Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Thus far, janitorial work in the kernel has been handled the way much kernel work is done - a job gets done when somebody decides to do it. Some coordination happened by way of the kernel janitor's list, a web page maintained by janitor extraordinaire Arnaldo Carvalho de Melo, but the janitors have remained a spread-out group.

No longer. Arnaldo Carvalho de Melo has announced the creation of a separate kernel janitor's project. Like any self-respecting project these days, it has a SourceForge page, but there's not much there at the present. What does exist is a mailing list and a CVS version of the janitor's TODO list. The mailing list has already started to see traffic on janitorial techniques and kernel problems in need of fixes; one can read about the proper way to initialize string variables at compile time or plans for the death of spin_lock_irq(). The janitors are getting organized.

This project raises an interesting question. The need for janitorial work is reasonably clear. Any large body of code is going to have its dark, dusty areas in need of a serious sweeping, and the kernel is a larger and more complex body than many. And the janitors have noted an important point: an error pattern that is found in one section of code has a high likelihood of recurring in other places. Once a particular type of mistake has been found, it makes great sense to go looking for instances of the same mistake elsewhere. This is essentially the same approach as that used by the OpenBSD team to root out security problems before they are exploited.

But why would kernel hackers go in for this kind of work? The kernel is full of interesting jobs that need to be done; why would a talented hacker pass them up in favor of auditing some obscure driver's locking discipline? We asked Arnaldo that question, and got the following response:

Because somebody has to do it? :) For the kernel to be considered really stable it can't stop working even in the more uncommon situations, where lots of the janitorial work has been concentrated, and it also gives kernel newbies interested in getting into kernel hacking a good start, because we have to study code and see how parts of the kernel works so that we can start fixing these small bugs....

Other motivation is that janitor work doesn't require that you spend that much time, and for people too busy but willing to help, this can be the way to help.

In fact, janitorial work can be a good entry path for aspiring kernel hackers. Performing major surgery on the kernel and getting the changes past the gatekeepers can be an intimidating prospect; small and obvious bug fixes are a much easier start. And they can lead to bigger things:

Look at me, now I'm being considered to become the kernel IPX networking stack maintainer, and this happened because I wanted to get rid of some cli and sti instructions, used for locking, and use more modern and SMP friendly locking techniques, namely spinlocks and reader writer locks...

Janitorial work, thus, is a good entry path for those wanting to build some experience and reputation capital in the kernel development community.

The organization of the janitors can be seen as another sign of "growing up" in the Linux community. As the kernel grows and evolves, organizations develop around it to keep things clean and ensure the quality and stability of the code base. At some point, the kernel may even have an organized patch management scheme, regression tests, and other tools that many development projects have taken for granted for some time. Certainly the janitors have already been greatly helped by the Stanford checker (discussed in last week's LWN kernel page).

The kernel, meanwhile, is far from the only large development project in the free software community. No doubt, many other projects should look at the kernel janitors organization and consider setting up something similar. The benefits, in terms of improved code and a better supply of new hackers, could be both large and immediate.

Writeup: Singapore Linux Conference/LinuxWorld Singapore 2001. While the rest of us were dealing with Colorado snow, LWN editor Liz Coolbaugh attended the Singapore Linux Conference/LinuxWorld Singapore 2001. She has now posted an extensive writeup of the event, including a report from Donald Becker's keynote and many pictures. It looks like a successful conference, if not as heavily attended as its organizers would have liked; it gives a good picture of the adoption of Linux in Asia.

Three years of Mozilla. Three years ago, with great fanfare, Netscape released the Mozilla source to the world. It was one of the defining moments in the history of free software: a large, proprietary product was being freed as a response to competition from Microsoft. To many, it was the event that brought free software (or "open source," a term which was born in the middle of all this) out into the open. It was a sign that the corporate world was beginning to see the value in free software.

Three years later, how does it look?

Mozilla has spent much of that time being presented as a free software failure. The "milestone" releases have, until recently not been up to even alpha-level quality. Mozilla has been seen as an example of features and bloat gone mad. The low point, perhaps, was when NTK sounded off in classic fashion:

Far be it for us to intimate that MOZILLA has been hijacked by the same naive completeness fanatics that collapse so many free software projects into development black-holes, but ... oh come on, two years and counting? Seventy megabytes of swap? Per *window*? Hello? Is there some kind of AOL/ crack cocaine stock-swap going down at Mountain View?

It is also the second anniversary of Jamie Zawinski's high-profile resignation from the project, which also did little to help its image. Finally, the Mozilla-based Netscape 6 release has gotten an unenthusiastic reception. Mozilla, at times, has seemed like an example of the worst that free software projects can be.

Not so quick, though. In the end, Mozilla will be seen as a slow-starting but highly successful software development project. Consider:

• The Gecko HTML rendering engine has brought a new level of speed and standards compliance to Linux-based web browsers. It is at the core of the Galeon and Skipstone browsers, both of which are coming along nicely and seeing increasing numbers of users. Gecko is also been picked for a number of embedded applications.

• Perhaps more to the point, the Mozilla browser itself is reaching a point of true usability. It now works well enough that people other than those hacking on the source may actually want to use it - especially when they find some of its nice features, such as its rendering speed, the ability to set minimum font sizes (no more squinting at obnoxious sites), and the ability to limit animated images. The Mozilla roadmap shows high hopes for a 1.0 release sometime quite soon. The 0.8.1 release, meanwhile, adds a number of new features, including the ability to browse Gopher sites, assuming you can find one still standing.

• A look at the Mozilla projects page shows an unbelievable amount of development activity. Mozilla has become the central point for a great deal of web-based development activity; expect no end of great tools to come out of there in the coming years.

Mozilla is quickly approaching its goal of producing a great, free web browser. Along the way, it has taught us a number of lessons. One, certainly, is to look carefully at large piles of code when they escape from the proprietary world. Thus, for example, OpenOffice has been received with much more cautious and realistic expectations than Mozilla was, which is to everybody's benefit.

Another is that focus is important. Had Mozilla concentrated on producing just a web browser, it would likely have been further along at this point. Konqueror, while far from a small program, is an example of what can be done with a more realistic (though still ambitious) set of objectives.

Yet another thing we have learned is that bringing new developers into large projects is hard. For somebody new to a project, the code base is usually poorly documented and difficult to understand, and mailing list discussions appear to be conducted in Martian. Recognizing this, many large projects have tried to help new developers with special documentation, mailing lists, and so on.

The last lesson, perhaps, is this: don't write off a free software project too soon. A year from now, many of us will have Netscape-free desktops, and Mozilla will be the replacement on many or most of them.

