Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

The Ogg project has given itself the goal of creating a high-performance, free multimedia system. All kinds of goodies are planned for the future; for now, the project offers:

• The "Vorbis" compressed audio format. This format has been put into the public domain, and is thus freely usable by anybody. It is, of course, offered as a way around the patent problems with the popular MP3 format. Vorbis users need not pay patent royalties to anybody. The open nature of the format also encourages improvements; the project claims that Vorbis files already sound better than MP3 files of the same size, and that things are steadily improving.

• A set of libraries for working with Vorbis files. Python bindings are available as well.

• Various application-level goodies, including player plugins for xmms and FreeAMP, encoders and players, and more.

Those who are curious about the origin of the name can check out this page, which describes it in detail. "Ogg," as it turns out, comes from the classic Netrek multiplayer space war game (once the cause of much lost time on your editor's part); it signifies a suicide attack - though, in this context, it has been reinterpreted slightly. "Vorbis" comes from a science fiction novel. And the logo:

The 'Thor-and-the-Snake' logo is drawn somewhat from Norse mythology; the real symbolism is the sine-curve shape of the snake. Thor is hefting Mjollnir about to compress the periodic signal Jörmungandr... See, it all makes sense.

Ogg Vorbis has the potential to have an impact far beyond the free software community. The MP3 patent is a problem for just about anybody (or any company) working with audio. Solid-state audio players, game consoles, desktop software, and more are all affected. A clearly free alternative with better performance characteristics will be appealing in many applications.

To help Ogg Vorbis achieve world domination in its niche, its developers threw in a couple of important announcements along with the beta 4 library release. They are:

• A new foundation, the "Xiph.org Foundation," has been created to promote the use of open multimedia standards. It will be a nonprofit organization, which will be hitting up companies for funds to carry out its work.

• As of the beta 4 release, the Ogg Vorbis libraries are no longer licensed under the LGPL; instead, the BSD license will be used.

Ordinarily, if someone decides not to use a copylefted program because the license doesn't please him, that's his loss not ours. But if he rejects the Ogg/Vorbis code because of the license, and uses MP3 instead, then the problem rebounds on us--because his continued use of MP3 may help MP3 to become and stay entrenched.

In other words, Ogg Vorbis, despite its attractive features, has an uphill battle ahead of it. Some flexibility in licensing is, in this case, warranted; it may be the deciding factor which establishes a free audio (and, eventually, video) encoding standard. We wish them luck.

Copyright law and business models. The February 24 issue of The Economist has a leading editorial on the Napster case. Therein, it is written:

But the Napster case is not just, or even mainly, about piracy. It is about business models. The industry wants to stick to its old one - selling expensive compact discs - and to protect it. But Napster's success shows that there is a lot of appetite for a new model. The old model is legal, but the new one is not, since the industry refuses to endorse it.

Artists' interests deserve legal protection, within limits; business models do not.

Unfortunately, the Economist's business model states that this article is "premium content," available only to subscribers.

Very little coverage of the current intellectual property disputes have pointed out this basic fact - piracy is not the issue. It is, instead, a dishonest smokescreen put up by those who feel that a lucrative business is threatened by new technologies. This despite the fact that, usually, those businesses do better than ever after new technologies become established.

Thus, the music industry decides to shut down Napster, rather than work with it to create a new business that would clearly have willing customers. Similarly, the DVDCCA tries to employ the Digital Millennium Copyright Act to put the DeCSS genie back in the bottle. DeCSS has nothing to do with piracy of movies, but it is lethal to things like the "region coding" scheme that prevents people in the U.S. from watching European DVDs (and vice versa).

There is, of course, nothing new here. For some perspective, we recommend a perusal of Chapter 2 of Digital Copyright, a book by Jessica Litman. It discusses how copyright holders have worked for many years to have copyright law serve their interests, and how users of copyrighted material have not been represented in the process.

If Congress were in the habit of looking hard at copyright proposals to see whether their substantive provisions were good policy, or would interact in good ways with other policies, one might have expected this exercise to come to an early end. People who aren't copyright lawyers, after all, would look at the digital copyright agenda and say, "there's something wrong with this picture". But, because the tradition in copyright legislation involves getting a bunch of copyright lawyers to sit at a bargaining table and talk with one another, a lot of important questions were never asked.

Reading the entire chapter takes some time, but is worth the effort.

An obvious question comes to mind here: given this pattern of using copyright law (and other legal tools) to attempt to preserve lucrative business models, what kind of response will free software generate? Free software does indeed threaten business models based on intellectual property, and it is starting to make some companies nervous.

We have seen some responses already. The CueCat affair was an attempt by Digital Convergence to head off a free software threat to its business; in that case, the company eventually declared victory without actually changing anything. DeCSS threatens the film industry's control over how its customers can use films they have bought, and the industry has responded with a copyright-based challenge.

The battle against free software will be fought with proprietary formats, reverse engineering bans, software patents, and so on. Expect it to get ugly. But the free software community has a number of strong weapons that the copyright industry has not had to face before. It is a large, global, and vocal group, which is easily able to organize itself electronically. Free software increasingly has the backing of large businesses which see it as an important part of their future. And the nature of free software makes it hard to stop - it is an interesting exercise to see how long it takes to find a copy of DeCSS, despite over a year of constant, well-funded effort on the DVDCCA's part. And, of course, the free software community's ability to create great code is unparalleled. A fight is coming, but we should be able to win.

(And we'll have fun doing it. For those who haven't seen it, the haiku version of DeCSS is very much worth a look).

Inside this week's Linux Weekly News:

• Security: Vulnerability reporting, wireless tresspassing, vulnerabilities in Java, CUPS, sudo, Zope, elm, PHP-Nuke and joe.
• Kernel: Per-process namespaces; ext2 directory indexes and backward compatibility; NFS and ReiserFS again.
• Distributions: Aleph ARMLinux, Apt merges RPM and .deb, new betas from Red Hat and Linux-Mandrake, Intel XScale support.
• On the Desktop: KDE 2.1 hits the streets, Apple patents, and Miguel de Icaza talks to the world.
• Development: Kilo Cluster, ht://Dig 3.20b3, Python 1.6.1, CLiki.
• Commerce: Red Hat Acquires Planning Technologies, Caldera Quarterly Results.
• History: Two years since the first LinuxWorld conference; remember Ed Muth?; how low could VA go?
• Letters: Allchin's remarks; the MPAA's threat to Dr Touretzky.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

Vulnerability Reporting: Bugs in the bug reporting process (CORE-SDI). Volume 3, Issue 3 of Insight a newsletter from The Internet Security Conference, contains a column by Ivan Arce, Founder and Chairman of the Board of CORE-SDI, which discusses the problems in the current ad-hoc process for reporting security vulnerabilities. The column uses a detailed list of the steps possibly involved in a given security report, then outlines many of the ways in which that process can break down. Near the end, he recommends a simplified set of guidelines:

The guidelines: A feeble attempt at improving the process

(1) Vulnerability reporting costs money: Keep it simple and everybody wins.

