Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Donate to LWN
 LWN Supporters
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

gnucash 1.6 and the dependency nightmare. The release of gnucash 1.6 was announced on June 11. gnucash is an important application - it is the only free package which provides comprehensive personal and business finance functionality. Your editor has been using it for over a year, and has been anxiously waiting for it to catch up to what the commercial finance packages can do.

From the release notes, the 1.6 release has gotten much closer to that goal; unfortunately, LWN is not, as yet, able to say more than that. You see, we have not yet been able to make it work on any of our systems.

gnucash is perhaps the prime example of shared library dependency hell. The executable requires no less than 60 different shared libraries, all, of course, with the right version. Upgrading to GNOME 1.4 addresses many of those dependencies, but not all of them. Dealing with the rest has proved tricky, even for people who are accustomed to this sort of problem.

There is no criticism of gnucash intended here. The gnucash developers are trying to produce the best package they can by taking full advantage of the work that has been done by others. That is how component-oriented software development is supposed to work, after all. And gnucash is certainly not the only application that presents this sort of dependency issue. But there is an important point that is worth raising here.

A program that needs 60 different libraries is depending on a very complicated software environment to support it. As of this writing, there is probably not a single distribution which, out of the box, provides that environment. Upgrading to that environment is helped by the various update services and tools that an increasing number of distributions are providing. It is worth asking, however, just how many of you would proceed with such an upgrade in confidence that it would work, and that nothing else would break?

As the Linux software environment becomes more complex and powerful, it also risks becoming more brittle. The desktop will not be won as long as users must upgrade dozens of libraries, with a good possibility of breaking their systems, to get a new personal finance application. The desktop developers have a serious challenge ahead of them here: make the environment robust and easy to upgrade, or see the users wander away in frustration.

(As an addendum, it's worth noting that the gnucash developers have plans to offer a CD with the application and all required libraries shortly).

Linus is not accountable? We got a pointer this week to a white paper published by Microsoft entitled "Linux in Retail & Hospitality: What Every Retailer Should Know." It is available from the Microsoft web site, but only in Word format. It contains a pretty serious copyright notice that prevents us from putting up a decrypted version, unfortunately.

It is a worthwhile read. While the company's executives make people laugh by calling Linux "a cancer," this document dedicates a dozen pages to flat out Fear, Uncertainty, and Doubt. It even cites LWN editor Liz Coolbaugh as an expert on the number of distributions available, which, of course, is presented as a problem:

Imagine how confusing it would be if Microsoft released 188 versions of Windows and multiple versions of the GUI, each with a slightly different functionality? Wouldn't that be confusing? Wouldn't it be extremely difficult to run an enterprise solution with confidence about your future and return on investment in Microsoft products? That is the exact scenario that Linux is presently in by having so many distributions.

You read it here: choice is bad.

Rather than get into a point-by-point rebuttal, however, we would like to focus on one issue in particular:

With everything being in Torvalds' hands, he is in total control over where the future of Linux goes. If he doesn't want a new retail feature to be included in the core operating system, it will not be included. Additionally, he doesn't have any accountability to the industry when the releases are delayed, if they do not work well, etc.

One could have a lot of fun examining the degree of "accountability" shown by Microsoft when its releases are delayed, when they did not work well, etc. But that misses the point. The important thing to point out here is that Linus has, simultaneously, less control and more accountability than Microsoft would like its readers to believe.

On the issue of control, it suffices to say that Linus' domain does not extend beyond the kernel. Most of what users see as "Linux" has very little to do with Linus; it is, instead, the responsibility of thousands of developers worldwide. In particular, almost anything seen as a "retail feature" is unlikely to involve him.

Linus has a level of accountability that far surpasses anything Microsoft can claim: he can only lead where users and developers will follow. There is no structure that requires anybody to run or develop for his standard kernels; if he mismanages development, he may well find himself in charge of an obscure fork while the real activity goes elsewhere.

For an example of how this can work, see the the coverage of the device number debate in the May 17 LWN Kernel Page. When Linus made an unpopular decision, Alan Cox refused to follow him. As a result, many prominent distributions will probably include kernels that implement a policy different from that decreed by Linus.

In fact, most of the major distributors employ high-profile kernel hackers, and almost all of them distribute kernels which have been modified in some way. They have, in other words, declined to follow Linus in situations where they feel that their users' needs call for something different. Thus, for example, SuSE users have had ReiserFS for some time, and Red Hat users had the current RAID implementation, even though the standard 2.2 kernel did not.

This is one of the great powers that free software gives to its users: nobody can prevent them from incorporating whatever functionality or changes suit their needs. And it is the core of Linus' accountability. If he tries to take the kernel in the wrong direction, his user community will simply go around him. Proprietary software vendors generally lack that accountability, and their users suffer for it.

The survey results are in. Thanks again to everybody who took the time to fill in the form. Here, for those who are interested, is a set of highlights from the results. There was much there that was interesting to us.

• We got just over 3100 replies.

• Most of you seem to like us - 94% said that they have the site bookmarked and come here regularly. The bulk of you come by once a week, but about 1/3 of the respondents said they hit the Daily Updates Page every day.

• People are generally happy with the content, with the Front, Kernel, and Security pages topping the list. The pages with the highest "dissatisfied" votes were On The Desktop and Commerce, at 11% and 12%, respectively.

• On the list of possible enhancements, the security incidents and updates database and detailed research reports came out on top. Two often-requested features - email delivery and a PDA version - were requested by less than half of the respondents; those who want those features, though, want them quite a bit. Comment posting came in at the bottom.

• You are a very male group - 98.7%. There are almost as many women writing LWN as reading it. Most of you are between 25 and 35 years old. Almost all of our readers have at least some college education, with 38% having completed a graduate degree.

• 41% of our readers live in the U.S, and 5.5% in Canada. Most of the remaining readers are European, with the U.K. and Germany topping the list. Almost every other country on the list (and a few that weren't - sorry) was represented, though; we have readers from Argentina to Zimbabwe.

• Most of our readers are employed in technical positions, and most of them at smaller companies.

• More of you run Intel systems than any other, which is not too surprising. But almost 30% of you have Alpha-based systems and 20% use PowerPC systems as well. 85% of you have Red Hat Linux around; all of the other distributions fall into the single digits, with one surprising exception: half of you claim to run Slackware on your networks.

• 667 of you took the time to write in additional comments, and we've read every single one of them. Took a while. There were a few common themes that we found; even after we got past the most common type of comment, which was complaints about the survey itself. Yes, the survey could have been done a lot better; we apologize (again) for the problems.

  Beyond that, numerous people asked us not to change too much. Quite a few expressed hostility to the idea of comment posting, which came as a bit of a surprise; we had been considering adding such a feature. Gripes about the "On The Desktop" page were fairly common. We also saw a number of requests for expanded development coverage and a better organization for the software announcements pages.

  Some of you took us to task for excessive coverage of Red Hat on the distributions page. Others complained that we ignore Red Hat in favor of other, more obscure distributions.

  We were also surprised by a number of complaints about excessive commercial coverage. We operate in the belief that you can not really cover Linux and free software while ignoring the commercial sector; corporations, at this point, have a lot of influence over what happens. Numerous readers disagree, however.

We're still digesting the results of the survey; there is a lot of information there. We would like to thank you all, one more time, for giving us a bit of your time. It will help us to create a better LWN for everybody.

New LWN.net events calendar. The LWN.net Linux Events Calendar has seen a much-needed, much-delayed major upgrade. The new, Zope-based calendar provides a more flexible interface, and the ability to filter events by type. And finally we've done something with that linuxcalendar.com domain name... Have a look, we hope you like it.