Inside this week's Linux Weekly News:

• Security: 2.2.18 security issue with published exploits, OpenSSH 2.5.2p2, FCheck, MySQL vulnerabilities.
• Kernel: 2.4.2 glitches; regression testing; the proper size for dev_t.
• Distributions: What's the most popular Linux distribution in Singapore?
• On the Desktop: KDE 2.1.1, Siag Office, Mozilla 0.81, Mahogany 0.62.
• Development: HappyDoc, Linux LVM, State Map Compiler 1.0, KDE Developer's Checklist.
• Commerce: ArsDigita Community System; OEone to build appliance environment with Mozilla; Privacy Foundation report on TiVo.
• History: Three years ago Mozilla was released; One year ago LWN was acquired by Tucows.
• Letters: The leading distribution; fair use; but no letters about socialism.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Exploits were released this week for a ptrace/execve/procfs race condition in the Linux kernel 2.2.18. Simultaneously, Linux 2.2.19 was also released. Given the fact that the exploit is already available, expect to see 2.2.19 updates from the various Linux distributions in short order. Of course, downloading and compiling Linux 2.2.19 directly will also close the hole. Depending on your distribution, though, you may end up without some of the patches that were included in your original kernel.

Solar Designer also released updated versions of his OpenWall kernel patch for 2.2.19 and for 2.0.39 as well. You will find them at the OpenWall project. The OpenWall kernel patch contains a collection of security-related features and makes them configurable for the kernel. Check the OpenWall README and FAQ for more details.

Distribution updates available so far:

• Immunix

OpenSSH 2.5.2p2 released. OpenSSH 2.5.2p2 has been released. It includes a number of fixes (including improvements in the defenses against the passive analysis attacks discussed in last week's LWN security page) and quite a few new features as well.

Packages of the new OpenSSH are already popping up:

• Linux-Mandrake
• Conectiva
• Immunix
• Red Hat

SSH inventor denied trademark request (NW Fusion). Network World Fusion reports on the IETF meeting where Tatu Ylönen's request for a name change for the ssh protocol was turned down. "But IETF participants argued that both Secure Shell and its acronym SSH were generic terms that can't be protected by trademarks. Ultimately, the working group voted 3 to 1 to reject Ylönen's request. 'I'm very disappointed,' Ylönen said after the meeting. 'What will I do next? Consult my lawyers.'"

The Wireless Underground: San Francisco's Free Computer Networks. In this case, it isn't about free software, it is about illegal access to poorly secured (if secured at all) wireless networks in downtown San Francisco. Check out this SFGate article on the subject, which reports on tests done by folks from the Bay Area Wireless User Group (BAWUG).

"We walked around the Financial District with a laptop and an antenna, and we could pick up about six networks per block," says Matt Peterson, a network engineer and founder of the Bay Area Wireless User Group (BAWUG).

Aside from networks that were not intended to be open, though, others are being intentionally left open by individuals, freely allowing others to use their wireless networks to get connected if they happen to be in the area. That provides an interesting model for communities to provide Internet access to the community as a whole.

Unless you are intending to contribute to such a free community, though, configuring your wireless system to only allow specific MAC addresses to connect is recommended.

A Windows/Linux virus?. A company called Central Command ("Without us, there's no defense") has put out a press release claiming the discovery of a virus that can infect both Windows and Linux systems. It works by infecting executable files in the local directory, so it's not going to get all that far in the Linux world... the "media virus," on the other hand, seems to be propagating well, with articles in Reuters, ZDNet, and Newsbytes.

Security Reports

New Linux worm sighted. Here's an alert from SANS on the so-called "Lion worm" which has been recently sighted on the net. This worm takes advantage of the well-known holes in BIND (fixed by most distributors back in January) to break into new systems. At that point it does a number of unpleasant things. Those who have applied their BIND updates need not worry; the rest of you should probably do so fairly soon. SANS has also posted a detection and removal script. (Thanks to Greg Bailey).

Kerberos libkrb4 race condition. A race condition in libkrb4 can be exploited to overwrite the contents of any file on the system.

• Red Hat

VIM statusline Text-Embedded Command Execution Vulnerability. A security problem has been reported in VIM where VIM codes could be maliciously embedded in files and then executed in vim-enhanced or vim-X11.

• Red Hat
• Linux-Mandrake

Buffer overflows in imapd, pop2d and pop3d. SuSE issued an advisory this week concerning buffer overflows in imapd, ipop2d and ipop3d. The advisory implies that these overflows became remotely exploitable due to a configuration error: "Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated".

This implies that the vulnerability may be specific to SuSE, though the advisory does not explicitly confirm this.

FCheck local command execution vulnerability. FCheck, a perl-based file integrity checker, contains an insecurely-programmed call to open() which does not properly filter user input. As a result, a file can be created with metacharacters in the filename that, when scanned by FCheck, will cause it to execute the commands under the FCheck uid. FCheck 2.6.57 through 2.78.58 are vulnerable; FCheck 2.78.59 is not. Check BugTraq ID 2497 for more details.

UFS/ext2fs data consistency race condition. FreeBSD has reported a data consistency race condition that affects the Unix File System (UFS), commonly used on BSD and other Unix systems and ext2fs, commonly used on Linux systems. This race condition may be used by one user to gain access to data from files deleted by other users. A patch for FreeBSD has been provided.

MySQL 3.23.36 released, fixing security hole. An apparently ancient security hole in MySQL where database names starting with ".." were accepted by MySQL has been closed in the latest release, MySQL 3.23.36.

web scripts. The following web scripts were reported to contain vulnerabilities:

• Akopia Interchange, a GPL'd ecommerce system, contains sample scripts which can allow unauthenicated users to access the web administration database with privilege. A simple change to the sample code will fix the problem.

• SWSoft ASPSeek s.cgi versions 1.0.0 through 1.0.3 contain a buffer overflow vulnerability which can be used to execute arbitrary commands under the uid of the webserver. No fix or workaround has been provided so far.

  Update: we've been informed that we're somewhat behind the times on ASPSeek development. The vulnerability described here was fixed in 1.0.4, and remains fixed in several subsequent releases. We regret the error.

• The cgi-script 'pwc' is reported to contain a format string vulnerability.

Commercial products. The following commercial products were reported to contain vulnerabilities:

• Cisco has released an advisory for the Cisco Catalyst SSH Protocol Mismatch Vulnerability. It affects Cisco VPN 3000 series concentrators with software prior to version 3.0.00 and allows a flood of data to cause a reboot. An upgrade to 3.0.00 should fix the problem.

Updates

licq URL checking problem. Check the March 22nd LWN Security Summary for the original report.

This week's updates:

• Red Hat (Red Hat 7 only)
• Conectiva

• Linux-Mandrake

timed denial-of-service vulnerability. Check the March 15th security report for this denial-of-service vulnerability in timed.

This week's updates:

• Linux-Mandrake
• SuSE

• FreeBSD (March 15th)

sgml-tools temporary file vulnerability. See the March 15th LWN security page for the initial report.

This week's updates:

• Conectiva

Previous updates:

• Debian (March 15)
• Immunix (March 22nd)
• Linux-Mandrake (March 22nd)
• Red Hat (March 22nd)

ePerl buffer overflows. Check the March 8th LWN Security Summary for the initial report.