All the involved parties (discoverer, proxy, vendor, trusted third party, user) must invest a certain amount of effort to fix bugs. All parties have finite resources and therefore it costs them money. Streamlining the process and addressing the problems in a responsible and timely fashion reduces the efforts for all parties.

(2) Communication is key.

The best way to streamline the process and ensure cooperation is to maintain every party informed of what is going on. When that fails, unilateral actions take place that could put all at risk.

(3) Minimize harm.

Conduct all activities bearing in mind that the end goal is to improve the overall security and minimize the harm to all parties. Although this sounds obvious, the ultimate goal can be obscured during the process, evaluate your actions accordingly.

Extend the benefit of doubt, do not impute motives.

The article does a good job of showing why the ideal process of reporting vulnerabilities will always be impacted by reality (insufficient resources, poor vendor response, multiple discoverers, active exploits, etc.), in short, why a formalized process will always tend to break down. Add to that the danger of allowing a closed (invitation-only) group to define, implement and potentially enforce a formal process and it seems like we might end up exchanging one set of problems for a less-appealing set.

Starting and ending with the simple guidelines suggested seems like a better idea.

WEP: No weapon against hackers (ZDNet). You might assume that this latest ZDNet article on WEP was also talking about the cryptographic issues with WEP, which have been mentioned in the last couple of weeks. You'd be wrong. Instead, it looks at the issue of keeping trespassers off of your wireless LAN. "Controlling access to wireless networks is an increasingly difficult challenge for network administrators. Unlimited access means that anyone with a wireless network card could gain access to the network. On the other hand, highly restricted access negates the benefits of going wireless and annoys the users."

More SSH articles. For those still with stamina to handle more editorial coverage of the SSH trademark issue, C|Net's Robert Lemos has written an article entitled, "Ssh! Don't use that trademark". "'Regardless of its origins, the word has become the generic description for this type of software,' said Michael Bednarek, an intellectual property attorney at Washington, D.C.-based law firm Shaw Pittman. 'As far as I can tell, there is no other name for it.'"

Security Reports

Security hole in Java may expose servers (News.com). Sun has issued a warning that a bug in Java Runtime Environments for multiple platforms, including Linux, may allow an attacker to run harmful programs on a server, though client systems running browsers should be unaffected.

Linux-Mandrake security advisory for CUPS. Linux-Mandrake has issued a security advisory for the CUPS printing packages. An internal audit found buffer overflow and temporary file creation problems. It is highly recommended that all Linux-Mandrake users upgrade to this new version of CUPS.

sudo buffer overflow. A buffer overflow in Sudo, apparently discovered by Chris Wilson, has been fixed in the just-released sudo 1.6.3p6.

Slackware Trustix

Conectiva Linux-Mandrake

Debian Immunix

Zope security update. Digital Creations has released a security update to Zope (all versions up to 2.3b1) fixing a security vulnerability in how ZClasses are handled. An upgrade is recommended.

• Red Hat
• Linux-Mandrake

elm alternate folder buffer overflow. A buffer overflow in elm 2.5 PL3 was demonstrated this week. It can be exploited by passing a long string in via the "-f" option. No patch or updated version has yet been reported. Check BugTraq ID 2403 for more details.

PHP-Nuke magic quotes vulnerability. A new vulnerability in PHP-Nuke was reported this week which can allow any user to execute commands with the privileges of the PHP-Nuke administrator. This occurs because magic_quotes_gpc is expected to be enabled; if it is disabled, then information continues to be read even after a NULL character is seen. An upgrade to PHP-Nuke 4.4.1 will fix the problem. Note, however, that any PHP script that expects Magic Quotes to be enabled could have this same problem. Here is a recommended tip to prevent such problems.

joe file handling vulnerability. The configuration file for the joe editor, .joerc, is read first from the current directory, if available, making it possible to trick users into executing commands if they edit/open a file in a directory with a malicious .joerc file installed. No workaround/vendor solution has been posted yet, though theoretically a patch should be fairly easy to implement, by removing the check for the configuration file in the local directory and restricting the file to the user's home directory or the appropriate system directory.

An informal report indicates that FreeBSD and NetBSD are vulnerable to this, but that OpenBSD is not. No Linux-specific reports have been posted.

Slackware IMAP exploit. A short note in the slackware-current changelog commented that all previous versions of imapd (which is installed by default for Slackware distributions) had a remote exploit problem. This was slightly puzzling to us, since we hadn't heard of a new imapd vulnerability and Slackware issued an update for imapd in November that fixed the most recent vulnerability that we knew of.

Wednesday, though, an update to the Slackware Changelog cleared up the confusion:

Tue Feb 27 15:31:05 PST 2001
n1/imapd.tgz: No, the package wasn't changed. But, there's an update regarding the supposed imapd overflow. It was reported to us that an exploit existed for the version of imapd previously used by Slackware, but after obtaining a copy of the exploit from this site: http://packetstorm.securify.com/0102-exploits/imapd_exploit.c ...we found it to be completely ineffective. Still, it never hurts to keep daemons that provide network services as up-to-date as possible, so if you're running imapd you should consider upgrading.

web scripts. The following cgi-bin scripts were reported to contain vulnerabilities:

• Mailnews.cgi is reported to contain a user-supplied input vulnerability, which can be exploited to remotely execute arbitrary shell commands. No patch or vendor response has been reported so far.

• Adlibrary.pm, a perl-based package from Adcycle.com, is reported to contain a vulnerability that can be exploited remotely to execute arbitrary commands. This is due to insufficient screening of user input. No patch or vendor response has been reported so far.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Marconi ASX-1000, a commercial ATM switch, is reported to contain a vulnerability that can be used to disable remote administration of the device (until it is power-cycled). No patch or vendor response has been reported so far.

• Cisco IOS Software contains an SNMP Read-Write ILMI Community String vulnerability, which might make the device using the software vulnerable to a denial-of-service attack. Cisco is offering free updates to fix the problem.

• A second Cisco IOS Software vulnerability report details multiple vulnerabilities related to the unexpected creation and exposure of SNMP community strings. They can be exploited to permit unauthorized viewing or modification of devices. Specific workarounds are provided, along with a table of related updates.

• Chili!Soft responded to several recently discussed vulnerabilities in Chili!Soft ASP. In some cases, workarounds are offered; in others, it is promised that they will be addressed in the next release.

• Shortly after the above Chili!Soft note was posted, Jim Sander responded with yet an additional vulnerability, in which the Chili!Soft ASP license file, installed by default as a world-readable and writable file, can be removed by any user, causing the Chili!soft services to stop functioning.

• The APC web/snmp management card, available as an option for some APC products (power management), contains a potential denial-of-service attack via a telnet connection to the card. APC has responded by recommending that the APC product should be firewalled to protect it from connections from outside the local area network.

