earlier are vulnerable; bing 1.0.5 has been released to fix the problem.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Watchguard Firebox II has been reported to contain a password retrieval vulnerability. Upgrades have been made available.

• Netscape Enterprise Server has been reported to be vulnerable to a denial-of-service attack. No vendor response has been seen so far.

• Netscape Enterprise Server has also been reported to contain an input validation vulnerability that can be exploited to disclose a directory listing of the target server. Disabling web publishing will temporarily close the hole. No vendor response has been seen so far.

• Netscape FastTrak Server is reported to be vulnerable to a denial-of-service attack via its cache module. No vendor response has been seen so far.

Updates

PHP Apache Module per-directory and virtual hosts vulnerabilities. Check the January 18th LWN Security Summary for the original report of the problems. An upgrade to PHP 4.0.4pl1 will resolve the issues.

This week's updates:

• Conectiva
• Linux-Mandrake

ssh1 secure RPC vulnerability. Last week, we mentioned a vulnerability in ssh 1.2.30 secure rpc encryption. This week, Dan Harkless pointed out that the vulnerability applied not just to ssh 1.2.30, but to ssh 1.2.30 and all earlier versions of 1.2.X.

glibc RESOLV_HOST_CONF preload vulnerability. Check the January 18th LWN Security Summary for the initial report of this problem, which can be exploited to gain local root access. This week's updates:

• Immunix

• Red Hat (January 18th)
• Slackware (January 18th)
• Debian, 2.2 not vulnerable, testing and devel trees are (January 18th)

glibc local write/ld.so.cache preload vulnerability. Red Hat issued another update to glibc this week to fix a preload-related vulnerability. In this vulnerability, the glibc preload check was not applied to libraries that had already been loaded into /etc/ld.so.cache. This can be exploited to create/overwrite files without authorization.

This week's updates:

• Linux-Mandrake
• Trustix

• Red Hat (January 18th)

Multiple vulnerabilities in splitvt. Multiple vulnerabilities were reported in splitvt in the January 18th LWN Security Summary, including several buffer overflows and a format string vulnerability. An upgrade to splitvt 1.6.5 should resolve the problems.

This week's updates:

• Debian
• Debian, updated advisory due to package mixup

jaZip buffer overflow. A buffer overflow was reported last week in jaZip, a program for managing Iomega Jazz or Zip drives.

This week's updates:

• Debian

wu-ftpd insecure tmpfile creation. Check the January 11th LWN Security Summary for the original report of twelve packages with tmp race problems, of which wu-ftpd was one.

This week's updates:

• Debian
• Debian, Intel ia32 packages recompiled due to missing PAM support
• Debian, another problem with the Intel ia32 packages fixed

• Immunix (January 11th)
• Linux-Mandrake (January 18th)
• Linux-Mandrake, previous update installed the wrong pam support file (January 18th)

tinyproxy heap overflow attack. Check the January 18th LWN Security Summary for the initial report. This can be exploited to cause a denial-of-service. tinyproxy 1.3.3a has been released to fix this problem.

This week's updates:

• Debian

BIND 8.2.2-P5 denial-of-service. A denial-of-service vulnerability was reported in BIND 8.2.2-P5. Check the November 9th, 2000, LWN Security Summary for the initial report. BIND 8.2.2-P7 contains a fix for the problem.

This week's updates:

• FreeBSD

• Conectiva (November 16th, 2000)
• Conectiva, updated (November 16th, 2000)
• Definite Linux (November 16th, 2000)
• Debian (November 16th, 2000)
• Linux-Mandrake (November 16th, 2000)
• Red Hat (November 16th, 2000)
• Slackware (November 16th, 2000)
• CERT (November 16th, 2000)
• Caldera (November 16th, 2000)
• Immunix (November 16th, 2000)
• Kondara (November 16th, 2000)
• Trustix (November 16th, 2000)
• SuSE 7.0, not vulnerable (November 16th, 2000)
• SuSE 6.0 through 6.4 (November 23, 2000)

XFree86 security problems. Check the October 26th, 2000 LWN Security Summary for the original report on multiple security problems in XFree86 3.3.5, 3.3.6 and 4.0.

It is well worth noting that updates from other Linux vendors for these problems still haven't been seen. Even the Conectiva announcement only covered one of the reported vulnerabilities.

This week's updates:

• FreeBSD, XFree86 3.3.6

• Conectiva, for one of the vulnerabilities

Events

Upcoming security events.

Date	Event	Location
February 7-8, 2001.	Network and Distributed System Security Symposium	San Diego, CA, USA.
February 13-15, 2001.	PKC 2001	Cheju Island, Korea.
February 19-22, 2001.	Financial Cryptography 2001	Grand Cayman, BWI.
February 19-22, 2001.	VPN Con	San Jose, CA, USA.
February 24-March 1, 2001.	InfoSec World 2001	Orlando, FL, USA.
March 3-6, 2001.	EICAR and Anti-Malware Conference	Munich, Germany.
March 27-28, 2001.	eSecurity	Boston, MA, USA.
March 30-April 1, 2001.	@LANta.CON	Doraville, GA, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

Those looking for something meatier may want to consider, instead, 2.4.0-ac11 from Alan Cox. This release contains literally hundreds of patches - almost 10MB worth.