This week's updates:

• SuSE

• Debian (March 8th)
• Linux-Mandrake (March 15th)

sudo buffer overflow. Check the March 1st LWN Security Summary for the original report.

This week's updates:

• Red Hat, Powertools 6.2

Previous updates:

Slackware (March 1st) Trustix (March 1st) Conectiva (March 1st) Linux-Mandrake (March 1st)

Debian (March 1st) Immunix (March 1st) Debian (March 8th), PowerPC packages Linux-Mandrake, new 7.1 packages due to build problem.

joe file handling vulnerability. Check the March 1st LWN Security Summary for the initial report.

This week's updates:

• SuSE

• Red Hat (March 8th)
• Immunix (March 8th)
• Linux-Mandrake (March 8th)
• Debian (March 15th)

BSD ftpd single byte buffer overflow. Check the December 21st, 2000 LWN Security Summary for the initial report. NetBSD and OpenBSD systems are affected; FreeBSD is not. BugTraq ID 2124 also covers this issue.

This week's updates:

• SuSE

• Trustix, not vulnerable, but new BSD ftpd packages provided anyway (December 21st, 2001)
• OpenBSD (December 21st, 2000)
• Trustix, BSD ftpd packages updated due to a typo in the original patch (December 21st, 2000)

Resources

Bastille Linux 1.2.0.pre22 (Testing Releases). A new development version of Bastille Linux was announced Tuesday. This snapshot primarily contains bugfixes and apparently heralds the nearness of the new stable release, Bastille Linux 1.2.0.

Linux Intrusion Detection System 0.9.15 for 2.2.19. With the release of Linux kernel 2.2.19, a new version of the the Linux Intrusion Detection Systems (LIDS) has been announced, LIDS 0.9.15.

Avaya Releases Linux Security Software. Avaya Labs announced it is releasing Libsafe 2.0, a version of its free security software for Linux. Libsafe version 2.0 adds the ability to protect against security attacks that exploit "format string" vulnerabilities in software.

Czech PGP Flaw Tech Details. Details from the PGP Flaw reported last week have been released in a technical paper, along with Hal Finney's analysis of the flaw, which was posted to the OpenPGP list.

New Turbolinux key. The Turbolinux staff has updated their public key.

Events

Upcoming security events.

Date	Event	Location
March 29, 2001.	Security of e-Finance and e-Commerce Forum Series	Manhattan, New York, USA.
March 30-April 1, 2001.	@LANta.CON	Doraville, GA, USA.
April 6-8, 2001.	Rubi Con 2001	Detroit, MI, USA.
April 8-12, 2001.	RSA Conference 2001	San Francisco, CA, USA.
April 20-22, 2001.	First annual iC0N security conference	Cleveland, Ohio, USA.
April 22-25, 2001.	Techno-Security 2001	Myrtle Beach, SC, USA.
April 24-26, 2001.	Infosecurity Europe 2001	London, Britain, UK.
May 13-16, 2001.	2001 IEEE Symposium on Security	Oakland, CA, USA.
May 13-16, 2001.	CHES 2001	Paris, France.
May 29, 2001.	Security of Mobile Multiagent Systems (SEMAS-2001)	Montreal, Canada.
May 31-June 1, 2001.	The first European Electronic Signatures Summit	London, England, UK.

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The 2.2.19 kernel has been released, finally. No release notes are available yet, but the final product will look very much like 2.2.19pre18.

A couple of 2.4.2 problems have been biting people. While the 2.4 kernel is highly stable for most people, there are a couple of problems that have been creating difficulties for some users. Here's what you should be watching out for if you're running 2.4.2:

• Loopback mounts do not work. This problem is not new - it has been known since the 2.4.0-test days. Nonetheless, one could say that the existence of the problem has not been highly publicised. Loopback mounts allow the mounting of a filesystem contained within a regular file on another filesystem. A common use for loopback mounts is to mount ISO (CDROM) images that are sitting in a large disk file. If you attempt that under 2.4.2, the mount process will go into an uninterruptible wait, thus becoming an unkillable process.

  A patch, written by Jens Axboe, has been in circulation for some time; it is already incorporated into the "ac" series and into the 2.4.3 prepatch. Some vendors shipping 2.4 kernels have integrated the patch into their systems as well. This particular problem will be history soon.

• The "out of memory" (OOM) killer is being invoked too soon. The OOM killer is supposed to run when the system needs memory and is absolutely unable to find any. Its job is to start killing processes to free up some memory, while doing its best to not kill anything important. The approach used by the OOM killer was discussed in some detail in October 12, 2000 LWN kernel page.

  The OOM killer has gotten some bad press this week from people who think it chooses badly, or that it should not exist at all. Doing without an OOM killer entirely would be hard; even if the kernel is patched so that it does not overcommit memory, situations can arise when memory is simply not to be found. The alternative to killing a process in that situation is, generally, to allow the system to lock up.

  Most users, however, should never have the opportunity to see the OOM killer in operation. It takes a severely stressed system to run that short of memory. Or that is the idea, anyway. It would appear that the system is calling the OOM killer when there is plenty of other memory that the system should be able to free without killing processes. Nobody has yet announced that they have found or fixed the problem, however.

Regression testing for the Linux kernel? Problems like the loopback lockup described above lead some to wonder if maybe the kernel needs a formalized regression testing system. Given the complexity of the system, weird bugs are going to be a frequent consequence of code changes. Many software development projects employ regression testing in order to trap as many of those problems as possible before they bite somebody. But the Linux kernel has never had a serious regression testing program.

Some aspects of the kernel are rather resistant to formal regression testing. In particular, it would be difficult indeed to formally test all of the possible hardware combinations out there. For this sort of testing, the kernel probably already has the ideal setup: thousands of brave souls who routinely download and run development kernels. These testers can check things out on their hardware, but they are not the same as a formal testing program that is designed to cover as much of the code as possible.

There are a couple of testing efforts out there now. The most prominent one, perhaps, is the Linux Test Project which is run by SGI. It currently includes about 100 tests, most of which check the performance of various system calls (though there is also one that tests f00f bug handling as well). The PowerPC architecture also has a limited set of regression tests to be sure that its kernels can build and boot.

These are both good efforts, but they are a far cry from a comprehensive testing program. A complete job will be a tremendous amount of work, and it remains to be seen if anybody can find enough motivation to do the whole job.

How big should dev_t be? Linux, like its Unix ancestors since the beginning, identifies devices with a sixteen-bit number, known by its C type dev_t. Of those sixteen bits, eight are the major number (essentially, the index of the driver which handles the device), and eight are the minor number (usually interpreted by the driver as a unit number). Thus, a total of 256 major and 256 minor numbers are available (well...OK...actually double that, since the number spaces for block and char devices are independent).

That is not a whole lot of device numbers. Some types of devices have needed more that 256 minor numbers for some time; SCSI disks and pseudo terminals are a couple of obvious examples. To make up for the lack of minor numbers, these devices have multiple major numbers assigned. But major numbers, too, are in short supply: a look at the current device number allocation document shows that only numbers 226-239 are unassigned.