• The Netscape Collabra Server has been reported to be vulnerable to a denial-of-service attack via malicious packets sent to the 119, 5238, 5239 and 20749 ports. Filtering those ports is recommended; no vendor response has been seen so far.

Updates

Analog buffer overflow. An exploitable buffer overflow in analog was reported in the February 22nd LWN Security Summary. Version 4.16 contains a fix for the problem, which affects all earlier versions.

This week's updates:

• Red Hat

Multiple vulnerabilities in bind 8.2.2 and bind 4. Check the February 1st LWN Security Summary for the initial reports. Bind 8.2.3 contains fixes for the problems with 8.2.2. Bind 4 fixes are also available, but an upgrade to bind 8 or even bind 9 is generally considered a preferable approach.

This week's updates:

• Turbolinux

Previous updates:

Caldera Systems (February 1st) Conectiva (February 1st) Debian (February 1st) Linux-Mandrake (February 1st) Immunix (February 1st) Red Hat (February 1st) Slackware (February 1st) SuSE (February 1st)

Trustix (February 1st) Yellow Dog Linux (February 1st) LinuxPPC (February 8th) FreeBSD (February 8th) Cobalt bind 8.2.3 (for the RaQ2 only) (February 8th) Cobalt bind 4 (for the Qube1, RaQ1 and Qube2) (February 8th) NetBSD (February 15th)

Sendmail 8.11.2 security fixes. Check the January 4th LWN Security Summary for the announcement of the release of sendmail 8.11.2. It includes fixes for a number of security issues found after 8.11.1 was released, including the "sendmail -bt negative index bug" reported by Michal Zalewski in October, 2000. Note that the exploitability of this bug was questioned, but in any case, it has been fixed as of sendmail 8.11.2.

This week's updates:

• Turbolinux

dump-0.4b15 local root access. Check the November 2nd LWN Security Summary for the original report. This exploit only affects dump/restore if they are installed setuid root. As of dump-0.4b18, dump and restore no longer require setuid root. dump 0.4b20 was released in mid-November, 2000, with a fix for this problem.

This week's updates:

• Immunix

• Red Hat 5.x and 6.x (Red Hat 7.0 not vulnerable) (November 9th, 2000)
• Linux-Mandrake (not vulnerable) (November 9th, 2000)
• Trustix (November 9th, 2000)
• Conectiva (not vulnerable) (November 9th, 2000)
• Kondara (November 9th, 2000)
• SuSE, not vulnerable (November 16th, 2000)

Format string vulnerabilities in PHP. Check the October 19th LWN Security Summary for the original report. PHP 3.0.17 and 4.0.3 contain the fixes for these problems.

This week's updates:

• Immunix

• Debian (October 19th, 2000)
• Caldera (October 19th, 2000)
• Linux-Mandrake (October 19th, 2000)
• Conectiva (October 19th, 2000)
• Red Hat (October 26th, 2000)
• Immunix (October 26th, 2000)
• FreeBSD (November 23rd, 2000)
• Red Hat, Alpha packages added for RH7 (November 30th, 2000)

LPRng format string vulnerability. Check the September 28, 2000 LWN Security section for the first report of format string vulnerabilities in LPRng and lpr.

This week's updates:

• Immunix, lpr

• Turbolinux
• Caldera, LPRng (September 28th)
• Red Hat, LPRng (October 5th)
• Red Hat, lpr (October 5th)
• Immunix, lpr (October 5th)
• Linux-Mandrake, lpr (October 12th)
• Conectiva, lpr (October 12th)
• SuSE, LPRng (not vulnerable) (October 12th)
• Trustix, LPRng (October 12th)

Resources

OpenSSH 2.5.1p2. A new, minor update to the portable version of OpenSSH 2.5.1p2 has been announced. The new version primarily contains bug-fixes, none of them specific to any security problem, but the upgrade is still recommended, possibly in particular to its bug-fixes for PAM failures seen on Linux (and Solaris) systems.

Events

Upcoming security events.

Date	Event	Location
March 3-6, 2001.	EICAR and Anti-Malware Conference	Munich, Germany.
March 26-29, 2001.	Distributed Object Computing Security Workshop	Annapolis, Maryland, USA.
March 27-28, 2001.	eSecurity	Boston, MA, USA.
March 28-30, 2001.	CanSecWest/core01 Network Security Training Conference	Vancouver, British Columbia, Canada.
March 29, 2001.	Security of e-Finance and e-Commerce Forum Series	Manhattan, New York, USA.
March 30-April 1, 2001.	@LANta.CON	Doraville, GA, USA.
April 6-8, 2001.	Rubi Con 2001	Detroit, MI, USA.
April 8-12, 2001.	RSA Conference 2001	San Francisco, CA, USA.
April 20-22, 2001.	First annual iC0N security conference	Cleveland, Ohio, USA.
April 22-25, 2001.	Techno-Security 2001	Myrtle Beach, SC, USA.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.4.2. Linus has issued no 2.4.3 prepatches as yet. Alan Cox has not slowed down, however; his prepatch series is up to 2.4.2ac6. As usual, it contains a great many fixes, including another important ReiserFS "zero byte" fix.

A question went out on the differences between Linus's releases and the "ac" patches. There is no definitive list of patches that are unique to one or the other (Alan has no time to maintain one). The "ac" series does tend to pick up everything that goes into the official Linus release, but the reverse is certainly not true.

Linus characterized the difference between the two releases thusly:

The two series are fairly disparate, as they have different intentions. Alan accepts some stuff that I would be nervous about, and sometimes I say "to hell with it, we need to fix this" and make Alan nervous.

Alan, instead, described it this way:

I think the key word is actually probably 'predictability'. The Linus tree is conservative. (IMHO too conservative and probably in his not conservative enough 8))

It looks like we'll have two stable development series for a while.

Meanwhile, the 2.2.19 prepatch is up to 2.2.19pre16. In a separate posting, Alan stated that the real 2.2.19 release is about one week away.

A patch to make NFS work well with ReiserFS was posted by Neil Brown. As was discussed in last week's kernel page, the changes involved are significant. So, as Neil states:

Alan Cox has suggested that these changes may not be appropriate for 2.4, so we might have to wait for 2.5 to see them on kernel.org, but we don't have to wait till then to find the bugs.

That announcement brought out a (predictable, perhaps) set of complaints about yet another stable kernel series with NFS problems. With 2.2, much of the trouble only really got cleared up with 2.2.18, released late last year. And there are still some interoperability problems that will only be fixed when 2.2.19 comes out.

On the 2.4 front, some patience will be required. The Powers That Be may well eventually relent and include Neil's patch if the need appears to be strong enough. But it certainly will not happen until the 2.4 series appears to be rock solid, and experience says that could take a little while yet.

Per-process namespaces are now available for Linux, thanks to a patch posted by Alexander Viro ("He's back. And this time he's got a chainsaw."). The idea is based on the Plan9 concept by the same name. Essentially, every process in the system gets its own view of the filesystem. Filesystems can be mounted for one process while being entirely invisible to others. Namespaces can be thought of as a much more flexible form of the chroot() system call.