Cutting out the middleman in data transfers. The discussion started by David Miller's posting of an experimental zero-copy networking implementation (discussed on this page two weeks ago) continues, though it has moved into new areas. One of those is the optimization of data transfers to avoid copying the data as much as possible. Consider, for example, the sendfile() interface that Linux supports now; using sendfile(), an application (a web server, say) can transfer a disk file to a network socket without ever having to read it into user space. There is an obvious performance gain from operating in this mode for certain applications.

So, why not extend the idea to its logical conclusion? Why not have a system call that says "copy data from here to there, and optimize as much as possible"? One approach to this mode is Larry McVoy's 'splice' interface, which tries to provide a general way for user space processes to control high-performance copies. It provides "push" and "pull" primitives which handle the destination and source sides of a copy, respectively, and give the application some latitude in how the two are put together.

Here's Linus's comments on splice and why it has not been implemented so far. Essentially, sendfile handled the task that most users wanted, the splice interface needed a bit of work, and it didn't fit well into the structure of the kernel at the time. The kernel has since evolved, and Linus's message hints that an implementation of a modified form of splice would be easier now, and that it might even be accepted.

One can take the idea further, however: why not, when appropriate, simply tell the hardware to copy the data between devices directly and leave the kernel (and the processor) out of it altogether? According to Linus, that's one of those great ideas that turns out not to be so great in practice. His short response to the idea was:

device-to-device copies sound like the ultimate thing.

They suck. They add a lot of complexity and do not work in general. And, if your "normal" usage pattern really is to just move the data without even looking at it, then you have to ask yourself whether you're doing something worthwhile in the first place.

Further into the discussion, Linus came up with other reasons to avoid direct device-to-device (D2D?) copies. One is that there is very little use for the capability in the end. One can talk, for example, of streaming video directly to disk - but how often will a user be recording video without wanting to look at it too? Another is that very little hardware supports that mode of operation. Linus sees a trend toward connecting hardware with direct, point-to-point links that are not amenable to direct operations between devices. Quoth Linus: "Just wait. My crystal ball is infallible."

TCP_CORK or MSG_MORE? Another branch of the same discussion has to do with getting optimal performance from network transfers. Imagine a web server using the sendfile() interface described above. In response to a request for a page, the server will first write out a short set of HTTP headers, then use sendfile() to actually transfer the page data. By the time the sendfile() call is actually made, however, the headers will have gone out on the net as a very short packet. The result is poor performance on both the sending and receiving side.

Linux has handled this issue with a TCP option called TCP_CORK. If an application sets that option on a socket, the kernel will not send out short packets. Instead, it will wait until enough data has shown up to fill a maximum-size packet, then send it. When TCP_CORK is turned off, any remaining data will go out on the wire.

TCP_CORK does the job reasonably well. Recently, however, a contingent led by Ingo Molnar has been pushing for a new interface which uses a flag called MSG_MORE. Rather than applying to the socket in general, MSG_MORE is attached to a one or more write operations on that socket. It says "there will be more data coming," and the kernel knows to buffer data to get bigger packets. The advantages of this approach are said to be (1) it requires no persistent state on the socket, thus helping, among other things, to avoid programming errors; and (2) it avoids the system call overhead of toggling the TCP_CORK flag. Ingo used MSG_MORE in the implementation of the TUX kernel web server, and is happy with the results.

Linus, however, is not convinced. MSG_MORE requires a flag to be set on every transfer, only works on sockets, and requires that the code that is doing the writing be aware of the flag. TCP_CORK, instead, works with programs using the standard I/O package, and it can be set on sockets that are passed to other applications, such as CGI scripts, that are completely unaware of its presence. The TCP_CORK flag preserves a lot more of the standard Unix stream semantics.

Conclusion: don't expect to see MSG_MORE show up in user space anytime soon.

Fixing the 2.4.0 USB breakage. When 2.4.0 came out, it included a last-minute change to the usb_device_id structure, which is used to find driver modules for specific USB devices. Unfortunately, the form of this change was such that it broke the USB autoloading mechanism entirely. Since then, the USB maintainers, along with modutils maintainer Keith Owens, have been trying to figure out a way to make things work again.

The problem is that modutils, which handles the actual module loading process, can not distinguish the new usb_device_id structure from the old one. Making modutils work with the 2.4.0 version of the structure is not a problem - but then it will cease to work for earlier versions. Keith Owens places great importance on backward compatibility, and does not want to break things for any version. So he has produced a kernel patch which adds a version number to the relevant structures. With versioning, changes can be detected and everything can be made to work.

Linus, however, does not want to apply the patch. It is, after all, a binary interface change; such changes are generally avoided within a stable kernel series. Besides, the only other kernels which used the USB device table were the 2.4.0-test kernels - that structure was added in 2.4.0-test10. Nobody feels all that bad about breaking the prerelease kernels, in the end.

Almost nobody, that is; Mr. Owens is still not entirely happy. He has released modutils-2.4.2 which makes the 2.4.0 format work, but he has done so "under protest." People who want to be able to switch between 2.4.0 and the 2.4.0-test kernels will have to keep two versions of modutils around; everybody else can just install 2.4.2 and USB autoloading will work again.

Should the kbuild list move to SourceForge? Michael Elizabeth Chastain has posted a proposal to move the kbuild mailing list (which discusses the kernel configuration and building system) to a SourceForge project. He has a few reasons, but any kbuild reader will know the first one intuitively: spam routinely exceeds real postings on that list. With luck, moving to a site with better spam filtering would help to make the list usable again.

The one objection to the move came in the form of this posting, which raised the concern that the free software world is becoming too dependent on SourceForge.