So it has been accepted wisdom that dev_t needs to grow for a while. It is generally expected that the 2.5 development series will create a larger dev_t, and deal with the various user space compatibility issues that this change will cause. In fact, most of those issues will be relatively minor; glibc has been using a much larger dev_t for some time already. Thus, most applications should not notice the change. There are some exceptions, though: tar files, for example, have 8-bit major and minor numbers built into them.

While there is agreement on the need to grow dev_t, it has become clear that there is little consensus on how big the type should become. Andries Brouwer started a little storm with a posting stating that a 64-bit value should be used. 64 bits is what glibc uses, and it would be large enough to not run out anytime soon, even if "sparse" allocation schemes are used.

Linus, however, replied by saying, flat out, that a 64-bit dev_t would not be accepted. His proposal is to go to a 32-bit value, with twelve bits for major numbers and twenty for minor numbers. His reasoning, essentially, is:

• Major numbers do not need much expansion; we have not, yet, even managed to exhaust eight bits. Since major numbers tend to be used in table lookups (to find the driver when a device is opened, for example), the major number space should not be so large that the lookup table takes too much memory.

• There is a need for more minor numbers, especially for things like pseudo terminals on large, multiuser systems. But twenty bits should be more than enough even for that use.

That last idea is likely to draw some complaints. The inclusion of devfs in the kernel shut down most of the flame wars, but a lot of people still do not like it and do not configure it into their systems. If devfs becomes a required component in the future, expect some disgruntlement in the ranks.

The 2.5 development kickoff kernel hackers summit is happening in San Jose on March 30 and 31; it's sponsored by VA Linux Systems. This invitation-only event will host most of the planet's active Linux kernel hackers, and should lay much of the groundwork for the upcoming 2.5 development series. A preliminary agenda has been posted, showing some of the topics up for discussion.

Your humble kernel page editor managed to wrangle an invitation based on his device driver book work, and hopes to be able to do some interesting reporting from the summit - to the extent that can be done without hindering the free and open nature of the discussion.

Other patches and updates released this week include:

• Justin T. Gibbs has posted version 6.1.8 of the aic7xxx SCSI driver. Among other things, the latest version fixes a build-time quirk that required those building the 2.4.3 prepatch kernels to have Berkeley DB1 installed on their systems.

• Keith Owens has released modutils 2.4.5 and kdb v1.18.

• Keith has also posted a proposal for a new kernel interface which would provide efficient access to the performance monitoring registers on large, multiprocessor systems.

• Eric Raymond posted several updates to the CML2 configuration system, culminating in CML2 0.9.7. Along the way, there was a strong debate on the renaming of a number of configuration symbols and a push by Eric to get CML2 incorporated into the 2.4 kernel before the 2.5 development series starts. Alan Cox, however, has indicated that he is not willing to do that.

• Jonathan Morton has released a patch which enables the kernel to run in a mode where it does not overcommit memory, making it much harder to find oneself in an "out of memory" situation. The patch also makes some tweaks to the OOM killer.

• Richard Gooch has announced devfs-v99.20 - a backport of the device filesystem to the 2.2.19 kernel.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

Linux Distribution Use in Singapore. Last week, Distributions editor Liz Coolbaugh had her first opportunity to report first-hand from a Linux conference in Asia. As part of that, she presented her usual talk on Linux Distributions and asked the audience for information on what distributions they were using. There were a few surprises in what she learned.

First, over half of the audience indicated that they were currently using Red Hat for their distribution. Although we expected to see a strong Red Hat presence, we had not expected it to be this strong. After Red Hat, there was a respectable number of attendees using SuSE, Debian and Slackware (at least four audience members out of around 80 attendees), but the gap between them and Red Hat was very large.

The remaining surprises? There were no Caldera OpenLinux users. Is that a surprise? Caldera has never targeted the Asia market. Well, consider that the Caldera distribution has been around for as long as Red Hat and Caldera is the only other Linux distribution vendor that made it through the IPO process last year, so it should be reasonably well capitalized. Nonetheless, it had no presence at this show, in stark contrast to Red Hat. More importantly, it was also "missing" from a similar informal survey done in January at LinuxWorld New York. This same talk and similar surveys have been done at LUG meetings and at the Atlanta Linux Showcase 1999 previously and before, Caldera was always at least represented.

Another surprise: No ASPLinux users raised their hands. ASPLinux is a Singapore-based distribution, in fact, the only one. On the other hand, they just announced the release of their first stable product, so the fact that they are not being used yet has some explanation.

The bigger surprise, though, was that not a single member of the audience claimed to be using Turbolinux. Turbolinux, with main branches in both the US and Japan, claims a sizable presence in China. We had expected, as a result, to see at least some presence in Singapore.

One key thread among many of the talks at the conference was cluster technology, an area in which Turbolinux has also been hard at work. Donald Becker was present to talk about Scyld Beowulf, Dr. Putchong Uthayopas, from Kasetsart University, in Bangkok, talked about building and remotely managing clusters, and Shuvam Misra talked about a cluster implementation supporting India's National Stock Exchange. Yet still, Turbolinux did not have a booth or other presence at the conference and was not mentioned to us by any of the attendees. We don't really have any speculation on why not; this is just a data point, a piece of a puzzle that will hopefully make sense at a later date.

Of course, having shared these impressions with you, it is time to apply the caveats. None of the data above was collected as part of an official survey. The audience participation was based on interest and does not represent a random sample. The audience was not particularly large and therefore could be easily skewed. So don't draw massive conclusions from the information above. Instead, take the information as it is meant to be, a few data points that serve as good fodder for speculation, discussion and possible future research.

Distribution News

Red Hat News. A new test release of XFree86 4.0.3-3 and Mesa-3.4-13 has been made available. Note that this release is strongly not recommended for use on production systems.

Red Hat also released three non-security-related package updates this week, for gnorpm (to enable it to work with rpm-4.0.2), ucd-snmp (also required once rpm is updated to 4.0.2) and pam_krb5, to fix a problem with Kerberos authentication that was causing intermittent login failures.

LinuxPPC News. On March 23rd, LinuxPPC announced a contest in which the ten lucky winners would receive a copy of LinuxPPC 2000 Q4, the company's latest version of Linux for the Power Macintosh platform, along with a Linux PPC T-shirt. Contestants are asked to write a brief essay on why they use Linux on the PowerPC processor. They announced their first winner today, Jiro Fujita of Omaha, Nebraska. Here is a link to the winning essay. "After spending many hours trying to maximize the performance of the web server (my boss' desktop G3/266 running MacOS running Personal WebSharing) and many many restarts, I talked him into moving to a Linux box. ... In his mind, running on a PPC 604e at 200 MHz couldn't possibly be faster than running on a G3 at 266 MHz. What he didn't realize was that Linux runs a lot more efficiently than MacOS".

Note that the contest was started in response to the release of Apple Mac OS X.