Inside this week's Linux Weekly News:

• Security: Non-executable stack and heap implementations, new vulnerabilities in LPRng, xfs, gdm, xinetd, exim, fcron and TIAtunnel.
• Kernel: 2.4.6pre3; the limits of what modules can do; kernel data formats.
• Distributions: 217 Distributions and counting ...
• On the Desktop: Usability testing, GNUStep interview, and PalmOS updates.
• Development: GStreamer, Cplant cluster software, Ganymede 1.0, GVD 1.2.0, Open Source Legal Issues, APL for Linux.
• Commerce: TV Linux Alliance; 'LPI Certification in a Nutshell' from O'Reilly.
• History: Debian 1.1 was released 5 years ago; The "Open Source" trademark officially died 2 years ago.
• Letters: Licensing and security; naive economics; Linux's astrological sign.

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

See also: last week's Security page.

Security

News and Editorials

Non-executable stack and heap for Linux. Discussion regarding the security value and cost of implementing non-executable stack and heap for Linux was revived this week with the announcement of RSC, a non-executable stack and heap kernel module for Linux by author Paul Starzetz. Other projects with similar goals were discussed, such as PAX, announced back in October. Non-executable data areas, of course, are interesting to some because they can block certain types of buffer overflow attacks.

During the discussion, Crispin Cowan posted this message which provides links to prior discussions on this topic, related papers and more. We recommend perusing it if you are interested in the topic. He summed up the argument for non-executable heap and stack fairly succintly, presuming, of course, that the implementation costs are not too high. Crispin writes:

Summary of my personal view only:

• non-executable segments do add some security value
• non-executable segments is arguably an obscurity defense, because attacks exploiting overflow vulnerabilities that are stopped by non-executable segments can always be re-worked to be "return into libc" style attacks that bypass the non-executable segment by pointing directly at code in the code segment
• this obscurity defense arguably has value, because writing return-into-libc exploits is hard, and hard to make scriptable, because the offsets are fussy

That is, of course, not the end of the conversation - not everybody thinks that the "security through obscurity" approach of non-executable data segments is worth the trouble.

Open source to the rescue (ZDNet UK). This article in ZDNet UK looks at the European Parliament's stand on open source. "I thought this particularly interesting since it was among the resolutions voted for by the European Parliament, and must surely be the first time any parliament has come out and said that open source software is intrinsically more secure than closed source software. Microsoft take note.

More interesting still was the European Parliament's resolution to urge member states to devise ''measures to promote, develop and manufacture European encryption technology and software and, above all, to support projects aimed at developing user-friendly open-source encryption software.''"

Pittsburgh Company Helps Write Code for European Privacy Standards on Web (Pittsburgh Post-Gazette). Bright Plaza, Inc., a Pittsburgh, USA based technology firm, will be working with the European Commission as they look at developing a prototype for new software to protect privacy on the Web. "The EC initiative is driven by a widespread European belief that life in the Information Age makes personal information far too accessible, said [Carnegie Mellon University scientist Robert] Thibadeau. 'The Europeans are ahead of the U.S.,' he said. 'They regard privacy as if it's part of you as a human being. And they say the state has an obligation to protect your privacy, just as it has an obligation to protect your life'".

Fluffy Bunny speaks on IRC. The cracker behind the SourceForge, Themes.org and Apache break-ins has apparently done an IRC interview, the summary of which has been posted to SecurityFocus. "The cracker also explained how all the recent compromises were related. The common link: a packet sniffer Fluffy Bunny put in place on Exodus. "There was a sniffer on exodus yes, but there are sniffers everywhere," Bunny wrote." The identity of the interviewee has not been confirmed, however. (Thanks to Joe Barr)

Security Reports

LPRng supplemental group membership vulnerability. LPRng fails to drop membership in supplemental groups at the same time it drops setuid and setgid privileges. As a result, such supplemental groups may provide access to enhanced privileges. This bug was not referenced on the LPRng home page, but Red Hat has issued updated packages with a fix for the problem. This is also covered in BugTraq ID 2865.

• Red Hat

XFree86 X font server (xfs) denial-of-service vulnerability. The X font server xfs, part of XFree86, has been reported to contain a denial-of-service vulnerability. When connected to "numerous" times and given random data, xfs may crash, which can, in turn, cause the X server to crash as well. This is only applicable to font servers that are listening to TCP/IP, which is likely only the case for a machine that is serving X terminals. No workaround or fix for the problem has been reported so far.

gdm cookie vulnerability. gdm 2.2.2.1 has been released and, according to the changelog, contains a fix for a security problem under which an attacker could log in, save his cookie and then have that cookie used by the next person to log in.

• Slackware (from the Changelog)

xinetd buffer overflow. A buffer overflow has been reported in xinetd which may be exploitable either to gain elevated privileges or to cause a denial-of-service. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging.

Linux FPF kernel module denial of service vulnerability. FPF is a Linux kernel module which can be used to alter the Linux TCP/IP stack in order to emulate other operating systems when the system is probed by tools such as nmap or Queso. With the patch applied, it is possible to cause the kernel to panic by sending it multiple fragmented packets. A fix for the problem has been released. Nonetheless, the authors still state that the module has some problems and they recommend against using it on servers.

exim format string vulnerability. A locally-exploitable format string vulnerability has been reported in exim, a GPL-d Mail Transfer Agent. Root access may be gained if the 'syntax checking' mode is turned on (not the default). Workarounds and an unofficial patch are available. The patch will be rolled into exim 3.30, which is expected to be released "soon".

• Debian
• Conectiva

man-db nested calls vulnerability. The man-db vulnerability of the week involves the manner in which calls to drop_effective_privs and regain_effective_privs are handled. Nested versions of such calls can be used to cause man-db to regain privileges too early, which could result in a user being able to create files as user man.

• Debian

su-wrapper buffer overflow. su-wrapper is used to execute processes under different uids. A buffer overflow has been reported in su-wrapper 1.1.1. No official patch or upgrade has been released, but an unofficial, untested patch has been posted.

Fcron symbolic link vulnerability. fcron is a periodic command scheduler which implements the functionality of vixie cron but does not assume that your system runs all the time or regularly. A symbolic link vulnerability has been reported in fcron 1.0. Versions 1.0.1, 1.0.2 and 1.0.3 have been reported not vulnerable, so presumably an upgrade to one of these versions will resolve the problem. No information on whether or not the latest development version, 1.1.0, is affected has been posted.

TIAtunnel remote access vulnerability. TIAtunnel is a simple IRC bouncer, released under the GPL. A vulnerability has been reported in TIAtunnel that can be exploited by a remote attacker to gain a local shell under the TIAtunnel account. This was found in PKCrew TIAtunnel 0.9alpha2 and has been fixed in TIAtunnel 0.9alpha3. Note that a stable version of the software has not yet been released.

Proprietary products. The following proprietary products were reported to contain vulnerabilities:

• Security upgrades have been applied to both the client and server potions of Caldera's Volution network management software. Upgrading both components is recommended. This is also covered in BugTraq ID 2850.

• BestCrypt version 0.7, a data encryption product, can be exploited locally to run arbitrary commands as root. An upgrade to BestCrypt 0.8 will fix the problem. BugTraq ID 2875.

• SpearHead Security has acknowledged the URL encoding vulnerability in the NetGap devices reported in last week's Security Summary. They report that the problem has been resolved in build 78 of the NetGap software.

• The Anonymizer.com anonymous web service has been reported to contain a vulnerability in which Javascript code commented out by Anonymizer gets executed anyway. No warning messages are posted. This has been tested only on the free/trial version of Anonymizer. No vendor response has been seen so far.

• A Java-filtering vulnerability has been reported in gmx.net, a European-based free web-mail community. GMX AG has responded, acknowledging the problem and promising an immediate workaround would be put into place.

Updates

ispell symbolic link vulnerabilities. Check the June 7th LWN Security Summary for the original report.

This week's updates:

• Debian, fixed in ispell-3.1.20-8, updated January 26, 2000.