Alexander has also posted a tiny program which starts a shell running in its own namespace, which is useful for testing out the idea. And, of course, he is looking for testers who can find the problems with the patch. Those waiting for a stable version will do so for a while - this patch is intended for the 2.5 series, once it gets started.

Directory indexes for ext2 are another topic that was discussed last week in this space. The discussion continued, but branched off into a couple of interesting areas.

One is in the area of hashing functions. The directory index function depends heavily on a good hashing function to spread the entries evenly across the index. So several candidates have been evaluated by running them in a usermode Linux kernel; the results have been summarized by Daniel Phillips.

The executive summary is that Daniel's own hash function won. In the process, it handily beat the dentry hash function, used since the 2.1 days in the dentry cache. Linus was not entirely surprised by this result:

It looks like the hash function was done rather early on in the dcache lifetime (one of the first things), back when nobody cared about whether it was really good or not because there were many much more complicated questions like "how the h*ll will this all ever work" ;)

So, as a side result, expect to see some work done on the dentry hash function in the near future.

Even more soundly beaten was the "R5" hash used in ReiserFS. In this case, the problem is not that R5 is a poor hash function; it was, instead, written to satisfy a different set of objectives. R5 will put similar filenames next to each other, which makes the ReiserFS lookup algorithm faster. For the ext2 directory index, however, it is more important to spread things out evenly, so a different function is called for.

The "hash wars" are not done yet; though. Expect some new contenders to show up before too long.

Meanwhile, people started talking about backward compatibility. Ted Ts'o pointed out that, with a very small change to the way the index is stored on disk, full compatibility can be maintained with older ext2 implementations. The cost, in the form of lost space in the directory index, is quite small - less than 1%. Daniel Phillips has not adopted the compatible mode completely, however - he plans to support it as an option in the code so that people can choose the implementation they like better.

When the discussion moved on to tail-block fragmentation, however, Linus felt the need to jump in and argue against backward compatibility. Tail-block recursion is the process of splitting up blocks in the filesystem to allow them to hold the last parts of multiple files. Imagine you have an ext2 filesystem with a 4096-byte block size, and a 5000-byte file to store there. That file will occupy two blocks, with only 904 bytes being stored in the second. Thus, almost half of the space used is wasted. In filesystems that store a lot of small files (netnews partitions being the classic example), large amounts of space can be lost. ReiserFS will store small files efficiently, but ext2 has never had that capability.

When Mr. Phillips mentioned plans to provide tail-block fragmentation for ext2, Linus jumped in and asked that it not be done. He has no objection to the technique, it's just that he thinks a whole new filesystem should be created. Rather than just graft on tail-block fragmentation, a complete rethink should be done to create a better, extent-based filesystem with a vary large block size. And it should not be called "ext2."

In another posting he explained his reasoning in more detail; it is an interesting look at his philosophy for the evolution of the Linux code. Essentially, creating a new code base makes it easier to eventually get rid of the old one, leading to better long-term maintainability. A transition to a completely new filesystem can be done on the user's own time, and can happen relatively smoothly.

In comparison, if you have "new features in X, which also handles the old cases of X" situation, you not only bind yourself to backwards compatibility, but you also cause yourself to be unable to ever phase out the old code. Which means that eventually the whole system is a piece of crap, full of old garbage that nobody needs to use, but that is part of the new stuff that everybody _does_ use.

This is why, for example, Stephen Tweedie's journaling filesystem is called "ext3."

Will Mosix go into the kernel? Mosix is a fancy clustering system which implements a lot of nice features, such as process migration. Many folks would like to see Mosix, or other clustering implementations, go into the standard kernel sometime in the 2.5 development series. There is, of course, no way to know if that will happen at this point. However, Rik van Riel has created a mailing list where representatives of the various clustering projects can discuss the idea together.

Other patches and updates released this week include:

• Folkert van Heusden has posted a patch which implements the generation of random process ID numbers.

• A boot log from a 64-bit PowerPC system was posted by Peter Bergner of IBM.

• David Miller has posted beta 3 of the zero-copy networking patch

• Keith Owens has released modutils 2.4.3, "just a small collection of bug fixes." Keith has also released version 1.8 of the "kdb" kernel debugger.

• IBM has turned loose jfs 0.1.6, the latest release of its journaling filesystem.

• Greg KH has announced a new hotplug scripts release.

• Douglas Gilbert has posted a driver for a new 'scsiinfo' device which implements initial support for hotplugging of SCSI hardware.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Aleph ARMLinux. A commercial distribution supporting the ARM hardware platform is now available. Aleph One Ltd, a UK firm, is now shipping Aleph ARMLinux, a general-purpose distribution based on Debian, with the current version being based on Debian 2.2. It currently supports Acorn/Castle RISC PCs and comes with a "Guide to ARMLinux" book with installation instructions and Linux basics taught from a RISCOS perspective. ARMLinux developer Wookey was kind enough to fill out a distributions survey for Aleph ARMLinux, to provide lots of gory details about the distribution.

Aleph ARMLinux will remain tied to Debian, with new releases planned to matched the Debian release cycle. When asked why they chose to produce Aleph ARMLinux, Wookey commented:

The only one existing for ARM was very old (aout/RedHat3 vintage) and done by a hacker for hackers. We felt that a professionally supported and documented up-to-date distro was something people wanted and was necessary to spread the user base. The Debian ARM effort (primarily by Netwinder people) made this possible.

Over 4000 Debian packages are supported in the distribution (courtesy largely, of course, to the work of the Debian-ARM team), but the default install is only around 200MB. It is almost entirely compatible with the File Hierarchy Standard and with the LSB. They reported around 70 sales of the distribution in the first 8 weeks of its availability.

Although the ARM-based Acorn PCs are less-well-known in the US, they are extremely popular in the UK. Aleph ARMLinux is likely to find a warm reception as a result.

An Interview with Joseph Cheek (SlashTCO). Here's an interview with Joseph Cheek, founder of Redmond Linux, a user-friendly Linux distribution.

[SlashTCO] So tell me a bit more about the ease of use aspect of Redmond Linux.

[JC] Well one of the things that we are really pushing is to make Redmond Linux very, very easy to use. Some of the other Linux distributions have tried but I think that we are going to really push the envelope.

.comment: Not Forking But Branching. LinuxPlanet looks at the large number of Linux distributions. "I don't know of anyone who has looked closely at the situation and doesn't believe that there will be a shakeout, a winnowing out of the weak sisters in the Linux world. We'll begin to see distributions cease to distribute. There are too many of them for all to survive and there's too little to distinguish one over another."