Yellow Dog News. Apparently the release of Yellow Dog Linux 2.0 has been delayed. Terrasoft has issued an explanation, along with an apology, for the delay. "In what we hoped to be our final stress tests last week, we uncovered several new problems including a bug in the partitioning code. We are working hard this week and the next to resolve these issues. We have made our 2.0 package set (based upon Red Hat 7) available for any power users to test and provide feedback. We've already fixed several, relatively minor bugs discovered through public beta tests and appreciate this assistance".

No exact date has been given for the postponed release. Presumably it will come when the problems have been resolved and they are confident in the new package.

muLinux News. muLinux 11r11 was released last Friday and includes minor feature enhancements such as a statically linked "fdformat" command and IPv4 masquerading modules. muLinux is a single-floppy Linux distribution now gaining popularity with use in the embedded Linux arena.

Debian News. Within hours of the publication of this edition of LWN, the current Debian leader elections will be over. They end at midnight, March 28th, at the international date line. To check what date or time that matches in your own time zone, use the command:

        date --date='2001-03-28 23:59:59 -1200'

Slackware News. One new addition to all three Slackware platforms this week was cdparanoia alpha9.7, a Compact Disc digital extraction program described as "really nice" and "rock-solid", despite its alpha status.

The other major update this week was the upgrade to Apache 1.3.19, which included a total restructuring of the package, moving it from the /var/lib/apache tree and placing it instead under /usr. All of the changes seem geared to bring that package in-line with the File System Hierarchy Standard. Note that the Apache upgrade has not yet been done on the Sparc platform, only the Intel and Alpha.

Specific to the Alpha platform was an upgrade to XFree86 4.0.3. All platforms also got upgrades to the tcpip2 and yptools packages, as well as new versions of fdutils and mtools.

On the userlocal.com forum, we found a link to this new article, Slackware Linux 101. It uses Slackware to demonstrate the system initialization sequence. "In particular, Slackware's init structure is more akin to the BSD UNIX structure than the System V structure, though with the latest distribution of Slackware there are some concessions for programs that want to add services to startup but expect a System V directory structure".

SuSE News. SuSE announced two new products this week, including SuSE Linux Enterprise Server, a new version of the SuSE Linux operating system that has been optimized for use on servers and SuSE Linux 7.1 Power PC Edition.

The first finishes SuSE's move from providing a single distribution product for the Intel platform to providing three tailored versions: "SuSE Linux Personal", "SuSE Linux Professional" and now "SuSE Linux Server".

The second makes the latest version of SuSE available for the PowerPC platform, bringing the number of supported platforms for SuSE Linux 7.1 up to three, including Intel, Alpha and now PowerPC. SuSE also supports the SPARC and IBM eSeries (S/390) platforms, so presumably there are more such announcements to come.

Distribution Reviews

SuSE Linux 7.1 (Duke of URL). The Duke of URL released a review of SuSE 7.1 this week. "Performance is pretty good for a distribution that is optimized for the 486 based PC. There is a noticable speed difference when running the 2.4 kernel, though not enough to make a major difference. However it does have a good feel to it that makes it very acceptable for day to day productivity". Overall, they commented that SuSE 7.1 had set a new standard for other distributions to beat.

SuSE 7.1 Professional still in minor leagues (ZDNet). The review above contrasts a bit with this one from ZDNet. "As a desktop operating system, SuSE 7.1 Professional would be a good fit only for Microsoft haters and cash-strapped companies installing systems for the first time". Note that this review was specific to the Professional version of SuSE, aimed at technical desktop users, and is being compared with Windows, not other Linux distributions. They did still compliment KDE 2.0, Yast2 and the level of device detection now provided.

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

KDE 2.1.1 release announcement. The KDE folks have announced the release of KDE 2.1.1. "The primary goals of the 2.1.1 release are to improve documentation and provide additional language translations for the user interface, although the release includes a few bugfixes, and improvements to the HTML rendering engine."

The list of changes details the differences between KDE 2.1 and 2.1.1. A few highlights are: Lithuanian language support, improved translations, better docs, and new icons. Chinese support has been improved. Konqueror saw the most change with security fixes, lots of KHTML work, and other bug fixes. In general, this release appears to contain a lot more fixes than additions, stability is a good thing.

KDE 2.1.1 is available for download on the numerous project mirror sites.

Siag Office. Siag Office is a free office package for Unix. The name stands for Scheme In A Grid, where Scheme, of course, is a variant of the Lisp programming language.

With a motto like It sucks less! and a word processor called Pathetic Writer, we can assume that the Siag Office developers have a sense of humor.

Siag 3.5.0 pre1 is the recently released development version, and Siag 3.4.8 is the stable version, both are available for download.

• Siag Spreadsheet contains some rather unusual features, including use of the Scheme programming language, a built-in mini web server, a file manager, mail capabilities, and even user mangement tools. The online docs fill in the details.
• Pathetic Writer, the Siag Office word processor seems fairly straightforward, it has support for RTF, HTML, ABS, and PDF formats, and visually resembles a number of other popular word processors. The Pathetic Writer Docs give a good introduction to the program.
• Egon Animator is the Siag Office animation tool, which allows animations to be created with a GUI interface or written in Scheme. Egon Animator can save its output in HTML, PDF, PostScript, and plaintext formats. See the online docs for more information.

Desktop Environments

KDE Community Launches New KDE Zine Project. A New KDE Zine Project has been launched. "Just a few short weeks ago, discussion about the possibilities of creating a print magazine cropped up on the KDE-promo mailing list. Today, the discussion has spawned its own mailing list, the beginnings of a Web site located at zine.kde.org, and a small group of volunteers who are busy working out myriad details involved in bringing a print publication to life."

Kernel Cousin KDE Issue #3 is Out. The Kernel Cousin KDE #3 for March 23 is now available. It summarizes ten threads, including coverage of the new powerful Kant editor in kdebase, Palm Pilot ioslaves, KDE socks support, a new font selection widget with font previews, and more.

KDE 2.1, What's new, what's cool, and why you need to get it (Linux Orbit). Linux Orbit takes a look at KDE 2.1 in a feature article. "With the release of KDE 2.0 on October 23, 2000, the KDE development team upped the ante in the bid for the hearts and minds of GNU/Linux desktop users. With major improvements in features and stability, KDE users couldn't wait for the next version. When KDE 2.1 arrived on February 26, 2001, few were disappointed."

Sodipodi 'GNOME Hall of Fame'. The Sodipodi Project (which is producing a nice vector drawing editor) announced the Sodipodi 'GNOME Hall of Fame'. The SGHF is part-fun, part serious. It is intended to be a list of respected hackers of the GNOME Desktop, with Portraits of all the people in question.