• Red Hat (June 7th)

xinetd default umask vulnerability. Check the June 7th LWN Security Summary for the original report. Fixing the problem simply requires that the default umask for xinetd be set to 022 instead of 000. This is also covered in BugTraq ID 2826.

This week's updates:

• Linux-Mandrake
• Immunix

• Red Hat (June 7th)

gnupg format string vulnerability. Check the May 31st LWN Security Summary for the initial report. gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for this problem and an upgrade is recommended. Werner Koch also sent out a note warning of minor build problems with gnupg 1.0.6 when compiled without gcc.

This week's updates:

• Conectiva
• Red Hat
• Turbolinux
• Caldera
• Debian, unstable upgrade to 1.0.6 on May 29th.

• Engarde (May 31st)
• Progeny (May 31st)
• Linux-Mandrake (June 7th)
• Immunix (June 7th)
• Trustix (June 7th)
• SuSE (June 7th)

multiple imapd buffer overflows. Check the March 15th LWN Security Summary for the original report. This is also covered in BugTraq ID 2856.

This week's updates:

• Linux-Mandrake

• Caldera (March 15th)
• Conectiva (March 22nd)
• SuSE (March 29th)

GTK+ module use in setgid/setuid programs. Check the January 4th, 2001 Security Summary for the original discussion of this issue. The official position of the GTK+ team is that setuid and setgid programs are a bad idea for GUI toolkits and are not supported by the GTK+ toolkit.

This week's advisories:

• Turbolinux
• Havoc Pennington, response to patch issued by Turbolinux.

Multiple buffer overflows in tcpdump. Multiple buffer overflows in tcpdump were reported in our November 2nd, 2000 edition. Check also BugTraq ID 1870

This week's updates:

• Turbolinux
• Linux-Mandrake

• FreeBSD (November 2nd, 2000
• SuSE (November 16th, 2000
• Debian (November 23rd, 2000)
• SuSE (November 23rd, 2000)

Resources

IBM Whitepaper: The Linux Security 'State of the Union'. Dated May 11, 2001, nonetheless it was this week that this IBM whitepaper first came our way. It contains a nice description of Linux security efforts, such as LIDS, Snort, RSBAC, NSA Security Enhanced Linux, StackGuard, packet filtering, LOMAC, PortSentry and TCS.

New Security Portal moderated security discussion list. SecurityPortal has started a new, moderated discussion list for security issues, seeded with a few SecurityPortal people to make sure that an effort is made to answer questions posed to the list.

Events

Upcoming Security Events.

Date	Event	Location
June 17 - 22, 2001	13th Annual Computer Security Incident Handling Conference (FIRST 2001)	Toulouse, France
June 18 - 20, 2001	NetSec Network Security Conference(NetSec '01)	New Orleans, Louisiana, USA.
June 19 - 20, 2001	The Biometrics Symposium	Chicago, Illinois, USA.
June 19 - 21, 2001	PKI Forum Members Meeting	(Kempinski Hotel Airport Munchen)Munich, Germany
July 11 - 12, 2001	Black Hat Briefings USA '01	Las Vegas, Nevada, USA.
July 17, 2001	The Open Group Security Forum briefing	Austin, Texas
August 6 - 10, 2001	CERT Conference 2001	Omaha, NE, USA.
August 7, 2001	CIBC World Markets First Annual Security & Privacy Conference	New York, NY, USA.
August 13 - 17, 2001	10th USENIX Security Symposium 2001 Conference	Washington, D.C.
August 13 - 17, 2001	HAL2001	Enschede, The Netherlands

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Liz Coolbaugh

LWN Resources
Security alerts archive

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

See also: last week's Kernel page.

Kernel development

The current kernel release is still 2.4.5. Linus released 2.4.6pre3 on June 13. It includes a relatively large set of fixes and updates, including the long-awaited fix that allows ReiserFS filesystems to be exported by NFS; a number of virtual memory updates; a bunch of virtual filesystem cleanups by Alexander Viro; and many other fixes. Linus didn't see fit to mention it, but, as of pre2, the kernel also contains a Bluetooth protocol implementation.

The VM changes include work from a number of developers. After some rigorous testing here at LWN Labs (i.e. "run it on your desktop and see what happens"), we conclude that a number of the VM issues have, in fact, been addressed. It is not perfect, yet, but progress is being made. It's nice to have a system that doesn't seem to be running out of swap all the time.

On the other hand, there have been reports of compile-time warnings due, as it turns out, to a change in the PCI bus API. One might object that this is supposed to be a stable kernel series; evidently the kernel developers concluded that there were few users of this particular interface and a change would not cause problems. Some people disagree, however.

The 32-bit DMA zone patch, covered last week, is still not present in the 2.4.6 prepatch. Linus likes the idea, but wants some changes which create a new interface for setting up memory zones in a more flexible manner.

Alan Cox's latest is 2.4.5ac13. Alan is evidently doing jury duty, and has thus been relatively quiet.

A new networking patch pushes the limits of what modules can do. La Monte Yarroll is working on the Linux Kernel SCTP project, which is producing a Stream Control Transmission Protocol implementation for Linux. The SCTP folks have found that it is hard to just plug a new networking protocol into the kernel - the interfaces are just not set up for that.

So Mr. Yarroll has posted a patch which creates a new registration interface. The current static tables are replaced with a dynamic structure, and a set of functions has been provided which allows a module to add its new protocol to the system. It seems like a useful patch, which should not be overly controversial.

Until, that is, somebody asked if this interface could be used to replace the TCP implementation in the kernel. The answer was "yes," though any hopes of having the new implementation pick up existing connections should be forgotten.

Here's David Miller's take on the idea of plugging in new TCP implementations:

I will never in my lifetime allow such a facility to be added to the Linux kernel.

One might safely conclude that he does not like the idea.

The problem is that David does not want to open the door for people to plug proprietary TCP implementations into the kernel. Linus has, of course, said that non-free kernel modules are OK, as long as they stick to the published module interface. That interface currently does not allow the replacement of network protocol stacks, so the only way to do so would be to link the new implementation directly. Doing so with a proprietary implementation would clearly violate the GPL. Mr. Miller (and many others) are happy with that state of affairs.

This approach is not particularly new or surprising - Linus does not allow modules to add new system calls for the same reason. Binary-only kernel modules are tolerated, grudgingly, but only for certain tasks, such as driving devices. "Embracing and extending" the kernel by replacing whole subsystems goes a little too far. Of course, as was covered on the LWN front page two weeks ago, some people think that even Linus's interpretation is too liberal.

So the registration patch will probably see some minor reworking so that it does not allow the replacement of existing network protocols. But the issue of binary modules is likely to return, soon. There may yet come a point where they are no longer allowed.

The kernel and data formats. Another area of ongoing discussion has to do with how the kernel returns data to user space. Last week's Kernel Page mentioned the discussion of temperature formats; this discussion is worth revisiting (along with one other) because they illustrate how some kernel interface decisions are made.

Last week we reported that kelvins were the likely choice of units for temperatures reported by CPU monitors and such. In fact, a number of people have been advocating for temperatures to be reported in tenths of kelvins, or even hundredths. The stated advantages of this format are that the numbers will always be non-negative, and that a very wide range of temperatures can be represented with 16 bits - a wider range, certainly, than most computers will endure and be expected to still function. Or so it seems.

The assertion that kelvins can not be negative was quickly refuted, but the argument is mostly of interest to pedantic quantum physics enthusiasts. Once again, this is not within the normal operating specifications of current commodity hardware.

Using anything other than straight kelvins has also been controversial. The point being made is that returning a value in hundredths of kelvins might fool people into believing that the temperature measurements are actually that accurate. One degree of precision is more than adequate for modern CPU temperature sensors, and a more precise measurement would be useless even if it were accurate.