Distribution Reviews

A developer's perspective on PocketLinux (LinuxDevices.com). Part 5 of a series from Jerry Epplin on the status and history of Linux on PDAs looks at Transvirtual's PocketLinux, the Java-based solution for handheld devices. "PocketLinux for the iPAQ uses the handhelds.org kernel and builds a GUI platform on top of it. But PocketLinux, provided by Transvirtual Technologies, is in a sense more ambitious than the others, in that it is targeted toward development by both programmers and non-programmers."

Distribution News

Conectiva News. Conectiva has announced the release of an updated Apt package for managing software packages on Linux sytems. The new release now supports RPM 4. Apt is a tool for managing packages developed by the Debian team, originally supporting only the .deb package format. Alfredo Kojima added support for handling RPM packages. Conectiva is the first distribution to use both Apt and RPM (instead of Apt and Debian .deb packages).

Linux-Mandrake News. MandrakeSoft announced this week Linux-Mandrake 8.0 beta 1, also dubbed "Traktopel". They've got the Linux kernel 2.4.2, KDE 2.1 and the latest versions of GNOME, Nautilus and Evolution. As always with beta versions, remember that they are intended for the brave/foolhardy. No guarantees and no whining ... though bug reports will surely be welcome.

Red Hat News. Only three weeks after its release of "Fisher", the first beta version of Red Hat 7.1, Red Hat has now announced "Wolverine", the latest beta. Diff'ing the new announcements oddly enough seemed to indicate that the latest beta no longer contains their Itanium support. It does include Linux 2.4.1, with additional fixes. Tcl/Tk 8.3.2 has been backed out in favor of Tcl/Tk 8.3.1, while Pine has been upgraded to Pine 4.33. It contains a new warning about Cardbus network cards and network cards that use the tulip driver.

Wolverine has its own mailing list, separate from the Fisher list, so you'll need to sign up if you want to follow the discussion directly.

SuSE News. According to a notice posted to the SuSE Security Announce mailing list, SuSE will discontinue support for versions 6.0, 6.1, and 6.2 effective March 19th, 2001. Support for 6.3, 6.4 7.0 and 7.1 will continue for two years after each of their respective release dates.

Meanwhile, SuSE 7.1 is now available for purchase at the SuSE shop. "SuSE is the first Linux distribution to come with the 2.4 kernel. Although this kernel is still considered experimental and therefore cannot be supported, it is available for Linux users who are ready to try it.

As well as the 2.4 kernel, SuSE linux 7.1 comes with great features like the Reiser Filesystem, the Logical Volume manager, ALSA (the Advanced Linux Sound Architicture), KDE 2.0 and YaST2, the ultimate installation and configuration tool, which now has an automated FTP update feature!"

Slackware News. Recent changes in the Slackware development tree include a security fix for sudo, more XFree86 changes, ProFTPD updates (which may include security fixes), and many updates and additions to the /contrib directory. Most of these changes occured in both the Intel and Sparc trees. No Alpha changes were recorded this week.

Coyote Linux News. Coyote Linux author Joshua Jackson has asked people who want to mirror the Coyote Linux site to contact him directly first. Apparently a number of sites have begun to do so recently, resulting in a hammering on the site that is causing availability problems.

Debian News. For German-speakers, the announcement of a new Debian GNU/Linux book in German will be quite welcome. Entitled "Debian GNU/Linux Anwenderhandbuch", it is available both in print form and on-line. A description of the book (in German) is also available.

Jason Gunthorpe announced that random passwords had been assigned to Debian accounts where the passwords were still in DES format instead of MD5 and had not been changed in over a year. Many developers may not notice, if they are accustomed to using SSH. However, for emergencies, knowing your actual account password may turn out to be useful -- you may want to check and see if your name is on the list.

A new mailing list specifically for the discussion of prospective packages or packages that need work has been created (presumably to siphon off some of the traffic on debian-devel). It is called debian-wnpp.

Corel Linux News. Corel Linux surfaced again after months of inactivity and rumours with Issue 3 of The Qube, the February edition of a "Quarterly" newsletter from Corel. They talk a bit about their plans for the future and also announce the availability of a beta version of Corel Linux OS Second Edition, with support for French, German and International English. Just in time to convince potential investors that there still is a real product there ...

Turbolinux News. Turbolinux, Inc. announced the beta 3 release of Turbolinux for the Intel Itanium processor this week.

Embedded Distributions

Minor distribution updates

• Tomsrtbt 1.7.218 was released this week. Tom commented, "I have not done anything really interesting, or revolutionary; but it is definitely a recommended upgrade". The most interesting part may be the "kernel version lie" introduced to handle difficulties interoperating with Red Hat 7.0 and 7.1beta (Fisher).

• NBROK Linux 0.4b is a new development snapshot of this Slackware-based distribution. The new snapshot supports Linux kernel 2.4.2, PPP/SLIP kernel modules, VESA framebuffer, man and cron.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

KDE 2.1 released. On Monday of this week the KDE Project team released KDE 2.1, the first sub-release for the 2.x series. While the press release states clearly that this release marks a leap forward in Linux desktop stability, usability and maturity, going so far as to strongly recommend all users upgrade to it, KDE Core Developer Kurt Granroth termed the release nothing more than a polish release.

"2.1 is basically a polish release of 2.0", noted Granroth in a phone interview from his office on Tuesday. "We fixed a lot of bugs, added a few usability features. We also are shipping for the first time KDevelop as a 2.x product." In essence, while 2.1 was the focus of the press release, its real focus was to expand the visibility of a few KDE applications, most notably KDevelop.

KDevelop is an integrated development environment (IDE) / rapid application development (RAD) tool. Up until the KDE 2.1 release this tool had only been available for KDE 1.x installations - it hadn't been ported up to the 2.x release. So this announcement served as a launching point to garner interest. And for an application as sophisticated as KDevelop, there are many reasons to be interested.

Says Granroth, "KDevelop actually rivals the best commercial IDE's out there." And he's not kidding. According to review in LinuxWorld KDevelop promises to become a vital tool for luring post-modern neographic types from the world of Windows development to Linux.

But KDevelop isn't the only new feature for 2.1. Many of the KDE environment's modular components have been upgraded, including the KIO and KHTML modules. KIO encompasses the io-slave architecture that allows for, among other things, expanded multimedia support. With this release, KDE is adding the noatun media player which makes use of the KIO component. KIO runs as a separate process for the KDE environment, allowing applications to continue working (or at least appear to do so) while things like network traffic and audio I/O are happening (re: being handled) elsewhere.

But when it comes to the features that make up the component architecture of KDE, users will really take note of KTHML, and that by means of the Konqueror browser. "Konqueror is directly analogous to Eazel's Nautilus," says Granroth, who is the official KDE spokesman for North and South America. Both Konqueror and Nautilus are better known as a "component based browsers" in geek speak, but that just means they're browsers that do more than browse the Web. Granroth explains, "The goal is to provide a graphical front end to many features of the desktop, such as file browsing and Internet access. In 2.1, KHTML provides much better Java and Javascript support, and Java security is now implemented in a sandbox. CSS and HTML compliance are now up to IE 5.5 or Netscape 6 levels".