But it just concerns me when a single company has the ability to (temporarily) freeze the development of half the world's open-source software just by unplugging a roomful of servers, either voluntarily or not (think "court order").

This is a concern that LWN has raised in the past as well. This time, however, there was a semi-official response in the form of this message from Eric Raymond, who is on the VA Linux board of directors. According to Eric:

We're not blind to this problem. We don't want to be a chokepoint; it's in VA's interest for the community to know it's protected against accident or malfeasance. This is why we're developing a network of active mirror sites -- not just to improve performance, but so one of them could take the baton if the SourceForge primary site had to shut down for some reason.

It is good to see an acknowledgement of this concern from VA. SourceForge is a great resource, but it has led to an unprecedented concentration of free software projects in a single place.

Other patches and updates released this week include:

• Neil Brown has released a RAID5 patch which should fix the filesystem corruption problems that people have been reporting.

• Douglas Gilbert's The Linux SCSI subsystem in 2.4 HOWTO has been accepted by the Linux Documentation Project. It describes the SCSI system from a user's perspective, with much useful information on SCSI configuration and operation.

• Dynamic Probes 1.3 has been released by Suparna Bhattacharya at IBM.

• Heinz Mauelshagen has released version 0.9.1beta2 of the Logical Volume Manager subsystem.

• A new multi-queue scheduling patch has been released by Mike Kravetz. It includes a set of benchmark results that would appear to indicate much improved performance when dealing with large numbers of processes.

• Robert de Vries has posted a version of the POSIX timers patch for the 2.4.0 kernel.

• Version 1.8 of the x86 performance monitoring counters driver has been released by Mikael Pettersson.

• Rusty Russell posted a patch fixing some 2.4.0 netfilter bugs.

• A.M. Kuchling has written up a look at Linux kernel development, comparing it (unfavorably) with how Python development is handled.

• Greg K-H has released a new version of the hotplug scripts package.

• If you're looking for a kernel hacking task to jump into, there's a whole set waiting on the new netfilter TODO list, maintained by Harald Welte.

• David Miller has released an updated version of his zero-copy networking patch.

• Sam Watters has posted the 'PAGG and Job module' for the 2.4.0 kernel. It is a job-level accounting system which has been developed by Los Alamos National Laboratory and SGI. This module works with the Comprehensive System Accounting package, also just released.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Good news for SPARC. Times are good for people wanting to use Linux on the SPARC platform. Both SuSE and Slackware made new announcements this week. SuSE announced the availability of the first beta for SuSE Linux 7.1 for SPARC. The announcement contains a list of known bugs that you'll want to review before you decide to take it for a spin.

The Slackware Linux Project announced that the "-current" tree for Alpha machines is now publicly available. This is in a much earlier development stage than the SuSE port, but it is gaining some enthusiastic involvement.

For those of you interested in the Slackware port, be sure to check out the Slackware Port-SPARC forum. From it, we gleaned success stories for booting Slackware on a SPARCstation 20, but IPC and ELC users appear to be having a harder time getting started.

General-Purpose Distributions

Debian News. This week's Debian Kernel Cousin covers discussions on security issues and quirks with the "man" command and its caching capability. A compromise was reached on how to handle changes to the standard options for the "tar" command. And a huge number of Linux conferences in Germany and elsewhere in Europe were mentioned.

Of most importance, though, was a report from Bdale Garbee on bind 9.1.0. For those of you that remember back that far, the bind 8.2 series generated some controversy in September of 1999 due to its implementation of the RSA algorithm, something that almost caused Debian to drop the use of bind and work to develop a free alternative. A compromise was worked out and bind was kept, but relegated to non-free. Bdale now reports that he's been able to work out similar issues with bind 9.0.0 and 9.0.1, which would have made them incompatible with the Debian Free Software Guidelines as well. As a result, the soon-to-be-released 9.1.0 version of bind will be fully compliant with the DFSG -- but will still reside in non-US, due to its cryptographic components.

This week's Kernel Cousin Debian Hurd reports on the progress of a project that is developing a set of Hurd installation CDs. While progress is being made, don't expect to see these CDs available anytime soon.

Linux-Mandrake News. A look at the Linux 2.4 kernel from a strictly Linux-Mandrake point of view was provided this week. After all, like most major distributions, Linux-Mandrake already uses a heavily customized version of the Linux 2.2 kernel (including ReiserFS support, for example). So why should a Linux-Mandrake user get excited about seeing Linux 2.4 in a future distribution? PCMCIA, USB, Fire-wire and ISA PnP support, NFSv3, improved SMB support, improved network security, stability and speed, video support and more. "Nope, we aren't likely to get bored this year..".

Slackware News. Userlocal.com is a new site that is focusing, in particular, on the Slackware community. We always welcome the addition of new sources of information on Slackware and we expect Slackware readers will also.

An updated version of SlackReiser, a set of boot and root disks to support installing Slackware on a ReiserFS file system, was released this week. The changes were minor.

Although neither a development tree nor a bootable CDROM image is currently available, Chris Lumens is also working on an Alpha port for Slackware. Alpha-related questions can be mailed directly to him.

Embedded Distributions

Microwindows 0.89pre7 released. Greg Haerr posted an announcement for Microwindows 0.89pre7 this week. This is a development release containing some major enhancements, small additions and bug-fixes. Microwindows runs on PDAs, WebPADs and set-top boxes. Support for the G.Mate YOPY PDA has been added and extensive auto-generated documentation is now available. Freetype font caching has been enabled as well. The list is much longer that that, so take a look yourself if you are interested.