Nonetheless, there are people who would like the more precise format, for the simple reason that it may be needed in the future, and these interfaces are hard to change once they are in use. A final resolution has not happened, but a likely format will be tenths of kelvins, since ACPI already uses the format.

Some people have argued for a system configuration option which would allow selection of whatever temperature unit pleases the user best. That didn't get very far, though. There is a near consensus that the kernel should export a single, well-defined format, and leave conversions to user space.

The same idea, however, created a bit more fuss at the end of May, when a new version of the Phillips web camera driver was merged with its color conversion routines stripped out. As a result, applications using that camera see only one format, and many of them apparently do not understand it. The pwc driver author has summarized his position, along with much of the discussion, on his web page.

The argument here is the same: the kernel should export a single data format, and leave conversions to user space. In the case of web cameras, the kernel hackers would much rather see a single, user-space conversion library, rather than a whole set of duplicated conversion routines in each driver. Driver writers, who want to make their devices easily usable, may disagree, however. The kernel hackers say what goes in, though, so this policy is likely to remain.

Other patches and updates released this week include:

• Pavel Roskin has posted a patch which provides devfs support for USB scanners.

• IBM released version 0.3.4 of its journaling filesystem.

• For those who would like to try out the ext3 filesystem, but who aren't up to applying the patches, Peter Braam has released a set of RPMs containing an ext3-enabled kernel.

• The latest reports from the Stanford checker include 15 security holes (some of which were acknowledged to be nasty), and a couple of potential deadlocks.

• There is a new man pages release from Andries Brouwer; it exceeds 1000 pages for the first time, and adds pages for a number of previously undocumented system calls.

• Tom Gall at IBM has announced a port to 64-bit PowerPC processors. As an example of the scale of machines that are to be built with this processor, consider this other note from Tom wondering how he can deal with the current limit of 256 PCI buses.

• Work continues on the security module patch. Here is a version of the patch posted by Stephen Smalley with a number of new features. Greg Kroah-Hartman responded with a patch of his own that takes a slightly different approach.

Section Editor: Jonathan Corbet

For other kernel news, see:

• Kernel traffic
• Kernel Newsflash
• Kernel Trap
• 2.5 Status

Other resources:

• L-K mailing list FAQ
• Linux-MM
• Linux Scalability Effort
• Kernel Newbies
• Linux Device Drivers

See also: last week's Distributions page.

Lists of Distributions
distrowatch
ibiblio
Kernelnotes
Linux.com
LinuxLinks
Woven Goods

Embedded Distributions:
3ilinux
Bifrost
Blue Cat Linux
BluePoint Embedded
Compact Linux
Coollinux
DSPLinux
ELinOS
ELKS
Embedded Debian
Embedix
Etlinux
FlightLinux
Hard Hat Linux
Jailbait
Linux/Coldfire
LEM
Midori
NeoLinux
OnCore Systems
PeeWeeLinux
RedBlue Linux
RedIce-Linux
Royal Linux
RTLinux
Tynux
uClinux
White Dwarf Linux

Handhelds/PDAs
Agenda-VR
Familiar (iPAQ)
Intimate (iPAQ)
Linux DA
PocketLinux
PsiLinux

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Special Purpose/Mini
2-Disk Xwindow System
Mindi Linux
SmoothWall

Floppy-based
Brutalware
BYLD
Coyote Linux
DLX
Fd Linux
Fli4l (Floppy ISDN/DSL)
floppyfw
Floppix
FREESCO
Linux in a Pillbox (LIAP)
Linux Router Project
LOAF
muLinux
Nuclinux
Proxyfloppy
ShareTheNet
Small Linux
Tomsrtbt
Viralinux_II

CD-based
BasicLinux
BBLCD Toolkit
CDLinux
Crash Recovery Kit
DemoLinux
Devil-Linux
Finnix
Gibraltar
innominate Bootable Business Card
Linuxcare Bootable Business Card
LNX-BBC
MkCDrec
RunOnCD
Sentry Firewall
SuperRescue
Timo's Rescue CD
Ututo
Virtual Linux

Zip disk-based
NBROK
ZipSlack

Small Disk
hal91
MicroLinux
--> Peanut Linux
PKLinux
Relax Linux
TA-Linux
Tomukas
ttylinux
VectorLinux

Wireless
Bambi Linux
Flying Linux

Hardware-specific
(ARM)
ARM Linux
(Beowulf)
Scyld Beowulf
(IBM)
Think Blue Linux
(Oracle's NIC)
NIC Linux
(PA-RISC)
PA-RISC Linux
(Playstation)
Runix
(PowerPC)
Black Lab Linux
LinuxPPC
MkLinux
Yellow Dog
(Sparc)
Splack
UltraLinux
(Older Intel)
ClarkConnect
Monkey Linux
TINY

DOS/Windows install
Armed Linux
DragonLinux
Phat Linux

Diskless Terminal
GNU/Linux TerminalServer for Schools
K12LTSP
LTSP
Pygmy
Xdenu

Distributions

News and Editorials

217 Distributions and Counting. Since we are being so widely-quoted these days in reference to the number of Linux distributions (see today's Front Page), it seems about time to update some of our statistics about the number of Linux distributions. To review past statistics, here are some general numbers that we've quoted in talks over the past year or so and to which we've added our current total. After all, if we're going to be quoted in the wider media and even as a reference in Microsoft materials, we need to keep our data up-to-date.

Estimated number of known Linux Distributions

Date	Number of Distributions
February 2000	110
August 2000	153
January 2001	188
June 2001	217

Simultaneously, however, we've stuck out our neck far enough to lightly reorganize our distributions list yet again. This time, we've done some small changes to the right-hand column. At the top, in alphabetical order, we've placed the seven general-purpose distributions that we have consistently found used by audience members when we've talked at various Linux conferences and user group meetings.

After that, we've listed seven more general-purpose distributions that, while their audience segment is still unknown, have had a high presence from a news perspective in these pages over the past couple of years.

These two lists are intended to represent the Linux distributions most likely to be considered for usage on a general-purpose server or workstation. Comments and suggestions are, as always, welcome.

Compare the number of distributions on these lists (14) with the overall total (217). This illustrates one of the points of the full talk on Linux distributions that Liz Coolbaugh updates and gives to various conferences and LUGs on an infrequent basis: although there are a multitude of Linux distributions, most of those are very specific, highly tailored tools. Only a fraction of them are competing for space on retail shelves or for the mindshare of Linux users.

Only a small fraction need to be considered and compared before choosing a Linux distribution with which to work.

The Linux distributions space is haunted, in general, by an absence of absolute statistics. Witness, as a result, this week's battle between Gartner and IDC about how many Linux server systems there really are. We would guess this is why the statistics from Liz's talk ended up first within a TechWeb article in January and now within Microsoft's own documents.

Numbers aren't biased inherently; the conclusions drawn from them will always be biased in some manner or another.

New Distributions

Linux/MNIS. Linux/MNIS is a distribution out of France with a bit of a split personality. It could also be considered two separate distributions, but since only one name is given to describe both of them, we'll keep them together. The two variants of Linux/MNIS come based on either Slackware or Debian. The website comments that both were chosen for their stability and their ease of administration, while Debian was also chosen for the large amount of software provided with it. Intel, Alpha, Sparc and Motorola platforms are supported.

MNIS appears to be a French-based technical support company, among other pursuits. They provide technical support for Solaris, SunOS, Linux, BSD, HP-UX, AIX, SCO-UNIX, and OSF-1. The Linux/MNIS distributions, therefore, are created primarily for their customers and to attract new customers that want local (to France) support available. [Thanks to Fred Mobach].

Distribution News

Red Hat News. The Linux 2.4.x kernel series is a bit stricter than earlier versions of the kernel in the manner in which vfat (Windows) partitions are handled. As a result, applications happily using files on a vfat partition under earlier versions of the kernel may fail under Red Hat 7.1. This unfortunately includes StarOffice 5.2. The actual bug is in the application, but getting a correction into StarOffice 5.2 is not likely to happen any time soon, if ever. All the end user can do is remember transfer files off a vfat partition to another partition before attempting to edit them with StarOffice 5.2.