And it's not just HTML rendering that makes Konqueror better. The component architecture of KDE allows Konqueror to work with the KIO modules, which means with 2.1 you can now rip CD's directly from Konqueror. "We've also got much better SMB support," says Granroth. "You don't even need Konqueror to browse the Web. If you have access to the KHTML parts component, you can embed inside of your application."

The other big update for KDE 2.1 at the user level is the re-addition of the theme selector for KDE. "In 1.x we had a sort of theme manager, but 2.0 has a completely revamped theme engine. While everything was themeable in 2.0, we had no centralized way of modifying the current theme for the desktop. In 2.1 we've added that capability back in."

So while the KDE may be touting its applications, the environment as a whole is garnering plenty of praise.

"This second major release of the KDE 2 series is a real improvement in terms of stability, performance and features," said David Faure, release manager for KDE 2.1 and KDE Representative at Mandrakesoft.

With 2.1 users will find better integration with key applications and easier theme management. And KDE's press release just may mark a new era of publicity for a project well worth the notice.

Apple patents Desktop themes. Apple's patent on desktop themes should be good fodder for discussion. It seems their newly acquired patent says they invented the art of changing the desktop theme on the fly. Never mind issues of prior art. "Apple will definitely be coming to enforce their patent eventually," says KDE spokesman Kurt Granroth. "Within a week of our producing the Aqua (re: Mac like) theme for KDE, Apple had contacted us with a note to cease and desist."

But there isn't a ghost of a chance of this patent holding up. Prior art exists in many forms, from themes.org to Enlightenment. In fact, it could be argued that X itself, in the form of the early Athena widgets, was capable of producing themes.

And this goes into further silliness: according to Granroth, Microsoft has a patent, apparently since 1995, on a taskbar with a start button. Prior art there could come from places like CDE, the forerunner of GNOME and KDE. We'll see where all this heads, but don't count on these two patents holding up in the long term.

Desktop Environments

Interview: KDE League Chairman Andreas Pour (IBM developerWorks). In an interview leading up to the recently released KDE 2.1, IBM developerWorks talks with KDE League Chairman Andreas Pour about the new KDE release, GNOME, and the extensive multimedia architecture available from KDE. "Another thing new in KDE 2 is the multimedia architecture, based on a set of programs called aRts, or analog real time synthesizer. It started out as audio only, but now it includes video. That lets you combine multiple sound streams together, and you can filter them in arbitrary ways through filtering modules. KDE 2.1 supports a variety of video plug-ins so you can keep adding new audio and video formats to it. So if there's a new plug-in that supports, say, the QuickTime codec, any audio or video players can access that codec through aRts."

Java Mania: An Interview With Richard Dale. KDE Dot News talked with the developer who wrote the KDE 2.1 updates to the kdebindings module, Richard Dale, that allow the binding between KDE and the Qt libraries to the Java programming language. "You can mix C++ and Java. The objects don't always have to be instantiated from within the Java environment. If you allocate an object instance on the C++ side, and then you refer to it from within Java, a Java version is created automatically. However, when the Java version is subsequently garbage collected, the C++ instance isn't freed by the Java runtime. It would still exist over in the C++ environment."

Testing of Gnome 1.4. The GNOME project is looking for testers for the upcoming 1.4 release. Testers would, among other things, run a set of assertions written by Sun QA engineers.

Talking with Miguel de Icaza of Ximian about GNOME (LinuxPower). LinuxPower carried an interview with GNOME leader and Ximian co-founder Miguel de Icaza. "The protocol to talk to Exchange is not widely available, so some amount of extensive tcpdump research action is going to be taking place soon. We realize that we will need to provide a solution that would allow people to inter-operate in an Exchange and Notes environments, and we will be taking steps in the direction of fixing this issue."

The struggle for the future of Linux (News.com). C|Net also carried an interview of Ximian co-founder and CTO Miguel de Icaza, this time to find his views on the future of Linux. "What's frustrating for Ximian (is that) we don't want to make another Linux distribution. I think that's just stupid. We need to work with other distributions. That's why we support God knows how many distributions. Ximian is very easy to install on any Linux distribution. We have paid a lot of attention to the details, but this assumes that you already have a Linux system in place."

GNUStep Weekly Update. Several readers pointed out that our new coverage of the Desktop in the last week's Weekly edition left out the GNUStep environment, a lesser known sibling of both GNOME and KDE. This week we've added GNUStep to our coverage in general, starting with their first weekly GNUStep update submission to LWN.net.

Office Applications

AbiWord Version 0.7.13 Released. Abi the Ant and the entire AbiWord team announced the release of Version 0.7.13 of AbiWord on all supported platforms.

Gnumeric release 0.63. Gnumeric 0.63, aka 'its just a flesh wound', was released this past week. This version is rumored to be much more stable.

ToutDoux-1.2.5 : Project manager for GNOME. The latest version (1.2.5) of the GNOME project manager, ToutDoux, hit the streets.

Desktop Applications

Opera: Better, Faster, Stronger Browser? (TechWeb). TechWeb reports on Opera's attempt to mix with the big boys in the browser war. "Opera listened when users said they wanted the browser for free. The current version boasts such user-pleasing features as integrated news, mail, search, instant messaging, and a customizable interface. It supports multiple windows and can zoom in on a page up to 1,000 percent, making it a tool for visually impaired users."

10 Questions with Julian Missig of the Gabber project (LinuxOrbit). Julian Missig is the 16 year old High School junior who leads the Gabber project, a Jabber clone for GNOME. LinuxOrbit talks to him about his entry into the open source world of instant messaging. "I must admit that currently I think anyone who goes into Jabber/Gabber simply wanting a way to use ICQ, AIM, MSN, Yahoo! and others all in one client will probably be disappointed. The support is minimal and even that isn't perfect. The primary goal of Jabber is not to have a system which allows people to use multiple IM systems at once, but it is a secondary goal we have picked up along the way. The primary goal of Jabber is to "provide an extensible architecture for creating the next generation of services and applications on the Internet."

GStreamer the future of Linux Multimedia? (LinuxPower). Erik Walthinsen is interviewed by LinuxPower about the state of the GStreamer project, a project aimed at pipelining media components for editing and playback.

Most media players are designed to, well, play media. Any effort they expend into modularity is only to keep the design from getting ridiculously complex as more media types are added. Actually, a lot of media players don't even support multiple media types, so that isn't even an issue for them.

What GStreamer does is provide that base infrastructure, from which a media player (or anything else) can be built. Micro$oft's DirectShow is basically the same idea, and in fact I was reading their docs just yesterday to get a different perspective on some of the current issues.

Pilot Link 0.9.5pre5. While I don't make it habit of reporting development versions on this page, I think it important to mention the first sign of the 0.9.5 release of Pilot-Link, the software used by many packages for communicating with Palm Pilots. Additionally, the first published news on the plans for 0.9.6 (on the way to 1.0) have also been released.