Mini/Special Purpose Distributions

ClarkConnect. Another distribution aimed specifically at taking an older system and turning it into an Internet gateway is now available. ClarkConnect is aimed specifically at home users with broadband Internet connections. It is based on Red Hat 6.2, but trimmed down and secured.

Minor distribution updates. The following distributions released minor updates this week:

• mulinux 11r6. mulinux is a single-floppy distribution with base support for PPP, mail processing, NFS, Samba, FTP, IRC, and more.

• Coyote v1.28-pre1 was released on January 18th. This is a development snapshot that includes the h.323 and ICQ masquerading modules. Coyote Linux another single-floppy distribution, primarily intended to support sharing an Internet connection.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's Development page.

Development projects

News and Editorials

Cooperative open-source lab opens doors. The big story of the week in open source development had to be the opening of the new Open Source Development Labs outside Beaverton, Oregon. The labs, funded with $24 million from companies like Hewlett-Packard, Intel, IBM, Computer Associates, NEC, Hitachi, Mitsubishi Electric, Dell Computer and SGI, is intended to be a hotbed for open source development in a commercially productive way. Most of the major Linux companies also are involved, including Red Hat, VA Linux Systems, Caldera Systems, SuSE, Turbolinux, Lynuxworks and Linuxcare. Ross Mauri, vice president of Unix software at IBM, has been appointed president of the lab's governing board, while Brian Behlendorf, chief technical officer of CollabNet and co-founder of Apache, is among the board appointees, according to an ZDNet story on the opening of the lab.

Known simply as OSDL, the lab, which was the brainchild of Scott McNeil who was then president of SuSE's American operation, is located near the IBM and Intel facilities in Beaverton and was originally expected to be a subsidized laboratory where open source developers could test and optimize their work on high-end enterprise systems. Unfortunately, not all developers were motivated by the inclusion of commercial interests in their projects. But OSDL is expected to change that. As Nicholas Petreley wrote in LinuxWorld's online magazine, "Until now, companies would have to go to Linus and friends and say, `Please make Linux work better with 32 processors.' Now they are saying, `Here is a machine with 32 processors. Have fun.'"

In its new 11,000 square foot building in the high-tech area west of Portland, Oregon, the lab holds a vast array of equipment for both development and testing by both remote and local participants. Hardware includes 4 4-way and 8-way IA-32 servers, 50 2-way IA-32 servers for load generation, 5.1 terabytes of storage, high-speed fiber switches and gigabit ethernet connections, and multiple developer workstations.

According to News.com, two projects are under way at the lab: "one for getting Linux to work well on servers with as many as 16 CPUs and another for testing the Jabber instant messaging software with more than 64,000 customers exchanging messages."

The opening of this lab will definitely be a boost for commercial hardware vendors hoping to get Linux support for their systems without having to hire the developers to do the work. Who will benefit most from this remains to be seen, but for now all parties seem excited about the possibilities. The question that remains is whether such large scale commercial support can decrease the time to market for new hardware support under Linux.

Rasterman's new toy (LinuxToday.au). Reporting from linux.conf.au, this article in LinuxToday.au focused on a talk given by Rasterman, the mastermind behind the Enlightenment window manager, also known as Carsten Haitzler.

Raster's topic (and new toy) turned out to be his latest project, which he calls "EVAS". EVAS is what Raster described as a 'canvas', and seems to be the latest exciting development in the Linux window manager world. EVAS provides the possibility for Raster to build a whole slew of features into the up and coming Enlightenment 0.17, as well as demonstrating just how powerful XFree86 can be when integrated well with the OpenGL libraries.

Browsers

Mozilla status updates. The Mozilla project posted their weekly status update. Areas that saw activity this past week included the Necko/Imagelib code, XPToolkit, and print related areas within the rendering code.

Bluefish HTML Editor Review (Linux Orbit). Bluefish, an HTML editor written in GTK+, was reviewed this week in this article from Linux Orbit. "Experienced coders will appreciate the time saved by these dialogs when creating complex tables, forms, and framesets. The dialog options for creating form elements in particular were very well thought out. To a new user who has never created HTML pages before, getting a page created with forms is a simple task with Bluefish. Some of the other tabs include CSS, Javascript, and WML."

Databases

MySQL 3.23 pronounced stable. The MySQL team announced this past week that, after 2 years of development, the 3.23 release of that package is fit for human consumption. "Apart from being more stable, more optimized and more portable, the MySQL 3.23 release has several major features not present in the 3.22 or 3.21 releases. These include: full-text search, replication between a master and many slaves and several new table handlers that support large files and transactions by using the Berkeley DB library from Sleepycat Software to implement transaction-safe tables."

MSQL 3 to be released in February. After almost a year of inactivity, Hughes Technologies has announced plans for version 3.0 of the MSQL database.

Education

News from Linux for Kids. Linux for Kids pointed us to a couple of new projects this week. PyTraffic is python based car game while MCSE trainer is an arcade game that teaches mouse skills.

Electronics

Icarus Verilog. The gEDA project quietly announced this week the release of an Icarus Verilog snapshot.

GIMP

GIMP News. There have been various bits of GIMP news this month, but we somehow managed to miss them. It's time to catch up:

• Newsforge posted an article titled Grok This - Getting Savvy With The GIMP, a review of Carey Bunk's Grokking the GIMP text.
• New GFig tutorials have been posted.
• GIMP 1.2.1 was released this past week.