Red Hat released updated ypbind packages this week to fix an error where an NIS client fails to bind to an NIS server at boot time, but reports success.

Caldera Previews 64-bit Linux for Itanium. Caldera has announced the availability of a preview version of OpenLinux for the Itanium processor.

Linux-Mandrake News. MandrakeSoft has released the first beta of Mandrake Linux PPC which is based on Linux-Mandrake 8.0. Some of the current problems, screenshots and other user comments can be found on MandrakeForum.

Dual-processor AMD systems have been tested with Linux-Mandrake. They are working well and are expected to be added to the supported hardware database soon.

Solutions for some CUPS printing problems are now available.

And a Spanish version of the Linux-Mandrake Demo & Tutorial Center is now online, thanks to volunteers from the Grupo de Usuarios Linux de Jaén. Note that this is still a work-in-progress; not all chapters have been translated.

Debian News. The latest issue of the Debian Weekly News (text version) has been published. Discussions include the recent downtime for master.debian.org and the 100,000th bug to pass through Debian's bug tracking system. Note also that .debs for Mozilla 0.9.1 became available this week.

From the Hurd side of Debian, the Kernel Cousin Debian Hurd reports problems with autoconf 2.50 (apparently also impacting general Debian GNU/Linux development),

Slackware News. Activity in preparation for the upcoming release has been heavy under the Intel port. Updated versions of svgalib, ispell, epic, isdn4k-utils, screen, automake, binutils and more were installed. Major updates include mozilla-0.9.1 (reported to contain nice improvements and no visible new bugs), galeon 0.11.0 and mysql-3.23.39.

gdm was upgraded to 2.2.2.1, which was marked as a security fix. So the Slackware changelogs provided us with information about a security problem that hadn't shown up in the security mailing lists yet. Also on the security front, sudo was updated to 1.6.3p7 (which had not hit freshmeat yet, when we checked), because it was rumored to fix a security problem, though the sudo Changelog gives no description of the changes in sudo 1.6.3p7. Slackware had already upgraded to 1.6.3p6 to fix a buffer overflow problem reported in early March.

Distribution Reviews

Red Hat Linux 7.1 Deluxe Workstation (ZDNet). ZDNet says that this edition of Red Hat Linux carries superb installation help but complex partitioning and modem setup remain difficult. "The installation procedure remains difficult for beginners and even mid-level Windows users, but Red Hat helps considerably by including well-written and highly informative explanations in the onscreen windows during the many steps of the installation wizard."

Minor Distribution updates

• Mindi Linux 0.20, "Some Linux distributions use a copy of the LibC library that is over 4MB in size. This and other over-large libraries and tools are copied piecemeal to Mindi's datadisks at run-time and will be reassembled at boot-time. This change should make Mindi compatible with the latest Debian and Mandrake distros".
• Mindi Linux 0.21, "When modules are loaded at boot-time, their original parameters from '/etc/modules.conf' are now passed to insmod".

Editor's note

Section Editor: Liz Coolbaugh

Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.

Leading
Caldera OpenLinux
Debian GNU/Linux
Linux-Mandrake
Red Hat
Slackware
SuSE
TurboLinux

Also well-known
ASPLinux
Best Linux
Conectiva Linux
e-smith
Kondara MNU/Linux
Progeny
Rock Linux

Non-technical desktop
easyLinux
Icepack Linux
Independence
LibraNet
Redmond Linux
WinSlack

Education
Boston University
kmLinux
LinuxFromScratch
OpenClassroom
Red Escolar

General Purpose
Alzza Linux
aXon Linux
Bad Penguin Linux
BearOps
Black Cat Linux
BluePoint Linux
BYO Linux
CAEN Linux
Cafe Linux
ChainSaw Linux
Circle MUDLinux
cLIeNUX
Complete Linux
Console Linux
Corel Linux
CRUX
Darkstar Linux
DLite
easyLinux
Elfstone Linux
ESware Linux
Eurielec Linux
eXecutive Linux
Fried Chicken
FTOSX
FullPliant
Gentoo
Go!Linux
HA Linux
Halloween Linux
HispaFuentes
IceLinux
Ivrix
ix86 Linux
J-LINUX
JBLinux
Jurix
KRUD
KSI-Linux
Lanthan Linux
Laonux
LASER5
Leetnux
Linpus Linux
Linux Cyrillic Edition
Linux MLD
LinuxOne OS
LinuxPPP
Linux Pro Plus
Linux-SIS
LNX System
LoopLinux
LSD
Lute Linux
MageNet
Mastodon
MaxOS
minilinux
MSC.Linux
nmrcOS
NoMad Linux
Omoikane GNU/Linux
PingOO Linux
Plamo Linux
PLD
Project Ballantain
PROSA
Rabid Squirrel
Repairlix
Root Linux
Scrudgeware
Serial Terminal
Sorcerer
spyLinux
Stampede
Stataboware
TechLinux
TimeSys Linux/RT
Tom Linux
Trinux
Turkuaz
Ute-Linux
VA-enhanced Red Hat
Vine Linux
Virtual Linux
WholeLinux
WinLinux 2000
XTeamLinux
ZipSpeak

Country-specific
Argentina
GNU/Linux Ututo
Britain
Definite Linux
Eridani
China
COSIX
Red Flag
France
Linux/MNIS
Italy
LinuxEspresso
Madeinlinux
Vedova
Spain
Linux Esware
Thailand
Kaiwal Linux
Thai Linux Extension

Related Projects
Chinese Linux Extension

Historical (Non-active)
Dualix
Gentus
Giotto
MCC Interim Linux
OS2000
Storm Linux
Yggdrasil

See also: last week's On the Desktop page.

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Office Suites
Ability (*)(w)
Anywhere Desktop (*)
(formerly "Applixware")
GNOME Office
HancomOffice
KOffice
StarOffice / OpenOffice
Siag Office
WordPerfect Office 2000 (*)(w)

Java / Web Office Suites
ThinkFree Office (*)
Teamware Office (*)
Cybozu Office (*)

Desktop Publishing
AbiWord
iceSculptor (*)
Impress
Maxwell Word Processor
Mediascape Artstream (*)
Scribus

Web Browsers
Mozilla
Netscape (*)
Opera (*)
Konqueror
Galeon

Handheld Tools
KPilot
JPilot
Palm Pilot Resources
Pilot Link
SynCal

On The Desktop

Usability testing. In the May 3rd edition of the On the Desktop page here at LWN.net there was a note about some usability testing that was done for the GNOME project. Telsa Gwynn wrote in with some additional information on this testing.

The talk was given by Calum Benson of Sun at GUADEC 2001. I went to it and wrote a very brief write-up which includes the how, when and why. Another talk at the same conference about usability was by Darin Adler [formerly] of Eazel and included "user testing on the cheap": two webcams and a checklist works even if you can't afford a UI lab with bells and whistles. And some test results from MIT assessing GNOME usability were posted to nautilus-list@eazel.com before GUADEC II.

According to Telsa, the handouts from Calum's talk explained a little of how the tests were performed: "Here's a desktop. Look at it. Don't move the mouse. What do you think the icons represent? Why? Okay, now you can move the mouse and get tooltips. Now what do you think the icons represent? Okay, now try to ... (and so forth)". After the questions were answered a number of tasks had to be performed.

LWN.net interviewed Calum Benson, a Usability Engineer at Sun Microsystems in Dublin, Ireland about these tests with GNOME users. He says that usability isn't just about ease of use:

A less formal definition would be that a usable product is easy to learn and remember how to use, and helps you do your job quickly and enjoyably without making mistakes. Of course, each of those factors is more or less important depending on the product and the environment in which it will be used-- with an air traffic control system, for example, it's less important to be fun to use or easy to learn, and more important that it prevents you from making mistakes.