Games

Rocks and Diamonds 2.0.0 released. A new version of Holger Schemel's Rocks and Diamonds has been released. If you need to take a break from writing documents, scanning email or just plain coding the latest open-source project, this could be just the ticket you're looking for.

Zocks interviews Loki Games developer Bernd Kreimeier. German online magazine Zocks is carrying a German-language interview of Loki's senior programmer, Bernd Kreimeier. Note: The AltaVista Babelfish translator doesn't seem to like this story.

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

SourceForge provides an incredibly useful service to the open-source developer community, and VA Linux should be greatly thanked for that. The current statistics show that around 16,000 projects are hosted there. One has to wonder, however, if the community would not be better served by a more decentralized model for the hosting of open-source projects.

Having a large percentage of projects under development on a single site tends to concentrate all of the risks in one place, whether they are related to corporate troubles, network crackers, or legal attacks. The news from VA concerning SourceForge is fairly reassuring, but it makes one think about what would have happened if there had been staff cuts in that area.

It might be time to consider the old adage: Don't put all of your eggs in one basket.

Clusters

Linux-Cluster mailing list. Rik van Riel has created a metalist for Linux cluster projects in an effort to share infrastructure between the multiple clustering projects currently underway.

Databases

Mini SQL 3.0 pre 1 released. Hughes Technologies announced the availability of Mini SQL 3.0 pre 1, also known as mSQL. See the release notes for details on the changes in this release, which include a completely redone query engine.

aboutSQL: GROUP BY (ONLAMP.com). John Paul Ashenfelter continues his series on SQL programming with an article that introduces the SQL GROUP BY directive.

Embedded Systems

A developer's perspective on PocketLinux (LinuxDevices.com). Part 5 of a series from Jerry Epplin on the status and history of Linux on PDAs looks at Transvirtual's PocketLinux, the Java based solution for handheld devices. "PocketLinux for the iPAQ uses the handhelds.org kernel and builds a GUI platform on top of it. But PocketLinux, provided by Transvirtual Technologies, is in a sense more ambitious than the others, in that it is targeted toward development by both programmers and non-programmers."

Network Management

OpenNMS Update, February 27th, 2001. The latest issue of the OpenNMS Update has been published. Highlights include updates to the status of various projects and an early adopter program status.

PortMon 0.6 released. Version 0.6 of PortMon has been released. "PortMon is a port monitor program that keeps track of open ports on servers to be sure they are still up and talking."

Science

Danforth Center's Kilo Cluster Helps Researchers Study the Building Blocks of Life (Enterprise Linux). Enterprise Linux magazine has published an article about a Linux based Beowulf cluster that is being used for genetic research. "Skolnick rejected RISC-based solutions as being either too big, too slow or too expensive, and decided on a Beowulf cluster using Intel Pentium III processors at 733 MHz, and running the Linux operating system. And, he found he could afford a system with 1,040 processors (520 nodes), giving him peak performance of 335 Gflops."

Web-site Development

ht://Dig 3.20 b3 released. After nearly a year of inactivity, a new version of the popular web site search engine, ht://Dig 3.20 b3 has been released. The release notes contain a long list of bugs that have been fixed.

Announcing OpenFlow 1.0. Paolo Bizzarri has announced the availability of OpenFlow 1.0, an open-source workflow management system. "OpenFlow is a workflow management system, written in Zope + Python. It has been heavily based on the Chautauqua workflow."

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

ERLANG

New site: Erlang-fr.org. Mickael Remond has put together Erlang-fr.org, a web site devoted to all things Erlang. The site is in French.

Java

Writing multithreaded Java applications (IBM developerWorks). Alex Roetter discusses Java multithreaded applications in an IBM developerWorks article. "A program or process can contain multiple threads that execute instructions according to program code. Like multiple processes that can run on one computer, multiple threads appear to be doing their work in parallel. Implemented on a multi-processor machine, they actually can work in parallel. Unlike processes, threads share the same address space; that is, they can read and write the same variables and data structures."

O'Reilly Network Launches Independent Java Web Site. O'Reilly has announced the creation of a new web site dedicated to Java, ONJava.com, that it claims will be an advocate for open source software development in the Java community. The site will also cover open source Sun initiatives like the Jakarta and JXTA projects under the Apache open source license.

Lisp

CLiki: a Common Lisp Wiki. The CLiki site provides a Wiki style collaborative authoring environment for users of Common Lisp on Unix systems. Check it out for the latest in the world of Lisp.

Perl

Using Perl and Tellme (WebRef). Check out this WebRef tutorial for some interesting ideas and examples of using Perl to write an interactive VoiceXML applications for Tellme. Tellme.com provides a commercial service that connects a toll-free phone number to a computer with speech synthesis and voice/DTMF recognition capabilities.

Perl 5 Porters for February 28, 2001. The February 28, 2001 issue of Perl5 Porters is out. Topics include "smoke testing" all possible configurations, overriding, Unicode, and more.

PHP

An Introduction to PHP (O'Reilly). John Coggeshall introduces PHP in an O'Reilly Network article. "At a fundamental level, PHP has all of the features of a complete programming language (control structures, repetitive tasks, and variables) but perhaps one of its most powerful features is database access. With PHP it is possible to access over 19 different types of databases and manipulate data within those databases based on input from the user via a web page."

PHP Weekly Summary for February 26, 2001. The February 26, 2001 edition of the PHP Weekly Summary is available. The PHP 4.0.5 release cycle is discussed as are library upgrades and Apache 2.0 support.

Python

Python 1.6.1 available. Version 1.6.1 of Python is available for download. This version features some minor bug fixes over Version 1.6 and falls under a new license, the "CNRI Open Source GPL-Compatible License". Also, see the announcement for Python 1.6.1 from Guido van Rossum.

Dr. Dobb's Python-URL!, February 26, 2001. Dr. Dobb's latest issue of the Python-URL! summary is now available. Topics this week include discussions on Python 2.0 and functional programming, mp3 management, updates to gnome-python, and an open-source port of Python to the Palm Pilot.

Guido talks about nested scopes (python.org). Python.org has posted an ongoing discussion about Nested Scopes, a somewhat controversial addition planned for Python that may break legacy code. "We have clearly underestimated how much code the nested scopes would break, but more importantly we have underestimated how much value our community places on stability. At the same time we really like nested scopes, and we would like to see the feature introduced at some point."

XML-RPC for Python. Secret Labs has released xmlrpclib 0.9.9, a Python implementation of the XML-RPC protocol.

Dive Into Python Chapter 3. Chapter 3 of the online Python book Dive Into Python has been announced. This chapter covers classes, exceptions, file handling, and more.

Smalltalk

SNRC-ST 3.2. Version 3.2 of SNRC-ST, the Signature Revealing Naming Convention Smalltalk is available. "Generic Types are a solution to the question: 'How do I reuse a collection interface with different element types?'. More generally it is applicable anywhere where one type serves as a parameter to another."