Office Applications

AbiWord: Free Word processing on all platforms now! (LinuxPower). LinuxPower talks to AbiWord developer Dominic Lachowicz. "AbiWord supports a large number of document formats, and we're always hoping to add more, as they only enhance our total value and usability. Currently AbiWord can import from the following formats: AbiWord, MsWord, DocBook, XHTML, Palm Doc, Psion Word/Text, RTF, TXT & UTF8, WML, and Gzipped AbiWord. AbiWord can export to the following formats: AbiWord, Applix 4.0, DocBook, XHTML, LaTeX, Palm Doc, Psion Word/Text, TXT & UTF8, WML, and Gzipped AbiWord. We're currently working on MsWord export, as well better Applix support and supporting the KWord, MIF, Siag Pathetic Writer, and OpenOffice formats."

Desktop Applications

Mozilla 0.8.1 released. A new version of the Mozilla browser, version 0.8.1, has been released. The release notes document a number of changes, including an improved Chatzilla IRC client, an improved JavaScript Console, better theme switching, a theme uninstaller, hierarchical history, gopher support, and lots more.

Important announcement for users of KMail 1.0.x / KDE 1.x. Old versions of KMail will stop working correctly on September 9, 2001 according to this announcement. Users should update to KDE 2.1, which includes KMail 1.2 to avoid problems.

GNU nano's first stable release. GNU nano is a GPL'd clone of the UW Pico editor. While remaining close to the original, it also adds some features that were missing in Pico as well as a sane license. GNU nano is a good editor for newbie users, as it's very simple and easy to learn.

Mahogany 0.62 release. Version 0.62 of the Mahogany mail and news client has been released. This release includes numerous bug fixes, speed optimizations, and a few new features.

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

This is an interesting concept, there must be a ton of useful information embedded in the source code of software projects. Code analysis is by no means a new field, but the creation of documentation from code analysis could be an area that is worthy of further study.

Documentation could be derived from code using several approaches:

• Looking at the code's structure: The structure of a program reveals a lot of how the code works. Happydoc works on this principal, and there are, no doubt, many other examples of this kind of code.
• Analyzing the code's data: Data structures reveal much about the function of code, software that collects this information and presents it in a useful way could be helpful in writing documentation.
• Filtering out the code's comments: A lot of the information embedded inside of comments is very specific to the code that it describes, possibly to the point of uselessness for generating documentation. Comments can also be out of date or misleading. Nonetheless, looking at all of the comments in a body of code as a whole could be a useful method for deriving some useful documentation from code. Trouble areas in the code would likely stand out. In fact, the comments in the Linux kernel source code were analyzed and a lot of colorful language was revealed.

Audio

SnackAmp 1.3 released. Version 1.3 of SnackAmp has been released. SnackAmp is a Tcl/Tk based Mp3 player that uses the snack sound extension.

Documentation

LDP Weekly News for March 27, 2001. Just in time for LWN publication, the March 27, 2001 edition of the LDP Weekly News is out. This issue features a new document, the Remote Serial Console HOWTO, and numerous updated documents. (Thanks to David C. Merrill.)

Embedded Systems

Embedded Linux Newsletter for Mar. 22, 2001 (LinuxDevices.com). The weekly Embedded Linux Newsletter from LinuxDevices.com is available. This week's coverage included A 6-part special feature on Midori Linux, GtkFB -- GTK+ for the Linux framebuffer, and details about Sharp's new Linux-based PDA.

Filesystem Software

Common threads: Learning Linux LVM, Part 1 (IBM developerWorks). In this article from IBM developerWorks site, the concepts behind Linux LVM (Logical Volume Management) are introduced, showing readers how to get the latest kernel patches and tools installed on a system. "What happens if you need to expand a filesystem so that it spans more than one hard drive, or what do you do if you need to dynamically expand or shrink a volume's storage capacity while allowing Apache to continue to serve Web pages? In a highly available, dynamic environment, a basic partition resizer just won't work. For these and other situations, Logical Volume Management is an excellent (if not perfect) solution."

Network Management

OpenNMS Update. The OpenNMS update for March 20, 2001 is available. This issue covers project status; new offices, new servers, new build stuff, upcoming road shows, and more.

Just in time for this week's LWN, the OpenNMS update for March 27, 2001 is also available. Topics this week include preparation for the 0.7.2 release which just may show up late next week, new core team members, report generation, and more.

Science

BioRuby, Bioinformatics in Ruby. The BioRuby project has been created to provide an integrated environment for Bioinformatics software development with the Ruby language.

Software Development Tools

Optimizing your machine for your needs (IBM developerWorks). Teodor Zlatanor shows us some tricks for setting up a Linux user account for software development in an IBM developerWorks article. "After customizing tcsh, Enlightenment, Eterm, and Emacs for a Java and Perl-oriented programming environment, Teodor shows us the configuration of his desktop in Linux. It is optimized for a Java and Perl programming setup, but doubtless other programmers will find many useful tips." We feel obliged to add some Unix trivia, the rc suffix for .cshrc, .bashrc etc stands for Run Command.

State Map Compiler Version 1.0 beta 4 released. A beta version of the State Map Compiler has been released. "SMC takes a state map description (stored in a .sm file) and generates State pattern classes in a target language (C++, Java or Tcl currently supported). SMC is a console based app written in Java 1.2 which means SMC can run anywhere Java 1.2 (or better) can run."

Web-site Development

Squishdot 1.0 released. Squishdot 1.0 has been released. Squishdot is a Slashdot-like system built on Zope. This release includes an important security fix; sites currently using squishdot should certainly upgrade. (Thanks to Navindra Umanee).

Midgard 1.4.1 released. Version 1.4.1 of the "Midgard Content Management and Application Serving Suite" has been released. This release, codenamed 'bifrost,' includes PHP4 support and a number of other goodies.

Measuring Web traffic (IBM developerWorks). Andrei Malacinski, Scott Dominick, and Tom Hartrick delve into the topic of web server logfile analysis in a two-part IBM developerWorks article. Part 1 covers the general ideas and strategies and part 2 goes into the nitty gritty details of log file content analysis.

Window System Software

The Pango connection: Part 1 (IBM developerWorks). IBM developerWorks introduces Pango, the next generation text rendering library that will be delivered with GTK+ 2.0. "Pango is an open-source framework for the layout and rendering of internationalized text, including right-to-left scripts and scripts such as Tamil where glyphs are context-sensitive. Not surprisingly, Pango uses Unicode characters internally (represented using UTF-8), and Pango's interfaces also use UTF-8."

The People behind KDE: Michael Häckel. KMail hacker Michael Häckel is the focus of the latest "People behind KDE" feature. "KMail is a central tonality of the KDE harmony. Part of the team of developers who invest work and passion into this interesting project, Michael Häckel hacks away, making great contributions to the KDE Project".

KDE Developer's Checklist. Jeff Tranter has put together a KDE Developer's Checklist with a ton of useful advice for porting software to KDE. "KDE developers, especially new ones, can easily overlook some tasks or features when developing applications or making changes to existing ones. KDE is a large system and, while much of the information exists somewhere, there is no one comprehensive set of development standards."