GNOME usability references
gnome-gui-list@gnome.org The original list, which tends to be noisy. usability@gnome.org This list was set up in as a result of the GUADEC II discussions. nautilus-list@eazel.com The Nautilus list often has discussions on usability. GNOME Usability Project

The tests on GNOME were organized by Calum's usability group at Sun Microsystems. According to Calum, Sun worries that GNOME developers need to see beyond the current user base of other developers.

The key message is really "we are not our users". The GNOME desktop will become much more mainstream over the next couple of years, especially once companies like Sun and HP start rolling it out, and that opens it up to a whole new audience-- mechanical engineers, web designers, financial analysts and the like, not the developers who currently make up the largest part of the user base.

It is important for developers to understand that users don't have to know about every way of doing a task. They only need one, at least initially.

It's important that the key features on a desktop are well signposted, especially if you're new to that particular environment. But while more advanced features or quicker ways of doing the same thing may not become apparent until you reach a higher level of competence and start experimenting and exploring, they still need to be designed to be as easy to use as possible.

Sun's participation in this sort of testing may be just what the doctor ordered now that Eazel is gone. While Ximian could do the testing, that might be considered akin to the fox guarding the hens. And open source alone may not have the resources to do this testing properly (but read on for KDE's plans for an alternative view there).

KDE Usability.  GNOME, however, is not the only group focusing on usability testing. While the breadth of testing for KDE has not been as wide as described at GUADEC for GNOME, SuSE's Kurt Granroth, KDE Core developer and evangelist in the U.S., says that the limited testing to date has produced results that are being incorporated into KDE 2.2.

The first group to do UI testing with KDE was Corel. They had a dedicated team working on UI issues and they uncovered quite a bit. They never released their results in the form of reports, though. What they did was have their lead UI guy subscribe to our kde-look mailing list. This list had been formulated for the express purpose of discussing and solving KDE UI issues. During the course of discussing various issues, many of the areas that Corel had investigated came up and were incorporated into the discussion.

Lately, a KDE core developer has been doing unofficial UI testing of KDE by installing the latest version in a few computers at an Internet cafe just down the street from where he lives. He then observes how the patrons use KDE and asks questions about how things can be improved. This has proven to be remarkably effective since nearly all of the patrons were new to KDE so they had no preconceived notions. The upcoming "app starting cursor" in KDE 2.2 is a direct result of the testing done in that cafe.

Finally, there is a sub-group starting up to create a formal KDE Usability testing process. It is headed by Jono Bacon and the first official use of it will be at the Linux Expo in England this July. We plan to extend and continue this in the future.

Granroth added that anyone interested in additional information should visit the KDE Usability Study web site.

GNUStep: Adam Fedor talks with LWN.net. Dennis Leeuw provided us with an article on GNUStep for non-technical users to give them an idea of what GNUStep is and why they might like to get involved. We decided to follow that up with an interview of the GNUStep project lead, Adam Fedor. "In fact, GNUStep is actually the same API as Mac's OS X. A program written for OS X would require only a few changes to run with GNUStep. While no OS X applications have been ported that he knows of, older NeXT applications have. One example is the MusicKit/SoundKit for building music, sound, signal processing, and MIDI applications."

AbiWord and KWord unite on Word filters. AbiWord and KWord developers have united to assist each other in developing better MSWord import filters. A call for cooperation from Dom Lachowicz, lead developer of AbiWord and wvWare, was cross posted to the KOffice mailing list (originally via Dom's message after the KOffice 1.1 Beta 1 announcement) and participants chimed in almost immediately. A new version of the wvWare library (previously named mswordview) is now in the works.

Pilot support update. David Desrosiers wrote in with additional information regarding the pilot-link (which he noted is not spelled "Pilot Link") software. The first thing to note is that development on this project is anything but dead. "A lot of good code has been put into the new codebase, and when 0.9.5 is released, it will be a revolutionary change from the 0.9.3 release (the last "official" release of pilot-link)." Most of the information he provided was in the form of links to various mailing list archives. The main web site, where current updates are to be made available, will be moving soon from its current location to pilot-link.org, which at the time of this writing was not yet a registered domain.

Rick Moen also wrote in to let us know he maintains a large collection of open source binaries and source programs for the PalmOS (meaning not just the Pilot but pretty much anything that runs PalmOS). The web site is just a directly listing currently, but an index file exists explaining most of the applications you will find there.

Desktop Environments

Catching up with KDE (Linux Journal). Linux Journal reviews KDE 2.1.1 and finds it provides a rich set of tools. "The Kompany has been turning out an amazing number of much-needed Linux applications. IBM has been working with Trolltech on integration of their ViaVoice software into QT to provide speech recognition to Linux users. "

KDE 2.2Beta Freeze. Waldo bastian posted a note reminding developers that the KDE 2.2 Beta 1 releases should be frozen in CVS now, meaning, among other things, that no new features are to be added to CVS until after Beta 1 hits the street.

Linux gladiators duel for desktop crown (ADTMag.com). The issues between KDE and GNOME run from philosophical to technological, as this article explains in detail, and IT decision makers are looking for a long term choice. "This UI piece doesn't really make any difference, short term. But long term, it becomes an issue. If you're betting on one horse or the other for your company, this decision matters."

Office Applications

Infusion: an Evolution for KDE. Navin Umanee noted on the KDE Promotions mailing list that there is a new QT/KDE based competitor for Evolution: Infusion. It runs through the Citadel/UX server for individual and community based messaging.

GNOME Summary for Jun 03 - June 09, 2001. The weekly summary of the GNOME world is out. Highlights include the release of a new developers version of the GStreamer multimedia framework and discussion on the initial python bindings for Bonobo being entered into the GNOME CVS tree.

AbiWord Weekly News #47. The AbiWord Weekly News #47 is now available. The most interesting bit of news was the discussion thread on the release schedule.

Kernel Cousin KDE #13 Released. This week's KDE Kernel Cousin includes summaries of discussions on Avery Label templates for KWord, KOffice file extensions and mimetypes and Flash support for Konqueror/Embedded.

Desktop Applications

Netscape set to unleash 6.1 beta (ZDNet). ZDNet reports on the upcoming Netscape 6.1 beta release. "Sources familiar with the 6.1 release said it would be faster and more stable than its predecessor. Other changes include a new cache for storing frequently accessed files, an upgraded mail program, new search functionality, and--borrowing a page from competitor Microsoft's Internet Explorer browser--drop-down auto-complete for Web page forms."

Gideon Development Update. This Gideon Development Update is brought to you by the dot (dot.kde.org). Gideon is the codename for the next generation version of KDevelop.

Open-Source Gaming for Linux (Linux Journal). This Linux Journal article looks at some open source gaming options. "One of the many neat ClanLib games, Trophy is basically an auto racing game with some Mad Max flair; you get to shoot at your competitors and toss bombs at them."

Pan 0.9.7 Released. The first stable release in two months has been made for Pan, a GNOME news reader. It includes better startup performance, sports a smaller memory footprint, and more accurately decodes binary attachments.

Galeon 0.11.0 Released. A new release of the Galeon web browser is also available. This release brings Galeon in line with the Mozilla 0.9.1 release.

Pyrite & Palm (IBM developerWorks). IBM developerWorks is carrying an article on using Pyrite, a set of Python tools designed to communicate with PalmOS devices. "A limitation of Pyrite Publisher is that it doesn't directly convert PDF or Postscript files to pdb files. Luckily, there is a simple workaround for this. The utility pstotext can transform a Postscript file into a text file. To generate a pdb file, first transform the ps file into a text file, and then use Pyrite Publisher to convert the text file into a pdb file."

And in other news...