Interoperability

Wine Weekly News. This week's edition of the Wine Weekly News includes coverage of ports to BeOS and S/390, documentation issues and unicode support.

Bind 9.1.0 released. A new version of BIND, an implementation of the Domain Name System (DNS) protocols, has been released. BIND 9.1 has a number of new features as well as numerous bug fixes and cleanups.

Network Management

OpenNMS Updates, Vol 2 Issues 3 and 4. OpenNMS posted two updates this week, one right after last week's LWN Weekly publication deadline and one right before this week's deadline. OpenNMS Volume 2 Issue 3 was published late last week and included news on the changes to the core team, an expanded roadmap, and presentations coming up in Philadelphia and New York.

The latest OpenNMS update, issue 4, includes a discussion on a lightweight interface, user interface and SNMP coding projects status, and updates to the teams speaking engagements.

Office Applications

Aethera Messaging Client Beta 1. theKompany.com released its first public beta of Aethera, a groupware and messaging system designed for use in KDE.

Linux and the Palm Pilot updated. The Linux and the Palm Pilot page has been overhauled and now includes coverage on GNOME integration along with stand alone applications and development tools.

On the Desktop

CVSSearch, KDE code search tool (KDE Dot News). According to KDE Dot News, Amir Michail, creator of the CodeWeb data mining tool, is back with CVSSearch, a tool that searches for code fragments using CVS comments. It will eventually index over 350 KDE applications and promises to be very useful.

Status report: Java in Konqueror. Wynn Wilkes posted an update on Java support being added to KDE's browser, Konqueror. Among other things, he reports that "applet loading via proxies and over https should work now. Https support is achieved by using the JSSE (Java Secure Sockets Extension) classes. They can be obtained from http://java.sun.com/products/jsse/. "

KDE Studio Gold, a development tool for KDE. theKompany.com released a commercial distribution of the open source KDE development tool KDE Studio, which the company calls KDE Studio Gold.

The future of GNOME revealed at Linux.conf.au (LinuxWorld Australia). GNOME hackers George Lebl and Maciej Stachowiak presented a paper at LinuxWorld Australia outlining the future of GNOME, including peeks at GNOME 1.4 and GNOME 2.0. "GNOME Office is becoming quite advanced," said Stachowiak. "We are undecided about whether to incorporate the features of OpenOffice into GNOME or to replace it altogether."

Sun to host GNOME development meeting. Sun will host a development briefing covering GNOME Application Development for Solaris on February 14th in Menlo Park, California.

xml-i18n-tools released. Kenneth Christiansen and company have just released the xml-i18n-tools. This set of translation tools will be used accross a wide range of GNOME applications in order to help bring you GNOME in your local language.

Printing Services

KDE.com Offers Free Docbook Compilation Service. As reported on KDE Dot News: a new "DocBook documentation generator" has been set up on KDE.com. It will generate HTML from the KDE DocBook documentation, thus saving the hassle of making DocBook work on your local system. It's a nice service, but it does highlight just how obnoxious it can be to make DocBook work properly.

Science

LinuxMedNews launches jobs section. LinuxMedNews launched a jobs and classifieds section to their growing web site. They also reported on the upcoming 14th Computer-based Medical System Symposium.

Systems Administration

Mailman Made Easy (WebTechniques). WebTechniques took a look this week at installing and configuring the Mailman mail list manager. "Mailman is the free software contender to mail-server products such as Lyris, which feature GUI-driven administration, user-level access to preferences, and built-in archives, digests, and the like. Based on the popular Python programming language, Mailman is intended to be used on UNIX systems, and can be installed alongside Majordomo on the same server, without conflicts."

PIKT, Problem Informant/Killer Tool, v1.12.1. PIKT is a cross-platform, multi-functional tool for monitoring systems, reporting and fixing problems, and managing and administering system configurations in a heterogeneous network of workstations. Version 1.12.1, primarily a bug fix release, was made available for download this week.

Web-site Development

Zope Weekly News for January 19th, 2001. The latest issue of the Zope Weekly News has hit the streets. News this week includes updates on Zope 2.3, documentation issues and the new Zope.org web site.

Zope 2.3.0 beta3. The third beta release of Zope 2.3.0 has been released. It includes the new Zope cache manager, the SiteAccess package, and a whole list of other goodies.

Weblog 1.71. A new release of Weblog hit the streets earlier this week. This version includes support for Avantgo and VoiceXML, among other things.

Section Editor: Michael J. Hammel

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Perl

Cultured Perl: Perl 5.6 for C and Java programmers (IBM developerWorks). In this look at the upcoming Perl 5.6 release, Teodor Zlatanov shows us the feature differences between Perl and standard languages like C and C++. "Perl often bewilders even experienced programmers, primarily because it allegedly makes it too easy to write obfuscated code. But the confusion regarding Perl's structure, features, and philosophy is inevitable given that it's such a rich and powerful language, and that it was designed from the start to allow for more than one way to do the same thing."

This week on perl5-porters (15--21 Jan 2001). This week's Perl5-porters mailing list was rather active, covering topics such as signals, large file support, token parsing and printing, and unicode.

A Beginner's Introduction to POE (Perl.com). Perl.com also carried an introduction to POE, the Perl Object Environment. "It's not much of an exaggeration to say that POE is a small operating system written in Perl, with its own kernel, processes, interprocess communication (IPC), drivers, and so on."