Word Processors

LyX Development News for March 28, 2001. The March 28, 2001 edition of the LyX Development News is available. This edition contains a number of amusing awards such as the Asbestos Suit Award. Also included are notes on the LyX-1.1.6 release, and numerous other LyX related items. (Thanks to Allan Rae.)

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Caml

Caml Weekly News. The latest report from the Caml world by David Mentré is out. News includes the CamlP4 3.01 release, LablGTK 1.2.0, the Timbuk A Tree Automata Library, a Caml development kit, and more.

Java

Securing systems: Using Java technology in high-stakes systems (IBM developerWorks). Joseph Sinclair talks about security issues facing the development of Java based information systems. "As J2EE-based systems become more prevalent, and sensitive data is more commonplace, the ability to effectively secure and manage Internet-accessible systems ceases to be a luxury and becomes a necessity. This general overview -- the first in a series of articles -- examines how Java technology can be used to secure systems in which the consequences of mistaken identity can be particularly destructive."

Perl

Perl 5 Porters for March 26, 2001. The March 26, 2001 edition of Perl 5 Porters is out. Topics include glob(), a bug in use Errno, open() trickery, Net::Ping, and much more.

DBD::Chart 0.30 announced. Version 0.30 of DBD::Chart has been announced. "DBD::Chart is a Perl DBI driver abstraction for rendering charts and graphs using a variant of SQL".

Inline::Java - Write Perl classes in Java. Inline::Java version 0.01 is available. Inline::Java allows you to write Perl classes in Java.

PHP

PHP Weekly News for March 26, 2001. The March 26, 2001 edition of the PHP Weekly News is out. Topics include the new PHP 4.0.5 RC2 release of PHP, PHP-GTK 0.3, Fast CGI, documentation updates, and more.

Variable Manipulation and Output (O'Reilly). John Coggeshall discusses PHP Variables in an O'Reilly PHP Dev Center article. "This article will conclude our discussion of variables in PHP by presenting the numerous ways that atomic PHP variables can be manipulated and accessed within PHP scripts."

Python

Python 2.0.1 heads-up. Moshe Zadka has posted a 'Release 2.0.1 Heads-Up' describing what will go into the imminent Python 2.0.1 release. This release is unique: it is a pure bugfix release, the first in Python's history. This is a testament to both the stability of the Python language implementation and the speed of its evolution. In the posting you'll find the rules for what can go into this release: they are quite strict. Mr. Zadka intends for the first bugfix release to be successful.

Python 2.1b2 released. Python 2.1b2 is now available. What's new for this version are: "Bugs fixed and documentation added. There's now an appendix of the Reference Manual documenting nested scopes".

Dr. Dobb's Python-URL! for March 26. The Dr. Dobb's Python-URL for March 26 is now available. It contains the Python 2.1b2 announcement, a 2.1b2 SRPM announcement, new documentation and more.

TuxBot Programming with Python (O'Reilly). Stephen Figgins talks about using Python and Linux for work with robotics in an article on the O'Reilly Python Devcenter. "Jonathan Pennington works with Legos. Specifically, he works with Lego Mindstorms, the robotics invention system. Pennington uses Lego robots and robots built with Handyboard kits to teach geological science to 8th grade kids -- in a program he calls Science Programs and Robotics for Kids (SPARK). The program has been good, but Pennington wants more power for his robots, more flexibility for the kids. He wants to program his robots in Python."

PyTREX: Python implementation of TREX (xmlhack). Xmlhack features an article on PyTREX, an open-source Python implementation of the TREX validation language.

Tcl/Tk

Tix 8.2.0 Beta 1 released. Tix 8.2.0 Beta 1 has been announced. Tix is a library of useful widgets for Tcl/Tk and this version features improved support for Tcl namespaces, a revamped build system, updated docs, and more.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

ArsDigita Community System 4.0 Java release. This ZDNet article titled "ArsDigita gives Open Source a Try" makes it sound like the ArsDigita Community System (ACS) is just now being released as open source. In fact what's new is the Java-based version, ACS 4.0 Java that has just been released. The original ACS is a Tcl-based product. Both the Tcl-based product and the Java-based product are released under the GNU GPL and always have been according to Jim McManus, Director of Corporate Marketing at ArsDigita.

This press release contains more information about the ArsDigita Community System (ACS) 4.0 Java, which they believe is currently the only Open Source Java-based e-commerce system.

OEone to build appliance environment with Mozilla. The OEone Corporation has announced that it will be building its Operating Environment platform using Linux, Mozilla and a variety of components including productivity, entertainment, communications, and personal portal applications. This Operating Environment can be used in a host of Internet devices ranging from All-In-Ones, WebPads, SetTop Boxes, and Screen Phones. OEone-enabled devices are designed for accessibility to first-time computer users and mozilla.org hopes to gain widespread recognition as well.

Privacy Foundation report on TiVo. The Privacy Foundation has posted a report on TiVo's privacy practices, showing that the (Linux-based) device records a great deal of information on its users' habits. "The diagnostic log contains an enormous amount of information about the TiVo's device's internal processes. On one day, for instance, we observed almost 100 pages of information being deposited in the diagnostic log. We are not aware of any other consumer device that routinely transmits so much operational information to corporate headquarters."

TiVo, of course, claims that it carefully safeguards the information it collects on its users, and it may even be sincere. There is an important lesson to be learned from this report, though: just because a device is built with Linux does not mean that its designers are more concerned with customer privacy than designers of proprietary systems.

France Against Software Patents. The EuroLinux Alliance announced that State Secretary of Industry Christian Pierret, who is directly in charge of the French Patent Policy, stated in an interview, "I am against software patents in Europe. It would kill innovation and promote juridical terrorism because multinational software publishers would multiply legal disputes against start-ups".

Linux Steps Up: 23% Expected To Switch Over. SuSE has issued a press release with statistics from a TNS EMNID survey done in Germany. The results, however, are quite fun to hear. "According to a recent TNS EMNID survey, 56 percent of the interviewed PC users have heard of Linux and ten percent already use the alternative operating system at home or at work. ... Furthermore, 23 percent of the computer users consider switching to Linux when upgrading their equipment".

Carter Kohlmeyer also pointed out that some survey details were provided in the press release: "On behalf of SuSE Linux AG, telecommunication and IT market researchers of TNS EMNID interviewed 5,000 individuals, ages 14 and up, regarding the level of awareness and interest in the Linux operating system compared to Windows. The survey was realized from February 23 to March 9, 2001".

Red Hat breaks even. Red Hat has announced its 4th quarter results. The company brought in $27 million in the quarter, more than double last year's earnings. The total loss was $600,000, which is being presented as a break-even result, given that the loss is less than one cent per share.

Open source innovators join ActiveState. ActiveState has announced a reasonably impressive set of appointments to its technical advisory board: Larry Wall, Brendan Eich, Guido van Rossum, Rasmus Lerdorf, and Jon Udell.

Great Bridge and Zend announce partnership. Great Bridge and Zend Technologies have announced a partnership to tighten the integration between the PostgreSQL database the PHP scripting language.