Tcl/Tk

ActiveState adopts Tcl. ActiveState has announced that it will be providing a home for Tcl development, stepping into the void created when Ajuba Solutions dropped the language. ActiveState will be hosting the Tcl community site, providing "supported" versions of Tcl, and offering consulting services.

Dr. Dobb's Tcl-URL!, February 26, 2001. The latest issue of the Tcl-URL! summary is now available. Topics this week include tree and drag-n-drop support in Tcl, an Impress announcement, and the introduction of tclpython.

Moodss 14.0 released. Version 14.0 of moodss, the Modular Object Oriented Dynamic SpreadSheet has been announced. The program can display data in various forms including tables, graphs, bar graphs, and 3D pie charts and has interfaces to Perl, Python, C, and Tcl.

Tclpython 1.1 released. Version 1.1 of tclpython has been released. Tclpython allows the execution of Python code from a Tcl interpreter.

ImPress 1.1-b8 released. Version 1.1-b8 of the ImPress Tcl/Tk desktop publishing and layout package has been released.

Documentation

LDP Weekly News. David Merrill at the Linux Documentation Project has posted the latest issue of the LDP Weekly News. Highlights include the addition of the Linux Palm Quickstart and a Unix Hardware Buyers Howto, along with updates to the Linux Installation, Linux Kernel, PHP and Linmodem Howto's.

Training

LPI Newsletter, February 2001. The LPI Newsletter for February 2001 has made its way to LWN.net's doorstep. This month's news includes a job analysis survey, conference reports from LinuxWorld NY and the Paris Linux Expo, and LPI efforts in Russia.

Software Development Tools

Extreme Rapid Development (Software Development Online). If Rapid Development is just too slow, check out Extreme Rapid Development in an article by Peter Norvig. Several commercial and freely downloadable tools for Python, Lisp, and Dylan are examined.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Red Hat Acquires Planning Technologies. Red Hat has made another acquisition, this time professional consulting services firm Planning Technologies, Inc. (PTI). PTI specializes in complex global network consulting. Their current clients are mostly service providers and large enterprise clients. The company began its professional services business in 1997 and has since grown to over 200 employees, including more than 180 professional engineers and consultants. The acquisition of PTI was made through a stock for stock exchange valued at $47 million and accounted for as a pooling of interests.

Red Hat's business strategy is to offer a complete open source solution for software, from devices to mainframes, and a full range of global services with Red Hat Network as the backbone for deployment and management. PTI's expertise will be used to help Red Hat Network grow and evolve. In turn, PTI gains open source expertise through Red Hat which it can pass on to its existing and future clients. All in all, the arrangement does seem to be mutually beneficial.

Caldera Quarterly Results. Caldera has issued their quarterly financial report for the period ended January 31st, 2001. Highlights include a 90% increase in revenue over the same period last year and a one time charge relating to the SCO acquisition. Note, however, that revenue decreased 10% compared to the prior quarter ending October 31st, 2000.

O'Reilly releases peer-to-peer book. O'Reilly has announced the release of Peer-to-Peer: Harnessing the Power of Disruptive Technologies, a collection of essays on the whole peer-to-peer thing.

Softimage Certifies AMD Athlon Workstations. Softimage Co., a subsidiary of Avid Technology, Inc., has announced that it has certified AMD Athlon workstations from AMD for use with its SOFTIMAGE|3D and XSI animation software. According to the press release, "Softimage has successfully developed an AMD Athlon certified, production ready Linux platform, the emerging platform of choice for many in the digital production industry."

O'Reilly Network Launches Independent Java Web Site. O'Reilly has launched a new Java Web site that it claims it "will be an advocate for open source software development in the Java community. The site will also cover open source Sun initiatives like the Jakarta and JXTA projects under the Apache open source license."

MaximumLinux resurrected - .org style. It looks as though the MaximumLinux site won't quite die, at least not in the .org world. According to the press release, the site has been resurrected by users and readers, though the site itself doesn't make that point clear just yet.

Linux is Poised for a Breakout Year At the Checkout in 2001. According to this press release, IHL Consulting is predicting a 300%-400% increase in Linux shipments in 2001. "According to the study, the segments most likely to adopt a Linux approach to POS are large department stores and specialty hard goods retailers. These retailers tend to have a large number of POS terminals and an IT staff large enough to handle the development of their own POS system."

Linux Stock Index for February 22 to February 28, 2001.

LSI at closing on February 22, 2001 ... 34.32
LSI at closing on February 28, 2001 ... 32.01

The high for the week was 34.32
The low for the week was 32.01

Press Releases:

Open Source Products

• AbriaSoft (FREMONT, CA) announced the release of its Apache powered Lancelot server,a secure commercial grade SSL web server for Windows and Linux platforms.

• ANNEXIA.ORG (London, UK) announced immediate availability of Net::FTPServer version 1.0, a secure, extensible and featureful FTP server released under the terms of the GNU General Public License (GPL).

• Crystal Space is an open source game development platform. It is still in beta v0.18r001, but should be reasonably stable.

• Endeavors Technology (IRVINE, Calif. & READING, England) has developed a highly optimized, open source port of Python to the Palm OS platform.

• OpenInteract is an extensible application server using Apache and mod_perl. Now in v1.05, OpenInteract is built for developers but is also manageable almost entirely via the web browser.

Proprietary Products for Linux

• Magic Software Enterprises (IRVINE, CA) launched its new Web development tool, Magic eDeveloper. Magic eDeveloper is part of the Magic eBusiness Platform.

• Quintalinux Limited (KOWLOON BAY, Hong Kong) announced the release of a new English-language version 2.4 of iOffice2000, a Web-based groupware application suite.

• Solsoft, Inc. (MOUNTAIN VIEW, Calif.) announced a number of enhancements to its free security management solution Solsoft NP-Lite 4.1.

Products and Services Using Linux

• MontaVista Software, Inc. (SUNNYVALE, Calif.) announced that it had recently demonstrated Hard Hat Linux on the Intel XScale microarchitecture.

• MSC.Software (COSTA MESA, Calif.) announced it has launched MSC.SuperForge on its online SimulationCenter.

• Object Design (BURLINGTON, Mass.) announced that its ObjectStore 6.0 for Linux i386 object database management software is now shipping.

Servers

• IBM (NEW YORK) announced a new rack-mounted computer workstation and flat-panel monitor. The IBM IntelliStation R Pro uses Intel processors and, of course, it can run Linux.

• Penguin Computing (SAN FRANCISCO) announced the availability of the Relion 220 2U rackmount server.

Products with Linux Versions

• Brightware (SAN RAFAEL, Calif.) announced that its Brightware 2001 suite of eCustomer Assistance software now supports Sun Solaris and Red Hat Linux.

• Cirrus Logic Inc. (AUSTIN, Texas) announced new Linux drivers to support all Cirrus Logic, Inc. computer audio solutions.

• Fourthought, Inc. (BOULDER