PHP

PHP Weekly Summary for January 24th, 2001. The weekly summary for PHP was posted just as we went to publish this week. News included the announcement of PHPLIB and PEAR merging, discussions on advanced data types for PHP, and the report of a bug in the handling of multi-dimensional forms.

Python

Python 2.1a1. Guido van Rossum has announced the release of Python 2.1a1, the first alpha release of Python 2.1.

Jython 2.0 released. The release of Jython 2.0 has been announced. Jython is a Java implementation of the Python programming language, which allows Python to be compiled down to Java byte code. Thus, Python code can be run on Java virtual machines anywhere - at least, to the extent that any Java code can.

Python-Dev for January 15th, 2001. News from the python development community comes from the Python-Dev weekly summary, which includes this week an update on the 2.1alpha1 release, speed improvements in file.readline, and updates on pydoc.

Dr. Dobb's Python-URL! for January 22nd. Dr. Dobb's weekly list of Python-related links has been posted. Some of the links in this week's summary include the announcement for Jython 2.0, an overview of python documentation tools and a preview of Tkinter 3k.

Ruby

Updated stable snapshot. A new stable snapshot of Ruby was announced this week.

Tcl/Tk

Dr. Dobb's Tcl-URL! for January 22nd. Dr. Dobb's weekly list of Tcl-related links has been posted. Some of the links in this week's summary include news on the 8th annual Tcl/Tk conference in San Diego to be held in July and a discussion on why python has surpassed Tcl and related issues.

Software Development Tools

Loki releases updates to open source packages. Loki Software has published updates to their Setup, Update Tool, Uninstall Tool and Patch Tools.

Section Editor: Michael J. Hammel

See also: last week's Commerce page.

Linux and Business

Linuxcare launches system administration services. Linuxcare's new Managed Services program provides subscribers with an array of services and support aimed at the ISP market. No doubt Linuxcare will target other markets with similarly comprehensive offerings in the future, if all goes well. Briefly, here's a look at what an ISP can expect for its monthly subscription fee.

• A tailored Linux distribution along with installation, configuration, optimization and tuning services.

• Systems monitoring.

• Remote systems administration.

• Remote software updates.

• Repair/Reprovisioning services to automate repairs and minimize downtime.

Essentially, an ISP can offer Linux hosting services to its customers while outsourcing the administration to Linuxcare. Our experience in the support business suggests that there are quite a few ISPs out there that could benefit from such a service.

This offering is similar to the Red Hat Network, but of course it is different too. With Red Hat's offering each subscriber can chose a level of administration support from simple notification when a update or security patch is available to having the update or patch installed remotely. Linuxcare's offering always includes the latter. Red Hat Network also differs by taking a broader approach to the set of potential subscribers. (See LWN for Sept. 28, 2000 for a description of Red Hat Network.) Linuxcare's offering of a tailored Linux distribution is what really sets it apart from similar offerings, though. Linuxcare has the expertise to start with wide array of Linux distribution's for those who want to start with something other than Red Hat Linux. (See also: Linuxcare's announcement.)

LinuxWorld Conference & Expo. LinuxWorld takes place January 30 - February 2, 2001, at the Jacob Javits Convention Center in New York City. This is one event which tends to be accompanied by a deluge of press releases. Here are some of the press releases we've seen so far.

• Progeny Linux Systems and Maximum Linux magazine are holding a raffle for Debian GNU/Linux First prize is a Sony Vaio Laptop.

• Sair Linux and GNU Certification, Inc. will offer free Linux review sessions and certification testing to pre-registered convention goers.

• PolyServe, Inc. will demonstrate its new high-availability server clustering solution.

• REDSonic will be attending the Expo. REDSonic product announcements appear in the "Products and Services Using Linux" category below.

Linuxcare Labs Addresses Need for Independent Linux Certifications. Linuxcare, Inc. unveiled a suite of tiered testing services for enterprise Linux deployments.

More Linux certification news. Linux Centers USA has opened 12 centers to prepare candidates for Linux+ and Red Hat certification tests.

RedFlag Software joins GNOME Foundation. RedFlag, a Linux distribution in China, has joined the Advisory Board of the GNOME Foundation. As part of the membership, RedFlag will work to localize GNOME into Simplified Chinese.

Bear River Associates Releases Open Source Framework. Bear River's C++ framework provides UI components, streams, TCP/IP and scanning features.

Bear River also released Janx, a server-side Java application framework for developing web sites and web-hosted software. Janx combines Java and XML.

Apple Linux Technology Manager Joins Terra Soft. Kevyn Shortell, the former Linux Technology Manager for Apple Computer, has joined the Terra Soft Solutions, maker of Yellow Dog Linux for the PowerPC.

Corel's new strategy. Here's the press release from Corel on its new strategy. It's clear as mud... "Corel will leverage its solid foundation as a global technology leader with over 15 years of experience to enhance its relationships with existing customers while targeting new customers in emerging markets fueled by the rapid expansion of the Web and the increasing demand for graphics-rich visual communication." It does say that the Linux division will be sold off, eventually, and that Corel will continue to sell Linux versions of its products.

Announcing....Linux Weekly?. A company called "SYS-CON Media" has put out an announcement for a new publication called "Linux Weekly." It is to be a print publication, and the first issue is due out in March. There will be a version ("Linux Woche") for German-speaking Europe as well.

We do hope there will not be confusion with LWN.net (also known as "Linux Weekly News") which has been using that name for three years.