Great Bridge also announced that PHP core developers Rasmus Lerdorf, Thies Arntzen and Sascha Schumann have joined the Great Bridge advisory committee.

Tucows, Infonautics announce merger. Tucows and Infonautics have announced a merger, with the resulting company to be called "Tucows." Tucows, of course, is the owner of LWN.net, so we, at least, are interested in this news...:) We don't expect that it will bring about changes in how LWN is operated.

SGI and Platform Computing Collaborate to Offer an EDA-Ready Linux Technical Compute Farm. SGI and Platform Computing Inc. announced the SGI Electronic Design Automation (EDA) Technical Compute Farm for Linux. The compute farm is based on the SGI 1100 server, featuring 32 1 GHz Pentium III processors. Platform's LSF (Load Sharing Facility) software is also a key component of the system.

Avaya Releases Linux Security Software. Avaya Labs announced it is releasing Libsafe 2.0, a version of its free security software for Linux. Libsafe version 2.0 adds the ability to protect against security attacks that exploit "format string" vulnerabilities in software.

Alias/Wavefront Ships Maya 3 For Linux. Alias|Wavefront, an SGI company, announced that it has ported its entire suite of Maya 3D software products to the Red Hat Linux operating system. The products - Maya Builder, Maya Complete and Maya Unlimited for Red Hat Linux 6.2 and higher - will all begin shipping this week.

Linux Stock Index for March 22 to March 28, 2001.

LSI at closing on March 22, 2001 ... 29.34
LSI at closing on March 28, 2001 ... 29.59
The high for the week was 31.37
The low for the week was 29.34

Press Releases:

Open source products

• InnaPhase Corporation (PHILADELPHIA): InnaPhase Launches New Open Source Library For PK/PD Modeling.

• POSSE (BEDFORD, Mass.): Progress Open Source Software Exchange --POSSE-- Builds Internet Component Framework --ICF--.

• WebCT (LYNNFIELD, Mass. and VANCOUVER, BC): WebCT Provides New Products and Services for Institutions Expanding Their E-learning Campus-wide. WebCT 3.5 Campus Edition supports user authentication from a centralized database using the integrated open LDAP protocol or the Kerberos protocol.

Distributions and bundled products

• Caldera Systems, Inc. (HANOVER, Germany, CeBIT): Caldera(R), SCO(R) Unveil Open UNIX(R) 8. Open UNIX 8 incorporates the Linux Kernel Personality (LKP) technology into the UnixWare(R) 7 kernel so that Open UNIX 8 will run Linux applications.

• IBM (ARMONK, N.Y.): IBM Delivers Self-Managing Software for eServer z900; z/OS Brings Intelligence to the Mainframe. Enhancements that are due to become available later this year with z/OS 1.2 include the Intelligent Resource Director for Linux.

• Legato Systems, Inc. (MOUNTAIN VIEW, Calif.): Legato and SuSE Provide Bundled Data Protection for SuSE Linux Customers. Legato's NetWorker(R) 6 Linux client and Legato Cluster for Linux, an entry-level clustering solution, will be bundled with the SuSE Linux 7.1 Professional Series.

• MSC.Software (COSTA MESA, Calif.): MSC.Software Announces Enhanced Supercomputing; April Release of MSC.Linux Features Complete OSCAR Integration.

Proprietary Products for Linux

• Avaya Labs (HANNOVER, Germany): Avaya Labs Releases Free Linux Security Software to Battle Hacker Attacks in Programs and Web Sites. Libsafe 2.0 is an enhanced version of its free security software for the popular Linux operating system.

• IBM and SAP (CeBIT, HANNOVER, GERMANY): IBM And SAP Announce Availability Of mySAP.com(R) On Linux For eServer zSeries.

• Informix Software (MENLO PARK, Calif.): Informix Software Announces Availability of Informix OnLine 5 on Linux.

• Integrated Telecom Express, Inc. (SAN JOSE, Calif.): ITeX Integrates Linux Software Support Into Apollo(TM) ADSL Chipset Family.

Servers and Desktop Systems

• Dell (AUSTIN, Texas): Dell Unveils New PowerEdge Rack-Optimized and Workgroup Servers. The PowerEdge 2550 and 2500 are scheduled to be available in April 2001; prices start at $2,399. The servers can be factory installed with several different OS including Red Hat(R) Linux(R) 7.

Products and Services Using Linux

• Hårdvarubolaget (Hannover, Germany): TV-BOKKStm, a set top box for VoD and IP-TV running on a Linux platform, released at Cebit.

• Jungo Software Technologies Inc. (SUNNYVALE, Calif.): Jungo Software Technologies Joins With Conexant to Provide a Complete Reference Design for Broadband IADs / Residential Gateways.

• Merinta, Inc. (HANOVER, Germany): Merinta Demonstrates Advanced Client-Side Software for Internet Appliances With National Semiconductor At CeBIT 2001, Hanover. The Linux based Merinta iBrow 2.4 client-side software was demonstrated on several devices.

• Omnicomp Systems Inc. (HOUSTON): New Affordable Network Appliances From Omnicomp Systems Protect Business, School Computers. The firewall products are designated "Enigma"(TM) 2.0 systems, and the monitoring and content filtering products are designated "iSentry"(TM) systems. Both product lines use the "Red Hat"(TM) Linux operating system.

Products With Linux Versions

• Aludra Inc. (TORONTO): Aludra Inc. Showcases One Of A Kind Point-of-Sale Solution - Aludra POS - at Software Solutions + e-Business World Conference and Expo. Aludra POS is an industry-standard SQL-based system that supports Microsoft Windows and Linux-based operating systems.

• AvantGo (SAN MATEO, Calif.): AvantGo Introduces AvantGo 4.0 -- Pioneering Wireless Software, Applications and Services. AvantGo 4.0 M-Business Server will be available on March 30, 2001 for Windows NT, Solaris and Linux.

• DataFlux Corp. (CARY, N.C.): SAS Subsidiary DataFlux Announces Release of Blue Fusion v4.0. Blue Fusion SDK version 4.0 is targeted at programmers who want to embed data quality functions into proprietary applications and corporations that have the need for real-time data cleansing and integrity.

• Dirig Software (NASHUA, N.H.): Dirig Software Adds Support for HP OpenView Network Node Manager.

• GWI Software and InterNoded (ORLANDO, Fla.): GWI Software and InterNoded Partner to Offer Small and Medium Businesses a Hosted Support Offering.

• JNI Corporation (HANNOVER, Germany): JNI Corp. Debuts EZ Fibre 2.1, Demos Multi OS Support At CeBIT 2001.

• Kurant Corporation (SAN FRANCISCO): Kurant StoreSense E-Commerce Solution Now Available on VA Linux Server Platform.

• NETGEAR Inc. (SANTA CLARA, Calif.): NETGEAR Launches Affordable Cable/DSL Web Safe Router for the Home Network.

• OmniCluster Technologies (BOCA RATON, Fla.): OmniClus