Xft font management. Keith Packard posted an interesting tip to the KDE Core mailing list this past week regarding font management with the Xft :

Xft also supports per-user font directories and a per-user ~/.xftconfig file -- that will allow non-root users to install and use their own fonts without changing the global configuration.

Talking with Jim Gettys (LinuxPower). LinuxPower interviews the father of the X Windows System, Jim Gettys. "I believe very strongly that either GTK+fb or QtE are dead ends. Our experience in the market (beyond the hacker community) is that the major attraction is the ability to share with little or no hassle applications written for the desktop: while the applications may need reworking to deal with the screen size and touchscreen, there are many applications not written for GNOME (or KDE)."

The Agenda VR3: A Linux Orbit first look (LinuxOrbit). This review thinks the Agenga VR3 is, to put it plainly, "wow". "Originally, (with the first OS release) I experienced a slight delay when loading multiple applications. Thanks to the eXecute In Place (XIP) features, the PDA is much more responsive, especially when loading many applications at once (how many PDAs can do that?). The buzzer sound is very audible for the Scheduling application and the Contacts program is extremely quick. The FLTK apps for the Agenda have a similar style to their interface. Most of them contain a button labeled "Done" in the bottom left for exiting the application when finished using it. This makes the VR3 have a consistent feel. You don't have to re-learn an interface to use another application. The network application is a GUI based interface configuration program. Configuring it was a snap."

Section Editor: Michael J. Hammel

Note: An asterisk (*) denotes a proprietary product, (w) denotes WINE based tools.

Desktop Environments
GNOME
GNUstep
KDE
XFce

Window Managers (WM's)
Afterstep
Enlightenment
FVMW2
IceWM
Sawfish
WindowMaker

Minimalist Environments
Blackbox

Widget Sets
GTK+
Qt

Desktop Graphics
CorelDRAW (*)(w)
GIMP
Kontour
Photogenics (*)
Sketch

Windows on Linux
WINE
Win4Lin
VMWare

Kids S/W
Linux For Kids

Send link submissions to lwn@lwn.net

See also: last week's Development page.

Development projects

News and Editorials

A new release of the GStreamer streaming-media framework, dubbed "Critical Mass", version 0.2.0 has been announced. "This release features a completely new scheduler, updated capabilities and autoplugging subsystems, a large number of new plugins, and a bunch of bug fixes."

GStreamer appears to be a very ambitious project, providing a broad framework for the development of many types of multimedia applications. Numerous flavors of Linux are currently supported along with FreeBSD. GStreamer is already being ported to several commercial Unix flavors, and more Unix versions are in the works. There are plans to make GStreamer work under MacOS X and Windows. The upcoming move from GTK+ to Glib 2.0 will allow for independence from a single windowing environment.

With the concept of generic audio and video sources and sinks, as well as the ability to route streams through filters, many types of multimedia functions can be implemented. GStreamer can be used to make mp3 players, DVD players, audio and video editors, mixing boards, and browser plugins, to mention a few possibilities. To get an idea of the breadth of this project, take a look at the GStreamer Status Tables.

The latest source code tar balls and RPMs are available from the GStreamer download page, Debian packages are being assembled.

Those who are interested in contributing to the GStreamer project should look at the developer information for a list of items that need attention. GStreamer is licensed under the LGPL and its plugins are typically released with GPL or BSD licenses.

It will be interesting to watch the development of GStreamer and its associated applications as they mature. If enough interest is generated, this critical mass may yet provide the focus for an explosion of new, cool applications on Linux and elsewhere.

Browsers

Mozilla 0.9.1. The latest version of Mozilla, version 0.9.1, has been released for testing. Updates include much better stability, an updated status bar that merges the old status and task bars, and improved LDAP support for Mozilla Mail.

Clusters

Sandia supercomputer program released to public. Sandia National Laboratories has released its Cplant (Computational Plant) system software for Linux machines. "A computer program that enables a collection of off-the-shelf desktop computers to rank among the world's fastest supercomputers has been released to the public by Sandia National Laboratories. The program, called Cplant[tm] system software, dramatically extends the capability of researchers to modularly assemble large blocks of off-the-shelf computer components." Cplant is being released with a GPL license.

Documentation

LDP weekly updates. This week's updates to the Linux Documentation Project have been posted. A new Initialization for IA-32 HOWTO is available and updates have been posted to the HOWTOs for modems, serial i/o, and text terminals.

Education

Linux in education report #46. This week's Linux in Education report discusses software for tracking exchange students, introductory Linux courses for colleges, and Avanti, a project for a platform independent automated library system.

Embedded Systems

Embedded Linux Newsletter for June 7, 2001 (LinuxDevices). The weekly Embedded Linux Newsletter has been released for this week. Top stories include coverage of Ripley, a wearable computer and the Sharp Zaurus move to Linux.

Network Management

Ganymede 1.0 released. After years of development, version 1.0 of the Ganymede network directory system has been released. "Ganymede allows large groups of administrators to share administrative control over designated portions of a master network directory database, and provides transactional reliability and intelligent constraint management to keep network directories consistent."

Your Network's Secret Life, Part 2 (Linux Journal). This article from Linux Journal reviews EtherApe as a tool in watching local networks. "EtherApe is a graphical network monitor that lets you see the action taking place over your network connection. EtherApe displays live connections in a manner that lets you visualize which connections are busier than others. The nodes appear bigger as larger amounts of traffic go across your network."

Science

FreeGIS CD version 1.1.0. A new release of the FreeGIS software CD is now available. This CD contains various software to analyse and visualise spatial data to make maps, including GRASS, MapIT! and gpsman as well as other software.

Software Development

Release 1.2.0 of the GNU Visual Debugger. A new release of the Gnu Visual Debugger has been announced. Release 1.2.0 contains numerous new features including an enhanced breakpoint editor, a data window with zoom capabilities , a break on exceptions feature, and more. GVD supports the C, C++, and Ada languages.

Web-site Development

mnoGoSearch 3.1.5 and 3.1.6 released. Versions 3.1.5 and 3.1.6 of the mnoGoSearch web search engine have been released. The project history details the changes, which include bug fixes and support for the DMALLOC memory debugger under version 3.1.5. Version 3.1.6 includes fixes for potential cgi exploits in search.cgi and bugs when using lower case flags.

Mod_python 2.7.5 released. Version 2.7.5 of the mod_python Apache/Python integration software has been released. This version adds support for Python 2.1.

AxKit v1.4 released (use Perl). A new release of AxKit, the XML/XSL application server for mod_perl and Apache has been released. The new release contains a large number of changes since the last version.

Zope Weekly News for June 9, 2001. The June 9, 2001 edition of the Zope Weekly News features the latest developments in the Zope world. An announcement has been posted for the first European Zope conference, a new beta release of CMF1.1 is out, revisions proposals are discussed, and new Zope T-shirts are available.

Miscellaneous

Attorney Dan Ravicher on Open Source Legal Issues (Slashdot). Slashdot has posted an FAQ on Open Source and Free Software licensing issues written by attourney Dan Ravicher. Software developers might want to take a look.

Section Editor: Forrest Cook

Application Links
GIMP
Mozilla
Galeon
High Availability
ht://Dig
mnoGoSearch
MagicPoint
Wine
Worldforge
Zope

Open Source Code Collections
Berlios
Freshmeat
OpenSourceDirectory
Savannah
Le Serveur Libre
SourceForge
Sweetcode

Programming Languages

Ada

GtkAda 1.2.12 release. A new version of GtkAda, the Ada95 graphical toolkit based on Gtk+ has been announced. This version supports GVD 1.2.0 (see above), and features numerous updates and improved documentation.

APL

Sharp APL for Linux. Sharp has introduced a free verson of APL for Linux. Those familiar with APL know that it uses non standard glyphs instead of regular ASCII characters. To make life easier for the APL programmer, one company offers special APL keyboard decals. that stick onto a PC keyboard. (thanks to John McKown)

Caml

Caml Weekly News for June 6 through 12, 2001. The June 6 through 12, 2001 edition of the CAML Weekly News is out. Topics include the O'Caml Runtime Environment, a tutorial and survey on type theory, and a discussion on the lack of let mutable in O'caml.