Linux Stock Index for January 18 to January 24, 2001

LSI at closing on January 18, 2001 41.38
LSI at closing on January 24, 2001 42.08

The high for the week was 42.08
The low for the week was 41.38

Press Releases:

Open Source Products

• Endeavors Technology Inc. (IRVINE, Calif. & READING, England) announced open source peer-to-peer (P2P) infrastructure software for Compaq's iPAQ Pocket PC.

• Objectivity Inc. (MOUNTAIN VIEW, Calif.) announced the availability of the Objectivity XML Interface Tool.

• VelociGen Inc. (SAN DIEGO) announced plans to make its software package, VeloMeter Pro!, available on a free open-source basis. VeloMeter Pro! is used to test the capabilities of Web applications such as e-commerce transaction performance.

Distributions and Servers

• SuSE Linux and Lotus (Nuremberg, Germany) announced the SuSE Linux Groupware Server. The new server combines the the Domino Messaging and Web Application Server with SuSE Linux.

• QLogic Corp. (ALISO VIEJO, Calif.) announced that its QLA2200 Series Fibre Channel host bus adapter (HBA) will be used in Compaq Computer Corporation's ProLiant Linux servers with connections to Compaq StorageWorks systems.

• VA Linux Systems (FREMONT, Calif.) introduced a new series of 1U servers for deployment in large-scale web farms for applications such as web serving, firewalls, DNS or load-balancing. The VA Linux 1120 server and the VA Linux 1220 server.

Proprietary Products for Linux

• IBackup (WOODLAND HILLS, Calif.) released standards-based Content Management Server IBCM 1.0, based on the IBackup storage architecture.

• Merlin Software Technologies International Inc. (BURNABY, British Columbia) announced the release of PerfectBACKUP+ 7.0.

• New Planet Software (Los Angeles, Calif.) announced the beta release of its Code Crusader and Code Medic developer's software. Code Crusader is a Linux development environment with a graphical user interface and Code Medic is a graphical debugger for Linux. These beta versions are free for testing.

• Plesk Inc. (CHANTILLY, Va.) announced its release of Plesk Server Administrator 1.3.1 (PSA) software. Developed for RedHat 7.x and FreeBSD 4.x operating systems.

• PlugSys International (SAN LEANDRO, CA) announced its new Max Server Pages (MSP) product, which gives Xbase developers a reliable, economical way to migrate to Linux. This product is in the final phase of beta testing.

• Silicom Ltd. (KFAR SAVA, Israel) announced that it has developed proprietary drivers for its USB Ethernet products, which target the Broadband Internet Access, Multi-Tenant Unit, and Home Networking markets. The new drivers support the 2.4 kernel.

Products and Services Using Linux

• eOn Communications Corporation (ATLANTA) announced the availability of browser-based Web chat for its eQueue and eNterprise communications systems. The Linux-based Web chat software, Agent WebSpace, is part of the WebCenter suite of customer interaction management (CIM) solutions.

• LAND-5 Corporation (SAN DIEGO, CA) announced that its Linux-based iceNAS software is now available for OEM licensing. iceNAS software provides a browser-based GUI for managing network attached RAID storage.

• Linuxcare (SAN FRANCISCO) unveiled a set of professional services that help accelerate development and deployment of Linux-based network storage and printing appliances in Windows NT/mixed environments.

• Lineo, Inc. (Lindon, Utah) Embedix announcements:
  • Lineo and Metrowerks announced plans to preview a total solution of Embedix SDK integrated with CodeWarrior for Embedix, preflashed on Motorola's MPC8260 processor board in a convenient and ready-to-run development system.
  • Embedix RM, industrial shared memory software for Linux, is now available.
  • Embedix SDK 1.2-J, the next release of the Japanese software development kit for embedded developers and device manufacturers, is now available.

• REDSonic, Inc. (Orange County, California) announcements:
  • RED-Builder, a target system image creator for embedded systems.
  • RED-Kit, a software and hardware platform for embedded system developers.

• Total Impact (CAMARILLO, California) announced the briQ; a PowerPC based network appliance computer running Linux.

Cross-platform Products

• Robert Roebling (Freiburg, Germany ) announced the release of wxDesigner 2.0, a RAD tool for cross-platform, cross-language GUI development.

• Virtual Access Networks, Inc. announced a strategic relationship with SuSE to deliver a Windows to Linux migration tool known as The Van.

• VMware, Inc. (PALO ALTO, Calif.) announced that it has concluded its GSX Server beta program and the product is now available for sale.

Products with Linux Versions

• Adax (BERKELEY, Calif.) announces the addition of the Red Hat Linux 6.2 operating system to its portfolio of supported platforms. The product will be the MTP-2 Protocol Software which operates with the APC7-cPCI/PCI, SS7 controller.

• Ariel Corp. (CRANBURY, N.J.) announced a 48-port version of the RS4200, a high-density 56K/ISDN PCI two-card solution for Windows NT- and Linux-based network access systems.

• ATG (Art Technology Group, Inc.) (CAMBRIDGE, Mass.) announced the availability of ATG Dynamo version 5.1. The new version of ATG Dynamo offers expanded platform (including Linux), database and Chinese language support.

• BindView Corporation (HOUSTON) announced the bv-Control Security Management Suite, an enterprise-class security and policy enforcement solution. Unix versions include Sun Solaris and Red Hat Linux.

• Hewlett-Packard Company (PALO ALTO, Calif.) announced storage capacity-on-demand for service providers available through HP e-utilica.

• IBM (ARMONK, NY) announced IBM Director, a highly-integrated systems management software solution, which includes an advanced self-healing computing feature called Software Rejuvenation, which will automatically reduce server downtime by predicting and repairing software failures before they happen.

• The MathWorks, Inc. (NATICK, Mass.) announced the availability of MATLAB Student Version Release 12 for U.S. and international distribution.

• SupportWizard (REDWOOD CITY, CA) announced the release of SupportWizard Enterprise Edition version 4.0, which fully integrates all web-based, e-mail, fax, and telephone communications with customers into a single system.

• Sybase, Inc. (EMERYVILLE, Calif.) made available the beta version of Sybase Adaptive Server Enterprise (ASE), the e-Business Database.

Java Products

• NewMonics, Inc. (LISLE, Ill.) is now shipping PERC 3.1. The PERC software platform is a suite of development tools and run-time modules built on a clean-room implementation of a Java Virtual Machine.

Books and Training

• K Computing and the RTC Group (Mountain View, CA) have teamed up to provide hands-on Embedded Linux training. The training will be held at the Silicon Valley Conference Center, in San Jose, California from January 29 through February 1st (4 days).

• No Starch Press (San Francisco, CA) announced THE BLENDER BOOK. Blender is a free 3D graphics and animation tool. THE BLENDER BOOK offers clear, step-by-step tutorials that teach users all aspects of this often tricky and non-intuitive program.

Partnerships

• Linuxcare, Inc. (SAN FRANCISCO) announced strategic services deals with Maxtor Corp., Network Appliance Inc. and Silicon Graphics, Inc. to help each vendor bring innovative storage products to market.

• NetSilicon, Inc. (WALTHAM, Mass.) announced a partnership with Microtask, an Italian embedded solutions distributor. With the agreement, Microtask becomes an authorized distributor of NetSilicon's NET+Works product family throughout Italy. The NET+Works product line includes NET+OS an integrated solution with real-time operating system, and an open source offering, NET+Lx, running uClinux.

• MontaVista Software, Inc. (SUNNYVALE, Calif. & TOKYO) announced an alliance with ACCESS, Co., Ltd., provider of embedded browsers, to pursue joint development and marketing activities.

• SteelEye Technology, Inc.(MOUNTAIN VIEW, Calif. and SALT LAKE CITY) announced a strategic OEM agreement with Linux NetworX, Inc.. Linux NetworX will offer SteelEye's LifeKeeper for Linux Next Generation Enterprise Reliability platform with its clustering products.

• Technauts (CARY, N.C.) announced an agreement with Coventive Technologies to develop application-hosting software solutions integrating Technauts' eServer products and Coventive's embedded Linux technology.

• Zengine, Inc. (FREMONT, Calif.) announced it will join Intel's e-Business Service Provider (eBSP) Program, a Web integrator-focused channel initiative that provides corporations with a source for standardized e-Business solutions.

Financial Results

• Sun Microsystems, Inc. (PALO ALTO, Calif.) reported revenues for the second quarter were $5.115 billion, up 44 percent compared with the second quarter of fiscal 2000.

• Transmeta reported 4th quarter revenues of $12.4 million for the quarter and $16.2 million for the year, with a net loss of $97.7 million. While revenues tripled for the year, the net loss more than doubled.

Personnel

• Aduva Inc. (PALO ALTO, Calif.), provider of network-based technology to automate administrative management of the Linux operating system, announced the appointment of Azi Cohen as the company's chief executive officer.

• Lineo, Inc. (LINDON, Utah) announced the appointment of Ryan Tibbitts as General Counsel for Lineo. He will be responsible Lineo's legal department, part of the company's executive staff and will report directly to company COO Matt Harris.

• Merlin Software Technologies (BURNABY, British Columbia) named Kevin O'Reilly to the position Vice President Marketing.

• Penguin Computing Inc. (San Francisco, Calif.) announced that Agilent Technologies veteran John P. Page has joined the company as chief financial officer.

• RidgeRun, Inc. (Boise, Idaho), provider of embedded Linux software for products employing digital signal processing (DSP) components, announced expansion into the European market with the opening of offices in Dublin, Ireland and the appointment of Mr. Tullio Venturini as Client Support Manager.

Other

• More law firms participating in VA Linux lawsuit:
  • Spector, Roseman & Kodroff, P.C. (PHILADELPHIA)
  • Wechsler Harwood Halebian & Feffer LLP. (NEW YORK).
  • Weiss & Yourman (New York).

Section Editor: Rebecca Sobol.

See also: last week's Linux in the news page.

Linux in the news

Recommended Reading

Virus patches aren't being applied (ZDNet). An interesting piece on why applying security patches is something everyone has to worry about in the Internet age comes from ZDNet today. "Failing to responsibly patch computers led to 99 percent of the 5,823 Web site defacements last year, up 56 percent from the 3,746 Web sites defaced in 1999, according to security group Attrition.org."

IBM

'Linux Lou' and IBM (TechWeb). TechWeb looks at the growing alliance between the Big Blue Behemoth and the upstart Linux community. " Of course, Linux is getting something from its relationship with IBM. Many doors to the largest corporate data centers were locked to Linux, but now IBM is opening those doors. The value to the Linux community is a wider array of software and even more smart minds contributing to the greater good."

IBM is taking Linux -- and running (Upside). Gartner Group analyst George Weiss thinks IBM's push into Linux may give the impression