Erlang

Erlang R7B-3 released. The R7B-3 release of Erlang has been announced. This release contains mostly bug fixes.

Java

Take control of the DOM, Part 2 (IBM developerWorks). Gary Cole and William F. Phillips discuss the writing of Java weblets in part 2 of a 3 part IBM developerWorks article. Part 1 in the series discusses the use of the Document Object Model (DOM).

Lisp

Recent additions to CLOCC. A number of recent additions have been added to the Common Lisp Open Code Collection (CLOCC) site. Included are a Lisp chess game, a graphical interface design tool, a unit testing environment, a library installation tool, and more.

Perl

Damian Opens YAPC with Perl 6 Overview (use Perl). Taking Larry Wall's place, Damian Conway opened the YAPC conference with an introduction to Perl 6. The design phase of Perl 6 is supposed to be completed by the end of 2001 and the software is scheduled to be released sometime in mid 2002.

CPAN updates (use Perl). The CPAN scripts index is working (again). Also there is now a CPAN update mailing list to keep you informed of new uploads to CPAN.

Perl 5 and 6 Porters for June 12, 2001. The June 12, 2001 issue of the Perl 5 Porters digest is out. Topics include removing dependence on strtol, regex negation, and a discussion on the need for more Perl committers. The June 12, 2001 edition of the Perl 6 Porters digest is also available, with discussions on unicode, properties and use strict, regular expressions, and more.

PHP

PHP Weekly Summary for June 11, 2001. The June 11, 2001 edition of the PHP Weekly Summary is available. Topics include a new PHP release candidate: PHP 4.0.6 RC 3, and bugs involving PHP and the alpha version of Apache 2.

Python

Dr. Dobb's Python-URL! for June 11th, 2001. The Dr. Dobb's Python URL for June 11, 2001 has been published.. Discussions this past week ran from calls for more contributions to the Cookbook, to intelligent agents and the release of MapIt 1.0, a web based raster map navigator.

Python-dev summary. This week's Python-dev summary is out, with coverage of the demise of the strop module, dictionary performance improvements, and more.

Sketch 0.6.11, a vector drawing program. Sketch version 0.6.11 has been released. "Sketch is a vector drawing program for Linux and other unices. It's intended to be a flexible and powerful tool for illustrations, diagrams and other purposes. It has advanced features like gradients, text along a path and clip masks and is fully scriptable due to its implementation in a combination of Python and C." This version features bug fixes and an updated Spanish translation.

Tcl/Tk

Dr. Dobb's Tcl-URL! for June 11th. This week's summary of the Tcl discussion groups is available from Dr. Dobb's. This past week saw some connectivity problems that prevented some postings to reach Google, but the information is available from alternative archives. Topics include a summary of the second European Tcl Users Meeting, Tcl and unicode, working with Roman numerals, Tk in embedded Linux, tclperl 2.3, and gnocl 0.0.3.

Section Editor: Forrest Cook

See also: last week's Commerce page.

Linux and Business

Industry Leaders Form TV Linux Alliance. Whether or not Linux is ready for the Desktop, Linux is ready for the TV set-top box. Two dozen companies have joined the TV Linux Alliance to define a standards-based Linux environment for the digital set-top box market by defining a standard application programming interface (API). Alliance members comprise hardware and software oriented companies, many of which already have considerable set-top technology. The alliance will use that existing technology when creating the API.

Having a standard API for all Linux based set-top boxes benefits everyone, from the broadband providers, to the authors of device drivers, and of course the end user. TV watchers everywhere should take note. If the alliance is successful in its efforts, the set-top boxes of the near future will be better and cheaper, with better compatibility between boxes from different manufacturers.

The TV Linux Alliance press release contains additional information as does this article from LinuxDevices. Lineo also sent us a copy of the release.

Non-allied set-top news. Century Embedded Technologies announced it would act as Technical Partner for open-source software technologies for the National(R) Geode(tm) SP1SC10 set-top box reference platform. "Century has developed WebMedia, a plugin-based application framework that includes an integrated web browser, HTML-based menu system, application manager, and a variety of plugins used to control all facets of the set-top box. WebMedia, when combined with open-source drivers from National, form a complete top-to-bottom Linux software solution for next-generation set-top boxes."

'LPI Certification in a Nutshell' from O'Reilly. O'Reilly has announced the release of LPI Certification In a Nutshell by Jeffrey Dean. This book should be of interest to anyone looking at Linux Professional Institute certification, particularly those who are preparing for the exams.

LPI plans to update certification Level 1. LPI announced plans to review and update its first certification. Some level 2 tasks will likely be moved into level 1, also obsolete references will be deleted or modified. Sounds like the book will need a revision soon.

CollabNet Selected by HP for Its Collaborative Development Program. CollabNet announced that it is providing the infrastructure and consulting services for Hewlett-Packard's Collaborative Development Program (CDP). The CDP allows HP employees to collaborate on projects internally and with external business partners.

Winnebago and NHL.com go with Linux. Linux powers a large variety of businesses. The numbers grow daily. In this IBM announcement, we see that Winnebago Industries, Inc. runs Linux on an IBM eServer mainframe. Winnebago will be implementing the Bynari Insight Server for its messaging and collaboration needs.

This IBM press release claims the NHL has gone to the penguins. "The site was recently enhanced using IBM Linux systems running Red Hat Linux version 7.0. The Linux system was easily integrated with existing IBM database servers running AIX, providing the necessary functionality to handle the large flow of data across all of NHL.com's servers. The systems installed by NHL.com will include a Linux-cluster consisting of five IBM Intel-based servers functioning as the Web server."

Linux Stock Index for June 07 to June 13, 2001.

LSI at closing on June 07, 2001 ... 32.81
LSI at closing on June 13, 2001 ... 31.27

The high for the week was 32.81
The low for the week was 31.27

Press Releases:

Open source products

• Cadence (SAN JOSE, Calif.): Cadence Announces a Complete, Reusable Functional Verification Solution to Address System-on-Chip Designs. Includes the TestBuilder open-source testbench development tool.

Distributions and bundled products

• NeTraverse Inc. (AUSTIN, Texas): NeTraverse to Power Caldera; Caldera to Deploy NeTraverse Win4Lin 3.0 Software Across Enterprise.

Proprietary Products for Linux

• Linux Center (HK) Ltd. (HELSINKI, HONG KONG): New Content Manager available, Nadmin Studio 1.4.

• MicroEdge, Inc. (APEX, N.C.): Visual SlickEdit Wins Programmer's Paradise ''Riding the Crest'' Award; Leading Development Tool Outsells All Other Programmer's Editors. In 1999, Visual SlickEdit received the "Riding the Crest" award for the best selling Linux tool.

• National Semiconductor Corporation (SANTA CLARA, Calif.): National Semiconductor Offers Linux Solutions for the Digital Set-Top Box Market.

• SWsoft (SOUTH SAN FRANCISCO, Calif.): SWsoft Launches a Profit Solution for the Hosting Market; 1-Net Singapore is first customer. Based on SWsoft's Virtuozzo(TM) technology, HSPcomplete includes everything a company needs to become a hosting service provider immediately. HSPcomplete currently runs on Linux, with Solaris, BSD and Windows versions planned.

Hardware and bundled products

• ASL (Milipitas, California): World's First AMD Athlon(TM) MP Linux Workstation.

• Macro 4 (): First output management solution for Linux on zSeries. Macro 4 delivers multiple-server, SAP(r) R/3(r) and mySAP.com(tm) certified output management technology.

Products and Services Using Linux

• MontaVista Software Inc. (HILLSBOR